I usually don't even take it out of the plastic overwrap, because my eyes don't have ad-blockers installed.
I guess next time, I can spend some miles on a cheapo flashlight keyfob, or something. I guess I was just sort of throwing them a bone out of 90s nostalgia, anyway. If they don't want me looking at their website on my own terms, I won't do it. And if I stop looking at their website, I don't have much use for their inky paper, either.
I can somewhat an understand an opposition to advertising or paywalls. Opposing both is unconscionable.
Anyone got the list of sites HN currently blocks/penalizes/rewards? I'd love to tweak those options, and add marco.org and buzzfeed to my personal blocklist.
Seems genius to me.
I learned about the deck from daringfireball.
Curate your ads and serve them statically.
The first are overtly refusing to accept users' terms. The second are trying to have their cake and eat it too: viral content propogation whilst refusing to present content to those who come at it via link aggregators and discussion sites such as Reddit.
Both actively thwart Reddit's intended aim: informed discussion of an article _by having read it_. If they don't want to participate, then don't participate.
Moreover, advertising, the advertising infrastructure, and multiple aspects of it are creating a seriously problematic WWW information structure: crap content, user-hostile design, hugely excessive bandwidth usage, slow browser response, and privacy and security risks galore. At the same time, the actual creative producers and journalists responsible for primary content are hugely undercompensated.
Eliminating the existing advertising regime would allow all of these to be addressed.
That said, high-quality information has a very serious revenue problem, and I'd like to highlight that.
It's a topic I've explored in some depth, "Why Information Goods and Markets are a Poor Match" (https://np.reddit.com/r/dredmorbius/comments/2vm2da/why_info...). Or if you prefer a real economist, Hal Varian's "Markets for Information Goods" (http://people.ischool.berkeley.edu/~hal/Papers/japan/index.h...).
A frequently proposed solution is micropayments. I don't see those as viable, Clay Shirkey, Nick Szabo, and Andrew Odlyzko have all written at length on why not.
Rather, a universal content tax or broadband tax seems an alternative. Phil Hunt of Pirate Party UK and Richard M. Stallman of the Free Software Foundation have suggested this, I'd made my own universal content proposal some time back (https://np.reddit.com/r/dredmorbius/comments/1uotb3/a_modest...)
I've also done some back-of-the-envelope calculations on amounts. _Total_ global ad spend in 2013 was $500 billion, online was $100 billion. If _only_ the world's richest 1 billion (roughly: US, EU, Japan, Australia) were to contribute to this, the tax would be $100/year to eliminate _all_ online adverts, and $500/year for _all advertising entirely_. The money could fund existing creatives -- writers, editors, film producers, journalists, and musicians -- at roughly _twice_ today's compensation.
It's worth a thought.
As they are refusing to accept theirs :)
This is just contract negotiation. I'm not sure why you have an issue with it (or would desire to ban it). You have told them "we want to change the terms'. They are saying "no". Great, so move if you don't like that supplier.
Humorously, the thing you (and reddit) want to perform by banning is known as "concerted refusal to deal": http://www.businessdictionary.com/definition/concerted-refus...
If users can't view the content, they cannot discuss it.
And, as I've also mentioned at length (in the post and its links, as well as elsewhere) advertising itself is the problem in multiple aspects.
The sooner we render it nonviable, the sooner we move to something that works.
But you have me wrong on paywalls: I'd fully support them going paywalled. In fact, I fully support them going off the Web onto their own proprietary network (like the Compuserve and AOL of old) and charging thousands (if not millions) of $CURRENCY a year for access. That would be great.
This is an opinion. It sounds like your your mechanism of dealing with the opposing opinion is to censor it?
That seems bad ... Why not say: "let them do what they want, and let me convince people they are wrong on the merits?"
I gotta be frank, if this is the cure, it seems much worse than the disease.
I'm pretty amazed at the current state of ads. With multiple ad exchanges, private sellers, and static brand deals, the entire serving process is a mess and users are paying for it. I don't think publishing websites are being malicious; they're incentived to make money and just haven't figured out how to do it at a high enough margin while keeping users happy. I just think the entire internet ad industry is in shambles and nobody really knows a solution that makes everyone happy.
That's equivalent to pharmacists selling illegal drugs (heroin, cocaine) simply because they obviously make them more profits.
I'd liken it more to a hardware product being shipped with faulty materials when multiple manufacturers are involved and it's extremely difficult to identify the responsible party. Sure, they're responsible for the end product, but it's not so black and white.
Doesn't make them less culpable for the damage they cause, I'm just saying I don't think it's something they make additional money on, I think it's something that gets slipped under the radar by a few bad actors.
They obviously aren't incentivized enough to stop it though so why not implement a more direct compensation? If a user gets a malware program on their machine and it can be traced back to a given provider, that provider should be billed accordingly for the cost of the removal (including if the user can do it themselves, they should get paid for that anyway) as well as lost productivity time.
Currently any ad network serving malware just gets to ¯\_(ツ)_/¯ and keep on making money, and considering how damaging some of this shit can be I'd say that's the first point that needs addressing.
Ad networks are utterly unregulated. In terms of this pharmacy metaphor they're snake-oil salesmen.
Will other parts of Reddit follow suit? Maybe. But right now it's just /r/technology.
