This was always coming. Next we will have unblockable ads delivered through first party and using obfuscated techniques like canvas or webassembly. The endgame will be all/most websites embedding 1st party ads and tracking and the only way to not see them would be to not use the WWW at all. At that point we will have lost.
> unblockable ads delivered through first party and using obfuscated techniques like canvas or webassembly
When I said basically the same thing 4 years ago[1], most people seemed to think it wasn't a serious concern or could be easily bypassed. However, after observing how certain types of businesses use the World Wide Web over the past 3 decades, it's obvious what they want: to send an opaque binary blob to the user that nobody can investigate or modify, that gives them full control over what the user sees and is allowed to do. Just like TV.
The only safe response to this is to stop allowing documents (or docs with 3270-styole forms) to embed software in a Turing complete language. Add functionality that is used declaritively, or the answer to "should this be blocked" is undecidable. Give them the ability to run a Turing complete language that renders to a canvas, and adblocking becomes a hard image recognition problem (or requires solving the Halting Problem).
I'm not saying no one will try to do this, but YouTube had the technical option of splicing ads directly into the video stream and simply not sending the actual video content for the duration of the ad for several years now. They chose not to do it. Potentially the lost revenue from people not using YouTube as much anymore / migrating to a different platform would be bigger here than the increase in ad traffic.
People who don't want to see ads (i.e. a large part of adblock users) are also more likely to engage in toxic (to advertisers and YouTube) behavior, such as intentionally clicking on ads but never buying anything (or even writing scripts to do that), or intentionally avoiding the advertised product, etc.
Twitch does do this with its SureStream ads and its much worse for a livestream than a video since with a video you can resume where you left off after the ad finished whereas for a livestream you just lose what was happening during the ad.
Twitch also removed the ad-free benefit from twitch prime.
Such poor behavior creates gaps in the canopy, providing sunlight for other services to grow. If you don't like how a service is treating you, switch to a better one and make the case to your peers why they should do likewise.
A healthy internet is ultimately up to us to build and maintain.
The issue is that an alternate service can only grow in the gaps if it has a viable business model: so far, monetizing internet services for the general public without advertising and tracking is a mostly-unsolved problem, despite interesting efforts like Brave.
> monetizing internet services for the general public without advertising and tracking is a mostly-unsolved problem
I feel like that's not a real problem. Or, maybe only a problem for services that care more about having a ton of users than being profitable and sustainable.
There are quite a few services (SmugMug, Vimeo, NetFlix, etc.) that charge money, don't have advertisements, and are doing just fine.
It's weird that so many web companies decide to go the sleazy advertisement/tracking/malware route rather than just charge money for the services they provide.
> It's weird that so many web companies decide to go the sleazy advertisement/tracking/malware route rather than just charge money for the services they provide.
You will find very quickly how reluctant people are to pay for anything despite a few cultural-phenomenon-level exceptions like Netflix.
I'm amazed how many people, like my own coworkers making $100k+, listen to Spotify all day every day yet will endure advertisement after advertisement in their stream of music instead of paying $10/month. If someone isn't even going to pay for Spotify despite it being a central part of their day to day experience, GG to your little service.
I think advertising has played a major hand in shepherding us into this position that divorced us from the idea of paying for content we enjoy. There is going to have to be a major cultural change to bring us back into a healthy relationship with content.
One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content. We both benefit: I get to enjoy more content. Depending on hobby work doesn't get us there.
> You will find very quickly how reluctant people are to pay for anything despite a few cultural-phenomenon-level exceptions like Netflix.
That's absolutely not true, though. People buy stuff all the time. Clothing, shoes, sporting goods, dishes, food, housewares, books, DVDs, etc.
The "freemium" approach Spotify takes is a poor example because they're not charging for their real service of music streaming, but instead to get rid of advertisements. They've moved their own goalposts, and the question isn't "Is streaming music worth $10 a month?" but "Is it worth $10 a month to get rid of this commercial?" If the options were "Pay $10 to stream music" or "Listen to nothing," the results might be a lot different.
> One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content. We both benefit: I get to enjoy more content. Depending on hobby work doesn't get us there.
I'm not making that argument, and you're setting up a false dichotomy. There's no reason content creators need to use advertisements and can't charge for their content instead. It worked fine for music and movies for over a hundred years, and books have been using that model for hundreds of years before that.
I think the world of consumption has changed though. People expect things (music, games, etc) to be free and balk at paying for them. Why would they when there is likely someone offering something comparable for free but supported by ads?
Maybe you could ship them a real item as part of the service somehow
I'd never pay $10 for a character in a game, but I'd happily pay $15 for a plastic toy that coincidentally unlocks something in a game I was enjoying anyway
That's not what Spotify is doing. The choice is pay us cash or pay us with your attention by watching ads.
Why go to work, earn cash with your attention, and pay for Spotify when you can directly monetize your attention on-demand in real-time at the rate you consume? That's what advertising allows.
That's a very good observation. I think it's true that having the free option changes the context very much.
