A good thing
"Chrome is actually breaking the web standards by blocking forced redirects,"
I'd want a browser to block forced redirects.
The largest malvertising campaign in 2017 involved 28 fake ad agencies, which were used to generate about one billion ad views across 62 per cent of ad-supported websites, according to publishing security biz Confiant. By malvertising, we mean ads that try to trick people into installing fake Adobe Flash updates, bogus …
I was just about to post the same thing. There hasn't been a legitimate need for iFrames since XHR (AKA Ajax) requests were developed. At the moment they only seem to be be used for nefarious purposes. Yes, there will be a cost associated with getting rid of them for some legacy applications. But that's pretty much par for the course when it comes to web applications.
This is why people adblock.
If there must be advertising platforms and brokers, they should:
1. use simple text and images, no JS.
2. transfer the ads to be shown to the website showing them so the website is in control of serving them.
Because at the moment for a few quid anyone can fling any script which does anything at the browser and when there is malvertising it's impossible to trace.
.... its lucrative ads business? Someone at Google must be really scared of the damage brought by those evil AD BLOCKERS!
Anyway Google is also one of the culprits that bloated browsers of too many useless and risky features to run as much as possible withing a browser because it's easier to steal user data that way (unless, of course, you have a whole OS to do it like Android or Windows 10).
"Who lives by the browser...."
Isn't Google itself the biggest ad platform? It can be written "DoubleClick" but it's read "Google". So, instead of starting to fix the ad platform itself, and pave the way towards "responsible ads", Google just tries to put some weak defenses inside its browser, because it's cheaper than having to vet ads, or make them less "responsive" forbidding features that can be exploited to attack whoever display them.
In any ways, the very idea of "ad platforms" is broken - I have to display contents from third party sites I never requested, and which nobody really controls.
Think what would happen if ordering food at the restaurant, while it's being brought to you, an unknown someone else would be free to add things into your dish, just because the restaurant gets paid by some platform for it. Even if the food was free, I'd be very worried about eating it...
"Isn't Google itself the biggest ad platform?"
Different kind of ads - The paid search ads that appear at the top of your search pages aren't affected by ad blockers and are plain text. Google is the biggest cheese in that context. For simplicity, I'm including Google Shopping in this category.
Youtube video ads are affected by adblockers but are HTML5 videos as opposed to flash or Java and as such, I'm not aware of any exploits that will get you screwed over. Because of youtube, Google is probably the biggest provider of video ads.
The ads this change affects are known as display ads. Google is a major player in this space but have nowhere near the dominance in the search and video channels.
It looks people know Google (Alphabet) very little.... and still believe it's still just a search engine with some free nice apps and now a browser.
Do you know DoubleClick, probably the largest ads platform around, is wholly owned by Google/Alphabet? And DoubleClick delivers ads made by others?
Google doesn't live of the "paid search ads" on its search page only, or Youtube, it does live of ads pushed by DoubleClick on many other sites that have nothing to do with Google but using DoubleClick to get paid to show ads.
Google, through its own sites, YouTube and DoubleClick, dominates the ads market, with the only competitor, still behind, being Facebook.
http://fortune.com/2017/07/28/google-facebook-digital-advertising/
http://fortune.com/2017/01/04/google-facebook-ad-industry/
Any decline in ads revenues if people start to block ads in their browsers would impact Google/Alphabet a lot....
Believe me, working in digital marketing (Before you get your pitchforks out, this is mostly paid search and Google Shopping), I am painfully aware how Google works. Yes, All of DoubleClick is owned by Google but only part of DoubleClick is relevant to display ads. It's also a bid management platform for all the other types of ad that Google show.
My original post was intended to highlight that while, yes, overall, Google is the biggest marketing platform out there, it doesn't have the unquestionable dominance that it does in Search and would be much less affected proportionally than pure display providers.
Did you read the links above? Google *is* dominating ads services. Facebook is second, at some distance. Just look at the revenues:
https://www.theregister.co.uk/2017/07/25/alphabet_q2_fy2017/
Do you believe they come just from the Search Page and YouTube?
