pagefairAs I said in a comment to another article the other day, I don’t trust “acceptable ads,” the program that some ad-blockers use to let them pick up some extra cash from advertisers in return for permitting their “acceptable” ads through the gate. On the face of it, it sounds like a reasonable idea, if the advertisers can prove they’re on the level and their ads aren’t annoying—but you run into the little problems that, first of all, what they consider “acceptable” might not be the same thing you do, and second, even if the advertiser is trustworthy, he may also be vulnerable.

Internet ads are a favorite vehicle for malware, after all, and a significant part of the reason many people block ads is that it’s better for security, not just annoyance factor. A case in point came to light last week. PageFair, the anti-ad-block service about five hundred sites use to bypass ad-blocking with “acceptable ads,” was hijacked to serve malware for about an hour and a half. Those sites included The Economist, which posted a message warning subscribers they might have been affected. (We first mentioned PageFair back in September.)

PageFair has posted a lengthy explanation to its blog of how the breach occurred—a cleverly-constructed spear phishing attack that counterfeited a message from the CEO, linking to a site with a faked Google URL that counterfeited an authentic Google interface. They’re taking steps to improve security to make sure it can’t happen again—which is all very well and good, but it shouldn’t have happened a first time.

Ironically, even PageFair has acknowledged that ad-distributed malware is a problem, and the number of attacks rose by 260% in the first half of 2015. With anti-virus software lagging behind, ad-blocking is one of the only sure ways to make sure you don’t get exposed. The company comes right out and admits it:

PageFair is opposed to adblocking because we believe that it could ultimately lead to the demise of publishers and death of the open web. But we can find no valid alternative to blocking malvertising until the situation changes. The surge in malvertising attacks so far in 2015 suggest that more consumers will embrace adblocking. And that’s bad news for publishers.

You know what else is bad news for publishers? Malware creators using spear phishing attacks on purveyors of “acceptable ads” to sneak their payloads past ad-blockers that permit such ads, to the computers of people who read and trust those publishers’ sites. It’s hard to see how that benefits anyone—except the creators of the malware, of course.

In a blog post made just a couple of days before the breach, PageFair explained that it was part of AdBlock Plus’s “Acceptable Ads” program—and that the other program named AdBlock, which had just been sold to an unknown purchaser, was also joining in implementing that program. Which meant that anyone who blocked ads with those programs but permitted “acceptable” ones through could have gotten saddled with malware. That should cast some serious doubt on the efficacy and desirability of block-bypassing “acceptable ads” right there.

I’m not exactly a prude when it comes to ad-blocking; I block them myself, largely for the annoyance factor but I’ll admit security is a major consideration, too. I even dumped AdBlock after it was sold to an unknown purchaser—if you don’t know who owns it, how can you be sure they’re even trustworthy? (And for that matter, it’s a favorite tactic of malware creators to buy browser extensions with an established user base in order to use those extensions to push their malware.) I use uBlock Origin on my browser now. Who would ever have thought that blocking ads could become a part of the same store of common sense that tells you not to visit warez sites or run suspicious programs you download from BitTorrent?

But still, I’ve come to realize it can be important to unblock ads for sites I really support and that have proven they’re good at weeding out obnoxious ads. For example, TeleRead does a great job of cutting out animated ads, and ads for things like dating services that don’t have much to do with e-books. I browse it with ads on, and haven’t been annoyed yet. (I’ll admit the guilt-trip pop-up we use asking people not to block might be annoying, but why not try turning blocking off for TeleRead and see how it looks?)

Happily, most ad-blockers permit whitelisting sites on a site-by-site basis, so you can try a site out with ads and see if it works for you. That seems like a better alternative than permitting your ad-blocker to take money from advertisers to expose you to ads—and possibly malware.