There are people who pay for paid password managers when free alternative products available. I myself pay for a number of services (very reasonably priced) when I could have used free alternatives. The difference is the guys I pay don't offer a free edition without ads and nonsense like that. They just build a great software and ask to pay for their effort.
It's not just removing advertisements. Spotify Premium lets you listen to any song they have anytime you want. I thought the free version only let you listen to their pregenerated stations?
> One common response to this is "well, maybe everyone should be hobbyists again making content for free," but surely we can find a better middleground than structuring things such that we depend on people toiling away in their freetime to produce the content we happen to want. For example, I'd rather my favorite content providers be able to feed themselves working on this content.
If you do it as a hobby, it's not toiling. It becomes toiling when you do it as work, especially if you have to please advertisers instead of making the content you love.
The distribution of content might be quite different - but remember that ads aren't free - they're just another middleman that has to be paid, priced in in the cost of goods, a net drain from the point of view of the consumers (on first approximation at least).
Vimeo was so well positioned to beat out youtube back in the day. Stage6 had just shut down and vimeo was offering HD while youtube was stuck with low res. But then they made the mistake of banning video game content for not being artsy enough which led to youtube jumping in popularity.
This is actually interesting right now because Microsoft, Google and Facebook all seem to be trying to get into streaming. I would definitely like to see more competition in this space so that Twitch doesn't get complacent.
It's hard to know until they perform the bait and switch. It's certainly not the only reason that brand loyalty is dead, but it's one that's often on my mind. I don't have any confidence that my trust in a brand will mean anything in the long term. A new service exists? Well, it might be nice right now, but if I let myself rely on it the service will become slightly worse over the years.
It's the streamer who decides when the ads should show (this is because those ads hide the stream, so they should be used when nothing is happening). If they never tell Twitch to show ads, SureStream ads won't appear.
I watch at least one streamer who runs ads in her breaks, she is a partner. So does she have a to specifically select those surestream ads? Maybe they only show in certain geographic locations?
Twitch is running two kinds of ads, one type is "normal" and can be blocked by ublock, the other one is weird - it's definitely not just spliced into the video stream either, as far as I remember (I have Amazon Prime so I don't see ads), but ublock also wasn't able to block it.
However, I would argue that it is not actually worse for several reasons. For one, the streamer decides exactly when and how to play ads - so if the ad timing bothers you, you're going to start watching someone else, which in turn creates an incentive to keep streams ad-free or at least run ads at specific times.
The second reason is that the usage pattern of Twitch is different. I go to twitch (if it's a livestream) to actually watch the content, whereas I use YouTube in many cases like I would use an article, skipping through videos and back and forth looking for a specific part or specific information, and if the information isn't there quickly trying the next video. This workflow gets completely destroyed by ads. To the point where if YouTube would somehow force me to watch ads, I would simply stop using it except for the 2-3 weekly videos I actually plan to watch beforehand.
I don't think Twitch Prime has the ad-free benefit anymore, they moved that into Twitch Turbo. The ads are also definitely stitched into the HLS playlist as segments, so even if you were to block them you would see a black screen for the duration of the ad, although Twitch does seem to be doing something where if a segment fails to load it tries to load the next one a few seconds later, so you might only see the black screen for 5s or so.
You may be ad-free for another reason such as a grandfathered twitch prime that will expire when it next renews, twitch turbo, or a subscription to a channel that opts-in to the ad-free sub benefit. You might also just be in a region or demographic where ads aren't being bought, so you wouldn't get any then.
Weird, I saw the ads get through for a few days but then they stopped again. I watch twitch vods pretty regularly still, but I guess I stick to a few channels and don't jump around; maybe the specific channels I watch didn't enable this type of ad.
Maybe uMatrix is blocking them somehow? I've never seen an ad, even on channels I don't follow or subscribe to. My rulesets are very strict, but you're right, if they really come through the video stream I don't know how I'm blocking it.
Maybe you buy a lot of subscriptions and currency? I bet they avoid annoying their most profitable users. While it might have been coincidental, I never got ads until I unsubbed from the vast majority of streamers I follow. Same for other things like gifted subs. I used to receive a ton of gifted subs until I started lowering my sub count. They are obsessed with performance metrics. Big spenders have a very different experience.
Now, whenever I get an ad, I immediately close twitch and find something on YT/Mixer to watch. I'm training their algorithms to leave me alone.
I get no ads on Twitch, and I currently don’t have Twitch Prime or any subscriptions. I’ve spent maybe 50 bucks on Twitch in the 3-4 year lifespan of my account. I’m running Vivaldi (which uses Chromium) with uBlock Origin, Ghostery (I know), and HTTPS Everywhere, on MacOS.
I get ads when I use Twitch, with the same account, on a stock installation of Chrome (which I use as my backup browser for when I don’t want to figure out which extension is breaking a website). So it’s not related to my account, location, etc.
This. This is the solution. AdNausium will destroy the ad market. Adblocking users will engage in toxic behaviors if you force them to.
The problem is that sites trying some insane techniques is a bad arms race.
