Researchers Defeat Perceptual Ad Blockers, Declare 'New Arms Race'

dmoberhaus writes: Perceptual ad blockers were supposed to be the "superweapon" that put an end to the arms race between advertisers and users. According to new research, however, perceptual ad blockers will come out on the losing side in the war against internet advertisers and expose users to a host of new attack vectors in the process. Researchers at Stanford tricked six different visual classifiers used in perceptual ad blockers with adversarial ads designed to trick the ad blockers by making nearly imperceptible changes to the ads. "The researchers tried several different adversarial attacks on the perceptual ad blockers' visual classifiers," Motherboard reports. "One attack, for example, slightly altered the AdChoices logo that is commonly used to disclose advertisements to fool the perceptual ad blocker. In another attack, the researchers demonstrated how website publishers could overlay a transparent mask over a website that would allow ads to evade perceptual ad blockers."

"The aim of our work is not to downplay the merits of ad-blocking, nor discredit the perceptual ad blocking philosophy, which is sound when instantiated with a robust visual ad detector," the researchers concluded. "Rather, our overarching goal is to highlight and raise awareness on the vulnerabilities that arise in building ad blockers with current computer vision systems."

Why visual?

[DogDude]

Why would they test a visual ad blocker? Who uses those? All the ad blockers I have ever seen block domains. A visual ad blocker seems doomed to fail.

Re:Why visual?

Really? What is these ad's your talking about ... Firefox+Ublock Origin.

Re: Why visual?

[Ken_g6]

Usually ads served by the same site I'm visiting are the least annoying. Unless they're paywall notifications.

If my ad blocker doesn't block my favorite site properly I'll use Stylus instead.

Re:Why visual?

[ArchieBunker]

Those ads that embed the jpeg file in the html itself are a pain to block.

Re:Why visual?

[djinn6]

For any site you visit frequently, you can always write a simple Chrome or Firefox extension to do it.

I have one that makes the comment boxes take up full screen width, but I can easily modify it to hide the ads (if my adblock wasn't doing it already).

Re: Why visual?

[aix+tom]

Usually ads served by the same site I'm visiting are the least annoying.

+1.

I don't really hate ads in general. I only hate *annoying* ads.
So I don't need an ad blocker that blocks 100% of ads, I just need it to block the annoying/dangerous ones.

Re: Why visual?

[Opportunist]

Most of the annoying ads can be defeated by simply turning javascript off, or selectively on for only the site serving the actual content.

Re:Why visual?

[K.+S.+Kyosuke]

Domain blocking may not work forever.

(Cue an APK rant on how that is not true and how domain blocking is the superior solution)

Re: Why visual?

[JustAnotherOldGuy]

Most of the annoying ads can be defeated by simply turning javascript off, or selectively on for only the site serving the actual content.

Bingo. Use something like NoScript and 99% of ads just disappear.

Re:Why visual?

[Megane]

I make every attempt to block the player applet every time I find a site pushing auto-play video at me (including the "click to see more" type that still plays silent video) with no way to disable the auto-play function. Doubly so for the ones that have "pop-out" video when you scroll it off the window. If they are so insecure in their self worth that they think they need to annoy you to get seen, then they weren't worth watching. The few times I actually might want to see something, I can open the page in my alternate browser.

Javascript

If ads get too pervasive and hard to block people could just disable JavaScript completely.

Re:Javascript

[ChromeAeonuim]

That's how I do it. I use NoScript, and rarely ever see ads. The ads themselves are all being served up from some other site anyway, so even if I allow the scripts coming from the site itself, the ads are still blocked, which is fine by me.

If advertisers really want me to see ads, the simple solution is to stop being assholes. Stop using tricks like native advertising to deceive users, stop redirecting to God knows which questionable and potentially malicious sites, stop advertising scams, and in general stop being so hostile. They'll piss and moan about how I'm taking away advertising revenue, when really, all I want to do is keep myself and my machine safe. You guys are the ones who started the hostile behavior, not me, so don't be surprised when I react accordingly.