"but only part of DoubleClick is relevant to display ads."
Of course, but that's what allows the other parts of the business run - like setting targets (thanks to Alphabets slurping operations), and analyzing ad campaign results. The advertising exchange of DoubleClick is surely a risk to display malware-ads.
Do you believe advertiser would buy the services if their ads are not displayed? Google has more to lose than others, if ad-blocking becomes widespread. Its whole business is built on them.
"Do you believe they come just from the Search Page and YouTube?"
No, not just from the search page and YouTube. I do believe that they are worth more to Google. The proportion of people that click the paid search ads is at least two orders of magnitude higher than display in my experience. Bear in mind that Paid search and Google Shopping are much much easier to make relevant for the search due to systems like dynamic keyword insertion and inventory management tools than display ads, even remarketing display ads. Also consider that if you're searching to buy something, there are potentially over ten paid links taking up the most valuable screen real estate above the fold.
And yes, in absolute terms, Google will lose more revenue from adblockers than other providers. In relative terms, they are propped up by the unaffected channels.
Everyone knows about malicious problems like these yet no one bothers to address the consequences, and many website would rather see that you turn off your adblocker in order for them to get their revenue. Now, I understand the motive, I really do, but when will people finally realize that adblockers aren't a convenience anymore but should be recognized as essential protection?
What I'm saying is that an adblocker should be getting the same treatment as an anti-virus tool on your computer. Websites wouldn't ask that you turn off your anti-virus so why make the exception for an adblocker?
See: the problem with ads is that you'll never know for sure where the junk is coming from. And even if you do know the source (Google ads comes to mind) then it's still no guarantee what so ever that everything people throw at you will be fully harmless. Heck; this article proofs as much!
In this day and age the use of adblockers has seriously evolved and should be considered a mandatory protection scheme. Yes, I feel for all those websites who try to make a bit of a profit but sorry: you got yourselves to blame for it in the first place. Instead of being satisfied with the target audience many companies strived for more and better coverage, even up to a point where malware became a thing.
What was that saying again? You reap what you sow?
> So how are websites meant to generate revenue?
Do they have to?
1) You want to publish something -- so you pay the web hosting costs (that is BTW what I do).
2) Your web thingy does something others want -- so they pay for it.
Why is throwing ads at people as the sole business model fine, good, not at all crazy and everyone should be doing it? You just assume it, despite ads being one of the major reason why the web is the shithole it is nowadays.
"Bitcoin miners...Duurrr."
I know you meant it as a joke, but it's quite effective as a micropayment mechanism.
Want to read my articles on improving your mining performance? Then hash me some Monero :)
It's a few cents per visit, and no need to serve up ads that I've got no real control over.
Most of the crypto community is fine with the concept of a dev fee being paid somewhere.
I used to provide forums, and there people could interchange ideas, opinions, whatever.
That has some costs, including my time.
Naturally, I was keen on having ads. Using ad platforms.
As the adblockers went mainstream, I had to close the forums.. I was not only not being paid, but I was losing money.
I was providing these services as a service to ppl.. for fun mostly.. but people dont want to put their money... they would rather have a facebook group than a proper forum with subforums, etc
Fair enough. But then there are people like me, who run a number of such sites. I pay out of pocket (hosting is really cheap, so it's affordable), have never run ads aside from my own for products I sell myself, and never will.
I don't mind adblockers (since I have no ads to block), and my sites are unlikely to go away in my lifetime. And there's nothing unique about me -- I am one amongst thousands who do the same thing.
There's good stuff on the internet at the moment? I think not. You have websites shoveling clickbait shit AND adverts.
Without adverts, there would be no clickbait, but you would have to pay for internet content, which users won#'t do
It's an unsolvable conundrum, which means essentially the internet is fucked.
1) Ads are not the only way to generate revenue, they're just the most convenient for website operators.
2) Ads don't have to use Javascript.
3) The web had lots of quality content before ads were a thing. I'm deeply skeptical of the notion that without ads, there'd be no quality content.
If not it is an easy decision, standards or not. If there are, then Chrome's market share dominance will probably end up forcing those sites to change how they work. Basically Google would be exercising the exact same control over the web that everyone (including Google's founders) rightly castigated Microsoft for.