Not defending the shitty ad scene online. Just want to point out that most people don't want to pay for anything online, they are at least partially responsible for this mess.
Impossible and usually the worst approach to have. The best thing is to have a visionary that blazes the path for the rest to follow. Sadly the vast majority of visionaries will fail.
* You make an ad network that makes advertisers happy. In reality this will pretty much *always* make users *unhappy*.
* You make an ad network that makes users happy. In reality this makes advertisers *unhappy*.
There's not much middle ground there. The only possible win-win scenario is you make an ad network that makes users happy by only allowing users to advertise to other users. AKA classifieds....or you could just have one ad network that advertisers hate that users are happy with but because there's only one the advertisers just have to live with it.
And no, that's not a mistake. It's not advertisers I direct my ire but those who should know better and who apparently are meant to exist for the greater public good: The Press.
Given that Reddit is a large source of incoming referrals this stance (if implemented) might be a sufficient lever to send a signal to get those sites to improve their environment.
In any case since the sites are still able to use curated self hosted ads (ie not JavaScript redirects to externally hosted providers) they are able to sell static ad space to make money even with adblockers enabled.
It might be worth seeing what the outcome for the experiment is (if it goes ahead) and then seeing if the same logic would work for HN.
But the data retains its toxic qualities (of being a database of every action I take on the Internet and some in the real world).
I fire up the YouTube homepage and all of my recommendations are for UK daytime TV. Celebrities, 'Jeremy Kyle' (the UK Jerry Springer), etcetera.
YouTube sends me adverts for female hygiene products and dog food. (I am male and I own no dog.)
Even when I get advertising that's not selling me stuff that would require I buy something else first (sex change, dog) it's invariably for something vastly overpriced or some sort of megabrand.
Here's my idea for an ad company:
* People who want to post ads have to provide their name, address, verified email, and a security deposit(say $500). Larger volumes of ad purchases require either a long history, insurance, or a bank letter to vouch for you. If you load malware anywhere into the system, you get fined and your information gets turned over to the police.
* People who want to earn money with advertisements have to provide name, address, verified email, and a security deposit. The security deposit could be funded out of earnings(or not). Fraud is countered by randomly sampling websites and fining offenders if the ad isn't visible. Also they get their information turned over to the police if it was intentional fraud.
* Security deposits are returned within 1 month after the advertising relationship is terminated.
* Fines are paid out of the security deposit, and your access is restricted until you refill the account(possible with an even bigger deposit).
* People who are higher risk(from a shady lawless country, no history or background, etc.) have to pay a higher security deposit.
* Ads can be either text or banner ads. Anything Turing-complete needs insurance or a bank letter.
* If someone pushes through a porn ad to get advertised on the NYT by miscategorizing it, they get fined.
Now all the ads are guaranteed to be of high quality, and the websites you're advertising on are probably higher quality too.
Likewise, ads are fine in theory but the implementation is absolutely horrible.
Paywalls are also fine. Content producers choice. It's (un-annotated) links to paywalled content that is annoying.
http://www.ghettoforensics.com/2016/03/of-malware-and-adware...
"Here is what is clear:
The advertisement was not malware.
Forbes is still whitelisted from my ad-blocker.
We have no evidence of what exactly created this pop-up."
At the very least the "ad" was being run by someone trying to create an air of legitimacy around events like... a random popup IN YOUR BROWSER telling you about host system software you might actually need and should therefore go right ahead and install.
Oh HELL no. If it's part of someone's malware campaign, it should be categorized malware. That some dinky piece of their campaign doesn't involve machine-executable code does not matter in the slightest.
The weasely logic needing to justify allowing deliberate attempts at mis-education is how one gets sites for which navigation is rather like attempting to defuse a bomb, blindfolded, while riding a stampeding buffalo.
How on earth should someone from Bangladesh use Reddit? They can't even access PayPal.
It seems like just signing the software is enough to remove this labelling but their policies are not transparent.
At the end Google is behaving like a vigilante.
In that way, they are behving like a typical corporation.
I have first-hand experience with such a situation and you quickly loose faith in the ad network you're using. A month of blocking would be devastating to the site, considering it's not even their fault.
Repeat offenders could be handled differently though.
I definitely am not interested in subscribing separately to (e.g.) Wired, the NY Times, the Economist, WSJ, the New Yorker, etc. But I think I'd be totally down for a single rate that gave me ad-free access to some or all of those.
It costs ~4.5 USD a month, so ~2-3 hours of an entry level supermarket position pay. I don't know anyone who subscribes.
Advertisements suck at all of these.
I'm perfectly content with banner and text ads, as long as they're not animated.
What has changed is that adblocking reached mainstream.
Here is the thing I just dont get. Why doesnt some tech savvy organization create a white label solution that companies can either slap a subdomain on and invite "Customers" to fill ad supply. Self host the curated assets through said white label solution. Moderate with sophisticated computers that are not subject to the vast majority of mal ware (excluding 0-day obviously), and move on. Im sure someone could easily serve the ads off of the main domain anyway to circumvent all of the ad blockers on subdomains.
This is a perspective from the outside looking in, but people seem to just complain about the problem instead of looking for solutions.