If they really want me to see ads, it is simple. Have an image, using standard basic Img tag, saying 'Drink Brand X Cola!' or whatever, clearly linking to brandXcola.com. There, simple. No scams, no malware, no tricks, transparent and honest. If they don't want to do that, then it's not my problem if someone's unethical behavior bites them in the ass.

Re:Javascript

[Gavagai80]

Yep. I disable javascript on every website that try to shove videos at me, since they've managed to defeat autoplay-blocking plugins. "Content" videos are more annoying than most advertisements anyway. And while the site may not work without javascript, if it doesn't that simply means it won't get further visits.

Re:Javascript

[markdavis]

>"If advertisers really want me to see ads, the simple solution is to stop being assholes"

But the reality is, that will never happen. They will never stop using:

1) Animation of any type (scroll, change, fade, flip, whatever)
2) Video of any type
3) Sound
4) Pop-overs, pop-unders, mouse-overs, and overlays
5) HUGE portions of the screen

The genie is not going back into the bottle. Had they never done the above, I would never have had that much motivation to block them. And that is even before considering the security, cpu, memory, bandwidth, speed, battery, tracking/privacy, and all the many other issues with ads.

Re:Javascript

[Shikaku]

I wish we could just block tags. Blocking the HTML tag would work for a lot of the ads and the most annoying of them with sound. Maybe there is support for it but I haven't checked recently.

Re:Javascript

[Shikaku]

Whoops looks like it ate <video>, had to type &lt; and &gt; to make it work right.

Re:Javascript

Don't forget, #6: Malvertising. The "wink, wink, nudge, nudge" game with the blackhats, so their ad server "by accident" serves up malware. Because the ad places don't care to clean up their act, ads are a security threat, and arguably the biggest infection vector next to phishing these days.

I run ad blockers for security. If a website demands ad blockers be disabled, they are lumped in as an accessory to computer trespass, and I go somewhere else.

Re:Javascript

[Antiocheian]

In most of the cases I simply hit Ctrl+A and paste to a text editor.

Re:Javascript

[Opportunist]

This is basically why the ad industry is in the huge pit they're in today. You might notice that the amount of sites that beg and whine to turn off the adblocker has increased in the past 1-2 years. Why? Because now even the computer illiterates block ads.

Ads have always been part of the internet. Pretty much since the first time the masses entered with AOL there were banners. And ads got more and more invasive because they could. They'd pop up, over, under, blare from speakers and go fullscreen video. Why? Because advertisers were used to getting away with it from TV. What would you do? Change the channel?

What they didn't take into account was that on a computer, the owner of the computer can easily turn off their obnoxious invasion. But that was ok. The ones that could were few and far between. And the illiterates were plentiful enough to keep the ad industry going.

But apparently not enough people clicked their ads. Even when they tricked people by disguising them as "close" buttons. So ads got more and more invasive, because apparently the ad industry thought that people somehow missed that full screen flashing and honking ad. And at some point the breaking point was reached: The illiterates installed ad blockers.

To give you an idea what we're talking about: We're talking about the user that dutifully closes 20 error messages when he starts his computer from programs that didn't quite uninstall properly. The user that doesn't care that his i7 is slow as molasses when browsing because of the 99 tracking plugins littering his browser, or that he has a browser real estate of a stamp on his 28" screen due to all the plugin bars that somehow got installed. The ad industry managed to piss off THIS user enough to get off his ass and install an ad blocker.

And he's not gonna uninstall it. Can you imagine just HOW much you have to piss off someone like this to block your ads? You could promise him a new car to uninstall that ad blocker and he won't uninstall it. That ship has sailed.

Re:Javascript

[JustAnotherOldGuy]

That's how I do it. I use NoScript, and rarely ever see ads. The ads themselves are all being served up from some other site anyway, so even if I allow the scripts coming from the site itself, the ads are still blocked, which is fine by me.

^^^THIS. NoScript will block 99% of ads just by killing Javascript.

I use NoScript and Adblock, and I never see ads. I've forgotten what they look like. So much so, that when I used a friend's PC the other day I was just flabbergasted by all the ads littering the page. "Hmmmm," I thought, "this is ungood."