Sites like the wallsteet journal made a adblock-wall, see ads or don't use the site. That's fine. They can do that. And they lost lots of traffic. But they can decide if they like that.
Websites want a have-your-cake-and-eat-it option -- forcibly show ads, no opt out.
Nothing stops google from banning your account if you are using AdNausium, not only from youtube, but from gmail and all other properties. Joys of SSO. Maybe a TOC change or two. Few public cases like that and AdNausium is dead in the water.
That's why I'm not using it personally, even though I'd love to...
Engaging with these threads for a couple of years. I will say though that there seem to be more people here in the biz of tracking than there used to be.
That would be extremely counterintuitive. Ads are visible; they give people reason to object to them even without knowing much about them, because their existence is intentionally intrusive.
Why ask a vague winky-face question when you can make your assertion instead? Now I have to wait for you to respond just for you to clarify what you were trying to say.
This link is very vague: they only talk about a “global data panel” without saying how it’s constructed. You can’t build a representative sample if you don’t have an idea of what the global traffic might be like. See also https://blog.alexa.com/alexa-panel-increase/:
> our traffic estimates are based on data from our global panel, which is a sample of millions of Internet users using one of many different browser extensions. However, we don’t just rely on browser extensions. We also gather much of our traffic data from direct sources, including sites that have chosen to install the Alexa script and certify their metrics. It is this unique combination of data from our global panel, plus data from directly measured sources, filtered through our advanced statistical models that allow us to provide you with robust and comprehensive metrics.
I remember the first software I tried that automatically removed ads while recording a video stream. It was back in the previous century and then required an SGI workstation, but I suppose the same sort of ad-detection tech could be included into youtube-dl in about 5 minutes....
Possibly it's also self-preservation by the people involved. I imagine that even the YouTube developers and project managers hate watching ads. A solution only for them would probably look bad to the outside.
> but YouTube had the technical option of splicing ads directly into the video stream and simply not sending the actual video content for the duration of the ad for several years now
I don't think that's true, video encoding is expensive. This is not trivial to do without investment in hardware.
Google doesn't just sell ads, they sell targeted ads. Yes, YouTube currently does some processing on every video uploaded. But they only do that once.
It's trivial to send a different stream, though, and stop sending content for the primary stream for the duration. I believe a comment elsewhere says Twitch is doing this with HLS
I think this is an unstable equilibrium. YouTube is incentivized to continually recalculate this equation or find new approaches that maximize the number of ad-blocking users forced to give up the ad-blocker without leaving the website. Potentially the new terms of service allow them to use your other Google accounts as leverage to prevent users from using a malicious "Ad-Nauseam" style retaliation.
I've been thinking about this too: it's odd that YouTube doesn't try harder to stop ad blocking. Maybe the low amount of users with adblockers just make it not worth it?
It's far more likely that the data obtained about what videos you watch is far more valuable than the cash value of the ads you're not being served. Youtube videos are a very good early interest indicator for advertising.
Is paying to remove the ads a big deal? Presumably the content creator wants to earn something for putting the effort into creating something. Ads are one way to support content creation. Directly paying is another. Many advocates to remove ads say they want a direct pay model.
You mean like cable TV, where you paid for premium, commercial free content for years until they realized that they could charge you AND put ads in? Or Twitch Prime? Or any of the dozen other paid services that have done this..
Twitch prime doesn't affect the content at all anymore. It gets you a monthly channel subscription and a bunch of video games. Also I'd guess that the vast majority of people with twitch prime didn't go out and buy it either, Amazon just gave it to them.
The thing you can buy a la carte is twitch turbo, and that still removes all ads.
Netflix has TONS of ads in the form of product placement.
HBO does product placement too, though they sometimes pretend they don't or pretend it doesn't count when they do it because they do it "pro bono" (The Pope only drinks Coca Cola™ brand Coca Cola Zero™ for purely narrative reasons, and we're going to mention the brand Coca Cola™ explicitly several times by name to drive home the point that the character you enjoy watching enjoys the cool refreshing taste of Coca Cola™ brand Coca Cola Zero™. Don't worry Coca Cola™ hasn't paid us to shill their sugar water, we do it for free! Drink Coca Cola Zero™!)
Then the solution is to stop consuming things with unacceptable levels of advertisements. Unfortunately, given what the situation is on television channels, movies, and social media these days, that level is extremely high for most people.
The thing is, that solution will only work if enough people do it, and apparently as it stands not very many people are willing to give up their favorite content to avoid ads.
I can only control what I do, and if I must give up consuming media that will give me a temporary high (but it won't since I'll be annoyed by the ads), then so be it.
We have fire tv and Amazon has added more and more advertising to the point it’s nauseating (an ad for Shameless in the middle of a bunch of baby pictures is jarring).
I’d be happy to pay an extra dollar / month to amazon to not see ads there. Actively looking at htpcs that I can put Adblockers on (pihole doesn’t work since ads and content come from same places, I think)
Pihole helps with native ads and ads in apps, though. Not as much as a real blocker, but you can't really use one of those in native apps with webviews (if you use bromite webview on android, it might be possible, not sure, but that still doesn't help with true native trackers or with your tv)
It is not only about the adds. Even if you pay, they will still spy on you and sell/use this data to show you adds somewhere else on the internet. I will start paying only if they treat me as customer and not as product.