EDIT: BAH, so there is a conversation from last year. https://news.ycombinator.com/item?id=10221859
its less of an issue if you link from here, as not everybody on this side will be a logged in user on reddit, but it should still be considered polite, considering that there is an actual 'best-practice' for linking
For a subset of users (either detected or by user preference), there might be another useful symbol as well for indicating if a website is not tor friendly.
If you don't like the link - don't vote. If enough people like it, then it's fair for others to see it. That's how communities work, you can't change rules to please everyone because you never will.
Power hungry censors from either the government or forums piss me off.
People who own forums have a right to regulate content, true.
But bullshit like this aint cool, I and the users are not babies, bugger off, we'll decide with votes.
I also don't like those sites that require JavaScript to read plain text content. Forbes is an example of both cases, with a twist. The text of the article is embedded in a script tag inside the HTML page and then added to the visible DOM. I could understand a SPA getting JSON from the server but here the content is already in the page.
Single subscription multiple website model may work, but as soon as buy-in ramps up for that model expect everyone jumping in with me-too services, killing it.
You know an arm's race is in progress when...
The majority of people voting on the story may only be reading the headline.
Ad blockers don't just block external ads, they use CSS rules to block internal ads as well. So the only way to avoid ad blockers is to make advertisement completely indistinguishable from content.
Imagine if Google did that, if they made sponsored results competent indistinguishable from organic results. The uproar would be loud.
In response to ad blockers, sites install ad blocker blockers.
In response to ad blocker blockers, Reddit adds ad blocker blocker blocker.
I think in a war between ad's trying to assert a user has seen an ad, and clients trying to view content, so long as the client owns the computer, the client will win. That's why I hate walled gardens so much. I'm convinced it was a preemptive shot in this war.
In response to add blocker blockers, ad blockers install ad blocker blocker blockers.
then onto your number 3
:)
it's an arms race!
This is like thinking that you would increase a crop yield by increasing the amount of fertilizer you put on it. There is an optimal balance beyond which you burn the crop with too much fertilizer.
I would suggest to significantly reduce the amount of advertisement on the site. Sell the add space with auction. Less advertisement increase the add efficiency. Increase the quality of content to increase the number of readers. Select high quality none intrusive adds that don't disrupt people's experience on the site.
In short take back the control of your site advertisement. Prohibit tricks your readers don't like (e.g. tracking), etc.
This is not much different from companies and hallmarks selling unhealthy food. The difference with adblocks is that people have a tool filtering out unhealthy food from their view. Who is the bad guy ? The client with its filter or the companies providing unhealthy food ?
Regulation doesn't work. We should know it by now. We have to take things in our own hand because the system is not able to keep a sane course by itself (cf. liberalism).
http://idlewords.com/talks/haunted_by_data.htm
That's quite a good talk. The takeaway is to treat data, especially personal data, as a liability rather than an asset, to discard data by default, and to retain only with a very specific goal in mind, and even then to transform the retained data into some kind of useful aggregate and discard it.
It doesn't contain the YouTube metaphor, which is included in this http://idlewords.com/talks/internet_with_a_human_face.htm
In my experience, the content recommendation on YouTube is the best. I've been learning about electronics and watching a few videos about it. Now YouTube recommends me new content and channels that are extremely relevant.
My brother is into guitars, and his frontpage is all about that.
YT has trouble figuring me out because I watch a lot of gamers that also appeal to a younger audience (eg Yogscast). I get recommended a lot of terrible stuff targeted at that audience that I have no interest in (eg PewDiePie and Markiplier).
I have no idea why they recommend stuff I've already watched.
But, and this is a big but: YouTube doesn't provide the options to either dismiss any given suggestion, nor to block specific channels. There's sufficient crap on YouTube that both are essential. I've been campaigning for both features for some time now.
Google's recently implemented an account-wide blocked-users manager. It applies now to G+ and Hangouts, though it may move beyond that. "Google doesn't comment on future plans", as they're fond of saying. I have hopes.
The majority of the other ad companies are still--despite all the massive dot-com failures during the boom--trying to just throw in ad referrals everywhere hoping something will stick, and trying to hand off those connections to the highest bidder... like, maybe if they just keep doing it for decades, somehow it will magically become profitable.
Unfortunately, the adverts aren't.
I agree with every word.
It seems to work decently well, for some definition of decent that Facebook has.
The point is that it removes the upside for a scammer: low friction entry point (good for scammers!) but limited ceiling: you're not gonna be able to do this to very many people.
Remove the incentive by capping the upside, rely on reputation until that point. Feels like a pretty good service.
My business is at 123 fakenschaft, Zurch. My email is a newly created Gmail account.
* Require security deposits to be paid with a bank transfer, cashier's check, or money order from a country with strong anti-money-laundering laws.
* For countries like the US where business information is public, verify the provided business address against public records.
* Allow larger sites like the NYT to require higher standards of verification(maybe 6 months active history on your account), so even if you went ahead with your malware attacking(say, using a homeless person to shield you from the cops) it at least wouldn't hit the NYT.
Honestly, I think at least taking their security deposit would deter a lot of attackers. You're probably right that it wouldn't help much against targeted attacks at smaller sites.
That sounds fine initially, but actually think about that for a minute. You want to give 1st world countries and established businesses lower barriers to entry than a random entrepreneur who happens to be from India?
