Why are so many people using ad blockers?

Also in today's open source roundup: Is Apple's iPhone SE stealing users from Android? And Xiaomi's 4.3-inch Mi 5 Mini could be an iPhone SE killer

Why are so many people using ad blockers?
flickr/Horia Varlan (Creative Commons BY or BY-SA)

Why are so many people using ad blockers?

Prominent mobile device companies like Apple and Samsung have recently added the ability to run ad blockers on their phones and tablets. And many users have been installing them, making ad blockers some of the most popular apps in app stores.

Ad blockers are a hot topic of debate though, with revenue-starved sites being pitted against users who are concerned about malware as well as their overall reading experience. Users are defending their right to run ad blockers, while sites are requesting that they turn them off.

But there's another reason why so many people are using ad blockers on their mobile devices: mobile data allotments. It turns out that advertising can eat up a user's fixed data allotment very, very quickly and that could result in expensive overage charges.

Karl Bode reports for Techdirt:

By now, usage caps on both fixed and wireless networks have grown increasingly common. And while broadband carriers are endlessly looking toward caps and zero rating for a competitive and financial advantage, overlooked is the fact that a huge amount of a user's monthly bandwidth allotment is now being eroded by good old advertising. How much? According to a new study by Enders Analysis, anywhere from 18% to 79% of your monthly data bucket can go toward delivering advertising. Previous studies had pegged this between 10% and 50%.

It's important to remember this as websites begin waging all out war on ad blockers. Users aren't just using ad blockers because they think it's fun to generate industry histrionics about the end of publishing and journalism as we know it. Users are using ad blockers to protect themselves from annoying malware and poorly-designed advertising and web formatting. They're also using ad blockers to help protect their wallet from broadband provider overage fees. Block the blockers, and you're blocking an effective consumer technology tool.

You also have to keep in mind that usage caps (especially on fixed line networks) are entirely arbitrary constructs, not tied to any real-world costs or engineering necessity. And while carriers have worked tirelessly to zero rate their own content or content from the biggest companies on the Internet, so far nobody's rushing to cut consumers a little slack and zero rate advertising at any meaningful scale. In other words, not only are consumers paying an arm and a leg for mobile data, they're paying an arm and a leg predominately so they can be marketed to.

More at Techdirt

Techdirt's story about ad blockers caught the attention of Linux redditors, and they pulled no punches while sharing their thoughts about it:

Buzzrobot: "More than anything, an ad blocker is a necessary security tool these days, given the inability of many sites to police the ads delivered to their customers via the ad networks they use.

Traditional newspapers know what's in their ads because they put them there. Actual employees vet the ads. Web sites don't know because they pay someone else to serve the ads on their pages."

Gogmagog: "Malvertising is an important consideration which never seems to come up when there's a discussion about ad blocking. Advertising is a malware delivery vector you have to protect yourself against, just like any other.

It's easy to distribute malware through an ad network when partners aren't actually paying attention to what sort of advertising content is being displayed on their web pages. You just plug in a script and let it work while you collect a trickle of revenue. Everyone has a problem with ad blocking when that revenue starts to disappear, but nobody seems to care if they may be serving a payload with no prompt or user interaction required."

PinkyThePig: "What I don't understand is why this is even a thing. Do ad networks just let people submit literally anything to them and they will serve it, no questions asked? If I were a website and the ad network I used served malware, I would be working on cutting ties immediately and finding a new vendor. It seems to me like an ad network that guarantees no malware would have a leg up over their competition."

Mywan: "It's a bait and switch tactic. If you want to shell out the money to the ad agency you can do it yourself. Create an ad and submit it for approval. Once approved add a line of code to include some javascript from another location to implement the malware. See how long it takes them to notice and kill your ad in the ad rotation. Depending on what you want to accomplish a botnet of a few thousand computers can be worth more than whatever the ad was paying or cost."

IWantUS: "The painfully obvious solution to this is to review new ads every time they're changed, and it's kind of hard to imagine why they wouldn't already be doing this, if they aren't."

Dman: "It's likely not manually reviewed due to the sheer number of ads that are submitted. It would slow down the submission process significantly. Top that with the costs of assembling a team large enough and competent enough to review everything."

Pilif: "The attackers change the payload after it has been vetted and accepted.

Advertisers usually don't provide assets (like a picture or html and JS files) but just an address of their own. This gives them the maximum flexibility and, more importantly, the ability to track the performance of the ad and to compare their numbers to the numbers reported by the network (to prevent being defrauded).

But this of course also means that the advertiser can change the ads content while it's running.

But let's make a thought experiment and let's say that from now on, networks only accept static assets. This fixes the issue of the ad data changing in mid-run, but ads these days are huge (just look at this article), so it would very much still possible to hide some malicious code in the static assets that still goes out to download exploit code after, say, a specific date has past.

To fix this, ad networks would have to do full code-reviews of the submitted code. But as we can see that even companies with the utmost interest in reviewing third-party submissions sometimes screw up (there is the eventual malware issue in the Apple iOS store for example), how good do you think these advertising networks will be at code review?

Plus, this would greatly increase the cost of getting an ad posted which in turn would mean much less revenue for the site to the point where it's not worth running the ad any more.

This might actually be a point where legislation might help to make content providers responsible for all the data that's downloaded from a visit of their site. Then they would be much more careful when selecting ad networks to the point of them only choosing networks which only allow static code-reviewed assets.

Once all content providers do this, advertisers will just have to go through that review process to even get their ads shown on any relevant site and the additional cost for the review might then be split between advertiser and content provider.

But that's just a quick guess. This situation is very messy and I don't think there is an easy solution around"

Floppie7th: "I have no issue viewing text and still-image ads. Animations, Flash, and embedded scripts (other than the obvious "call server to retrieve ad and record impression") are all things that will get my adblock turned on on your site, because all of the above will tie up a substantial portion of my processing power, and the latter presents an attack vector."

FreeMesh: "I basically rooted my phone just so I can install ad blocks on Android. After a month, I found out that my monthly data usage drop from 2 gb to 416 mb. So this isn't far off from the truth."

Justaquestion: "I use adblock to avoid annoying pop ups, web redirects, and other ads that prevent from viewing a webpage. I don't mind regular old banner ads or ads that are embedded into the page. And I am much more likely to click on these."

More at Reddit

1 2 Page 1