The original content creators made their content for the love of whatever they're making content about. Giving CCs an easy avenue to getting paid is what got us into this whole mess in the first place.
I don't totally follow what you're saying. Are you suggesting content creators should have no expectation of ever earning anything, let alone a living, from creating content?
I agree, as long as no ads means really no ads I think premium is something they are doing correctly. If the take downs, demonitizing, and political deplatforming weren't an issue they would be all set. Also, the horrible compression. I takes the same data to binge wath a series on Netflix as to watch a few short computer security or safe firearm maintenance videos, er well it did until those videos all disappeared.
I'm far from an expert, but isn't this what WebAssembly gives them? My understanding is that webassembly is a binary file that is an opaque binary. Why not have webassembly build out the entire page dynamically?
It doesn't need to. Don't think about it as documents being delivered to the browser anymore. Think of it as a binary executing inside the browser. You're not going to have HTTP requests to block, apart from the one that downloads the binary.
Absolutely. I'm not railing against WASM. WASM just has better marketing and tooling than straight Javascript.
Putting a VM into our browsers, along with sufficient API support to make that VM useful, is what spells the eventual end of the document-based web. I think that future arrived a few years ago and it's just not evenly distributed yet.
That sounds like the worst future possible. I love the fact that I can go to any web page and look at all of the HTML, CSS, JS (even if I need to use a tool to un-obfuscate it). Have you never wondered how someone did something and then looked at their code to find out how they did it? I love being able to use curl and wget to grab a web page. How would that work in a non document-based web? I really think this would be a terrible thing if it actually came to fruition. I truly hope I'm retired or dead before it occurs.
WASM doesn't need DOM access. You can just implement a browser in WASM and target canvas. I'm really surprised somebody hasn't done this already and marketed it as an unblockable ad delivery platform.
You can be certain that, when this does happen, these considerations will be dealt with. I feel very strongly that this is going to happen. The chance to execute arbitrary code on clients will be too alluring for adtech companies to ignore.
For accessibility compliance, you _need_ text and a DOM. Screen readers rely on HTML element semantics, ARIA attributes, and text content. The only way to make a canvas element (which is what you'd typically need to render custom UI) accessible is to have a textual fallback.
Outside accessibility there's also the issue of responsive design, huge SEO impacts, rendering performance... I'm probably missing a bunch.
Lifting a sedan with my bare hands is obviously easier than lifting a 10 wheeler, but it's still a massive problem. Rendering stuff is not the biggest issue.
Embed a browser with all that stuff into a page. Whatever APIs are missing to make the "inner browser" unable to fulfill all the requirements that the "outer browser" will eventually be filled-in by well-meaning developers who want the Javascript VM in the "outer browser" to be able to host general purpose applications.
You won't be able to block the binary, because the binary will be what renders the content. Your browser is going to act as a VM to run a browser that will display the content. The "inner" browser will be running on your computer, but short of binary reverse engineering, you won't be able to control it.
> Your browser is going to act as a VM to run a browser that will display the content.
Gary Bernhardt's talk "The Birth & Death of JavaScript"[1] was an ominous portent of a terrifying future. Unfortunately, some people apparently saw it as development roadmap.
Functionally, nothing. WASM being a compiler target just lowers the bar (although we've had Emscripten for years). The browser developers are working hard to make it performant, too. Sufficiently obfuscated Javascript is as difficult to reverse engineer as a binary, though.
I don't do web, but I imagine there must be some webpack plugins that make an obfuscated mess out of your code, so the barrier to entry must already be quite low.
WASM at least is standardized, so there will be a whole ecosystem dedicated to it. Think IDA Pro for WASM.
> although we've had Emscripten for years
We did. And I didn't see the "asm.js apocalypse" you seem to fear.
I don't "fear" an "asm.js apocalypse". It's just the next step in the arms race between those who would have the Internet be like television, and those who would prefer it not. I'm one of the people who would have rather had the web stay more like Gopher and less like Java, but that's not the predominant opinion. We're going to lose the document-oriented declarative web because the web is financed by advertising. The spice must flow-- the ads must not be allowed to be blocked.
WASM is different between Emscripten was always a fun curiosity, and WASM is being "marketed" to developers as "get native app performance in a browser". "Modern" Javascript has been able to deliver this future for a few years now, but it lacked the marketing and tooling to make it mainstream. Flash and Java were attempts to move to that future that didn't pan out.
Having IDA Pro for WASM is all well and good, but doing binary reverse engineering on every single website isn't practical.
The web, as it has been, was nice. We're not going to get to keep it. I'm unhappy with it, but I'm resigned to it.
Take Facebook or Gmail. Last time I looked -- a couple of years ago -- Facebook served some 18 MB of JavaScript. I imagine it's not hand-written, but compiled from ReasonML and whatever other languages they're using. There's nothing nice in that, it's a mess. You can't crack open Developer Tools and figure out how the timeline updates when you scroll. You can't figure out where the ads are inserted into the DOM.
