Researchers Defeat Perceptual Ad Blockers, Declare 'New Arms Race'

dmoberhaus writes: Perceptual ad blockers were supposed to be the "superweapon" that put an end to the arms race between advertisers and users. According to new research, however, perceptual ad blockers will come out on the losing side in the war against internet advertisers and expose users to a host of new attack vectors in the process. Researchers at Stanford tricked six different visual classifiers used in perceptual ad blockers with adversarial ads designed to trick the ad blockers by making nearly imperceptible changes to the ads. "The researchers tried several different adversarial attacks on the perceptual ad blockers' visual classifiers," Motherboard reports. "One attack, for example, slightly altered the AdChoices logo that is commonly used to disclose advertisements to fool the perceptual ad blocker. In another attack, the researchers demonstrated how website publishers could overlay a transparent mask over a website that would allow ads to evade perceptual ad blockers."

"The aim of our work is not to downplay the merits of ad-blocking, nor discredit the perceptual ad blocking philosophy, which is sound when instantiated with a robust visual ad detector," the researchers concluded. "Rather, our overarching goal is to highlight and raise awareness on the vulnerabilities that arise in building ad blockers with current computer vision systems."

Moving the wrong way.

[Gravis+Zero]

If you want to get rid of ads, you shouldn't be looking to completely prevent them from loading because that's an eternal game of cat and mouse. Instead, you should be looking to poison advertisers click-though information. Basically, fooling ads into thinking you have clicked them and loading things in the background (after you have loaded the page excluding the ads) would have a very negative effect on advertisers because it spoils the very thing they keep track of: who clicks-through to a site. If most people provided a completely false click-through and browsing information it would diminish the value of ads entirely.

Honestly, people are fighting ad networks all wrong.

Re: Moving the wrong way.

Clicking on ads automatically on behalf of users would be very dangerous. I'm an author of the paper discussed in the article, and we looked at one ad-blocker that actually does this (specifically it clicks on ads to check whether they link to an ad statement page). It turns out that you can fool the ad-blocker into thinking something is an ad, which then causes it to click on an arbitrary link of your choice... You could use this for DDoS purposes, cross site request forgery attacks, etc.

Re:Moving the wrong way.

If you find yourself in a fair fight, your tactics suck. Have a type of proxy set up for the ad servers based on their DNS call, that allows the original content in, but tells the ad networks you're based in, say, Nepal. Poison the stream with false information. Pretty soon the ad networks will realize they are ineffective.

I already blackhole every ad network at the DNS level using a Pi-hole. I add new subscriptions all the time. I also block referers, CSS history, the ability for sites to see anything about my computer or it's OS, software/hardware. I falsify my fingerprint, as it were. Works a treat. I test myself against test sites to see how I'm faring once or twice a month.