1. 9
  1.  

  2. 9

    In case someone didn’t read the entire article: uBlock and uBlock Origin are two different extensions. If you are using uBlock Origin then you are safe. In fact uBlock Origin is the one you should be using - for more info check what the difference between the two extensions is.

    1. 1

      Just for context: uBlock Origin does not allow arbitrary filter lists to inject scripts, but instead provides a blessed library of scripts that a filter list can inject into a page.

      1. 1

        I would bet that several of these script are easily abused by offensive filter. Did not test thought.

        1. 4

          At the end of the days, you gotta trust somebody. There’s not enough time to only trust yourself.

    2. 1

      This kind of shenanigans is why safari content blockers work so well. Block what you want, efficiently, no funny business by whoever produces the app that provides the content blocker rules.

      1. 1

        These days I just use dns-based blocklists. Just run dnsmasq with an adblock blocklist locally, or on your home network with a raspberry pi.

        1. 5

          You say that, and it’s fine for some sites, but a lot of them have anti-adblock scripts baked in alongside the site logic. The only way you’re going to work around that is with redirect rules, like what uBlock Origin does. It also isn’t possible to do annoyance removal, like getting rid of fixed banners, using DNS.

          1. 3

            For the sites that it doesn’t work for, I close the tab and move on. It wasn’t worth my time anyway.

            1. 1

              To me, attempting to get blanket web-wide annoyance removal feels like freeloading. That’s not why I block ads. It’s my prerogative to avoid privacy invasion, malware vectors, and resource waste; if the site owner goes to lengths to make it hard to get the content without those, that’s their prerogative, and I just walk away. I’m not going to try to grab something they don’t want me to have. (The upshot is that I don’t necessarily even use an ad-blocker, I simply read most of the web with cookies and Javascript disabled. If a page doesn’t work that way, too bad, I just move on.)

              1. 1

                I figure that living in an information desert of my own making is not a very effective form of collective action. There simply aren’t enough ascetics to make it worth an author’s time testing their site with JavaScript turned off. And if it isn’t tested, then it doesn’t work. If even Lobsters, a small-scale social site that you totally could’ve boycotted, can get you to enable JavaScript, then it’s a lost cause. Forget about getting sites with actual captive audiences to do it.

                People need to encourage web authors to stop relying on ad networks for their income, and they need to do it without becoming “very intelligent”. An ad blocker that actually works, like uBlock Origin, is the only way I know of to do that; it allows a small number of people (the filter list authors) to sabotage the ad networks at scale, in a targeted way.

                1. 1

                  Thank you for bringing up Mr. Gotcha on your own initiative, because that sure feels like what you’re doing to me here. “You advocate for browsing with Javascript off. Yet you still turn it on in some places yourself.”

                  That’s also my objection to the line of argument advanced in the other article you linked: “JavaScript is here. It is not going away. It does good, useful things. It can also do bad, useless, even frustrating things. But that’s the nature of any tool.” I’m sorry, but the good-and-useful Javascript I download daily is measured in kilobytes; the amount of ad-tech Javascript I would be downloading if I didn’t opt out would be measured in at least megabytes. That’s not “just like I can show you a lot of ugly houses”; it inverts the argument to “sure, 99.9% of houses are ugly but pretty ones do exist as well, you know”. Beyond that, it’s a complete misperception of the problem to advocate for “develop[ing] best practices and get[ting] people to learn how to design within the limits”. The problem would not go away if webdevs stopped relying on Javascript, because the problem is not webdevs using Javascript, the problem is ad-tech. (And that, to respond to Mr. Gotcha, is why I enable JS in some places, even if I mostly keep it off.)

                  In that respect I don’t personally see how “if you insist on shovelling ads at me then I’ll just walk away” is a lesser signal of objection than “then I’ll crowdsource my circumvention to get your content anyway”. But neither seems to me like a signal that’s likely to be received by anyone in practice anyway, and I think you operate under an illusion if you are convinced otherwise. I currently don’t see any particularly effective avenue for collective action in this matter, and I perceive confirmation of that belief in the objectively measurable fact that page weights are inexorably going up despite the age and popularity of the “the web is getting bloated” genre. All webbie/techie people agree that this has to stop, and have been agreeing for years, yet it keeps not happening, and instead keeps getting worse. Maybe because business incentives keep pointing the other way and defectors keep being too few to affect that.