Also, AdSense works in a similar manner with the deposits. You don't get a payout until you earn $100. That acts as a buffer for Google to determine whether you are legit or not, and stops people from earning low amounts on lots of different accounts.
The solution is dead simple: Don't allow embedded scripts in ads. Period. End of story. Problem no longer a problem. "We're all done here."
>Send me your automoderator rule once it's done, we'll add it our sub as well.
Seems likely to spread pretty quickly.
I have no idea under what context I made my iPhone learn that word.
We have an incredible abundance of content.
Do they? Isn't being coated in ads a normal condition of clickbait? Is clickbait high quality content?
Is Moore law against this?
A possible future scenario could be one were technology becomes so cheap that Apple/Google/Facebook .et all, starts "lending" their own hardware for free so people can access their _open_ walled-garden flavored internet.
Projects like of RPi/Arduino bring me hope that this wont ever happen, at least to us.
It's already at a point where I have to add Anti-Adblock Killer to prevent them from turning off ad blockers. Please don't ask to make it worse.
The real problem is very simple. The advertising companies need to stop publishing non-vetted media files (which means they can also no longer do a http referral to a site they don't control to save "bandwidth costs"). Many of them are not doing that because they're foolishly assuming a "deposit" or any other such arbitrary monetary penalty is going to be cost-prohibitive to a criminal organization. To the criminal organization, it's no different than any other bribe.
If you don't want advertising and refuse to pay for content, I don't see how that's anything less than expecting free journalism.
If people don't want to pay for anything on principle, then there's not much sites can do about that either. Paywalls are a better option than advertising but sites are still probably going to lose a lot of revenue either way.
How is that dishonest? The alternative would be far worse (demanding payment without a preview of what you're paying for).
The problem with posting paywalled content isn't posting paywalled content. It's the entitled people who can't even be bothered to use well-known workarounds and instead completely derail discussions on political grounds.
There's more content these days than most people care for - to be honest, if 99% of sites were paywalled, I'd probably be far more productive and not surfing 'information' that is free for the sake of just existing.
A book with a lock might work.
I have this issue with Netflix. I have tons of movies on "continue watching" that the only thing left to watch is the credits.
IF YT even understands that different populations use their system in completely different manner, then perhaps they've miscategorized you.
Something interesting to think about is we may be raising a population who see personalized suggestions as mere spam, if it suggests it you should ignore it because its always wrong. A poisoning of the well. In that way the whole concept of personalized advertisement might disappear.
reddit.com##.promotedlink
But Adblock Plus actually contains a second list of "Non-intrusive advertising" that actually allows ads on reddit. Many people are very angry about this list because many companies pay to get their ads put on it and allowed.Is this 100% verified, or just speculation? AB+ has always stated that they whitelist suitable ads, not ones that are paid. In my experience, this is true; only static text and image ads ever get through, and it's pretty rare. I think this is desirable as it incentivises the use of better ads.
In any case: I'll make sure that my ad blocker allows non intrusive ads. That said, "non intrusive" must not be deceptive either. It should be clear that it is an advert.
"dishonest" may be too strong, perhaps just misleading - paywalled articles are often designed to appear as free articles. With a proper preview the reader would know as soon as they arrive that they will be expected to pay to read. I understand why sites prefer to hook you with partial content first, but that practice can appear deceptive.
>The problem with posting paywalled content isn't posting paywalled content. It's the entitled people who can't even be bothered to use well-known workarounds and instead completely derail discussions on political grounds.
I agree with you there - no one can post content from Wired anymore without someone starting a thread about the paywall. If you're not willing to read the article you should just not participate in the discussion about it.
While HN has a single stream of stories being voted on, the guidelines for story submissions limits the scope for what can be submitted. The people who read HN are pretty much all technically astute, so when they see an article behind a paywall they don't vote it up - heck, many probably just flag it on principle.
If the article is chock full of intrusive advertising, it gets flagged pretty fast. If it is an interesting article that gets to the front page I guarantee you that there will be vocal complaints about the advertising. But most of us here, I would hazard to guess, have installed uBlock Plus of some sort of ad blocker so we probably largely miss it. And the things we find interesting are usually from sources clueful enough not to be so stupid as to employ anti-adblockers.
But the link is about /r/technology only, not reddit as a whole.
There, you done gone made me say it.
It should be obvious before I click the front-page link on HN that it's about /r/technology only, not reddit as a whole. That means there's still room for admin improvement here on HN.
You made me say it!
We'd be better off with only static image/text ads, yes, but malware distribution by means of poorly vetted advertising wouldn't totally vanish.
So, don't do that.
> It's not that simple.
It is absolutely that simple.
Your argument is basically, "Their process is so complicated they can't avoid serving up malware." But that's not a justification for serving up malware. If your process is too complicated to avoid serving malware, then you need to simplify your process until you can avoid serving up malware.
You don't get a free pass on ethics just because ethics are inconvenient for your business model.
Yes, I think publishers have a responsibility to monitor their ads and keep their users safe. But I still don't think it's a black and white ethics situation. The exchanges and other ad providers need to fix their business model and not depend on publishers to filter the malware ads they're sneaking onto their page.
1. Publishers can't compete if they behave ethically. If this is true, then the solution is simple: if you can't run your business ethically then close your business. However, I believe that it's entirely possible for publishers to compete ethically; there are, for example, plenty of business models besides selling ad space.