So WASM doesn't take away anything from us, because we haven't had the "nice" you mention for 10 or 15 years. Sites like HN will stay like this, sites like Facebook will get even bigger. It will happen with or without WASM.
But yes, I do see where you're coming from. You want a less bloated Web, and you're worried that WASM is not going to lead to that, which I pretty much agree with. While I'm saying that cat is already out of the bag and WASM at least has the potential to bring performance improvements over JavaScript (which will be promptly negated by the sites getting even more bloated).
The cat absolutely is out of the bag. It has been. I'm not railing against WASM.
I want a declarative web. I wish there wasn't a VM in my browser. I want a web where my user agent, under my control, dictates how documents are interpreted and displayed.
So much of information security relies on not letting third parties execute arbitrary code on your computer. The price to view "mainstream" websites is increasingly becoming "allow third parties to execute arbitrary code on your computer". I can sandbox that code and perhaps limit the impact to my privacy (though thanks to processor microarchitecture "features" that's increasingly difficult), but I lose virtually all ability to control the presentation experience.
To be blunt: The kind of assholes that delighted in using Javascript to block opening context menus, blocking "Paste" into password fields, etc, have won. That pisses me off. Developers with good intentions who wanted to make something "cool" end up being the architects of the tools that will be used turn the web into cable TV.
TVs allow the user to mute the audio, switch channels and fast forward past ads in recorded video. What publishers are doing to the web is like sending a control message that reconfigured the TV and disabled some of its functions. "You can't mute the audio, you're obligated to listen to this. Also, we're turning the volume all the way up in order to reach you even if you leave. You can't turn it off either."
Publishers simply don't want users to have any control over the experience. It's their way or the highway.
People sometimes leave the room during commercial breaks. Advertisers realized this and started increasing transmitting much louder audio to make sure the audience can't get away. So I use the mute button and the problem is solved.
What if broadcasting companies sent signals during commercials that told the TV to disable these features? "They've enjoyed the movie, now it's time to make them pay. Don't let them change the channel, mute the audio or lower the volume". How long would it take before TVs that didn't follow these intructions entered the market?
Browsers have features publishers don't want people to have. We can download copies of "their" content. We can delete their ads. We can filter out their user tracking malware. This is possible because the browser serves us, not them.
One other thing that's tangentially related to this: Region restrictions on DVD players, and gaming consoles. Those were built right into the hardware/firmware of some of these devices.
> The endgame will be all/most websites embedding 1st party ads and tracking
The problem with first party tracking from the PoV of the advertisers is that the feedback they need goes through the site their ad is on so it is possible to be faked: "Yes Mr Advertiser, we really did send x000 ad impressions to {addresses} this day, honest guv'ner."
And from the site's point of view the adverts now become a little more admin to manage beyond just slapping in a reference to 3rd party JS and adding a <div> for that code to target to insert the advert.
They could address that by going the other way. Instead of serving the ads from the content provider's server, serve the content from the ad provider's server.
Essentially, the ad providers would also become hosting services.
Many content providers won't like handing over as much control as such a situation may imply though.
It also creates single points of failure that did not exist before. If the ad service is down, your content is (potentially) down too rather than just being served without working ads.
That will be the time we switch from ad-blockers to content-allowers. It can already be seen with distraction free modes.
Maybe there is a market for a proxy that converts any page you visit to bare and functional HTML with just content and navigation. No ad's, distractions, disfunctional scrolling, etc.
There is definitely a market for this and has been an idea I've been toying with for some time. Instead of a proxy per se, it'd be an API on top of a headless browser scraper then a simple web UI that uses that API. It'll have easy-to-update content extraction/interaction scripts for popular sites. Essentially you'll have "craigslist-ified" much of the popular web into an almost AOL like portal. Users will be encouraged to run client side (this won't be hosted, too many legal issues) and while this won't prevent tracking per se (headless browser still tracks), it is an easily exposed web server from your desktop. So you could even expose via Tor (time lost is made up for lack of content) and if you wanted to share, you could. Caching/storage and eager ahead of time loading/scraping of common sites, and it'll perform even better. Anyone can use the API for whatever they want.
Wrap it up with an easy to install bow and easy self updating to keep up with sites (and easy fallback to original sites/links), and I'll never browse the mainstream sites again. There are a couple of things that do this, but none as well as I'd like to see.
There are certain kinds of websites that usually have category->list->individual image/video that are otherwise obnoxious to use, but all follow this structure, where this is the only way to get reasonable UI. Fetch data and make a simple UI yourself.
Fetching data from such websites is the only thing so far where I've found ES async generators very very useful.
You don't even need a browser. Most of the time simple HTTP requests from node work just fine, and makes tor use safer and more effective since you're not running any foregin JS code, just parsing data. Other thing that improves privacy is that you're downloading everything, so it's hard to see from the service's side what you're actually consuming.
Actually many usual services follow this pattern. List of accounts->list of transactions->transaction details. List of categories->list of articles->article detail. List of product categories->list of products->product detail.