That being said, it seems to me we might want to look at some kind of better solution than just advertising. The amount of revenue ads bring in is pretty small, probably due in part to how many people block ads now, but I’m not sure that even without ad-blocking they’d be all that lucrative. Might there be some better way of getting funding? If, for example, we were to throw up a Patreon tip/subscription jar, would enough people kick in some money so to keep the site going? Are there other alternatives we should explore?

This has to be a question that a lot of other site operators are asking themselves, as I find it hard to imagine ads are working terribly well for any site anymore. What is the future of content on the Internet if advertising fizzles? Something tells me it might not be too long before we start to find out.

11 COMMENTS

  1. Why not offer a subscription that could get rid of ads. Ads are for non-subscribers. Subscribers don’t see them at all. I would be a subscriber to this and a few of my other favorite sites if the price was reasonable. I suspect a lot of readers would.

    Barry

  2. @Barry and @Chris: We’ve got some new tricks ahead to make TeleRead more appealing to readers and prospective supporters—including use of relevant, honestly labelled sponsored content along with ads we control entirely. Stay tuned. Alas, I don’t think Patreon or a similar approach is right for us. I invite people to write me at davidrothman@pobox.com with a commitment to spend X a month supporting TeleRead. I predict I’ll hear from five or ten community members if that many. Use PATREON in the subject line.

    I’m also experimenting with a compromise measure. Last week I began using the Contributor Service to let people pay to reduce the number of ads seen on TeleRead. Earnings from Contributor as of now? 40 cents despite the thousands and thousands of accesses just through Slashdot alone. See the promo toward the upper right of this page. I’m going to insert a Contributor link on the please-don’t-block-our-site page. But I won’t hold my breath.

    There are other possibilities. Maybe a well-off patron will make a long term commitment to support TeleRead strictly as a public service, given our history and our role in such causes as consumer e-book standards or the fight against DRM. But don’t count on it. For now, when people do use adblockers on TeleRead, they just might want to remember the old Joni Mitchell lyric: “You don’t know what you’ve got ’till it’s gone.”

    Anyway, let’s see what happens when the just-mentioned changes are in effect. We’ve still got a lot of fight left in us.

    Thanks,
    David

  3. Yet, as I clicked on this article I was prompted to switch of Adblock.
    I did switch it off for some time when the site prompted me for the first time. I just found the adds too … animated … for my taste. But, at least your site and other sites begging me to switch off adds spurred me to set Flash to “click to load” and install a plugin that de-animates animated gifs [unless I click on them and play a loop or two].

    If you want to serve adds that will be curated and are not blocked by various adblocking products, how about including [clearly marked] sponsored links or using images with the adds that are hosted on your server. There is no way to block adds if you host them on your server along with the rest of the graphics integral to your site layout. You would have to re-think and re-design the entire revenue system though.

  4. From what I’ve read about Contributor, I’m rather doubtful it’s going to be very effective, either for users or sites. But at least it’s something to try.

    The thing about Patreon is that it would let people who value our site contribute a small monthly amount to its upkeep. There might even be a way to rig it so that donators don’t see ads. As many people as we have who like reading our site, I’d think some of them might be willing to contribute at least the cost of a Starbucks latté per month to it.

  5. @Name(required) and @Chris: Animated ads? NR, I don’t see them on my end. Why not use the right-click trick and determine what the URLs are? I am very, very eager to ban those advertisers. But you need to share the URLs since I myself am not seeing animations. As for the suggestion to work toward more control over ads, that’s exactly what I want to do. It’s not going to happen instantly. But it will happen. For now, let us know exactly what anti-animation plugin you’re using. I heartily approve of that kind of software!

    Regarding Contributor, our turn-off-your-blocker page includes a link to one explaining how to make your donations help only TeleRead. I am still not happy with the division of revenue. But I’ve put the button up as a test, and so far the results are less than awesome, suggesting that Patreon probably wouldn’t be that terrific, either. Just the same, if there is a way to turn off ads for Patreon subscribers, I might well be interested in experimenting with it. I’m also eager to see if there are any WordPress plug-ins that allow people to pay to receive no ads.