A few clicks later I had installed NoScript and Adblock, and peace and tranquility reigned throughout the land again.

He hasn't stopped thanking me since- "And the pages load so fucking fast dude!!"

He's now on an absolute crusade to install NoScript and Adblock on every PC he sees, lol.

Re:Javascript

[Ol+Olsoc]

This is basically why the ad industry is in the huge pit they're in today. You might notice that the amount of sites that beg and whine to turn off the adblocker has increased in the past 1-2 years. Why? Because now even the computer illiterates block ads.

I've installed adblockers on several grandma's computers to rejuvenate them. Suddenly the thing runs much better. And ther's nothing like Grandma net to get the word out.

Regardless, not allowing me into their site because I have ad and script blocking means I still won't see their malware bearing bullshit. So it still means they fail.

The ad industry managed to piss off THIS user enough to get off his ass and install an ad blocker.

And he's not gonna uninstall it. Can you imagine just HOW much you have to piss off someone like this to block your ads? You could promise him a new car to uninstall that ad blocker and he won't uninstall it. That ship has sailed.

Exactly. I've used ad blockers since maybe punch the monkey days. Now? Mainstream. Do not piss off the people that are hard to piss off. Especially with assholes like me that spread the word to them.

Re:Javascript

[Ol+Olsoc]

I've forgotten what they look like. So much so, that when I used a friend's PC the other day I was just flabbergasted by all the ads littering the page. "Hmmmm," I thought, "this is ungood."

A few clicks later I had installed NoScript and Adblock, and peace and tranquility reigned throughout the land again.

He hasn't stopped thanking me since- "And the pages load so fucking fast dude!!"

He's now on an absolute crusade to install NoScript and Adblock on every PC he sees, lol.

This! The times I have for one reason or another had to ride the net bareback, I've found it almost unusable. And has anyone wondered why smartphone users are getting more and more bandwidth? not to do anything but allow them to get more ads. I used to blow through my cap regularly until I started tethering a laptop to it. Now I have much un-throttled data to use.

Re:Javascript

[Espectr0]

i wonder what kind of websites do you visit that still work properly with javascript disabled.

Re:Javascript

[ChromeAeonuim]

Most of them more or less work, and even if they don't have full functionality, it's usually still good enough. It's a trade off: security for mild annoyance. But the nice thing about NoScript is that you can select which sites you want to allow scripts from, so I can selectively allow some things but not others.

Re:Javascript

[Antiocheian]

This isn't for stopping ads but dealing with anti-adblocking measures.

Re:Javascript

[alvarogmj]

I agree with the sentiment that a decade ago the Internet was a safer, nicer, and much less hostile place, especially for newcomers. Being a dad now, i can see how the ads work for kids, it is scary how manipulative they are.

Reg. NoScript: its use is WAY less annoying than one might expect, people does not browse 1000 sites every day, we tend to browse a few most of the time, and a different one every now and then (example: 80% of my browsing is Innoreader, Ars, and Slashdot, and only Innoreader won't work without javascript). This means that at most, you spend a few days getting it right, then it just gets out of the way.

Unfortunately, the reality is that you need to know how it works and why is it there, otherwise sites break and you don't know why, and that makes it unusable for most people. I have uMatrix installed, but also keep a Chrome instance for those sites which break and take more than a few clicks to get to work, like government sites, or sites which receive payments and do many redirects behind the scenes. The consequences of a site not working are not always just unreachable content, sometimes you might end up paying twice for the same product only because the first time the cookie was not allowed but the processing still went through :)

Moving the wrong way.

[Gravis+Zero]

If you want to get rid of ads, you shouldn't be looking to completely prevent them from loading because that's an eternal game of cat and mouse. Instead, you should be looking to poison advertisers click-though information. Basically, fooling ads into thinking you have clicked them and loading things in the background (after you have loaded the page excluding the ads) would have a very negative effect on advertisers because it spoils the very thing they keep track of: who clicks-through to a site. If most people provided a completely false click-through and browsing information it would diminish the value of ads entirely.

