Ad blocking is on the rise

“The following message was paid for by our malvertisers”

No adblocker

It is becoming more and more common for internet users to block ads as they browse the web.

Yes, it hurts the pockets of websites that rely upon advertising to fund their content creators and infrastructure costs, but the truth is that the average man in the street is sick to the back teeth of malicious ads infecting their computers, their browsing being slowed down, and having their online activity tracked.

As The Guardian reports, a study by the Internet Advertising Bureau has found that 22% of British web users over 18 years old are using ad blocking software.

That's up from 18% in October 2015.

Of course, some websites are worried about the loss of revenue that ad blocking is causing. More sites are beginning to put up walls, asking readers to whitelist their sites so adverts can still be shown or encouraging readers to sign-up for a low-cost ad-free subscription.

It remains to be seen if these tactics are successful or not.

One thing that I think would help make readers less nervous of white-listing a site's ads is if they felt a greater confidence that the ads had been properly vetted, rather than simply spat into the site's sidebar by a third-party ad network. Maybe we need more sites take on the responsibility of hosting the ads on their own servers, and have a direct relationship with their advertisers.

I don't know what the solution is, but I'm glad I don't have to rely upon web advertising to pay my grocery bills.

It does feel, however, that some sites are going out of their way to make users feel bad about running an ad blocker - as though it's not a sensible thing to do when you surf the internet.

Maybe the boot should be on the other foot, and those of us who quite like ad blockers should take a stand too.

I wonder if I started blocking access to content on my site to anyone not running an ad blocker? What do you think?

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

15 Responses

  1. Bob

    March 2, 2016 at 12:48 pm #

    There are a multitude of decent ad-blockers out there.

    I run one to on my mobile (a couple on my computer) to prevent overly intrusive interstitial ads appearing and ruining my browsing experience, to reduce the annoying pop-ups, pop-overs and pop-unders and to minimise the risk of me being infected my malware.

    An ancillary benefit is that by reducing those pesky ads pages load far more quickly because they reduce the amount of crap that is downloaded and, for users on limited data plans, you're saving yourself money.

    iOS users are okay – Apple allow you to use them and they integrate seamlessly with the native web browser (Safari).

    TIP: if a page doesn't load correctly in Safari then press and hold the refresh button in the address bar and it'll give you the option to reload the page without blocking ads; that 'hidden' option isn't immediately obvious.

    Android users are shafted – Google make money by selling your data and they do their best to prevent ad-blockers.

    Windows phone – I don't have much experience of this platform but my guess is that because of the low user numbers nobody has developed a decent ad-blocker.

    • Crepuscule in reply to Bob.

      March 3, 2016 at 12:56 am #

      Huh? Android is pretty well covered –> https://adblockplus.org/android-install

      As for the Windows phone users, "cyber darwinism" and all that.

      • Bob in reply to Crepuscule.

        March 3, 2016 at 11:08 am #

        http://www.androidpolice.com/2016/03/01/google-explicitly-bans-ad-blockers-from-the-play-store-except-all-those-ad-blocking-web-browsers-apparently/

  2. David G

    March 2, 2016 at 5:10 pm #

    I think you need to send this article to John Whittingdale who appears to be the latest poorly-advised IT-illiterate government minister. See bottom of page…http://www.bbc.co.uk/news/entertainment-arts-35708623

    • Bob in reply to David G.

      March 2, 2016 at 7:46 pm #

      How are his comments "poorly-advised"? They seem to be an accurate statement; in fact they echo what Graham Cluley says.

      Quote:

      He pointed to research that showed while people do not dislike online advertising in general, they do not like advertising that "interrupts what they are doing", such as auto-play adverts and pop-ups.

      "If we can avoid the intrusive ads that consumers dislike, then I believe there should be a decrease in the use of ad-blockers," said the culture secretary.

      • Dvaid G in reply to Bob.

        March 3, 2016 at 3:58 pm #

        How does this echo Graham when what he said above was " the truth is that the average man in the street is sick to the back teeth of malicious ads infecting their computers, their browsing being slowed down, and having their online activity tracked." ???

        • Bob in reply to Dvaid G.

          March 3, 2016 at 9:14 pm #

          Graham said:

          "One thing that I think would help make readers less nervous of white-listing a site's ads is if they felt a greater confidence that the ads had been properly vetted…"

          The government minister said:

          "…while people do not dislike online advertising in general, they do not like advertising that "interrupts what they are doing", such as auto-play adverts and pop-ups."

          "… he would be meeting "representatives from all sides of the argument" in the coming weeks to discuss the issue, adding that he did not think ad-blockers should be banned."

