This is a mini-rant, a short essay refuting a common misconception among users of an Internet forum. If you think this essay is FUD, feel free to explain why on the essay's talk page.
Ad blocking refers to practices by viewers of HTML documents to reduce their annoyance by causing a web browser not to display advertisements, or promotional messages inserted in these documents. As ads have become more annoying, more viewers have been led to install tools that block ads, which has led to disputes over how best to balance viewers' experience with publishers' viability.
As of 2016, there are two proven revenue models for information publication: subscriptions and advertising. Subscriptions work for "sticky" sites, those whose intended use case involves long or repeated visits. Or a publisher may run an advertorial site, making some articles available without charge that act as ads for the publisher's related products and services.[1] But a requirement to subscribe drives away viewers who find a document through a shared link or a web search but aren't interested in a long-term commitment to the particular site it's on. By fourth quarter 2018, some in the news industry were beginning to realize that paywall fatigue is a thing. Once many users were already subscribing to one or two national news sites, local publications struggled to find tens of thousands of prospective subscribers with enough remaining disposable income for yet another site.[2]
Printed magazines and newspapers have long combined advertisement revenue with subscription revenue to fund their journalism on grounds that neither ads alone nor subscriptions alone provide enough revenue. In the second half of the 2010s, several subscription websites began using the same excuse to block access to subscribers who use anti-tracking measures.[3][4][5]
One article claims that there is no third business model to pay writers and bandwidth bills.[6] But some critics see professional writers as acceptable collateral damage in the battle against abusive Internet advertisements and the fake news and conspiracy sites that ads fund.[7] One has sarcastically recommended that the best third business model for a site depending on short visits is to leave the information publication industry altogether and, say, become a meat butcher.[8][9] Let's assume for a moment that the structural unemployment associated with a sudden across-the-board shutdown of an entire industry is impractical and that Huawei's 2021 shift to pig farming[10] is an isolated case.
One suggested third model is pay-per-page. If a publisher were to try to implement pay-per-page by becoming a merchant accepting major credit cards, it would be wiped out by the credit card networks' swipe fees. The Bitcoin cryptocurrency is not practical for pay-per-page either, as the groups in China that control the majority of the network's mining power have driven up transaction fees well over those of credit card networks and refuse to expand the network's capacity beyond about three transactions per second.[11] By August 2017, transactions were taking over three days to confirm.[12] As of December 2017, the Segregated Witness (SegWit) extension, introduced in August 2017, has not done much to increase transaction rate and decrease transaction fees.
So if no viable microtransaction provider emerges, then perhaps the way forward is to make subscriptions portable by creating a subscription or micropayment network that multiple publishers can join. A user subscribes to one site and views documents on other sites in the same network found through search or inbound links, and these other sites get paid per page view. Several adult entertainment sites used to be part of such a network called Adult Check back in 2000 or so. Later attempts at a subscription network include Google Contributor, Optimal,[13] and Webpass.io. Another is SatoshiPay, which acts as a middleman on top of the Bitcoin network and allows top-up through Bitcoin payments or, for people who don't currently use Bitcoin, by signing up for the Coinbase exchange.
As of March 2020, Mozilla has been working with Scroll to provide Firefox Better Web with Scroll. Unlike Contributor, Scroll is not an ad network. But Scroll isn't quite the same as an Adult Check replacement, as subscription websites that ordinarily show ads to subscribers remain paywalled.
To keep their livelihood going in an era of ad blocking, some websites have added "anti-adblock" code to attempt to block access by users of ad-blocking browser extensions. There's a legal conjecture going around that anti-adblock meets the definition of an "access control" mechanism in the Digital Millennium Copyright Act (17 USC 1201). Under this theory, the anti-anti-adblock rules in some ad blockers are an illegal "circumvention device".[14] If a court upholds this, developers of ad blockers are faced with what Stack Overflow users call an "XY problem". This refers to trying to solve a problem with a particular solution and asking about that solution, when another solution to the original problem might work better.[15] The solution to an XY problem is to step back and "describe the goal, not the step."[16]
Viewers of websites seek information without being unduly distracted, suffering undue strain on the device's resources, paying undue penalties to an ISP, opening their devices to intruders, or paying for services that they don't plan to use.
Some viewers have seizure disorders, vision disorders, or attention disorders. They may not want unexpected animation, especially if it covers the text that the viewer is trying to read. Others are viewing in a quiet place or listening to music, and they don't appreciate documents that automatically play audio.