Simple abstraction can get you very far, even with a fairly simple DB schema.
I'd like a locally-hosted IFTTT+Appium type thing that'd use my local hardware/software/applications in place of myself... basically turning all interactions (viewing data, posting data, checking for updates/changes) into an API for accessibility software, home automation software, custom notifications, etc.
Brow.sh has nearly this exact functionality already in built-in http server; you can open up basically any website in your browser and get plain html (though rendered in a single font size/style, as it's really intended for console use). It basically runs headless firefox and with a custom stylesheet and scrapes the screen for colors.
Browsing with no-script is essentially that. In my configuration every page opens with no JS, and I temp enable or whitelist the domains I want scripts to load from.
I’m not sure if it can also enable individual scripts, that might become necessary very soon if this article is an example of what is coming.
Maybe there is a market for a proxy that converts any page you visit to bare and functional HTML with just content and navigation. No ad's, distractions, disfunctional scrolling, etc.
https://en.wikipedia.org/wiki/Proxomitron and other MITM-proxies can do that and more, although the security-paranoid may disapprove (but then again --- what are you more concerned about, what is your threat model, etc.) The recent "security vulturism" and things like DoH and other anti-user ostensibly-privacy things certainly doesn't help.
The next step after that will be machine vision based transformation of the rendered output. I think as long as end users can keep control of the browser and computing device hope is not lost.
There is also the option of actively attacking the business model of the ad and tracking industry. Ad blockers could simulate lots of "fake" traffic to make ad analytics harder (this is another arms race against attempts to filter out the fake traffic)
There's no losing if people voted with their attention instead. If the terms of exchanging data are unacceptable then don't accept any data from that source. The digital equivalent of voting with your wallet.
Kind of like climate change, there are actions we all know would help but individually giving up those conveniences is difficult.
This. I normally just avoid commenting in these threads, but clearly most users don't see this as quite as big of a problem as the HN users that comment in these threads. And maybe, just maybe, they're right.
Exactly. In theory they are effectual, if people actually did it...
I'm a big proponent of top down climate change policy to force change as opposed to hoping if we virtue signal enough people will be shamed into driving a bit less etc.
With regards to climate change, definitely not. I just wanted to highlight that it's a similar mechanic at play. Perhaps I phrased it oddly.
With regards to Ads I don't take as much a hard line approach as yourself (I remember our last discussion!). I'm very pro ad blocker use but not to go as far as banning them in any way.
Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to. I feel no entitlement to their content as they should not feel any entitlement to what code gets to run on my machine once it reaches me. I might expand on this in a blog post some time soon but it's probably closer to an art project than something actually viable.
> Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to. I feel no entitlement to their content as they should not feel any entitlement to what code gets to run on my machine once it reaches me. I might expand on this in a blog post some time soon but it's probably closer to an art project than something actually viable.
An advantage of this is we'd skip the whole ad blocker and anti ad blocker charade and gain a metric ton of performance back.
I'm impressed. I don't think I ever remember individual usernames.
>Something I've been thinking about is sending a header to websites informing them I'm going to block their ads so they decide not to send me the content if they don't want to.
I've actually played with similar ideas in the past (my more moderate days). But my philosophy at this point is that they can choose to give me the data or not give me the data. And I'm free to do with it as I please as long as I don't distribute it without permission. And I'm even softening up on that limitation.
I wasn't aware putting trackers on subdomains was a working adblocker workaround. Now that I know it, I'm surprised it hasn't been a massive problem since much earlier.
Essentially most sites are not "owned" by a single technical authority in the business - this is the main reason such a simple workaround goes unused.
The key parts there are:
- single
- technical
- authority
Watching businesses attempt an integration of a line code anywhere to download the third party tool is painfully hilarious.
Getting them to set up a DNS record to point to you is often so far off the table its playing in the forest with the faeries. Having them pull your code and serve it statically alongside their site... I couldn't imagine
I believe you, but this still seems strange to me with the overdesigned behemoths, on the verge of toppling over at any moment, most big corporate sites appear to be nowadays.
Websites get bloated because the companies aren't aware of all the tracking going on in the first place.
What usually happens is that the marketing team signs a contract then developers copy and paste a JavaScript snippet to embed on the website and move on.
The work arounds require much more intention and the solutions can be hacky like modifying urls in a minified JS file.
If that tracking is blocked, it is invisible to the company especially if only the third party who has access to the data.
I agree, but given enough incentive these barriers can be overcome. I thing these are signs that ad-blocking is becoming sufficiently painful to provide that incentive.
i actually had this conversation with a friend last night, and we figured the effort put in to serve ads to an audience so vehemently blocking them probably costs way more than the potential revenue, considering if a user is blocking ads they are probably hostile to any messaging anyways. But that's before getting into the rabbit hole of saturation strategy and any press is good press type of theories
This was probably correct until a couple of years ago. Ad-blocking has now become much more commonplace, hence the advertisers innovating so hard to get around it.
'normal' people are starting to run ad-blockers now, not just tech-savvy users.
