Chris Dzombak

Ad blockers aren’t killing the web; ad networks are killing the web

Part of the Rage Against the Ad Networks series.

A bunch of people this morning are sharing The Verge’s article, “Welcome to hell: Apple vs Google vs Facebook and the slow death of the web”. The article is trying to argue that Apple’s support for content blockers in Safari on iOS 9 is part of some larger battle between Silicon Valley tech giants, and that those who choose to install ad blockers are killing the web. (Or something like that; the headline is so stupidly hyperbolic I could barely bring myself to skim the article.)

But ad blockers aren’t the problem here. Ad networks are the ones killing the web and if they want to stay in business they have some shit to fix.

Ad networks are not ad networks; they’re malware delivery networks

Ad networks are now one of the most common ways that malware gets installed on people’s computers. They’re a perfect mechanism to ensure cheap, widespread delivery of drive-by exploits on otherwise reputable sites.

Here are a few examples from the first page of Google results for “ad network malware”:

This is not acceptable. Ad networks, and the otherwise-reputable sites that use them, are auctioning the right to run untrusted JavaScript of unknown origin on my computer to any interested party. I get to say “no” to that.

Ad networks don’t use HTTPS

Ad networks still mostly serve their content over HTTP, which is unacceptable in this day and age. This is what holds back many major sites from switching to HTTPS, and it also provides a nice opportunity for anyone on the network to inject malware or other content into any page with advertising.

And rather than deciding to fix their shit, major networks are advising developers to turn off new security features in their iOS apps. Again, not acceptable. I get to choose whether I load content over HTTP.

Ad networks’ trackers invade privacy to an unreasonable degree

Marco Arment does a great job exploring this topic in “The ethics of modern web ad-blocking”. Again, this is something I get to say “no” to.

Ad networks are bloated and slow

Not only are ad networks a stunning information security liability and invasion of privacy, they’re not even good at it. The code that implements this tracking and ad distribution is so large and slow that it often doubles—or more—the amount of time needed to show a page.

That’s an impressive impact, and on mobile this data can cost users a substantial amount of money.

Ads are generally a shitty user experience

Experiences like these are commonplace in web ads.

And on mobile it’s worse: full-screen modal ads always have “dismiss” buttons that are off-screen or are such tiny touch targets you’re guaranteed to tap on the ad while trying to make it go away.

Ad networks and the sites that use them have to clean up their acts

Ad networks are actually slow, bloated, privacy-invading, insecure malware delivery mechanisms. They are not innocent citizens of the web being undeservedly decimated by Apple’s new version of iOS.

They need to resolve every problem I outlined in this post.

Until then, ad networks: fuck you; you don’t get to run on my computers. You had that privilege once, but you lost it.