Though I guess it could be described as greed on the part of the advertisers?
I think that's right.
It's a shame that magazines are mostly dead at this point. If you ever look at old computing magazines on the internet archive, it's like stepping into a rather wonderful alternate timeline before the web asteroid hit. (The irony of reading those magazines on the web is not lost on me.)
I wonder how much longer it will be before the next major escalation happens with ad blockers. I can imagine mainstream browsers that fetch unmodified pages and click ads in the background (do subvert pay per click ad business models and make it harder to compute targeting metrics), but then display an ad/tracking-free version in a separate rendering pipeline.
I'm not sure how things will work out the next time though.
Most captcha solutions are defeated by services like 2captcha.net and generally aren't the most privacy respecting.
Only where the the adverts are embedded with an encrypted single stream.
Hard to do targeted advertising that way though.
It is a lever that you can pull that's better than nothing though.
Hopefully HDMI/HDCP splitters will add an adblock feature as well.
Or if you really dont care about performance, just loading the start (e.g. <head>) of the document and wait a little bit to see which subresources are loaded.
Trying to detect adblock via a <link> (or an <img> or a <script> etc) means you have to do the check in javascript, which can be manipulated by the browser.
Sadly, it doesn't do clicking in the private browsing mode, which I usually use not to crowd the browsing history with hn and other forums' articles.
EDIT: I suppose the developer of the content blocker needs to already have an iPad version and check the “visionOS” box, but Apple has made this extremely easy and it’s in both Apple and the content blockers’ interest to release a visionOS version.
[1] Unless companies are taking out loans for their ad budget hoping to get that money and then some back through additional sales.
It's funny how scarce the "I'd be willing to pay for good content, but alas, there is no option" claim has become since websites have started widely implemented paid ad-free accounts or outright paywalls
I've never seen someone angry that a supermarket won't give them a newspaper for free, but when it's online this is apparently a valid complaint
I also pay for online news, AND STILL GET ADS, so fuck that I block them. It's still the case today that most of the time you do not have an option to pay to get rid of ads, and often when you do it's some ludicrous amount like $10 a month for some blog you might read three times a year.
Part of being able to pay for content is to come up with a fair price for it.
Recently, the investment platform M1 Finance decided to begin charging users with less than $10,000 in holdings $3 per month to use their service while giving everyone access to features that used to be only available in the premium plan. This has all been announced in advance, so it's not as if anyone should have been surprised about this.
Many users, virtually all of whom have a total of holdings below the $10k threshold, flipped their shit and have claimed they are leaving the platform. Ironically, many of them are suggesting alternatives that cost more than $3 a month, and I'd wager a guess that a lot of these people are spending way more than that buying coffees every day. No one has to like having to pay for something that used to be free to them, but one really has to question their life if paying $3 for something that used to cost more than that per trade and require a lump sum up front is something to throw a fit over. If you have just shy of $10k in investments, you're not gonna retire, and $3 a month is the least of your worries.
In my opinion, M1 is doing the right thing by saying goodbye to these users. They are the types who won't value your product, maintain chronically low balances, and will tie up your customer support with spurious complaints and misunderstandings. I predict they will be rewarded for keeping around customers whom are willing to pay.
Hopefully, more online platforms figure this out and decide to do the same thing. I call BS on those claiming "no one will pay for that." If your business is only viable on attention, which is what the ad economy is based on, then its existence is in a precarious position, and perhaps your product isn't worth much to anyone except the ad networks. On the other hand, there are things that people are willing to pay for, or would pay for if given a premium experience. I've gone from watching stuff for free on YouTube to buying books and audiobooks because they provide far more value to me these days than the chum that is social media "content." I pay individual creators I appreciate on Patreon, etc. I have a Kagi subscription because I find it to be more aligned with my wants and needs than free search engines. I've gone back to buying individual songs and even buying CDs since they not only disappear from platforms but now there are artists that change their own songs retroactively. I pay my investment platform because it has better automation than competing free (or so-called free) competitors.
Everything being free online is a meme, and hopefully it starts to die the more that the spehre of free things eats itself with spam and user-hostile behavior. They will always exist for those who have barely any money or those who don't value the conveniences bestowed upon them, but they can't be the only viable options anymore. Paying for things is a good thing.
To take advantage of this, you'd need to alter your web application so that it'd do a two-stage rendering. Most web apps don't even stream their content (rather they wait until the whole content is ready, whether HTML or JS, and then send the whole thing). Your app needs to first send the HTTP 103 with the stuff to pre-fetch. Then it has to wait while holding the state and content it wants to push to the user.
The longer you're holding that stuff in RAM, the fewer requests you can handle per second. Let's say you can handle 100 simultaneous requests and usually a request takes 10ms. Now you've handled that request and you're holding the response for 500ms to see if they hit the no-adblock-detector before sending the rest of the content. All of your Safari/iPhone users hate your website because every page load takes half a second. Awesome, you've pissed off the richest demographic browsing your website. You're paying more for server resources because you're holding onto state longer instead of getting the response to the user and freeing up that RAM so the requests per second you can handle drops. Ok, maybe you look at user agent and only use this technique for Firefox since that's the only browser it's effective with.
