Let the whack-a-mole game begin. A mere two days after Facebook blocked ad blocking software, the ad blockers have managed to block Facebook's ad blocker-blocker. Thursday morning, Adblock Plus announced that a new filter for banning Facebook's ads has been added to the main EasyList filter list used by the extension. Here's how to force Adblock Plus's filter list to update if you want in on the adblocking action. Update: Facebook already rolled out new code to break Adblock Plus's workaround, according to Techcrunch.
Adblock Plus said Facebook's move to circumvent ad blockers shows it has taken the "dark path against user choice". Facebook has reportedly started rolling out an update that disables a move by Adblock Plus to skirt around the social network's ad-blocker bypass. Facebook on Tuesday rolled out its bypass for ad blockers on its desktop site. However, within hours, ad blockers figured out a workaround to Facebook's measure, once again allowing ads to be blocked in desktop browsers. Adblock Plus said Facebook's move to circumvent ad blockers shows it has taken the "dark path against user choice".
Adblock Plus has struck online advertising another blow by offering a new filter for users who want to block Facebook ads. Ad-blocking apps, plugins, and software are used to strip the majority of advertising out of website pages, social media networks, and other online services. While they can prevent malvertising -- fraudulent and malicious ads -- from potentially placing users at risk, they can have a massive knock-on effect for companies that rely on advert-generated revenue to stay afloat and keep offering free content online. There's no easy option -- although The Pirate Bay has recently turned to visitor CPU cryptocurrency mining as an alternative to ads -- beyond negotiation between vendor and ad-block provider, or making ads more seamless to prevent users from turning to such software in the first place. Some of the time, a game of cat-and-mouse comes into play, with adblockers on a campaign to block adverts, and vendors changing tactic to stop it occurring.
Perceptual ad-blocking is a novel approach that uses visual cues to detect online advertisements. Compared to classical filter lists, perceptual ad-blocking is believed to be less prone to an arms race with web publishers and ad-networks. In this work we use techniques from adversarial machine learning to demonstrate that this may not be the case. We show that perceptual ad-blocking engenders a new arms race that likely disfavors ad-blockers. Unexpectedly, perceptual ad-blocking can also introduce new vulnerabilities that let an attacker bypass web security boundaries and mount DDoS attacks. We first analyze the design space of perceptual ad-blockers and present a unified architecture that incorporates prior academic and commercial work. We then explore a variety of attacks on the ad-blocker's full visual-detection pipeline, that enable publishers or ad-networks to evade or detect ad-blocking, and at times even abuse its high privilege level to bypass web security boundaries. Our attacks exploit the unreasonably strong threat model that perceptual ad-blockers must survive. Finally, we evaluate a concrete set of attacks on an ad-blocker's internal ad-classifier by instantiating adversarial examples for visual systems in a real web-security context. For six ad-detection techniques, we create perturbed ads, ad-disclosures, and native web content that misleads perceptual ad-blocking with 100% success rates. For example, we demonstrate how a malicious user can upload adversarial content (e.g., a perturbed image in a Facebook post) that fools the ad-blocker into removing other users' non-ad content.
Video: Malware masquerading as flashlight apps uncovered in Google Play Store. A researcher has uncovered five malicious ad-blocker extensions on the Chrome Web Store that were installed by 20 million Chrome users before Google removed them. The bogus ad blockers were discovered by researchers at AdGuard, a Moscow-based maker of ad-blocking and anti-tracking tech. Following AdGuard's report on the fake ad blockers in the Chrome Web Store, Google removed the suspect extensions, which have been installed on 20 million Chrome instances over the past year. The most popular fake ad blocker was AdRemover for Google Chrome, which had over 10 million users, putting a massive botnet of infected browsers at its authors' disposal.