Some viewers are behind a satellite or cellular ISP that imposes a "cap," or monthly data transfer quota. For satellite and cellular ISPs in the United States market, the overage penalty for exceeding a cap is close to $10 per GB, making it expensive to view documents whose ads have a large data size. (Sources: Exede.com; Verizon.net; Ting.com)
A document containing particularly complex scripts or media may cause a mobile device or older PC to drain its battery or struggle to keep up. Using more CPU time uses more energy and slows down other tasks that the user is performing on the device. Using more RAM could cause a system to thrash swap or force the system to purge other documents or applications from memory to make room.
In the 2000s, some documents contained objects that the browser could not handle, requiring viewers to install a plug-in. The majority of such plug-ins were proprietary software, denying the viewer (and the browser publisher) the ability to audit plug-ins for vulnerabilities that could allow intruders to install malicious software (malware) on the viewer's device. This lessened with the popularization of mobile devices, which could not run plug-ins, though minification, obfuscation, and proprietary software licenses still interfered with auditing client-side scripts in documents.
A viewer who finds a document on a particular website through web search or social sharing is unlikely to purchase an entire month's subscription to the site just to read one document. Thus locking too much behind a subscription will result in bounces rather than conversions.
Some people seek to block all advertising just because it's advertising. Others recognize that advertising is necessary to keep many for-profit websites in business. So they look at annoyances in web advertising and define criteria for "acceptable ads" that they won't block. For example, Eyeo's popular Adblock Plus extension ships with a whitelist of ad-supported publishers that pledge to meet Eyeo's criteria.[17]
Some people define acceptable ads as those that don't move and don't download excessive data. As home Internet access shifted from dial-up to broadband in the 2000s, advertisers began to prefer animated "rich media" ads that cover a document's text, automatically play audio, or move around in a manner that distracts the viewer from the document he is reading. These rich media ads also tended to use far more CPU, RAM, and data than a still ad.
Some people define acceptable ads as those served using technology that comes with the web browser. In addition to being strongly correlated with the annoyances of rich media during the 2000s, the SWF (Adobe Flash) plug-in has had numerous vulnerabilities that led to malware installation. Others define acceptable ads as those delivered without client-side scripts, or at least without client-side scripts distributed under non-free terms.[18]
Some people define acceptable ads as those that don't access third-party servers. Cookies set by third parties allow more data mining by private entities by letting them correlate visitors' browsing histories across numerous sites. This, for example, could let governments buy mined data that proves specific citizens' allegiance to the minority political party and "lose" a few thousand voter registrations in close districts or, in more totalitarian cases, even "lose" a few thousand voters.[19] Ad exchanges facilitate this through "real-time bidding", which offers context (including a unique identifier of each viewer) to several ad networks and lets the highest bidder display this ad. This not only lets multiple ad networks build a dossier on each viewer but also takes substantial CPU and RAM to run the client-side JavaScript portion of the real-time bidding process.
Some people define acceptable ads as those that are relevant to the subject of the article, such as ads for auto parts near an article about a car maker. In theory, interest-based advertising lets publishers collect a higher CPM (cost per thousand impressions) rate by allowing advertisers to serve the ad that is most relevant to a particular viewer, regardless of whether the ad is relevant to the article appearing next to it. Impressions of interest-based advertisements draw roughly three times the revenue compared to ads based solely on the context of the document in which they appear.[20] Publishing consultant Oliver von Wersch put it this way: "the common perception in the market is there's no advertising without tracking. Deactivating tracking in the browser is a de facto ad blocker."[21]
Results, however, are mixed. A 2019 study by researchers at the University of Minnesota, University of California Irvine, and Carnegie Mellon University shows that cookie-driven behavioral targeting improves publishers' ad revenue by only 4 percent or $0.08 per thousand views.[22][23] Though advertisers pay three to five times as much for views with behavioral targeting as for views without, the lion's share of this increase goes into the pockets of the ad network, not the publisher. The New York Times even saw an uptick in ad revenue from Europe after it stopped using open ad exchanges and behavioral targeting in the European Union to comply in May 2018, proving that privacy can work for a publisher large enough to sell its own ad space.[24]
In addition, ads relevant to a particular reader's interests on unrelated sites but not to the subject at hand tend to distract the reader, as the reader is primed for the subject, not for something he or she may have looked at days ago. It also backfires when advertisers use this sort of cross-site retargeting to chase a publisher's viewers to less expensive sites. They do this by dropping a cookie on an expensive site, marking the viewer as part of that site's demographic. Then they retarget that cookie on sites with much cheaper CPM. An article specifically points out The Atlantic as a victim[25] of this "data leakage" phenomenon,[26] despite the animosity of The Atlantic toward tools that limit third-party tracking.
