Saturday, July 30, 2016

Why ad blocking culture has to change

In my work at Rendition Infosec and SANS, I rely heavily on analogies to communicate complicated technical topics to those who often do not have a very technical background.  I'd like to put those skills to use today to tackle the issue of ad blocker use.

Many websites, particularly "news" websites, rely on advertising revenue to stay afloat.  If you block their advertising, they don't get paid, babies die, building burn down, and the economy crashes.  So now a number of sites with very relevant content won't show you their content if you use an ad blocker.  They argue that if you try to access their content with an ad blocker, you are stealing from them.  On the surface of it, this sounds sensible.

But there's a rub.  Many advertisements are malicious in nature.  This is so common that "malvertising" is a very well known term in infosec.  My post comes on the heels of the announcement of a huge malvertising campaign that hit 22 advertising networks.  Patching third party products is a notoriously difficult proposition, so many of these malvertising attacks target out of date Firefox and Flash.

This guy doesn't use ad blockers, but as for the rest of us...

Seeing articles like this, I understand why people would want to use ad blockers.  Think about the analogy to this in the real world.  You need to go to the store to get some groceries.  Unfortunately, the grocery store has a gang violence problem.  The Crips control the dairy section and the Bloods control the produce section.  Other gangs control the frozen food and dried goods sections.  People you know have gone to the grocery store and been beaten or shot.

The grocery alliance wants to do something about the problem, but it's really hard.  After all, they note that the gang problem is well known and people have been notified about how to appropriately dress to avoid infuriating the gangs (don't display gang colors).  The grocery alliance says that the gangs only represent a threat to those who haven't patched their wardrobes (see what I did there?).  If you only patched your wardrobe, there would never be an issue.

No, not that kind of gang.

Unfortunately, even those that have patched their wardrobes are more than a little worried about the grocery store gang violence.  They want to shop using armored carts (that look something like tanks).  The problem is that the grocery stores will all have to expand the width of the aisles for the armored carts.  This reduces the amount of goods they can stock and causes all kinds of other costs they have to bear.  The grocery alliance says that if customers want to use armored carts, they won't be able to make any money.  They'll lose money providing customers with their groceries.

This puts consumers in a strange position.  They certainly don't want to cause the grocery stores to go out of business, but they want to get our groceries and want them safely.  When a website says you can't visit it safely, they are doing the same thing as the grocery store saying "no armored carts."

The wrong plan - they're missing the point
Yes, some websites offer you the option to use an ad blocker if you pay for their content.  But coming back to my grocery analogy, this is like the grocery alliance saying you can use an armored cart only if you pay for the privilege.  Sure, you get your way and get to shop in relative safety.  But this is ridiculous when it comes down to it.  This would be like paying protection money to the mafia.  As long as you pay us, we'll let you do your thing.  Don't pay us and you'll run the risk of getting exploited.

This billboard, like publishers offering to remove danger for money, are missing the point
I understand the "no ad blocker" argument from businesses.  But until online businesses get the criminal gangs out of their advertising networks, expect their arguments to fall on deaf ears.  I'll keep using ad blockers (and avoiding the dangers of grocery shopping without an armored cart).  

1 comment:

  1. It should also be said that many sites have a problem also with the *amount* and the *invasiveness* of the ads. Especially news sites have more than 50% of the space taken by ads, some of them blinking and very distracting, others are videos (that suck up my bandwidth and CPU) that often start with audio on. On the top of that, they reload the page every 30 seconds and since it takes an handful of seconds to reload it, it is very annoying.

    I understand that they need ads to keep the site alive, but I have the impression that they are abusing it.

    I would like to see a kind of "generalized subscription" for this kind of sites: you pay a monthly fee and every time you visit the site, the site owner receives some money. In order to receive the money, the site owner promises not running any ads or only a limited amount of non-invasive ads.

    ReplyDelete

Note: Only a member of this blog may post a comment.