Thoughts on Ad Blocking

Ads can be a nuisance, on that we can all agree. The even bigger issue, however, is that they’re by-and-large deeply unethical, and sometimes actively malicious.

Ever since discovering AdBlock Plus in the mid-2000s, I’ve never lived without an ad blocker of some description. From Ghostery to Privacy Badger to AdBlock to uBlock Origin to the MVPS HOSTS file, there’s always been something on my device ready to prevent corporate interests from tugging at my retinas and demanding my attention. (In fact, now I think about it, I’m pretty sure Spyware Search and Destroy did some HOSTS manipulation… what a great piece of software that was!)

The reason being, of course, that ads on the Web have always been quite painful. In the early days, there weren’t any rules, and many websites just slapped ads willy-nilly wherever they had a spare pixel. Not only that, but many of them were animated. I’m certain you can imagine the horror without my needing to provide a visual aid… but if not, picture this plastered several times across a site, and flashing. Accessibility? What’s that?

A web advert made to look like a Windows XP dialogue box. The text inside says "Congratulations! This is not a joke! You are the 100,000th visitor!" A big green button at the bottom implores the viewer to "click here", and there's a yellow smiley face above the text. The original version of this ad had flashing text and images.

If you want a vision of the future, imagine a yellow smiley staring blankly into your face, forever.

As time went on, it got worse and worse. Ads like the above employed the most garish colours known to science, even worse flashing and jiggling animations, and each offering riches beyond measure for being the totally legimiate millionth visitor.

And that wasn’t the end of it. Because there were all kinds of ads. There was a particularly delightful type of ad that took over the entire background of a page, and was really easy to click by accident. You can still see this sort of thing in action on Scan.co.uk, which is somewhat troubling. Back in the day, such high-res images would also slow your browser to a chug – and they invariably led to some sort of spicy malware.

There were also the animated Flash ads, which usually took the form of a little game. Typically they were things like “shoot all the ducks and win an iPhone”, or “take photos of Britney Spears to make her wig fall off” (seriously). It was the same ol’ crap as before, but this time, it was pretty much designed so that your kids would click on it by mistake and probably fill your computer with worms.

But the absolute worst offender was the pop-up ad (and its disgusting twin Hydra head, the popunder.) Imagine you’re on a site, and you’re trying to get the latest cheat codes for TimeSplitters 2… and suddenly a new window opens in front of you. It’s probably there to let you know about all the hot singles in your area. You close it, and moments later, another appears. And another! It was a plague, and it was truly painful.

Imagine having to deal with that while also having ADHD. You’d never get anything done!

Want to know how I know they were the worst offenders? Because this was the point that even the web browsers stepped in. You know, the same web browsers that are now themselves advertising machines and borderline malware… even they thought pop-ups were too much, and now will block pop-ups by default.

Except now, marketers have worked out a way to get pop-ups back, and it’s just as awful.

A screenshot of Windows XP. The screen is absolutely chock-full of small windows, each with a unique pop-up ad.

This might seem overkill, but it’s totally accurate.

Between all this nonsense, and standard ads going all-in on shock value, the Web became a bit of a nightmare. So when things like AdBlock and AdBlock Plus (a distinct product which has now turned to the dark side, so don’t use it) rolled around, it was an absolute godsend. Now you could get your TimeSplitters 2 cheats in peace! It took a while before they became robust enough to block everything, and for a while, it was a bit of a cat-and-mouse game as new ads cropped up. But it certainly helped to filter through the noise.

Incredibly, the ads have only got worse since then. But they’ve also got more subtle. I’ve mentioned the pop-ups that aren’t really pop-ups – the standard term for them is ‘modals’, if you’re interested – and they usually show up when you start to interact with a page. Occasionally, they’ll detect when you move your mouse away as if to close the tab, and will say “wait, give us your email address before you go! Pretty please!”

I’ve also seen examples where the tab’s title will change if you switch away from it. It’s really bloody annoying, because it’s yet another thing dancing around for your attention.