          I can't see from any of his comments that the government minister is "poorly-advised".

          He's making a sensible statement and one which Graham has touched upon – properly vetted ads (e.g. clear of malvertising, not intrusive etc.) would be accepted by most consumers.

          In fact Graham himself uses advertising on this site – see 'This week's sponsor' underneath the blue banner at the top of the page. Clearly he accepts (as do many others) that advertising is necessary, just not in its current third-party form.

  3. furriephillips

    March 3, 2016 at 10:55 am #

    Hi Graham,

    I think that's a perfectly good idea – I'd be happy to be shown an alternate page, warning me that I'm browsing insecurely, as long as the page linked me to some top flavoured Ad blockers, so that I could secure my shit and come back & view your super content :)

  4. stateside

    March 3, 2016 at 3:51 pm #

    Krebs site is a good example of vetted ads by a responsible author

  5. Steve Media

    March 3, 2016 at 5:02 pm #

    Seriously – the ad industry and those who use to finance their content COULD of abided by the Do Not Track standard – but most places did not.

    It COULD be simple to show ads that are not hacking visitor's systems with drive by malware.

    Instead we have gotten to this point where users NEED to block third party scripts in order to be safe, you can't blame the pop ups and malware on porn sites any more, yahoo and huff post and many others have distributed horrible malvertising – not on purpose, but certainly greed / lack of proper investment in tech / vetting.

    There are ads like in newspapers that don't cover the whole page, don't animate and slow down your paper, and don't auto play loud noise to interrupt everyone around you, and don't track what you read, and sell that info to dat combining places who are building up profiles on people.. those kind of ads are fine.. the kind we've been hit with time and again are inappropriate and deserve to be blocked.

    I don't think all ads should be blocked all the time, and I don't think whitelisting a site makes anyone safer – I do think a new standard for "fairblock" may be an answer / part of the solution.

    More on this fairblock idea here: http://www.ideasandwritings.com/02/adblock-into-fairblock/

  6. Katy

    March 3, 2016 at 10:18 pm #

    For sites that I really like, I do tend to relent and add them to my whitelist… but, I also don't have Flash or Java installed on my computer. Ideally I would also like to disable Javascript, but doing that makes it almost impossible to view many web sites. In any case, keeping my computer fully patched and updated, and removing unsafe software like Flash, does provide some mitigation against malicious advertising.

  7. Mark

    March 4, 2016 at 10:27 am #

    I really don't understand this fixation with ad-blocking. They are just white noise, ignore them. Similar to fast forward on a Sky/Humax.

    • Graham Cluley in reply to Mark.

      March 4, 2016 at 11:17 am #

      No TV adverts track what channels you're watching.

      No TV adverts infect you with malware.

  8. Ants

    March 4, 2016 at 4:49 pm #

    @Bob Whittingdale's poorly advised because he should be speaking to the ad agencies to ensure their security, not complaining people for using ad blocking!

  9. coyote

    March 5, 2016 at 5:48 pm #

    Most important:
    'I wonder if I started blocking access to content on my site to anyone not running an ad blocker? What do you think?'

    No. You should encourage them but you shouldn't block because the fact you do everything you can to raise awareness is far more important. I understand it might be a rhetorical question but I think (even if I wasn't one to enjoy answering rhetorical questions) this one especially should be answered because definitely your attempts (difficult as it is!) at raising awareness is especially important (it's not even a matter of thinking it true; it is true).

    'It remains to be seen if these tactics are successful or not.'

    That kind of manipulation – and it most certainly IS manipulation whether anyone admits it or not – would have the opposite effect for me (which is not to say that it is reverse psychology; indeed even if they suggested I do use an ad blocker I would still do that – and noscript especially [although I use more than that]). That is how everyone should act (to manipulation), too, although I realise many will sympathise with the organisations (if they're going to show sympathy they should show it for everyone who has to deal with their rubbish). They want adverts? They should have never created problems – and malvertisements is only one type of problems.

    'Maybe we need more sites take on the responsibility of hosting the ads on their own servers, and have a direct relationship with their advertisers.'

    I've said it for years: websites really should stop referencing third party servers which then also reference additional servers, going to ridiculous depths. This isn't only about security. Obviously I'm not referring to embedded youtube clips (or similar).

    That's something noscript is really useful for: enable only as many scripts (sites) as necessary and then it will make things easier (after you have a decent list). It also has the benefit of detecting clickjacking, XSS attacks and other things. But it is irritating when I have to enable all scripts for a website (or some sites) and then reload, then do it again, and then again, and again N times.

Leave a Reply