2. Publishers are only accomplices in serving malware. We can't ignore publisher's role in serving malware and blame the ad networks. Both the ad networks AND the publishers are to blame.
I think there's an even simpler and more realistic solution: someone needs to make a Chrome extension that is like uBlock Origin, but unblockable.
It should be:
* an adblocker that also blocks tracking scripts
* ...with no "acceptable ads" whitelist like Adblock Plus
* ...open source
* ...with workarounds for ad-blocker-blockers
Here's how I think we can do that: we maintain a list of domains that are using ad-blocker-blockers, and for those, rather than blocking ads at the HTTP request level, the user agent loads them and simply doesn't display them.
In principle, you can do this in a way that is completely undetectable by the site owner. There doesn't need to be an "arms race" between ad-blocker-blockers and the workaround developers--you simply win outright by having DOM look exactly the same as if it had ads, but rendering, say, a box with a tasteful light grey smiley face instead of the ad. (You can even make it so that canvas.getPixelData returns the ad that the page thinks it drew, but the actual screen output doesn't show it.)
At that point, sites are actually incentivized to stop using ad-blocker-blockers, because the only difference they'll make is that site will load slower, since the user agent has to load and pretend to display all those extra resources. The user never actually sees the ads either way.
--
For extra credit, this hypothetical browser extension can also simulate a click on YouTube's "Skip This Ad" button as soon as it appears, etc.
You could even keep per-domain blacklists of bloat resources and simply not load those. That would make the internet feel a lot faster. A user with this extension would visit The Verge and instead of getting a janky 5 megabyte page load, they'd get a near-instant load with just the text and images.
Finally, this extension could keep a mapping of desktop sites to auto-redirect to the lightweight mobile equivalent, with a body{max-width:800px} thrown in to keep things readable.
I know I'd install this hypothetical extension immediately and never go back.
That's an assumption you're making, and not a correct one.
This solution also doesn't in any way address anything I said: it is still not ethical to serve malware to your users.
I think calling this an ethical issue is quite a stretch. In many cases, we're talking about visitors who are not only enjoying the content from someone else's site completely for free, but also employing tools that actively modify the intended presentation of that content to the detriment of the host site's operators. And now you're saying that not only should the site operators make their content freely available and accept that some visitors will circumvent possibly the only way they have of generating revenue, those operators should also be actively responsible for vetting any third party content they incorporate within their site in case the third party is hostile and those visitors know enough to run ad-blockers but not enough to run anti-virus software? That seems a very short-sighted and one-sided position, entirely in favour of the party who isn't actually contributing anything in this scenario, and I see no ethical basis for that.
Edit: For those who are downvoting, please consider that I did not disagree with the original premise I quoted. Obviously unethical business models are still unethical even if the ethical ones are inconvenient.
What I'm asking is why we should consider it an ethical requirement for someone who is already generously offering their content for free and accepting that a significant fraction of visitors will circumvent their intended ad-funded model to also go to unrealistic lengths to vet any third party content they include for safety against arbitrary unknown threats that could change at any time without notice, all for the benefit of a visitor who is offering them nothing. I'm not sure whether someone operating a web site really owes their visitors anything in this scenario, other than perhaps a basic "good citizen" principle of not negligently serving up malicious content, and I don't see how operating within the same infrastructure as a huge number of other web sites could reasonably be considered negligent in this respect.
Unless you think we should also close down all third party CDNs, image hosting services, caching services, web font services, and so on, the web is fundamentally a linked medium where sites can usefully be built by combining resources from other services, and naturally those other services will retain control of what they are hosting themselves. Making Joe Blogger responsible if some massive service's CDN version of jQuery got hacked doesn't seem like a good way to encourage Joe Blogger to spend their time sharing their writing with the rest of the world.
No, I'm not saying that. I'm saying it's unethical to have ads with malware on your site. I didn't propose a way not to have malware on your site.
The way you propose, by vetting ads, has been used successfully, but it's not a particularly imaginative solution. What about donations, freemium, PWYW, subscriptions, grants? Or what about giving your work away for free and using that reputation to get jobs?
> Making Joe Blogger responsible if some massive service's CDN version of jQuery got hacked doesn't seem like a good way to encourage Joe Blogger to spend their time sharing their writing with the rest of the world.
It's utterly ridiculous to claim this is about Joe Blogger. Joe Blogger is quite often happy to do his blogging as a labor of love and let blogspot/livejournal/whatever reap all the ad revenue. And small-time bloggers who do make money are frequently more sensitive to their readers' complaints and explore alternatives to big add networks that serve ads. The problem is big content providers who are under shareholder pressure to produce growth each quarter, so they try to squeeze out every bit of ad revenue with no concern for users. They're also too risk averse to try alternative monetization strategies to ads. It is well within the capability of those players to provide ads without malware, but they don't because it doesn't hurt their bottom line enough.
Serving up malware to your users and readers is unethical. I'm all for supporting content providers; I donate to NPR and to artists on Patreon frequently. But if you can't run your business ethically, then you should shut down your business.
If you really think serving up malware to finance content is okay, then why don't you propose that content creators just hack some small percentage of their users and sell the data online? The effect on users is the same, but it cuts out the middlemen so it's more efficient.
