Sunday, 25 October 2015

The War on Adblocking in Germany - Why adblocker are important!

Hey everyone,

so I am back with a topic that is really dear to me: the freedom of my beloved Internet. So what was the trigger for me? Right now there is a war on adblocker going on in Germany with the Eyeo GMBH (Adblock Plus) and the Axel-Springer publisher as the main actors ( The German publishers claim that the business model of Adblock Plus is damaging their revenues and is therefore illegal. So what is this all about?

Current business model for webservices with free content

The most common technique to generate revenue with a website and still provide the content at no cost for the user is to display advertisements on the website. There are several models how a website operator can be paid through ads. In some cases the advertiser pays every time the ad is displayed and the user can see it (CPM, cost per mile or cost per impression) or the advertiser pays every time a user clicks on the ad (CPC, cost per click). Various other forms of payment exist and often a mix of different techniques is applied.

This is where ad-blocking software comes into play.  As the name suggests, adblocker just block all the content on a website that would be showing advertisement. So it is true. If you rely on either CPM, CPC, or their derivates, you can not generate money from a user that is using an adblocker.

The main argument against adblocker therfor is that they endanger the access to free content on the Internet and thus take part in the dismantling of the free and open web. This is actually a strong argument. Nobody wants to have their favourite newssite, blog or video portal either removed or its content hidden behind a paywall. This is also my opinion. But I am still a strong defender for adblocker and I frequently use them. To be exact I use a combination of [1]uBlockOrigin and [2]Privacy Badger. I will explain why they are cool and what they do later in the blog.

How does an Adblocker work

When a browser loads a website from the server, it is basically just a text document. The browser interprets the used programming language (HTML) and the structure of the textdocument and then renders the website locally so we can see it on our screen. Some of the instructions in the textdocument tell the browser to load cute kitten videos, some tell the browser to display advertisement.

The adblocker is usually a plugin for your web browser and he enforces a special behaviour on the browser. All the advertisement elements on a website can unambiguously identified inside the HTML document the browser loads and interprets. Most of them have the name "advertisement" or "ad" somewhere in the text but most plugins rely more on filter lists of elements that should be blocked. If the plugin detects an element that is classified as an ad by the plugins filter list, it prevents the browser from loading or rendering that element. This can either be a picture, video or simple text. Most of the time it is actually just an instruction to load another script and execute that script. These scripts are mostly written in the JavaScript language. In this case the plugin prevents the script from executing. These script will almost every time load the advertisement from a server that is different from the server of the website you want to look at. So a simple ad blocker would be to just disable the JavaScript execution altogether. At least in Firefox (my sole browser) this is a default feature and so your browser by itself has already ad-blocking capabilities. The drawback to that technique is, that most modern web technologies rely heavily on JavaScript, not just the advertisements and deactivating JavaScript by default might result in completely useless and broken websites. Some plugins like [3] No Script for Firefox let you manually decide what scripts should be blocked and which scripts should not. Simply put, an adblocker is just a no-script plugin with an automatically updated list of scripts to block.

But Jan, why do you want to ruin free content? It is just some stupid ads!

So here is the thing. If it was just for ads, i couldn't care less. I think it is ok to finance your website by the means of advertisement. In the end you are working hard to deliver the content to us, the users, and we do not have to pay a single dime for it. Work should be rewarded and if I can enjoy your content for free by just seeing some ads on your website I am more than fine with that! But the way the advertisement is delivered is the main reason for using adblockers, not the advertisement by itself. I want to give a few examples.

Annoying Ads

Some ads are just plain annoying. A good example are the popover ads we all love. You are browsing your favourite site and suddenly this huge ad for the newest hottest shit pops up, obscuring the exciting article you were reading on the newest insights on mating snails. In some cases you can close it, in some cases you have to endure the whole 20-30 second spot. But even in the cases were you can close the ad you are getting fooled. The button that does look like the closing button in almost every other program does not actually close the ad, but is a link to whatever product was just advertised. So you have to manually find the real closing button. Or the ad is not a popover, but just an annoying video with sound that you cannot turn off. There are also pop-under ads which open another window behind your browser window so you cannot see it at first. Most of the time these are used for a different purpose, because an ad is not worth anything if you don't see or hear it, right? Yes these ads are annoying and we should all get rid of them, but even I have to admit that it is borderline to justify an adblocker just with this argument.


Sponsored Posts

Those could also be classified as "annoying" ads, but nonetheless they are a special kind of ads. Sponsored posts are ads that disguise themself as regular website content for the user. Say you are on your favourite geek site reading about the new Intel processor microarchitecture. And at the end of the article is something that looks like a link to another article about processor microarchitecture. Eagerly you click it to receive the magnificent knowledge, but nope, you just get redirected to a webshop that sells old and ancient computer hardware. Indeed this is a harmless example, but especially in social media these posts often lead to scams and dubious offers that the clueless user can not distinguish from serious ads and offers. This is in fact dangerous. Those scams are often detected fast and deleted. But until that happens a lot of people will already be deceived. And because chances of getting these criminals are very low as they are often operating in different countries, hiding behind a wall of proxies etc., these scams will continue to take place.


