Dhaval Vyas
Lesley Carhart 
Ad blockers are also cybersecurity. Say it with me.
They reduce malvertising, watering hole attacks, and general malicious script execution. It’s not all about you, ad firms.
Bryce@hacks4pancakes ya, but it kind of is about the ad firms.
"It's not you, it's me." -infosec
@NationMeta it’s not all about a personal attack on then, I should phrase it.
EINGFOAN 
@hacks4pancakes this is the way!
synlogic@hacks4pancakes yeah I've been doing some ad engine design thinking lately. and its an interesting challenge trying to balance both ad/lead effectiveness with honoring user privacy/anonymity. inherently they tend to pull in *opposite* directions. though I know of ways to "square the circle", haha
SiberCecurity@hacks4pancakes looking at you google ads
Alan@hacks4pancakes maybe if the SOBs would conduct some oversight of their customers, we wouldn't feel compelled to filter them out.
Pteryx the Puzzle Secretary@0xAlan @hacks4pancakes And some human review of their ads to make sure every last one is harmless to users and their computers alike, *before* letting them into circulation.
Tindra@hacks4pancakes I’d happily return to classic, static, lovingly hand-placed on each page by the admin, banner ads.
Those were at least usually relevant to my interests!
/dave/null 🥃💻@TindrasGrove I am always wondering about this, whenever the rare occasion occurs that I browse the web on a machine without all the blockers installed. Not sure if it's maybe because these ads are not properly "personalized" (yet(?)) due to being either new or not my machines.
But the ads are generally always very bad as in: the products don't interest me at all. They would be much better off basing ads on page contents instead.
/@[email protected]
But the ads are generally always very bad as in: the products don't interest me at all. They would be much better off basing ads on page contents instead.
/@[email protected]
@unixb0y I tend to find the ads are related to some web page I visited a week prior.
Krupo@TindrasGrove @hacks4pancakes artisanal hand crafted ads.
Autocorrect wanted to change the "d" in ads to an "s".... Nice.
AccordionBruce@krupo @TindrasGrove @hacks4pancakes
There’s no reason the ads need to track us
The ad companies used to have to work harder to bullshit businesses into paying them to fill space in non-interactive print
We could go back to that. It’d still be for manipulative #advertising bullshit, but less invasive
Boba Yaga@hacks4pancakes I use Privacy Badger, which isn't an adblocker, but that doesn't stop websites from constantly telling me to turn off my adblocker.
Misuse Case
RegressionToTheMeme@hacks4pancakes It's a moral duty to deploy ad blockers.
Kris Mitka 
@hacks4pancakes great point! Ad blockers might be why attacks using ads aren’t more prolific.
P. S. F.
Advanced Persistent Teapot@hacks4pancakes (but it is a lot about you)
D C Ross@hacks4pancakes
I don't use ad blockers because I don't like advertising companies, I do it because I don't have any reason to trust them.
Suppose that you had a friend who claimed that they were a completely self-taught driver, had no driver's license and had still managed to be behind the wheel for several spectacular accidents within the last month. And suppose that they asked to borrow your car.
Tired Bunny 
@deeseearr @hacks4pancakes
But how can you... Trust any other software, to that matter? Do you only use certified (by who?) software, like, in general, ever?
And that analogy doesn't really make sense for me, since, at least where I live, it's a crime to knowingly let a person without driving license use your car. Even if that wouldn't be the case, I would rather see that friend drive myself regardless of license, because I know how many people either bribe their way through getting a driver license (which I hope is specific to where I live), or just don't give a fuck about law, or logic, whatsoever, after getting one.
But how can you... Trust any other software, to that matter? Do you only use certified (by who?) software, like, in general, ever?
And that analogy doesn't really make sense for me, since, at least where I live, it's a crime to knowingly let a person without driving license use your car. Even if that wouldn't be the case, I would rather see that friend drive myself regardless of license, because I know how many people either bribe their way through getting a driver license (which I hope is specific to where I live), or just don't give a fuck about law, or logic, whatsoever, after getting one.
@hacks4pancakes its quite concerning how little online advertisers care about what content they are pushing
there are so many ads that are fake, malicious or otherwise not legal and apparently its not the companies job to police them before publishing?
Doug Warren@hacks4pancakes
To be fair, unblocked ads do tend to secure a web browser, by soaking up so much bandwidth that nothing else, malicious or otherwise, can get through.
To be fair, unblocked ads do tend to secure a web browser, by soaking up so much bandwidth that nothing else, malicious or otherwise, can get through.
Renaissance Man@hacks4pancakes
I will simply not use sites that require me to turn off ad-blockers.
I will simply not use sites that require me to turn off ad-blockers.
Richard@hacks4pancakes I mean, it's also about you, but if you don't do anything wrong in your ads then you have nothing to fear, right?
JL Roberson@hacks4pancakes And something I notice: sites which ask you to disable your ad blocker almost always turn out to still stop you unless you pay them. (At which point I click away saying f*ck it)
Melroy van den Berg@hacks4pancakes Avoid Google browser with their Manifest V3.
@hacks4pancakes if I wasn't clear. That also means avoid chromium, brave and edge.
DROP\ TABLE Hacker of Earthsea@hacks4pancakes I support ads though
MostlyBlindGamer@hacks4pancakes they’re also assistive technology, because they can stop ads from taking over users’ browsers or crashing their regular assistive technology.
E. Ardincaple@hacks4pancakes This is why I love @medium and I wish more of the internet would adopt its monetization model. I want to support people and their work, but I don't want the cybersecurity risks by turning off the ad blocker. Micropayments and subscription-based revenue sharing would be so much better.
Eric Ericson@hacks4pancakes We actually roll it out as part of our managed Chrome browser. Made a huge impact on the number of phishing alerts we get.