If they're attempting to make money from ads, they're not offering it for free.
The reason that the bad advertisement issue is such a big problem is that very often the anti-virus programs simply don't work on the malware being served. The exploits used either aren't in the definitions database or the AV has a blindspot.
It's also very difficult to be running without an anti-virus on a modern computer. Windows Defender doesn't always rank the strongest, but it's certainly competitive with other AV solutions, and Windows will nag-nag-nag if you don't have what it considers to be an active AV installed. It's not the early 2000's anymore when you had to find a good AV - for the most part, if you buy a modern computer, there are AV protections in place already.
As is such, these aren't users thumbing their nose at safety and running around unprotected, these are people who have a reasonable expectation to not be served malware by reading an article at Forbes.
Simply put, regardless of how you're doing it, you should not be serving malware to people. If your site is the vector, you have a responsibility to deal with it, and ignoring this, as many sites have done, is an ethical breach. Malware can and does do harm, sometimes in the form of lost data and lost money. Ensuring you're not serving up malware isn't just in the lines of "good citizen", it's a duty to not harm - the people affected by the malware have no recourse in virtually every situation. If it's ransomware, they either have to hope that it's poorly made and gets broken, if their machine is otherwise unrecoverable, that data is lost.
Forbes and the other sites that are proposed to be blocked may be getting fingered right now, but the complaint is a larger complaint about advertising; as participants who are not working to clean it up, I think users have every right to be upset and to call it unethical - the response that they're receiving is, well, no response. The websites don't care.
All that being said, I'm actually fine with them putting up an ad-wall, as it kind of forces them to put their money where their mouth is. Part of the change that will need to happen is to show the sites that consumers don't want to put up with dangerous ads and to prompt action, and ad-walls pretty much force a boycott if users want to continue using adblockers. This will give them the metrics to see the effect that bad advertising has, and hopefully prompt change.
But, I still think that you have an obligation to ensure your website is not a hazard, regardless of how it became one. "Everyone else is doing it" isn't a defense, especially when it causes real and immediate damage to potentially thousands of people.
An innocent gets malware from an advertisement. The publisher blames the ad-network who in turn blames the criminal. The ad-network claims that they can't curate the advertisements or the margins becomes to small. In the end, the innocent has to take the full fallout of the crime.
An innocent gets mistreated by a fake doctor. The hospital blames the hiring agency, who in turn blames the criminal. The hiring agency claims that they can't do background checks and verify CVs of applicants or the margins becomes to small. In the end, the innocent has to take the full fallout of the crime?
Why is there such discrepancy between the two cases? Why can one agency do curation and still function, while the other can't? Why can the publisher get away with using a bad ad-network while a hospital is fully legally responsible for using a bad hiring agency? Those seem to be very simple questions, ones that should have very simple answers.
And just as a computer reseller/free-computers-for-everyone-distributor has an obligation not to send bombs to people who asked for computers, a website owner has an obligation not to serve malware to people who asked for content.
It is not black and white but it is pretty close.
Edit: I have to give Firefox credit here. It actually just prompted me whether I'd like to save the file. I did and uploaded it to virus total. Probably not a good idea if you do anything sensitive on your computer.
The word "legally" gives it away: because there are laws.
But we don't like dem laws here on teh intertubes, so far-west it is.
But if it were to happen, the website is who is sue, because it is within their responsibility to ensure that ads and/or content should not cause harm to a visitor.
I don't think that's been established. With the current state of advertising on the internet, it's not even possible to do this.
In general, websites use advertising networks which do not allow them to proactively vet the content. Even if they did, no amount of vetting can guarantee the content is benign (active content can do naughty things only some of the time or on some platforms, or things not yet recognized as naughty - this is also why antivirus isn't reliable). So, clearly the solution is to not allow Javascript or flash, right? Nope - exploits in image parsers, font parsers, video parsers, audio parsers, etc. come out fairly often.
This could maybe be dealt with by contracts between websites and advertising networks specifying that the advertising network will be liable for malicious content, but I don't see that happening.
We don't accept paying for content to avoid ads that may be dangerous.
The countries that pay less than us often are at least as highly regulated when it comes to medicine, medical treatments, and their delivery, so while we certainly are paying a lot more for those things, I don't think that the argument that we do so "in exchange for regulations" is particularly defensible.
In any case, even in a commercial transaction, there is an element of reasonableness to what is expected. If I buy a $50,000 car and it breaks down on the second day of having it, that's obviously well below a reasonable standard. If I buy a $10 toaster and it breaks after a couple of years because the crumb tray didn't quite fit? Maybe that's more reasonable. If I buy a $10 toaster and it catches fire and burns my house down after a couple of years because of a design flaw that the manufacturer knew about but didn't fix? Again, not so reasonable.
In this case, we have a content provider who is making at best a tiny amount of ad revenue from a visitor, yet some people here seem to think there is an ethical obligation on that content provider to provide a literally impossible standard of monitoring of the behaviour of the ad networks anyway. As I've mentioned elsewhere, even the argument that they just shouldn't use an ad network in the first place doesn't really work, because logically you'd also have to apply the same ethics and accept responsibility in the same way for any other third party content, such as scripts hosted on CDNs. By the time you've finished knocking out any sort of third party hosting just in case a rare instance of malicious content slipped through the net, the web would be a much worse place.