    Meanwhile keep in mind that earlier in this discussion, I wrote: “I invite people to write me at davidrothman@pobox.com with a commitment to spend X a month supporting TeleRead. I predict I’ll hear from five or ten community members if that many. Use PATREON in the subject line.” So far, zero response—even though our conversation is ad-related.

    And so the search for a solution goes on. I want to try a mix of TeleRead-served ads and the sponsored content model, with an emphasis on SC that people want to read.

    Thanks,
    David

  6. @Catana: Even if ads are relevant and tell you about useful products and services? That’s my goal and the reason I want it seize control from AdSense. If not through ads, then how can TeleRead be supported? Do you want micropayments? Does anyone else?

  7. David,
    In the meanwhile I have switched off Adblock on your site again and I will report misbehaving ads.

    I use Firefox and I have installed plugin “Toggle animated GIFs 1.3” by Simon Lindholm.
    I have installed it when BoingBoing started an annoying practice of including animated gifs created from youtube videos *next to* an actual video. I haven’t looked back. (*)
    When I visit a page where I want to see animations I can click little “play” icon that appears on mouseover on a gif. For an example of a site where you will want to see animations visit http://beesandbombs.tumblr.com/

    For the worst offenders I have Installed YesScript plugin. This lets me to switch off any Java script animated reminders and crap that gets activated and tries to provide helpful suggestions as I am trying to scroll and read the page.

    (*) you see, I am lazy. People in general are *very* lazy and do not like to tinker with things that have been working for ages. Inertia is a very strong thing.
    So to persuade the vast majority of population to get in gear and install some kind of add blocking technology took some very serious effort from [bad] site administrators and advertisement agencies. Every time somebody calls me to to help with their computer and I see an unfiltered Internet with lots of crap installed in their browsers I am horrified. I do not understand how they manage to read a thin strip of text running between flashing screaming adds, with pop-ups, pop-unders, pop-overs and auto-playing videos …

    • @NameR: Thank you for offering to report misbehaving ads. URLs, please! For others: I’m reachable at davidrothman@pobox.com / 703-370-6540. Help me kill off the offenders!

      NR, I checked up on YesScript. Alas, not everyone has had luck with it, but for those who use Firefox it certainly looks worth trying. People running Chrome can go to the Chrome Store for Script Block for Chrome. Another possibility is ScriptSafe. Toggle Animated GIFs, alas, is not available in the Chrome store.

  8. David,

    I have just installed chrome plugin called “Gif pauser”. Seems to be working. Even on this Linux machine.
    Gifs only start moving on the mouseover.

    Long before there was plugin support in browsers [that means long before Adblock] I have used privoxy.
    — blurb —
    “Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.”
    — end of blurb —
    You install privoxy on your computer (or on any server on your local network) and configure it. Then in virtually any browser you configure it that it should use proxy for HTTP protocol and enter address “localhost” or IP address 127.0.0.1 and port on which you have configured privoxy to listen. In case you installed it on other machine on your network you use that IP address, of course.
    When your browser wants some file – an image, java script, whatever – it doesn’t contact the server directly but asks the proxy. And proxy sanitizes outgoing requests and filters incoming files.

    Privoxy has lots of advanced options and you can download various lists for blocking adds, scripts for blocking images of certain size (there used go be standard for image sizes for advertisements – great for filtering 😉 ) and other very advanced tricks. One of many tricks it does is gif image de-animation.

    http://www.privoxy.org/user-manual/index.html

    It is much easier just to install an Adblock, but one of those days I will get pisse^H^H^H^H^Hmotivated enough to roll up my sleeves and install this again. Much more powerful, much more configurable.
    Works in any browser, on large number of operating systems, even obscure ones.

  9. @NameRequired: Continued thanks for sharing this information! And meanwhile please, please be on the lookout for animated ads we can kill. With the URLs I can go to AdSense and drive stakes through the vampires’ hearts. David

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail newteleread@gmail.com.