Sometimes, even paying is not enough to avoid tracking when one company owns both a subscription or micropayment network and an advertising network. This allows the latter to continue to track even paying subscribers. Google, for example, operates both Contributor and the AdSense ad network and DoubleClick ad exchange.[27]
Displaying ads without a third party requires each site to sell ad space directly to advertisers rather than through an ad network, just as each newspaper had to sell its own ad space in the print era. Publisher-served ads are more likely to respect privacy and harder for viewers to block but also harder for a site owner to sell, especially a site not as large as NYT. This is because major ad networks have built a reputation for a large audience, which reduces transaction costs,[28] and accurate view and click statistics free of fraudulent padding. (See tips.) But despite the difficulties, sites such as Daring Fireball and Read the Docs have adopted this more print-like approach.[29][30]
Understanding what users expect to get out of ad blocking may help Internet security tool developers replace intentional circumvention with plausible deniability.
When SWF ads first appeared in the 2000s, some people made a point of putting ad servers that host SWF ads in the computer's hosts file. Later, browsers gained the ability to make SWF objects click-to-play, first with the Flashblock extension and then with built-in features to limit plug-ins to sites on a user-maintained whitelist. One could block SWF ads with a clear conscience, as it was protecting a device from a hazardous media type rather than blocking a publisher's livelihood, and publishers were expected to fall back to HTML ads if Flash Player could not start. Starting in the early 2010s, as so-called post-PC mobile devices gained usage share, ad networks shifted from SWF to DHTML, HTML5 audio, and HTML5 video, and blocking large or animated ads without blocking still ads or legitimate uses of HTML5 technologies became that much harder.
Some people block ads because ad bidding and delivery scripts are not under a free software license and therefore not auditable for security vulnerabilities. The LibreJS extension blocks these on compatible web browsers.[18]
Some people block ads to stay within a data quota. But as of 2016, most web browsers don't make users aware of how much data even an ad-free document uses.[31] One possible solution is to have the browser pause the connection after every megabyte of data is downloaded and ask whether the user wants to continue to load more data on that document.
Some people using resource-constrained devices, such as mobile devices or older PCs, may block ads with video or heavy scripting to save CPU and RAM. The Interactive Advertising Bureau (IAB) launched the LEAN initiative in 2015 to tone down the data size and distraction of rich media ads somewhat.[32] But even if an ad itself is lightweight, the associated real-time bidding process may not be. This has led some viewers to install a tool that disables client-side scripting entirely for most sites, using tools such as NoScript or uMatrix.
Because ads that track users also tend to have other annoyances, some viewers block ad networks that track them, using tools such as Ghostery, Disconnect, Privacy Badger,[33] and the tracking protection built into the Firefox web browser.[34] The ostensible use here is to block tracking; blocking ads is only a side effect. When websites serve ads that do not track viewers across sites, users of tracking blockers see them without problem. A site that normally uses third-party ads could in theory use ad replacement[35] to serve alternate self-hosted ads that don't track the user.
However, several anti-adblock tools confuse tracking blockers with ad blockers, making no attempt to show self-hosted ads. WIRED was particularly notorious for blocking tracking blocker users in 2016 and 2017,[36] before it erected a paywall in 2018. It had an article reviewing Disconnect,[37] but users of tracking blockers saw instructions to disable Disconnect.[38]
When you see a notice that a site forbids use of ad blocking software, follow these steps:
Subject: Mistaken activation of anti-adblock notice
I'm using Mozilla Firefox without any ad-blocking extensions. Instead, I'm using the tracking protection built into the Private Browsing mode of Firefox. Yet NAME_OF_SITE misdetected me as using an ad blocker instead of showing self-hosted ads.
Firefox tracking protection is not primarily an ad blocker. If a web publisher sells advertisement space directly to advertisers and hosts these ads from the same domain as the rest of the site, tracking protection allows the ads to be displayed. Examples of sites using self-hosted ads include Daring Fireball and Read the Docs.
I admit that Firefox tracking protection has a side effect of blocking ads served by third-party ad networks and ad exchanges. This is because third-party ad networks and ad exchanges track viewers' behavior from one website to another in order to attempt to match ads presented to each viewer to that viewer's interests. But if NAME_OF_SITE displayed self-hosted ads when the ad network or ad exchange cannot be reached, ad blockers wouldn't eat into revenue nearly as much.
In other news: I'm interested in advertising on NAME_OF_SITE. How much do you charge to host an ad?
This probably will not help much if the site insistently mentions "ad or tracking blockers" in the same breath, as The Atlantic does.
Categories: Computer security, Mini-rants