Ad Blockers are the new Firewall

When iOS 9 launched the sky fell, dogs and cats moved in together, and there was mass hysteria. At least if you listened to advertisers. It was this release where Apple created an officially supported, system level content blocker function. This would, the industry argued, destroy content on the internet, which is largely ad supported. I would argue that if the ad industry thinks that it is being destroyed, the call is coming from inside the house.

I don’t have a problem with ads, I really don’t. So long as they are respectful to me, I fully understand the need to make money from content online, and appreciate the difficulty in doing so. I resisted ad blockers for years because I felt that I should support the publishers.

This is no longer the case. I am now an evangelist for ad blockers. I consider them as essential to your security and safety as a firewall. And to be very clear to the ad industry – this is your fault.

We have seen these things happen before. In the 90s a barrage of intrusive, and often explicit pop-up ads were making browsing the internet a nightmare. It became so bad that browsers began adding pop-up blockers as an on by default feature, which all major browsers retain to this very day. For a while thing got better, aside from some sites insisting on auto play video ads.[1]

But in the last year or two things have taken a very dark turn. Malvertising, the unholy alliance of malicious software with advertising, is becoming an every day problem on the internet. At first it targeted the more sketchy sites. The thinking was if you stayed on the light side you would be fine. This is no longer true. Any site that run third party ads has become a potential point of infection. Just a short list of the sites that have fallen victim to this include the New York Times, MSN, AOL, the NFL, and NewsWeek. Hardly the dark side of the Internet. Read this from Ars Technica if you want to be scared.

At first the malware was merely pop-up scams. I saw several served to me through MyFitnessPal a while back. These were harmless so long as you did not fall for the message. Just quit the browser and start over.

Malicious popup trying to get me to call a number for tech support.
A sample of the Malvertising I have seen.

But the problem is worsening. We are now seeing advertisements that are capable of executing code on computers that merely visit a website. The most disturbing payload these can carry are ransomware – software that encrypts your personal files and demands payment to get them back. Users have no idea they have been infected, and have done nothing wrong. They just got unlucky in the ad network that happened to serve them on that visit.

On a personal note I briefly tried ads on this site. It was terrifying. I think I literally lost sleep over the thought that I was unknowingly infecting my visitors. True that this page is not where I make my money, so I am fully aware of my privilege in being able to do this. But that does not change my position when the ramifications are so serious.

If the ad industry is attempting to address this problem, they are not doing well. It is getting worse. Usually if you contact the website or the ad network about these ads, expect them to point their finger elsewhere. “It’s someone else doing it. Don’t bother us.” It is painfully clear that this is not a priority for the industry. They are either unwilling or unable to solve this. Whichever it is, the result is the same. I will protect myself. I want publishers to make money, but not at the expense of my personal safety.

Ad blockers have gone from a convenience to required security software. I have installed it on all my browsers and will be installing it on every computer I have within my sphere of influence. Friends, family, and colleagues. If the publishing and advertising industries see this as a breach of contract, so be it. Get your own house in order before complaining about everyone else. If you choose to block access to your site for ad blockers, then I guess I will not view your content. I will leave your page with my data security intact. I don’t trust you.[2]

On desktop browsers I recommend Ghostery. On iOS I recommend 1Blocker. Install them everywhere. Consider them part of your anti-malware protection. Because they are.

All this ignores the other offensive behavior of ads, such as pervasive tracking, ridiculously high data usage, loud auto-play videos, and scam messages. It’s a side benefit that these are blocked too. But the thing that pushed me over the edge is the malware. No one else’s business model is worth my personal security, or of the security on systems I am responsible for.[3] I will choose security every time.

  1. MacWorld  ↩
  2. Forbes had a particularly embarrassing incident where they anti-Adblock software convinced people to turn off their blockers, only to then get infected with malware. Nice.  ↩
  3. And that is a good number of systems.  ↩
Ad Blockers are the new Firewall was last updated March 16th, 2016 by Michael Truskowski