                  Until and unless that changes, all I can do is find some way of dealing with the situation as it concerns me. And in that respect I find it absurd to have it suggested that I’m placing myself in any sort of “information desert of my own making”. Have you tried doing what I do? You would soon figure out that the web is infinite. Even if I never read another JS-requiring page in my life, there is more of it than I can hope to read in a thousand lifetimes. Nor have I ever missed out on any news that I didn’t get from somewhere else just as well. The JS-enabled web might be a bigger infinity than the non-JS-enabled web (I am not even sure of that, but let’s say it is), but one infinity’s as good as another to this here finite being, thank you.

                  1. 2

                    But neither seems to me like a signal that’s likely to be received by anyone in practice anyway.

                    I, personally, can handle a script blocker and build my own custom blocking list just fine. I can’t recommend something that complex to people who don’t even really know what JavaScript is, but I can recommend uBlock Origin to almost anyone. They can install it and forget about it, and it makes their browser faster and more secure, while still allowing access to their existing content, because websites are not fungible. Ad networks are huge distributors of malware, and I don’t mean that in the “adtech is malware” sense, I mean it in the “this ad pretends to be an operating system dialog and if you do what it says you’ll install a program that steals your credit card and sells it on the black market.” I find it very easy to convince people to install ad blockers after something like that happens, which it inevitably does if they’re tech-illiterate enough to have not already done something like this themselves.

                    uBlock Origin is one of the top add-ons in Chrome and Firefox’s stores. Both sites indicated millions of users. Ad blocker usage is estimated to be between 20% in the United States, 30% in Germany, and around that spot in other countries, while the percentage of people who browse without JavaScript is around 1%. I can show you sites with anti-adblock JavaScript, that doesn’t run when JavaScript is turned off entirely and so can be defeated by using NoScript, indicating that they’re more concerned about ad blocker than script blockers. Websites that switched to paywalls cite lack of profitability from ads, caused by a combination of ad blockers and plain-old banner blindness.

                    Don’t be fatalistic. The current crop of ad networks is not a sustainable business model. It’s a bubble. It will burst, and the ad blockers are really just symptomatic of the fact that noone with any sense trusts the content of a banner ad anyway.

                    1. 1

                      Oh, absolutely. For tech-illiterate relatives for whom I’m effectively their IT support, I don’t tell them to do what I do. Some of them were completely unable to use a computer before tablets with a touchscreen UI come out – and still barely can, like having a hard time even telling text inputs and buttons apart. Expecting them to do what I do would be a complete impossibility.

                      I run a more complex setup with minimal use of ad blocking myself, because I can, and therefore feel obligated by my knowledge. And to be clear, for the same reason, I would prefer if it were possible for the tech-illiterate people in my life to do what I do – but I know it simply isn’t. So I don’t feel the same way about those people using crowdsourced annoyance removal as I’d feel about using it myself: I’m capable of using the web while protecting myself even without it; they aren’t.

                      It’s a bubble.

                      I’m well aware. It’s just proven to be a frustratingly robust one, quelling several smaller external shifts in circumstances that could have served as seeds of its destruction – partly why I’m pessimistic about any attempt at accelerating its demise from the outside. Of course it won’t go on forever, simply because it is a bubble. But it’s looking like it’ll have to play itself out all the way. I hope that’s soon, not least because the longer it goes, the uglier the finale will be.

                      And of course I would love for reality to prove me overly pessimistic on any of this.

            2. 2

              I use /etc/hosts as a block list, but it’s a constant arms race with new domains popping up. I use block lists like http://someonewhocares.org/hosts/hosts and https://www.remembertheusers.com/files/hosts-fb but I don’t want to blindly trust such third-parties to redirect arbitrary domains in arbitrary ways.

              Since I use NixOS, I’ve added a little script to my configuration.nix file which, when I build/upgrade the system, downloads the latest version of these scripts, pulls the source domain out of each entry, and writes an /etc/hosts that sends them all to 127.0.0.1. That way I don’t have to manually keep track of domains, but I also don’t have to worry about phishing, since the worst that can happen is that legitimate URLs (e.g. a bank’s) get redirected to 127.0.0.1 and error-out.

              1. 2

                For anyone interested in implementing this without pi-hole, I have a couple scripts on github which might help. I adapted them from the pi-hole project awhile back when I wanted to do something a bit less fully-featured. They can combine multiple upstream lists, and generate configurations for /etc/hosts, dnsmasq, or zone files.

              2. 1

                not the first time something deeply concerning has happened with adblock plus. don’t trust that!

                https://adblockplus.org/blog/attention-noscript-users

                https://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/