Tracking Ads

On the Internet nobody knows you are a dog, right[4]? Unfortunately this is not true. The identity you always have on the web is your IP address. And although the IP address can change and is in general a very weak tool to identify you, websites will nonetheless try to match your browsing history with your identity. This is often done via cookies. Cookies are small files that a website stores on your device everytime you visit the website. It will contain your IP address, the time you entered the website, from where you were directed to that website and they can also contain your activity on the website. If you load the website again, the website will also load any cookie that it has deployed on your device and will update their information on your browsing history. Now remember that a website will almost every time load content from another website and another server. And if you do not have look at the source code of the website (the text file the browser interprets, remember?), this will happen completely without your knowledge. So even if you are Ok with the website collecting data from you, you might not be aware that they could be dozen other websites collecting information about you that you know nothing about. The Facebook Like button is such an instance. Every time you are on a website with a Like button, Facebook will gather data about you. It does not even matter if you are a facebook member or not. Most of the ads on a website do the same. This is also why you suddenly get ads for sex toys just because you googled "50 shades of grey". Google collects this information, stores it in a cookie. If you happen to come across a website that uses an ad serving system by google, it will have access to that cookie and display personalised ads according to the information gathered about you. Many people do not want that (me included), and your browser can tell the server providing the website "Hey, please do not track me". But the server does not have to abide to that plea. There are also tools to prevent you from being tracked completely and I use them frequently. This is my biggest grievance with ads. I am not asked nor informed that third party applications are gathering information about me while I am surfing. Even while I am writing this blog, Privacy Badger informs me, that it is blocking 5 tracking requests by third party websites. Though I have to admit that all 5 are from Google, which also owns Blogger.


Ads loaded from a third party server are a sever security thread. Most ads are loaded by executing a script that has nothing to do with the website you are looking at. If you are lucky this script just displays an ad. In some cases the script will use some blackhat-magic to somehow infect your PC ( In 2013 CISCO reported that it is now way safer to watch porn on the Internet than to load a website full of ads (,2817,2415009,00.asp). To ban ad blocking technology (which is what the German publishers want) would mean letting the door open to various hacks and exploits by default. In my opinion this is an outrageous demand and should never happen.

Other concerns

Especially mobile users often complain that loading all the ads on the site consumes a lot of bandwidth and if you have a data limited contract you might actually pay for the ads if your limit is reached. This is also one aspect of ads that should be adressed by the ad industry as in that case the argument of providing free content through ads is futile.

The War on ad-blocking

In the opening I gave a quick review on the origin of the war on ad-blocking. I  will go a bit further on the details and I want to present another argument from the publishers point of view. A large deal of this case has actually not to do with the adblocking per se, but with the business model of Adblock Plus. Adblock Plus has a white list of advertisement services that are not blocked. But to be on the whitelist you have to pay. The German publishers feel blackmailed by this business model and so they added this to the cases against the Eyeo GMBH. Just for the record, uBlock Origin does not have a whitelist and blocks all ad services it knows.
Last week the war escalated with the Bild newspaper putting an anti-adblocker on their website ( Shortly after the german IT message boards were buzzing with tips how to adapt the adblocker filter to access the website with active adblockers again. But some of these posters were sued by Axel-Springer because with this tips you would infringe their copyright and break existing encryption (, sorry only in german :( ). I do not want to be sued, so you have to look for these rules for yourself. Sorry guys. But it is trivial and most adblockers already updated their filter lists to do it automatically. But not only do they sue people giving advice on how to update the filer lists, they also want to sue everybody who visits their website and uses an adblocker (modified or not). This is why I snapped and I decided to write this blog. This is outrageous and CAN NOT BE. The techniques used to cirumvent the anti-adblocker are trivial and are in the arsenal of every modern browser. Essentially you are just blocking another JavaScript element. And this should be elemantal RIGHT of ever USER on the interwebz. It cannot be, that tools that are used to protect me from involuntary tracking and malware are branded as illegal and prohibited to use because they stop multi-billion dollar/euro companies from earning even more money.


As I already said I use two tools right now. I use uBlock origin to to block annoying ads. The Privacy Badger is just to protect me from third party tracking cookies. This has at first NOTHING to do with advertisement. So this is what happened when I tried to stop using uBlock origin on some websites that I care about and I wanted to support better. It did not change a thing. Apparently every piece of advertisement on these sites (,, was trying to load third party scripts or installing third party tracking cookies. So Privacy Badger blocked all of these attempts. The result was that I still did not see any ads although I did not use a dedicated adblocker.
And if you check the conversations in German IT message boards, this is the opinion of most people using adblockers. They do not care about the ads, but about their privacy and security. And they raise these concerns constantly and they are known. But none of the advertisers were willing to listen to these concerns. It is not that people are eager to stop website operators from getting revenue through ads, but rather they are not willing to give up their right to security and privacy.

Something has to change. So far the only instance, that I know of, that is trying to merge revenue by ads and user security/privacy is Mozilla ( But until the advertisement industry changes, my adblockers will be still activated. I care neither for Axel-Springer nor for Bild. They can block me as long as they want. I even think it is their right to block me from their website if they do not want me there. But if you want to prohibit legit web technology because your own protection systems are just a weak piece of sh... are just weak, then you can expect me, and probably half the Internet fighting back.

This is why ad-blocking software is so important right now. Their whole features are based on effective web technologies developed to use the internet in a safe and protected way. If the publishers win the fight against the adblockers, not only will the adblockers be banned, but also the technologies behind them. This will open the door to unlimited data collection by third parties you do not even know of. It will open the door to serious exploits that you cannot prevent because you do not know immediately what other scripts are executed on any website and what servers are contacted on any websites.

Sorry for the long post, and I don't have any potatoes for those who are still reading :D Sorry guys and gals. But I hope that I at least gave you someting to think about. Have a great day.


No comments:

Post a Comment