>Today, the U.S. and Canada have less than 25 doctors and 30 hospital beds (per 10,000 population), compared to over 35 and 50, respectively, in most countries in continental Western Europe. Mark Pearson, head of Division on Health Policy at The Organization for Economic Co-operation and Development (OECD), discussed possible reasons the U.S. spends more than two-and-a-half times per person more than most developed nations in the world, including relatively rich European countries: “The U.S. has fewer physicians and fewer physician consultations relative to its population. The U.S. also has fewer hospital beds for its population size and shorter average stays in hospital relative to other countries. Indeed, the lower numbers of physicians could help explain why they cost more; there is less competition for patients.”
Are the specific things pointed to there as a cause of a US doctor shortage all found in other countries, but without a shortage?
Definitely tort law which increases malpractice costs is far more of a factor in the US market.
Ultimately, it's just not realistic to expect every little store and niche blogger to either monitor every third party service they depend on full-time just to protect the users who are giving them little if anything in return or to discontinue using any third party services that are technically capable of distributing malware. The former is demonstrably impossible anyway, and if you take the latter to its logical conclusion you undermine substantial parts of what has made the modern web so successful, far beyond using ads as a revenue stream.
Put another way, malware writers themselves may be the scum of the earth, but I don't see why someone writing a blog about how to bake cakes and using a well-known and generally reputable ad network to fund the hosting costs is any more ethically responsible for the consequences of a malware incident than, say, a browser developer whose also freely offered product had a vulnerability that could be exploited in the first place. I don't see anyone calling for any browser with a track record of serious security vulnerabilities (which is all of them, of course) to be banned to protect users from malware, though.
A grocery store handing out free samples still has an obligation to make sure it's not contaminated, and I really don't buy idea that "don't send people malware" is significantly less a part of a common decency than "don't feed people tainted food" is.
But of course, it isn't. In fact, there is no way the site owner can guarantee to avoid the indirect distribution of malware without ceasing all use of third party resources on their site.
Given the usefulness of third party resources (not just ad networks) and the relative rarity of malware being distributed through those channels, I don't think the argument that the only decent choice is to eschew all the third party functionality of the modern web is reasonable here.
Exploits in jpg/png are very rare.
At worst, all you have to do is make the ad network [re]compress the image.
A major security issue with probably the most popular automated image processing toolkit in existence came to light just the other day. That particular one would be used for attacking servers, but there have been client-side vulnerabilities in other common resources such as fonts before too. Assuming that just because a format is common the software processing it won't introduce any vulnerabilities is not a great idea.
In any case, the relative rarity isn't really the point. Either it's ethically and/or legally correct to assign blame for malicious advertising to the final host site that the user actually visits, or it isn't. That's the principle we're really debating, and the rest is just a degree of risk.
Because of all the weird formats it supports. That's why I said jpg/png, not 'images'. Any software that supports 200 formats probably has severe bugs on the rare ones. Doesn't matter for making a secure image server where you can dictate the format.
>In any case, the relative rarity isn't really the point. Either it's ethically and/or legally correct to assign blame for malicious advertising to the final host site that the user actually visits, or it isn't. That's the principle we're really debating, and the rest is just a degree of risk.
Whether they are being negligent is relevant. Allowing known-risky formats that keep failing over and over is negligent.
I would like to introduce you to libpng: https://www.cvedetails.com/vulnerability-list/vendor_id-7294...
For businesses running large enough sites to operate their own scheme, sure. Facebook ads are pretty safe, for example. Unfortunately, this isn't a realistic option for smaller sites, and neither are any of the other things you mentioned in most cases. Alternatives like donations or PWYW have been tried and they almost always fail. That's why ad-funded web sites are still so common!
I don't think this discussion is going to go anywhere useful. You're objecting to a behaviour that is widely useful -- incorporating content served by third parties as part of a site -- on the basis that site operators with little if any revenue aren't operating to an impossibly high standard of safety checking at their own expense to prevent a small risk of third party malware being served by their site without their knowledge or consent. Furthermore, you have offered no plausible better alternatives for most of those site operators. In a world complying with your rules, most of the modern web doesn't exist, because no-one would "ethically" be allowed to contribute to it without falling short of your standards.
1. Most businesses fail, period. I think you would be hard-pressed to prove they failed because they doesn't have ads.
2. You conveniently ignored half the alternatives to ads that I listed, probably because there are numerous examples of successful subscription-based content providers.
> In a world complying with your rules, most of the modern web doesn't exist, because no-one would "ethically" be allowed to contribute to it without falling short of your standards.
This is true, but I'm not sure why you see this as a bad thing. Most of the modern web is noise that makes it harder to find signals I care about. Sites that get their money from me are more likely to give me content I want than sites that get their money from ads and malware.
Well, if a business used to make enough revenue to turn a profit through ads, and then you take that revenue away and it fails, it seems likely that the failure was caused by the loss of ads combined with the lack of any alternative revenue stream(s) to replace them. Occam's razor and all that.
2. You conveniently ignored half the alternatives to ads that I listed, probably because there are numerous examples of successful subscription-based content providers.
From direct personal experience, getting a site to the point where someone is willing to pay real money for access -- even if you have lots of original content that gets very favourable comments and a lot of interest -- is hard.