Honestly, people are fighting ad networks all wrong.

Re: Moving the wrong way.

Clicking on ads automatically on behalf of users would be very dangerous. I'm an author of the paper discussed in the article, and we looked at one ad-blocker that actually does this (specifically it clicks on ads to check whether they link to an ad statement page). It turns out that you can fool the ad-blocker into thinking something is an ad, which then causes it to click on an arbitrary link of your choice... You could use this for DDoS purposes, cross site request forgery attacks, etc.

Re:Moving the wrong way.

If you find yourself in a fair fight, your tactics suck. Have a type of proxy set up for the ad servers based on their DNS call, that allows the original content in, but tells the ad networks you're based in, say, Nepal. Poison the stream with false information. Pretty soon the ad networks will realize they are ineffective.

I already blackhole every ad network at the DNS level using a Pi-hole. I add new subscriptions all the time. I also block referers, CSS history, the ability for sites to see anything about my computer or it's OS, software/hardware. I falsify my fingerprint, as it were. Works a treat. I test myself against test sites to see how I'm faring once or twice a month.

Re:Moving the wrong way.

[Rockoon]

Doesnt sound like fraud to me. The user has not given you a promise to do anything in particular with your advertisement, therefore they are not misleading you when they click but dont visit.

Re:Moving the wrong way.

LOL. Guys, I think we just found a person whose paycheck depends on advertising dollars. Get a rope.

Re:Moving the wrong way.

[epine]

If most people provided a completely false click-through and browsing information it would diminish the value of ads entirely.

Your analysis is not even on the right set of train tracks.

Current compensation formulas might well involve relative conversion rates (I don't follow this closely), but that's merely convention.

What actually matters is the absolute conversion rate: number of widgets sold, and average selling price. As long as those two quantities are in the black, advertising will remain a going concern.

(There are a fair number of retail ventures where the price paid depends on your history of arrival. Amazon has tried this in house, but other places astroturf apparently independent outlets and then work to steer customers to the most expensive outlet, at or below willingness to pay. Willingness to pay is measured by having the deepest discount associated with filling out many bullshit forms, poor shipping terms, and generally poor terms in every other respect. Professionals very quickly elect to protect their time and energy by paying more under the general heading of "convenience". Gradually the industry trains consumers to accept their general convenience category, and to only shop within those parameters. This is half the function of advertising, as viewed from the systemic perspective.)

Bullshitting a lot of click-throughs (with no conversion possible) inflates the cost of delivering electrons (very marginal these days, though enough to make to make Amazon even richer).

It doesn't fall into hardly anyone's convenience category.

And it's fundamentally non-verifiable. Because while you fantasize over how this creates difficulties at the other end, all this sophisticated new AI isn't fooled (for long) in the slightest.

Re: Moving the wrong way.

[Gravis+Zero]

I'm not suggesting using a perceptual ad recognition for poisoning ad networks but rather the list based method. The entire concept of the perceptual ad recognition is flawed and is even more of a cat-and-mouse game than list based detection. If anything, the perceptual ad recognition should be used by list maintainers to identify new ad new domains to their lists... just not automatically.

Re:Moving the wrong way.

[Gravis+Zero]

Fraud is not an appropriate way to fight.

And yet this is exactly what they do when they create new tricks to circumvent ad blockers, make ads that look like download buttons or ignore the Do Not Track flag. As we know, everyone ignore it.

Re:Moving the wrong way.

[Gravis+Zero]

What actually matters is the absolute conversion rate: number of widgets sold, and average selling price. As long as those two quantities are in the black, advertising will remain a going concern.

That is correct. That is because such widgets are seen as being valuable. If millions of people are clicking through then it's going to turn into a liability. Suddenly your advertisement is a call for a self-inflicted DDoS. Electrons are cheap but not free and if you are getting DDoS'd because of an ad you paid for and not getting real traffic then it may just be more trouble than it's worth. Sure big players might be able to withstand the strain but smaller ones will be taken offline and going offline is a surefire way to lose money.