It is not, on its own, a workaround. Cookies are still separate, and any foolproof online correlation call must go through the browser and can be blocked.
Not going through the browser is possible but requires trust between organizations; publishers have an incentive to inflate numbers, and trust has so far been lacking (and rightly so). That may change.
Ad blocking is supposed to improve performance. If you still need to download ad and then perform additional computations, I, personally, would opt-out from that ad-blocking, it's not hard to ignore ad myself.
I’d say it’s not a drain, but even as a long-time ad-blocker, I still am conditioned to ignore things screaming for attention. It’s been very often that I’m looking for something (eg. a link) but I don’t see it because it’s more visible than the rest of the page and my brain is conditioned to filter that out.
Yes, I think that's the right approach. You just forgot to mention that in order to prevent tracking a new VM is spun up for fetching each page. (Of course this wouldn't be necessary if the browser were implemented by someone who was on the same side as the user.)
I guess the solution at that point will be to develop a free (foss) internet alternative.
The internet will partition: the corporate internet will be what you say, and the independent internet will be people writing and hosting their own content, like the internet of the olden days. Some of them might interact with corporate services via apis.
The independent internet will be small, but it will be enough. If you want to buy something anonymously, go to a shop and pay cash with your phone turned off.
I'm intrigued by the possibilities offered by decentralized technologies like IPFS and the like. I think whomever can come up with a viable economic model that allows for the sustainable decentralization of web services will change the world.
Thank W3C for caving into the Corporations that want to remove the Openness from the web-standards that allow for this kind of nonsense.
Google is the biggest offender after all their entire business is Tracking and Ads but it seems they get a pass as being an "offender" from most people
> Google is the biggest offender after all their entire business is Tracking and Ads but it seems they get a pass as being an "offender" from most people
Note that "most people" (even individuals) also happily insert Google Analytics snippets on their own blogs or websites. I see that all the time thru uMatrix. So it's far from "Google being a bad actor" alone.
but this is all we ever asked, wasn't it? That the content creator take direct responsibility for their advertising instead of shipping us off someplace else.
Agreed. If ads are served by the site I'm visiting and don't include cross-site tracking bugs, then I think that should be acceptable to most.
Speaking for myself, I've never been opposed to ads on sites (within reason - popovers are trash), because I understand that creating content costs money, but I don't like all the tracking that comes with them.
I did actually click the link and read the whole Github issue thread, and the discussion here, before commenting.
But I was actually responding to the parent's comment (this is a threaded discussion, yes?) about how actual first-party ads are less objectionable than third-party tracking.
There's no reason code served from the "first party" can't also participate in cross-site tracking, just by using cross-site API's on the back-end to report user actions to a central tracker.
It is more technically challenging to implement. If it becomes necessary, I'm sure there will be plenty of money invested in making it easier for the content providers to participate in such things.
I feel like it at least makes the arrangement explicit and IMO its as much as we could ever ask for. This was always the technological trick that ad-blocking employed.
It’s still a 3rd party doing the tracking. They are just using DNS tricks to make it look like it’s a 1st-party domain, thus defeating tracker blocking.
WebAssembly can still be detected; the filepath or subdomain can be blocked as normal (would already work) and optionally you can run a fingerprinting method similar to AVs to detect scripts similar to trackers.
Exactly. The only way to create a black boxed env on devices outside of the attackers premises is if the attackers built the devices themselves and have thrown decades of iterative development out the window to create equipment resistant to endless physical attacks. Transporting state secrets is a simpler task.
That just moves the goalposts though. People will still deconstruct and reverse engineer the black box, or sniff the lines it uses and attack the traffic. Or anything else. There are countless attack vectors against a device in physical possession. So unless the devices are melting down into slag and can perfectly detect even passive attacks then the advertisers will always lose.
This doesn't stop them from trying. If advertising can be made more expensive then the roi the advertisers will stop. Some will irrationally throw money at the problem way past the point they should've given up but even they will taper off eventually.
Suppose I have an apache module (or the equivalent in some modern http server) that's (a) injecting the necessary code (b) forwarding the traffic information to my nefarious third-party tracking provider. Or, heck, just a third-party solution that consumes my apache logs. It's doing all of this without using the browser itself as a middleman, like the clumsy CNAME masking discussed in the linked Github discussion.
This could never be stopped client-side since one's web browser would have no say.
Only reason this isn't more widespread already is because a lot of web properties don't have full control over their shared hosting environments.
First-party ads are theoretically kinda sorta maybe blockable via various levels of heuristics, which of course adblockers are already doing to various extents today.
But as far as preventing your information from being forwarded behind the scenes, there's no technical solution. Legislation is the only hope to curb it.
As far as I know, Urchin [0] (Google Analytics predecessor) was that third-party solution that consumes Apache logs. However, Google bought and discontinued the product.
Google still has an old help site referencing its log analysis features [1].
> Urchin WebAnalytics Software is discontinued and is no longer supported. All Urchin documentation applies only to the Urchin product as it was at the time of discontinuation, and does not apply to any Google Analytics products or services.