In the demo, the DeferredInvoker basically generates a random string and associates it with a request (Map<string, request-response-thing>). Then when a request comes in for the no-adblock-detector, it looks up which request-response-thing is associated with the random string and sends the response to the user. If it doesn't receive a request for a string within a timeout, it'll send the response as adblock-detected. Of course, this only works for a single server since it's an in-memory map.
How do we get it to work in a multi-server environment? Ok, we store "ABCDEF123" in a data store and hold the response until we see the request for "ABCDEF123" on the no-adblock-detector. Do we use listen/notify in PostgreSQL? I mean, at some point we're adding a lot of overhead for these requests. I have to store on my server "ABCDEF123" goes with request/response X and then I have to listen to the database to see if another server has received a request for "ABCDEF123" and that other server needs to do a database write. These can't be database writes that can be batched or deferred because the user is literally seeing the page wait to load on this database write.
It's not impossible to exploit, but it requires real engineering for any company that has horizontally scaled anything to multiple web servers. You can't just drop it in easily. And while we might hate ads and there are concerning things about ads with respect to privacy and many other things, it isn't a security vulnerability. It's certainly interesting, but I can't see a company putting resources into this.
> Note: For compatibility reasons it is recommended to only send HTTP 103 Early Hints responses over HTTP/2 or later, unless the client is known to handle informational responses correctly.
> Most browsers limit support to HTTP/2 or later for this reason.
Not in the short term, no. But, maybe in the long term ...
Remember that the user is not the customer. The customer is the person buying the ad space from google/facebook/etc. If the customer receives no value for their money, and they can easily determine that, why would they continue purchasing ads?
If every browser downloaded and clicked every single ad in an invisible background and sandboxed process, ads become close to worthless to the customer.
So, sure, in the short term there'd be extra processing and network usage, but that would quickly taper off as customers stopped buying ads because every single ad they put out gets a 100% click-rate. After a while the extra utilisation would be close to zero, as it would only be the occasional customer trying their luck at advertising, and failing immediately.
It's the same with spam email: the solution isn't to block, and keep lists and reputation, the solution is to reply to every single spam email![1] Even the most well-run spamming/scamming organisation can't very well reply to millions of emails rxed per hour.
[1] Caveat: need to ensure that the sending email did indeed legitimately send the email, otherwise a few clowns would simply send spam with someone else's email as a prank.
I block ads because I find them annoying.
Load a page and replace everything that matched with an empty div when rendering.
> Browsers that do not fully support early hints can be easily detected by adding a harmless dummy resource to preload that will not be blocked by adblockers.
It seems pretty easy to mitigate this by always loading the early hints though, as in Firefox should adopt Chrome's approach as described in the README.
> Copyright (c) 2024 Mechazawa
> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software with specific restrictions, provided that the user intends to use the Software explicitly FOR the purposes of evil or advancing evil, including but not limited to:
> Genocide, Wanton Destruction, Fraud, Nuclear/Biological/Chemical Terrorism, Harassment, Prejudice, Slavery, Disfigurement, Brainwashing, Ponzi Schemes and/or the Destruction of Earth itself,
> with this, including without limitation the rights to copy, modify, merge, publish, distribute, sublicense, sell and/or run copies Software or any executable binaries built from the source code.
HN converts single newlines into spaces. The license text on Github [1] has apparently intentionally obstructive newlines within the "paragraphs".
[1] https://github.com/Mechazawa/103-early-anti-adblock/blob/mas...
maybe I'm growing old and grumpy, but at a state of affairs where active genocides are going on, I just find that immature and callous. By "that", maybe I mean Dutch attempts to humour ;)
Lending webpages some CPU-cycles (probably to mine crypto) in a controlled and safe way would be a win-win(-win) situation.
Websites won't have to submit to their advertising overlords and still be able to incrementally monetize their content.
Users won't have to deal with the downgraded experience — while sacrificing compute cycles anyway to download and display the awful ads.
Even advertisers would win, as they won't have to deal with content farms trying to fake impressions and clicks.
[1]: https://i0.wp.com/fourweekmba.com/wp-content/uploads/2024/02...
I've been there.
Don't do it.
I wonder if Brave has these same limitations? Not sure where its Shields JS fits into the architecture.
I think there are historical reasons. There was a time where most plans had free SMS but expensive internet, and even today the cheapest plans have free SMS and very limited data (ex: 50MB/month for the free.fr 2€/month plan).
Countries that didn't have good SMS infrastructure and advantageous plans are the most likely to have switched to private, internet-based messengers.
I don't know if it is still the case now with 4G/5G and the phasing out of earlier standards, but SMS had the advantage of going through congested networks better than anything else, including phone calls, MMS and internet data. Probably because it is an ouf-of-band signaling protocol.
If adblock doesn't catch it, my thumb twitch reflex when a popup appears will.
ublock origin has a "DNS unmasking" feature in firefox that defeats this. I think there's a less effective workaround used for other browsers.