Re:Moving the wrong way.

[Opportunist]

Fraud? What fraud? I just do what the advertiser wants, their ad gets clicked, the system works!

Re:Moving the wrong way.

[Opportunist]

Go a step further. Exchange the information with all the other instances running the ad blocker and have them ALL click the ad. The company paying for the ad gets charged a HUGE bill for all the clicks, notices zero revenue from it and stops advertising.

Problem solved for good.

Re:Moving the wrong way.

[JustAnotherOldGuy]

Instead, you should be looking to poison advertisers click-though information.

Yep- we should make the advertisers efforts useless by filling their click-through databases with mountains of irrelevant 'data'. If we all clicked away like psychos their analytics would be worthless.

Unfortunately, the prevalence of malware in ads (and in their target pages) prevent me from doing this (plus I use NoScript and Adblock, so I don't actually see the ads).

Re:Moving the wrong way.

[JustAnotherOldGuy]

Fraud is not an appropriate way to fight.

Oh yes it is. Ask me how I know.

Re:Moving the wrong way.

[Ol+Olsoc]

Fraud is not an appropriate way to fight.

Oh yes it is. Ask me how I know.

Okay, how do you know?

Re:Moving the wrong way.

[JustAnotherOldGuy]

Oh yes it is. Ask me how I know.

Okay, how do you know?

Because I've used it and it works great.

I "defraud" cold callers, telephone solicitors, and religious cranks who knock on my door, I "defraud" the people who send bullshit mail offers to "buy my home sight unseen", etc etc. I defraud them all by wasting their time, placing dead-end orders, making never-to-be-kept appointments, etc etc.

It frustrates them and eventually they go away and don't come back. It may not be "fraud" in the classic sense of the word, but I'm happy to extend it to my activities.

Re:Moving the wrong way.

[Ol+Olsoc]

Oh yes it is. Ask me how I know.

Okay, how do you know?

Because I've used it and it works great.

Oh heck - I do that too. I was hoping you'd have something real juicy to share with us 8^)

If only ad blockers

[bobstreo]

would create and update lists of sites they blocked.

And you can always manually individually block sites/domains.

Soon it will really suck if the domain you created has the letters ad in it,

As opposed to AdBlock which exchanges cash to allow some advertisers to "bypass" built in blocks.

Re:If only ad blockers

I have been running a Raspberry Pi with Pi-hole and I never see ads. The Pi-hole blocks the DNS calls for the ad networks, so they never even are called to block them. I don't know how long this method will be effective, but this, coupled with uBlock Origin, Decentraleyes, Privacy Badger, Token Tracker Stripper, and some about:config settings leaves me pretty good to go for the last couple of years. Again, I don't know how long before this becomes defeated. I think the best method is DNS blackholing of ad domains and networks. I look forward to the cold war against the ads, beacons, and trackers.

Why aren't adblockers implemented like this?

[Bryan+Ischo]

The problem I have seen with ad blockers (and admittedly, I have only tried a few, and haven't put a lot of effort into trying to find the best or most useful one) is that they work by preventing the loading of certain parts of web sites. Like, they refuse to load images from a certain domain, or refuse to load and run javascript from a certain domain, or whatever. The important point is that I believe they work by not loading content that they want to block.

It is my experience that sites can detect this behavior - they can tell when you have loaded all of a page but not the ads, because they can see that your browser only fetched part of the page. They probably also embed javascript in ways that require that it be run and show an ad or else some other javascript notices that this did not happen, and then knows that you did not load the ad. And then they run other javascript that blocks out the content of the site itself because they have detected that you are running an ad blocker.

I don't know why ad blockers don't then just implement the obvious:

Load the ad. Load the javascript. Just turn all the pixels that you display for those ads to white, and all the sound to zero volume. The javascript won't know that behind the scenes the APIs that would display images have instead decided to show white pixels. The remote server will still see you fetching all the content and "presenting" it to the user.

