Modern Web Ad-Blocking

Marco Arment writes:

Web ads are dramatically different from prior ad media, though — rather than just being printed on paper or inserted into a broadcast, web ads are software. They run arbitrary code on your computer, which can (and usually does) collect and send data about you and your behavior back to the advertisers and publishers. And there’s so much consolidation amongst ad networks and analytics providers that they can easily track your behavior across multiple sites, building a creepily accurate and deep profile of your personal information and private business.

I couldn’t agree more.

Daring Fireball adds:

It’s not just about privacy. There are other costs: network bandwidth (which for many of us is metered on cellular), page load times, and increased CPU usage, are real costs — paid entirely by the visitors to websites.

That too.

One surprise: Arment and Gruber both use Ghostery. Ghostery is built by an unusual company that’s somewhat of an advertising firm itself. If a user opts-in, Ghostery collects anonymized data about what it blocks; this data is made available to academics and advertisers alike. Ghostery’s corporate aim appears to be to restore balance between advertisers and consumers. It’s an intriguing business model but not without the potential for future conflict of interest.

Beyond Ghostery, there’s a rogue’s gallery of blocking extensions to choose from:

Adblock and Adblock Plus are widely used and, confusingly, unrelated. Historically, Adblock was a respected open source project. Today, alas, it’s a dubious proprietary solution that’s best avoided. Adblock Plus, a capable open source project, apparently allows approved advertisers to buy their way onto a whitelist: a bizarre proposition for an ad blocker if ever there were.

uBlock and uBlock Origin are two forks of the same open-source project, with a nastily tangled political history. The rift occurred recently so, at least today, the services are similar. Both provide list-based blocking that draws from a wide range of publicly available blocklists. (My experience with uBlock has been extremely positive so far.)

Privacy Badger is the EFF’s new open-source content blocker. It’s still young, so it doesn’t yet support Safari, but it has an interesting premise: in order to complement pre-canned blocklists, Badger looks for recurring third-pary domain references. Such domains are summarily blocked. With extended use, Badger has the potential to identify trackers that none of the pre-baked lists contain.

Disconnect.me is a private company founded by former Google engineers that provides a smörgåsbord of security and privacy capabilities, including ad-blocking and search anonymization, through its underlying VPN network.

All told, the ad blocking market is a bit of a zoo right now. As the (unplanned) owner and developer of a VPN service myself, I’ve kept ad-blocking at arm’s length. On the one hand, blocking would be a natural and useful addition to a tool like Cloak. On the other: in a hopeful future where the web is strictly HTTPS, personal VPNs serve no security purpose. As a result, I feel that content blockers are strictly the domain of browsers and their plugins, rather than of DNS or VPN solutions. This is one reason that I’m not in love with Disconnect’s approach. (Another: I dislike their hyperbolic fear-based marketing.)

I don’t expect the market to crown any clear winners in the near-term. With the introduction of new content blocking extension points in iOS 9 and OS X El Capitan, it seems likely that we’ll soon see a new wave of tools emerge to challenge the old. Apple’s extension points permit quite complex blocking designs, while ensuring that the blocking software itself can never collect information about user behavior.