These days, though, it’s all about the tracking pixels. Websites will, of course, have the usual run of ads; there’ll be the ones I spoke about before, as well as auto-playing videos, full-screen auto-playing videos, ads that change size, ads that follow you around the page… they really run the gamut. But in the background, hidden in the bloated JavaScript code, there’ll be a few little scripts that collect all the data they can from you.

I should point out at this juncture that yes, I have ads on this very site. And if you use uBlock Origin, it’s very easy to right-click on them and block them. But, you’ll note they’re not blocked by default! I went out of my way to find an advertising solution that was not malicious, and didn’t include any tracking – so, yes, I have ads, but I’m not harvesting your data and selling it to the highest bidder. That’s a promise.

Because of this sort of behaviour, plus the general crowdedness of an ad-laden web page, I wouldn’t go anywhere near the Web without some level of protection. Ad blockers are nothing short of essential if you want to look after yourself.

ANYWAY! Now we’ve got back to the actual topic…

I mentioned that I always have some sort of ad-blocking mechanism on any device I’m using – whether that’s uBlock Origin in the browser, or something like DNS66 for Android. (Because, yes, apps can and will track and advertise to you. It’s not just websites.) But that doesn’t account for things like my little Roku Express, which serves ads on its homepage and probably tracks me based on my Netflix usage. It doesn’t account for my wife’s work laptop, which she’s not allowed to install stuff on by policy. And it doesn’t account for anyone else who uses my Wi-Fi, because I’m not forcing people to agree to an acceptable use policy just to be a guest in my home.

Enter the network-wide ad blocker.

The classic version of this is a little app called Pi-Hole, which traditionally ran on the Raspberry Pi. There’s also AdGuard Home and pfBlockerNG (part of the pfSense firewall system), as well as solutions which run directly on the router.

To demonstrate their effectiveness, I present to you my (truncated) dashboard.

A screenshot of Pi-Hole. Since install, 14,314 queries have been made through the system, with 9,739 of those queries blocked, accounting for 68% of all traffic. There are 1,130,280 unique domains on the blocklist.

Fermi hadn’t seen anything yet.

What we’re seeing here is that, since installing this (around this time yesterday), around 68% of all the traffic on my network has been blocked.

Sixty. Eight. Percent. I don’t know about you, but I feel that’s quite a significant number.

I’m aware that I have quite an aggressive stance on blocking. By default, Pi-Hole has somewhere in the region of 160,000 hosts on its blocklist – so my number is a touch higher, shall we say. Still, the fact that the majority of traffic matches up to known malicious hosts is rather eye-opening. Imagine that on all your devices.

I should also point out that big chunk of requests between 04:00 and 07:00. We’re not night owls in this house, and I can guarantee that neither of us was using any sort of device at that time. So, behind our backs, our devices were busy trying to phone home. One app in particular has been singled out for making far more requests than it has any right to.

A list showing the top blocked domains on Pi-Hole. The leader by far is flask.uk.nextdoor.com, with a total of 5,737 hits. The next one, api.segment.io, has had 1,380 hits. The rest have between 75-200 hits.

And I live down at the end of your road…

I have no idea why Nextdoor needs to make so many requests. I’m assuming that it’s set to just keep retrying until it gets through… but what if this is normal behaviour? It’s possible the app just makes thousands of requests overnight anyway. Pretty eye-opening. Especially since these requests were made while the app wasn’t even in use.

Segment is some sort of general-purpose data collection tool, so it’s probably being used by a bunch of different apps, hence the large number of requests. The rest are pretty standard app-specific tracking domains, I think.

I can only imagine what this would’ve looked like in 2006.

About LunarLoony

IT support technician by day, artist also by day, video game enthusiast by day as well. Not keen on doing things by night... when else am I supposed to sleep? I have been making internet things since about 2005, and advocate for personal websites and blogs and things. I also run Broken Circus, where I make short films about video game history!
This entry was posted in Technology and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.