I'm talking about switching ad blocking from a detectable and defeatable "don't show ads" to an undetectable (by the ad displayer) "do everything you would have done up to the last possible moment which is the presentation of the ad image/sound, instead showing nothing".

This seems so much more foolproof to me. It doesn't have the nice property of reducing your bandwidth usage by not even loading ads but ... I personally don't care much about that. I just don't want to see the ads.

The only recourse of the advertisers at that point would be to make the content of the ads intrinsic to the content of the site; like the site text renders in javascript that also renders ads, or something. At that point, I don't know what we do to stop ads ... maybe stop allowing javascript?

In terms of how to detect what is an ad, just let users clock on anything that shows up as an ad image, choose a pop-up "this is an ad", when they select that, white out the image, and add the URL of the ad image to a voting database. Then when fetching images, if enough votes have been cast saying that it's an ad ... treat it as such.

What are the obvious flaws to this design that I am missing?

Re:Why aren't adblockers implemented like this?

[markdavis]

>" don't know why ad blockers don't then just implement the obvious: Load the ad. Load the javascript. Just turn all the pixels that you display for those ads to white, and all the sound to zero volume. [...]What are the obvious flaws to this design that I am missing?"

1) Because that still causes the page to load very, very slowly. Try it- the speed difference is almost unbelievable on many sites. Many sites that load and render in 3 seconds suddenly take 6, 10 or even more seconds.

2) Because it doesn't help prevent tracking and spying.

3) Because it doesn't reduce bandwidth/date usage.

4) Because it doesn't reduce memory, CPU, and power/battery usage.

Re:Why aren't adblockers implemented like this?

[UnknownSoldier]

> And then they run other Javascript that blocks out the content of the site itself because they have detected that you are running an ad blocker.

If you are blocking content because someone blocked ads then users will just go elsewhere to get that content.

Forbes does this bullshit. Guess what, I don't care about Forbes anymore.

Your broken business model isn't my problem.

Re:Why aren't adblockers implemented like this?

[JustAnotherOldGuy]

Forbes does this bullshit. Guess what, I don't care about Forbes anymore.

Same here. I used to go to Forbes, but with their aggressive "Turn off your ad blocker" shit, I abandoned them. Like you, I don't care about Forbes anymore.

Re:Why aren't adblockers implemented like this?

[Ol+Olsoc]

Forbes does this bullshit. Guess what, I don't care about Forbes anymore.

Your broken business model isn't my problem.

Never let this die:

After demanding that people disable their ad-blocker, Forbes served them up the Angler exploit toolkit https://www.networkworld.com/a...

The article claims it isn't Forbes fault. Well, kindasorta isn't. But Forbes and all other sites using this ad model share in the blame. Fix it so you aren't serving up computer STD's

Re:Why aren't adblockers implemented like this?

[UnknownSoldier]

Wow. Thanks for that link! I'm going to coin a new phrase:

Practice safe hex -- use an ad blocker.

Re:Why aren't adblockers implemented like this?

[Ol+Olsoc]

Wow. Thanks for that link! I'm going to coin a new phrase:

Practice safe hex -- use an ad blocker.

Remember, if they insist on you dropping your adblocker, and you just navigate away, they have lost twice.

The ad service doesn't get their ads seen, and the site takes a hit on page views.

Re:Why aren't adblockers implemented like this?

[Megane]

Often I find that if I block another chunk of something, it blocks their blocking detector from loading. After all, web monkeys rarely even have the ability to write good and robust code, they just link in some crap from another web site.

Re:Why aren't adblockers implemented like this?

[No+Longer+an+AC]

And this is why I don't turn off my adblocker just because a site begs me to. It's very rare for a site to have exclusive content that I really, really want to see.

If it's a news story there will be other sources. If it's a video....maybe I just won't be able to see it. I'll live.

If there's malware, I'll avoid it.

NoScript + uBlox Origin

[Rick+Schumann]

Between those two I can't remember the last time I saw an ad, and if I do uBlox will generally zap it for me if I point it at it.

