Wednesday, March 10, 2010

Adblocker and the death of web content providers

ArsTechnica recently ran an experiment to block content from users who were blocking their ads.  They wrote up a nice article explaining their experiment and why they ended it.  It's worth a read, if you are interested in the internet at all.  Go ahead, I'll be here.

C-Net posted a well-reasoned response/editorial that is also worth a read.

I'm a technical guy.  I have a patent on a web marketing technique (it's a little out of date now, but it drove fantastic SEO for my company for a long time.)  I'm trying to get interviewed for an IT position that would be responsible for managing the advertising platform for a major company.

Several years ago I converted to Firefox full-time and installed Adblock and NoScript permanently on all computers that I have influence over.  I'm glad to see that we are finally having a public dialog about this.  I'm surprised this has taken so long.  But from what I'm reading it appears that ArsTechnica and C-Net do not fully understand the problem.  I'd like to explain the problem to you and offer a way forward for the web-content industry.

The tipping point for me was the day my antivirus software alerted on a banner ad that was attempting to install a trojan program on my computer.  I was on  I decided that if couldn't be trusted to keep their advertising partners in line then I was going to have to just block the advertisers.

ArsTechnica, C-Net, and CNN, your advertisers are serving viruses and other malicious code.  Not all the time.  Not every day.  But too often.

The internet is much like sex.  Your content is being inserted into my computer.  I shouldn't have to draw the pictures for you.  I'm responsible for protecting myself.  You've proven to be untrustworthy, and blocking your advertisers is the only way that I can protect myself.  Adblock is the condom that I'm putting on you, in order to protect myself.

That's not quite an accurate description.  The ads you display are not hosted by you.  They are hosted by an endless array of ever-changing advertising companies.  These companies go to great lengths to hide their identity with false domain names and other tricks.  So your readers have no way of knowing who you are bringing to bed.

Thank you, but I have no interest in participating in your orgy.  I'm interested in your content, and I know who you are, so I will allow you to run your content on my computer.  But your buddies lurking in the shadows do not get a turn.  Understand?

We are currently on a trajectory for this to continue to escalate.  That will get ugly.  Good content providers will go out of business.  Good people will have to resort to ever-more nefarious tactics to safely get the content that they want.  I would like to suggest that there is another course.

I'm not turning off Adblock until you prove that you, and everyone you bring to bed, can be trusted.  No one speaks for the Adblock user community, but I believe that many others feel like I do.  Trust is the fundamental problem here.

In a practical sense, the problems are:

  • Advertisers are hidden and unknown on your site.
  • Advertisers have too much latitude in what code they run in their ads.
  • No one is monitoring the advertisers' IT practices to make sure that they are not hacked.
  • There is no feedback mechanism for when accidents do happen--and we can't pretend that hackers won't get in once in a while.

This flies in the face of conventional internet wisdom, but the best solution I see is for you to move the advertisement servers into your domain.  You take responsibility for the servers (security and content scanning.)  You actively scan and limit the types of code that your advertisers can run before you run it.  You establish a webmark or legend to show people that you are taking responsibility for the code that you run on your readers' computers.  And you establish a full-disclosure policy to alert readers when there are security breaches.  That full disclosure policy needs to name the advertisers, who have to come out of the shadows.

Technical people will need to meet and discuss what types of content are allowed in web ads.  I want tracking cookies banned, for instance, but that might be negotiable.  But the experts should talk it through and agree on a language/function by language/function basis and establish a permissible standard.

We could work together to establish an open-source project for software to scan advertisements before they were approved for serving.  I'm sure that many volunteers would show up to help code that for free for you.  That could be part of the webmark, or whatever.

You guys, ArsTechnica and C-Net, are technical thought leaders.  You can reach out to the various leaders and help establish these standards.  If you don't, then no one will.

(Update: CNET is now running an article discussing the precise numbers of malware exposures being served in the advertisements on several major sites.  My read of the chart is hundreds of thousands of malware infestations through the advertisement platforms on the New York Times, DrudgeReport, and other stalwart sites--over a period of SIX DAYS.  The major advertising platforms are all compromised.)

Good luck.

No comments:

Post a Comment