Basically Microsoft doesn't want people using REAL ad blockers, so they figure if they can block the worst malware type spam advertising there will be less incentive for people to block all ads including all the ones Google makes money from!
This is just one of a whole suite of "interventions" backed by the "Web Incubator Community Group", which is part of the World Wide Web Consortium (W3C). Such tweaks are intended to become part of the standard, although the relevant standards aren't controlled by the W3C.
This particular change has been under discussion for two years with multiple attempts at implementation. And even this version only hits the beta channel on the next Chrome update.
Just noticed I said "Microsoft" in the second paragraph instead of Google. Guess I was mentally transported back a decade and a half when Microsoft was the evil company, instead of being the tech equivalent of the old Nazi with Alzheimer's you used to hate but now just looks pathetic.
That there will always be a way to subvert legitimate functionality in some way.
Ads are a problem because they will never be server by the originating website, the ad company works it out. Ultimately ads should probably be in a non-trusted page element without all the rich (and destabilising) content. This would not be great even for the googleopoly.
It is also a relatively straightforward vector to exploit, not just for malware, for any other type of scam, all you need is a front company and some up-front cash.
Google are unilaterally deciding to change their delivery approach to web standards, but given the lengthy negotiations needed to change or replace them formally with entrenched and violently defended positions its not likely to happen any time soon.
Although in this case, I hope at least a proposal for a standards change is made in conjunction with this...Otherwise we are at the thin end of standards anarchy...
This is why websites should be held legally liable for the third party content they choose to include on their pages. The excuse "oh but it was a third party advert that screwed you over" should simply not be tolerated. Whilst the websites can claim that their active inclusion of untrusted third party content isn't their responsibility there is no incentive to clean up the cesspit that is the online advertising market.
Once a couple of good lawsuits bring down a few major websites caught including dodgy adds there will be calls to do something about the dodgy adds that the add brokers simply will not be able to ignore. Websites will start using add platforms that offer financial guarantees, and/or indemnity against lawsuits. This will force the add platforms to vet the adds they include or face bankruptcy when a dodgy add hits the wrong person.
Sounds great, but also complicates the matter, and allows both to wring their hands while blaming the other.
No as far as the end user is concerned the Website should be held solely liable.
If the website then wants to sue the Add platform as per their mutual contract, that is a matter for the owners of the website. And if the add platform wants to sue the next party down the chain ... etc.
I do whitelist sites who I want to support, and who haven't (yet) served me anything offensive.
What would it take to make my adblocker go away for good though - being as I'm not against advertising as a way to generate revenue for sites.
No scripts - that's most of any threat gone.
Images - fine
links - fine
animated images (gif, apng) fine
html5 video with nixed audio - fine assuming file sizes are limited
html + css? fine - as long as these can't be used to "break out" of the advertising panel (might need to subset what is allowed)
99.9% of all legitimate ads wouldn't be impacted by this - at least in terms of making an imprint on the viewer. If some fingerprinting capability is lost, then that's only a good thing.
I have been using DuckDuckGo Privacy Essentials (and their search engine as a default) and find it works well for me. This article shows an "Enhanced B" Privacy Grade and the following trackers:-
Google: googletagservices.com; google-analytics.com - Analytics: Twitter - platform.twitter.com - Microsoft: atdmt.com - Tracker network unknown: s.dpmsrv.com (Whois shows this as VeriSign Global Registry Services)
This Comments page only shows googletagservices.com; google-analytics.com; and s.dpmsrv.com
Looking at the Extension in Safari, it is described as: "DuckDuckGo Privacy Essentials" can red, modify and transmit content from all webpages. This could include sensitive information like passwords, phone numbers, and credit cards.
What, me paranoid? Certainly not! Even if I am, it does not mean that they are not after me. I always ensure that I am not logged in to any Google product (and check that I am not); funnily enough I see no targeted website and email advertising and only a very small amount of random crap. A couple of small simple text ads on a page is OK; and, If I find that I get value from a site, I do actually try and pay them...