Re:NoScript + uBlox Origin

[Rick+Schumann]

Just because you can't get it to work doesn't mean it doesn't work. Fix your own shit and stop being such a Negative Nelly.

no news here

[epine]

Early generation technologies are often fragile in superficial ways.

Big whoop.

The main counterexamples come from startup ventures who define turd polishing as job #1.

Eventually even the sane do have to polish the turd (in the context of an adversarial arms race) to achieve mass deployment. Ideally, you financed your startup to also succeed at stage Number Two.

5)vulnerability

[aepervius]

Because when another drive-by-download or execute vulnerability pop up, it won't help you to load in background you are as vulnerable as loading in plain sight.

Slight Alteration ?

[nukenerd]

FTFA :

One attack ... slightly altered the AdChoices logo that is commonly used to disclose advertisements to fool the perceptual ad blocker.

Am I missing something here? A slight visual alteration can defeat the recognition of a ad graphic? Yet we are in an era of face recognition and self-driving perception software - and only waxwork dummies' faces look constantly the same, and I doubt that every road "Stop" sign is pixel-perfect identical.

Re:Slight Alteration ?

[Actually,+I+do+RTFA]

What you're missing is that the technology they tricked isn't production-quality yet. It's still mostly a research project. There's no need to improve the image recognition at this point, because that's not where they're focusing. Once the interesting work is done, that's part of commercialization.

Perceptual Ad Blockers

[cstacy]

I am pretty sure that I've seen Perceptual Ad Blockers on Doctor Who. They're kind of like psychic paper, only in reverse.

Why this is silly.

[cshark]

You know, I've given internet marketers a chance to explain themselves. An opportunity to prove they're not complete morons who not only don't understand their product, but their customer. I've been patient with them as they introduce new and ever more obnoxious and invasive advertising techniques that are heavily lauded, but that don't actually work. I've read their blogs. I've commented on their forums. I've tried to speak reason to power. And now... I'm done.

As I've explained to these intrepid idiots in the marketing industry for the last decade, people block ads because they're a blight. They're implemented poorly. They often contain malware which largely goes unpoliced, and they diminish the reading experience on pretty much any site they're on. If you're on a website, and the ads don't completely destroy both the credibility and quality of the host site, you're probably on buzzfeed. Nearly everywhere else, you're going to notice this nonsense.

The war on adblockers is a lost cause. Breaking adblockers is not going to result in higher clickthrough rates. It never has, in the entire time it's been around. If a user LOVES your website, they might whitelist you. Short of that, they'll bounce and get your content from somewhere else. Calling attention to and requesting a modification in the software a user runs is a violation of user rights. Period. Plain and simple. And it raises suspicions about the host site, bringing to the user's mind the other invasive practices a site might be engaged in, and the handling of their personal data in general. If you wouldn't demand to look in someone's underwear drawer when selling them a newspaper, you shouldn't engage in the ongoing harassment of your users in this way. There is no moral difference.

Asking users who are taking aggressive steps not to see ads will only result in lower documented clickthrough rates. It'll result in more bounce traffic. It'll result in fewer people showing an interest in your site, and less exposure over social media. Mind you, a lot of people that have never clicked on an ad in their lives think nothing of sharing your article with their network of followers. If you track the engagement numbers on sites that behave in this way, you'll see a downward trend overall in their engagement numbers -- resulting, ironically, in fewer ad impressions, and fewer clicks.

I don't know if there's anything to do about it. If the industry wants to sit there and gnaw off its own leg, they're welcome to do it. And I'm sure they will. Like I said in the beginning of this rant, they're not exactly the brightest bulbs to begin with.

Re:Why this is silly.

[Solandri]

The war on adblockers is a lost cause. Breaking adblockers is not going to result in higher clickthrough rates. It never has, in the entire time it's been around.

Two hunters are out in the woods when they run across a huge grizzly bear which rears up ready to charge them. One hunter stoops down and starts tying his shoelaces. The other hunter says "What are you doing? We have to get away from the bear!" The first hunter says "I don't have to outrun the bear. I just have to outrun you."