If you're running a huge brand whose site people really do visit often -- a good quality news site, say, or perhaps a service like Netflix or Spotify -- then sure, someone might consider it worth paying a few dollars a month to subscribe.
If you're running a smaller niche site that someone might find very useful but only visit occasionally, unfortunately it is a different game entirely.
Just to be absolutely clear, so you don't think I'm ignoring any of your alternatives:
Donations: Known to generate negligible revenue in most cases.
Freemium: Possible in some cases, but only if there is something useful to upsell to.
PWYW: See Donations.
Subscriptions: Possible in some cases, but only if the site is big enough and/or updated often enough to attract regular visitors.
Grant: From where, exactly?
Sites that get their money from me are more likely to give me content I want than sites that get their money from ads and malware.
Really? I find sites that show up for the search terms I'm using and hold my attention for more than 5 seconds when I click through are often very useful.
However, I'm not going to subscribe to every one of the 150+ sites that my browser history tells me I visited today while researching something, or even the 10-20 of them that actually did have very useful information.
Nor am I realistically going to go through the hassle of making a card payment or using some donation service I've never heard of and don't necessarily trust just to give each site some fraction of a dollar, even if I considered the material they'd given me on that occasion to be worth it.
I would happily donate to such sites if an immediate and non-intrusive method for handling the micropayments existed, but sadly we haven't solved that problem yet. Until we do, I don't begrudge sites that are ad-funded, nor do I think they owe me anything if they block me because I then block those ads.
So as I wrote before, I don't think this discussion is going anywhere useful. You still haven't suggested any viable alternatives for many sites that are currently ad-funded, and you still seem to think all the responsibility for safety on the Internet belongs to the only people actually contributing anything in your scenario, i.e., the people running the sites.
It does mean more limited analytical data, but it would also mean better privacy constraints... it means moving the delivery to first-party servers, that can use other SaaS behind that.
As to advertizing, it means delivering an image url, and a target url... no more leaps and bounds of JS, or for that matter layers of iframes..
TBH though, if browser vendors simply disabled JS, and iframes more than 3 layers in, and limit JS files to 3 max (100kb size limit) within an iframe, the advertizers would probably successfully self-correct..
But if you look at this from the opposite direction, you're essentially arguing that we should only use technologies that are known, or at least reasonably expected, to be extremely safe.
Given that in general humanity hasn't yet figured out how to create such technologies, and that numerous formats we use every day on the web to great overall benefit would not qualify, that seems a tall order.
No I'm not. Go ahead and use a new technology. But don't use a proven-bad technology.
If you tried a reasonable amount and don't know about security holes, that's one thing. If someone shows you the security holes, and you don't fix them, that is where you're a bad actor.
But the "proven bad" technology you're talking about here is just incorporating any third party content in your site. Obviously that is a security risk if the third party isn't perfect about policing what they host.
On the other hand, billions of resources are served in that way every day, and the web is a much better place for it. Only a tiny fraction of those third party resources are hostile, and most of the ones that are will be closed down rapidly by the third party service themselves once discovered.
So is this really in "proven bad", "known-risky" territory, or are we actually talking about "very rare" dangers and a lot of hyperbole here?
Of course now you're not only prohibiting third party resources except images, you're even prohibiting modern image formats like SVG, which is a little ironic since SVG-based ads might be smaller and/or look cleaner than equivalent bitmaps.
Other than that, not really. As demonstrated both by personal experience (I've worked for a large pub; many acquaintances work for large-ish pubs) and the utter lack of success of the majority of publishers attempting this.
I think very few websites allow one person to embed arbitrary scripts that will be shown to another person.
It is impossible to screen or sanitize third party content if the third party is hosting it and the user loads it when your page refers to it. The third party can change that content at any time, without your knowledge or consent. This is how almost all ad networks work. It is also how almost all CDNs, web font services, image hosting services, etc. work.
I think very few websites allow one person to embed arbitrary scripts that will be shown to another person.
Every single site on the web that hosts jQuery via a CDN does exactly that. This single example alone represents many millions of sites.
I'll repeat myself. "I think very few websites allow one person to embed arbitrary scripts that will be shown to another person." This is not happening as a result of you using an image host. No scripts are involved there. This is not happening as a result of the site using a CDN. No user triggered that load of jQuery.
It's fine to load jQuery from a specific server that you trust. It's also fine to load ads from the ad network's server, as long as they are policing uploads properly. The problem is they usually don't.
I have no qualms about paying subscriptions, and you won't find a post in which I'm "bitching about" subscriptions.
Instead of trying to create an alternate reality in which I'm somehow demanding things for free, how about you respond to my actual arguments?
You keep saying they usually don't, but billions of harmless ads are served every day while only a tiny fraction of the served ads are malicious. I just don't see how it's reasonable to assume depending on a third party ad network for content is fundamentally risky yet depending on some other third party service is not. CDNs and other hosting services get hacked and serve malicious content sometimes too, but that is also very rare and also usually gets fixed very quickly if it does happen.
Using a third party ad network is not inherently risky. But most specific third party ad networks are risky, because of bad practices.
That most ads are harmless is enforced through social norms and after-the-fact takedowns. They could do better, but don't. Negligence.