Don Marti@egericson @hacks4pancakes That's interesting...are you also turning off Google's built-in ad system ("Privacy Sandbox")?
my notes are here but I don't manage Google Chrome for other users, might need a correction or update: https://blog.zgp.org/google-chrome-checklist/
@hacks4pancakes
It should be pointed out that if YouTube wants to deliver ad content it can do so in-line with the video stream. Surly they can afford to pay the bandwidth and take responsibility for the content being delivered.
What ad blockers and DNS filtering is really about is stopping websites from connecting your computer/browser to a third-party URL/server, which is done without your explicit consent.
The fact the world is 'okay' with that construct in web design is not only a privacy and security issue with respect to this normalized way to deliver ad content it is also an issue with web practice in general (pulling Java-script, etc. from third-party repos) which gives the appearance of abdicating websites from supply chain responsibilities with regards to delivery of malware.
rthonpm@hacks4pancakes We enforce one on all browsers through GPO where we can. It definitely lowered the number of issues seen from users in terms of poor browser performance and drive by attacks like fake notifications.
Chewie@rthonpm @hacks4pancakes nice! I wish more companies would mandate this :(
The only time I have been able to do this was at a council where we were, in effect, starting from scratch, and the team was small and technical, so it was an easy discussion.
Frank Bajak@hacks4pancakes I find it especially annoying when media companies insist I turn off my ad blockers OR subscribe.
Pusher Of Pixels (old account)@hacks4pancakes you can have NoScript when you pry it from my cold insecure fingers
CyberSentry@hacks4pancakes As long as the ad blocker of your choice does not itself pose a security risk (rather unlikely if it is open source, but not impossible)
Pseudo NymProposal: ad networks, exchanges, and marketplaces. You are now legally liable for any and all damages attributed to an ad served by your network. Period. We won't regulate you, but in light of this legal requirement, we suggest you may want to review everything you serve out. Or not. You do you.
NosirrahSec 🏴☠️ guillotine enthusiast@hacks4pancakes Though, I maintain that ad firms are 100% malicious and should be treated as such.
Noah@hacks4pancakes bUT aDbLOckInG iS PIrAcy!!11
Stephanie 🎀@noah @hacks4pancakes Well, a pirate’s life for me, then 🏴☠️
john spurling@hacks4pancakes (P)I hole-heartedly agree.
AGTMADCAT 🇬🇧🇺🇸🇺🇦🇹🇼🇵🇸@hacks4pancakes I gave a security talk at work and (after apologizing to our marketing and advertising teams) told everyone all about how essential it is to block ads everywhere all the time. A couple of executives in the room looked very worried after I told everyone how often Forbes had served Malware, too.
Pushing uBlock Origin to everyone is on my short-term roadmap, is that still the gold standard?
Nobody Important@hacks4pancakes Ad companies let basically anyone pay to put up arbitrary code to be executed on all our machines. They may not be the guys kicking in your door and taking your stuff, but they’re driving the getaway car. They don’t like being blocked, they should vet who they’re selling to. It’s in their interest; this thread basically reputational damage on their part.
Rootbrian@hacks4pancakes I use adblock ultimate, since adblock plus turned into a "pay-up" model. There's also ublock origin, which is a little too much for me. lol
IcySharkIf you are arguing that adblockers is about security, are you willing to pay for all the sites you visit?
Stryder Notavi@IcyShark @hacks4pancakes In many cases, if they insist on serving a malware risk I'm no longer interested in seeing what they have - if it's not worth paying for then it simply isn't worth viewing at all.
Free with ads can get on the bin.
jepdeeI've noticed on some WYSIWYG sites like wix and squarespace my adblocker now prevents ALL of it loading... RUDE!
fatboy 
@hacks4pancakes Very good point. Nice!
rus@hacks4pancakes I've been making this argument for literal years. Even after the NSA and DISA weighed in recommending them (again, as a SECURITY MEASURE) it doesn't seem like it's gotten any better.
With Google push to break ad blocking, I've been pushing the people in my life to ditch Chrome and implement add blockers on software that share privacy values (eg Firefox with strict settings and plugins). I suggest host or network filters too.
It's a hassle and it breaks things, but its needed.
ˈdälfən™🐬 💥 🌊@hacks4pancakes I ❤️ my ad blocker
Sterling@hacks4pancakes
Many are ...
Inaccurate or downright false...
Extremely annoying...
Unrelated to what I'm viewing...
Lengthy and ineffective... and
Driving traffic away
Many are ...
Inaccurate or downright false...
Extremely annoying...
Unrelated to what I'm viewing...
Lengthy and ineffective... and
Driving traffic away
Chupacabra 78704@hacks4pancakes Get pihole.
arclight@hacks4pancakes Imagine being able to track the online activity of an entire firm and sell that information to their competitors. Phrased that way, if there was a simple way to make that data difficult to aggregate and correlate plus reduce non-business-related network traffic, how many C-suite and IT execs would turn it down? Frame this surveillance and security issue as "just ads" and watch the vast majority shrug it off. :/
@hacks4pancakes can we stop calling them "blockers"? They work by having the browser not load the resource. It's not that they reject incoming data but just not load it in the first place.
When visiting a shopping mall, you get to pick and choose which stores you see.
When visiting a shopping mall, you get to pick and choose which stores you see.
@hacks4pancakes Absolutely. I'd like to give a shout out to uBlock Origin, which has also been blocking local port scans.
Sites you may think are trustworthy (ebay is a particularly bad offender) will use your browser to run a port scan on 127.0.0.1 for absolutely no good reason I can think of.
Steve Torrente@hacks4pancakes I used to feel bad about this because I want to support creators, but it's gotten so hard to distinguish "legitimate" ads from dangerous crap. It's nice to hear validation from a professional, though. . . .