That's the situation the people trying to defeat ad blockers are in. They don't have to completely defeat the ad blockers; they just have to do a better job of it than anyone else in order to attract advertising business. So even if the click-through rate is down for the industry overall, if your anti-ad-blocker company's click-through rate is down less than everyone else, it's still a win for you.

That's the inherent flaw in ad blockers right now. They all try to block the ad, which just results in the advertiser trying to find a way to get around the block. To really be effective, you have to ask yourself why the advertiser is trying to show you the ad, then thwart that. Advertisers show you ads because the money they make from the few click-throughs is greater than the cost of the ad. So instead of trying to block ads, we should be trying to drive up the cost of showing ads. Fake impressions (loads ad but doesn't show it), fake click-throughs, and referral replacement (each family sets themselves up as a referrer and their computer auto-inserts their own referral code). That'll reduce the the key figure driving the ads - sales per impression / click-through / referral. Making ads appear to not be cost-effective anymore.

Re:Why this is silly.

[cshark]

That's interesting. Reminds me of Robert X. Cringely's strategy for defeating phishing. Much the same idea. I'm all for it.

Re:Why this is silly.

[Megane]

An opportunity to prove they're not complete morons who not only don't understand their product, but their customer.

The first rule to understanding your customer is to correctly identify your customer. The "customer" is not the one viewing the ad, nor the one who inserts some includes in their web site so that the ad can be displayed in exchange for pennies. The customer is the one who is paying you money, the one who created and paid for the ad to be shoved in front of eyeballs. The companies that shove the ads around have identified their customer, and their product. The product is YOU. (everywhere, not just in Soviet Russia)

Gentlemen, start your engines

[JustAnotherOldGuy]

Use NoScript. NoScript will kill 99% of ads just by stopping Javascript. If they insist on having Javascript enabled then I'll abandon their site and go elsewhere.

If they force unavoidable ads on us, we'll all just start clicking away like mad motherfuckers and bury them in useless, irrelevant clicks. I'll click on every fucking ad I see and never buy anything.

I do the same thing (more or less) with cold callers who want to sell me duct cleaning or tree trimming services over the phone. I say, sure, come on out- then I give them a bogus address.

If they somehow make it to my door (which occasionally happens) I just give them a blank look and tell 'em, "Sorry, I have no idea what you're talking about." (Plus, as I point out to them, we have no trees on our property, so why in the world would I make an appointment for a tree trimming service? heh heh heh)

My hope is that making them respond to the false positives will waste enough of their time and gas and money that they'll eventually sour on the idea, and it may just force them to reconsider if cold calling is really worth it. Three or four wasted trips a day starts to add up for a business that depends on booking valid (i.e. paying) appointments.

I know I'm just one guy....but just imagine the result if we all did that.

Well,

[no-body]

Isn't this whole throwing unwanted ads in your face against your will and intention abusive?
Who are the goon-robots programming this shit and the idiots trying to make a buck with this got nothing better to do?
Popup in your face - please subscribe - and have to act upon plugging an email address like "Ihate..." in..
The behavior causing this should be penalized with mandatory pot smoking and we will see progress happening very soon..

It's not news in ML

[Visarga]

The problem of adversarial images has been studied since 2013. There are over 1500 papers citing the original paper. https://scholar.google.ro/scho...

Re:It's not news in ML

[Visarga]

Off topic, but the same idea, of adversarial images, has been turned into a kind of imagination machine in 2014 by Ian Goodfellow (Generative Adversarial Networks - GANs). https://scholar.google.ro/scho... . (5600 papers!) They train two neural nets engaged in a game of forgery and forgery detection. The generator net takes in a random noise vector and creates an image. The discriminator network takes in the fake image, other times real images, and has to say which is which. This makes the discriminator learn about images, and using backprop, it trains the generator to generate better fakes. In the end it is possible to generate very realistic original images such as these: https://www.youtube.com/watch?...

Re:Ads are okay if carefully curated by the websit

[Megane]

This. Because the outsourced ads are generally horrible and annoying. But very few places bother to run their own ad server anymore, since you have to make an effort to get the ads from somewhere.