It should be clear at this point the www is a not what it was. Honestly the ads could still be 3rd party, but they would just be stored on the same web server as the site. Then the 3rd party would just collect the info from the site instead of directly through the user.
I'm ready to move on. In my eyes we already lost the www.
We could start blacklisting such websites (with opt-in and toggle-able blacklists) and move to search engines that allow such blacklist opt-in features.
I'm already seeing a big use case for having such a (opt-in) domain filtered search engine since there's soo many spammy and SEO-hacking web sites out there.
Nah; presuming the page’s real content continues to just be plain HTML, the worst things will get is that you’ll have to browse some sites with JavaScript disabled.
Also, re: “inline” static images, there could totally be client-side ML-model cosmetic filters that recognize and remove known as images, regardless of how they got to the page. The filter could even just throw a floating rectangle over then, so it wouldn’t even have to understand how they’re made in the DOM. This is the “thermonuclear backup plan” we’ve been expecting to need to pull out for a while now, though advertisers have been lazy about getting sneaky enough to necessitate it.
My issue is that while blocking third-party scripts breaks a small part of the "Web", this now requires me to block even the first-party JavaScript, breaking most of the Web !
The first thing is, how do you distinguish between the ad and a non-ad? If my friend mentions a famous brand in a chat with me, should there be some entity to remove the name of that brand from the chat, so that I don't see it?
There are many videos on Youtube recommending stuff. You never know if the author has been paid. Even if you try to detect popular ad networks and services, the ad techniques will also evolve.
If ads were the only source of my income, and my content was unique, I would show the user a "quiz" every 5 minutes, asking him to answer, what is shown in the ads at the moment :D and deny the access, if the answer is wrong.
The common motivation for ad-blocking is to prevent third-party tracking (the discussion here is about first parties proxying that tracking), JS attack surface, cryptominers, auto-playing videos, etc. - not to prevent advertising per se. Back when Google sold text-only ads, people were quite happy with them for doing it.
> Back when Google sold text-only ads, people were quite happy with them for doing it.
Those are some rose-tinted glasses. People on forums like HN were always annoyed that they looked like navbar links and you were only clicking them out of confusion with actual links.
There will hopefully always be those personal/ad-free sites that are plain HTML and don't require any JS, but they might get a lot harder to find through the search engines...
Like in security, could work with a "block all" with an explicit whitelist of HTML that can be used. If it needs a canvas to display, then it isn't part of the trusted environment. That would mean you couldn't use sites that required both the ads and the content were in canvas/webassembly, but at that point they aren't really a trusted actor.
Well, if it's first party you've at least mitigated some of the privacy concerns, and it's then about the privacy policy of the company in question.
If they want to make ads extremely hard to block but reduce privacy concerns, I'm all for that. It puts the discussion back on a more even level, and if you don't like the ads, don't use the service. The only reason I'm okay with running an ad blocker now is because of the privacy concerns. If those were eliminated (which isn't the case in this theoretical situation, they're just reduced) then I'm not sure how to justify running an ad-blocker. To my eyes, it's basically stealing cable or satellite service. I understand other people don't see it the same way though.
I don't understand why that isn't already a thing, just set up a proxy on your own domain to the ad / tracking server and you'll already avoid existing blocklists.
I don't think that has much value because the ad provider wouldn't know who you are to begin with.
First time you open said website no cookies would exist for the domain.
Then the ad provider wouldn't know who you are.
Ex: Access foo.com and search for shoes, shoe cookies set for foo.com
Then access bar.com which hits foo.com for the ad suggestions
Now foo.com knows you searched for shoes, since the 3rd party cookies are there.
Now if you do it without 3rd party cookies bar.com wouldn't have any access to the cookies which identify you as a shoe buyer, because those are set for foo.com
Perhaps a solution is for websites to have to request authorization to run javascript/wasm on browsers (enforced by the browser). It will allow legitimate uses of client side code, while eliminating the vast majority of abuses.
I wonder if it is also not how GDPR should have been implemented. Forcing browsers to implement a request for storing tracking data, which would avoid dark patterns in consent forms and would keep websites honest. It would also allow to remember the decision. If you delete cookies when the browser closes, you get asked for the same consent you denied on every visit.
I run a SaaS with tens of thousands of users and am not even tempted to run ads or even add third party analytics. Firefox, Safari, and Chrome all work fine on it.
Just because there are a lot of bad actors and massive amounts of advertising doesn't mean the entire internet needs to go down that path.
well, at least the most bit. to be honest huge portion of pages would not be missed. myself avoiding quite some already, just out of principle. and I am fine without those!
You could also try to provide paid content. I am more than willing to pay for content I like, if the price is reasonable and I can avoid ads and tracking -- I already support a number of media-outlets and podcasts with donations and subscriptions.
If you provide paid content AND try to track me or make even more money with me via ads: goodbye...
On the other hand: If you rely on ads only, it is doubtful that your media-outlet is truly neutral -- would you really do analysis and investigations on your highest paying ad clients (?) -- I doubt it...
