Adblock Plus said Facebook's move to circumvent ad blockers shows it has taken the "dark path against user choice". Facebook has reportedly started rolling out an update that disables a move by Adblock Plus to skirt around the social network's ad-blocker bypass. Facebook on Tuesday rolled out its bypass for ad blockers on its desktop site. However, within hours, ad blockers figured out a workaround to Facebook's measure, once again allowing ads to be blocked in desktop browsers. Adblock Plus said Facebook's move to circumvent ad blockers shows it has taken the "dark path against user choice".
The back-and-forth between Facebook and ad-blocking software companies has become almost farcical at this point: After Facebook said it would block the use of ad blockers, the leading ad-blocking company announced that it will block the use of Facebook's ad-blocker blocker. And now Facebook says it is rolling out a fix that will disable the ad-blocker's blocker blocking. As humorous as this cat-and-mouse battle may seem, there is a serious principle at stake for Facebook. If it can't reliably ensure that users are seeing its advertising, then the 1 billion it currently makes on desktop ads is potentially in jeopardy, and questions might also be raised about its ability to display ads on mobile too, which is a 5-billion business. That's why the giant social network rolled out its ad-blocker force field earlier this week, with a blog post that spent a lot of time on the controls that Facebook gives to users that allows them to choose which ads they want to see, and very little time on the technicalities of blocking ad-blockers.
Adblock Plus has struck online advertising another blow by offering a new filter for users who want to block Facebook ads. Ad-blocking apps, plugins, and software are used to strip the majority of advertising out of website pages, social media networks, and other online services. While they can prevent malvertising -- fraudulent and malicious ads -- from potentially placing users at risk, they can have a massive knock-on effect for companies that rely on advert-generated revenue to stay afloat and keep offering free content online. There's no easy option -- although The Pirate Bay has recently turned to visitor CPU cryptocurrency mining as an alternative to ads -- beyond negotiation between vendor and ad-block provider, or making ads more seamless to prevent users from turning to such software in the first place. Some of the time, a game of cat-and-mouse comes into play, with adblockers on a campaign to block adverts, and vendors changing tactic to stop it occurring.
Perceptual ad-blocking is a novel approach that uses visual cues to detect online advertisements. Compared to classical filter lists, perceptual ad-blocking is believed to be less prone to an arms race with web publishers and ad-networks. In this work we use techniques from adversarial machine learning to demonstrate that this may not be the case. We show that perceptual ad-blocking engenders a new arms race that likely disfavors ad-blockers. Unexpectedly, perceptual ad-blocking can also introduce new vulnerabilities that let an attacker bypass web security boundaries and mount DDoS attacks. We first analyze the design space of perceptual ad-blockers and present a unified architecture that incorporates prior academic and commercial work. We then explore a variety of attacks on the ad-blocker's full visual-detection pipeline, that enable publishers or ad-networks to evade or detect ad-blocking, and at times even abuse its high privilege level to bypass web security boundaries. Our attacks exploit the unreasonably strong threat model that perceptual ad-blockers must survive. Finally, we evaluate a concrete set of attacks on an ad-blocker's internal ad-classifier by instantiating adversarial examples for visual systems in a real web-security context. For six ad-detection techniques, we create perturbed ads, ad-disclosures, and native web content that misleads perceptual ad-blocking with 100% success rates. For example, we demonstrate how a malicious user can upload adversarial content (e.g., a perturbed image in a Facebook post) that fools the ad-blocker into removing other users' non-ad content.
Two widely used Adblocker Google Chrome extensions, posing as the original -- AdBlock and uBlock Origin -- extensions on Chrome Web Store, have been caught stuffing cookies in the web browser of millions of users to generate affiliate income from referral schemes fraudulently. There's no doubt web extensions add a lot of useful features to web browsers, making your online experience great and aiding productivity, but at the same time, they also pose huge threats to both your privacy and security. Being the most over-sighted weakest link in the browser security model, extensions sit between the browser application and the Internet -- from where they look for the websites you visit and subsequently can intercept, modify, and block any requests, based on the functionalities they have been designed for. Apart from the extensions which are purposely created with malicious intent, in recent years we have also seen some of the most popular legitimate Chrome and Firefox extensions going rogue after gaining a massive user base or getting hacked. Discovered by researchers at Adguard, the two newly caught Chrome extensions mentioned below were found using the names of two real and very popular ad-blocking extensions in an attempt to trick most users into downloading them.