Perceptual Ad Blocking Study paints grim picture
Advertisement blockers address a growing number of issues related to online advertisement: from online tracking to sell higher paying ads over saving bandwidth and improving page load time, to blocking malware that is distributed through advertising channels.
One downside to ad blocking is that some publishers cannot sustain their business any longer; means, they either go out of business or use other means of earning revenue which may be even more problematic than ads. Some publishers implement anti ad blocking mechanics on their sites to block ad blockers from working correctly or running at all.
Princeton researchers created a software last year that used a different approach to detect and block advertisement. Instead of relying on hostnames or code snippets, the solution of the Princeton researchers mimiced how Internet users identify advertisement on websites.
A perceptual ad blocker is not that interested in code that ads use. It uses visual cues to identify advertisement instead; this includes subtle cues that sites are often required to show to users when page elements are sponsored -- e.g. sponsored or advertisement labels -- but also close buttons or icons on ads by ad companies such as Google.
The proof-of-concept extension for Google Chrome highlighted advertisement on Facebook and on the web but did not block it.
Advertisers and publishers can make changes to how advertisement is delivered to bypass conventional ad blocking extensions that rely on hostnames or code snippets to block ads.
While that is a short-lived benefit, as blocking lists get updated frequently with new data, it is one part of an arms race between publishers and advertising companies on the one side, and ad blocking programs and users on the other.
The visual nature of perceptual ad blockers should, in theory, make it difficult for advertisers and publishers to modify advertisement to avoid detection and thus blocking.
The Princeton researchers hoped that perceptual ad blocking would end the arms race as advertisers would have to change the visual nature of the advertisement to avoid detection. Requirements, legal or self-regulatory, limit certain forms of change so that it would become difficult and sometimes impossible to change certain elements of an online ad.
Perceptual ad blockers have weaknesses
Researchers at Stanford University and CISPA Helmholtz Center for Information Security published the research paper Ad-versarial: Defeating Perceptual Ad-Blocking recently in which they refute the claim that perceptual ad blocking could put an end to the arms race between publishers and Internet users.
We show that perceptual ad-blocking engenders a new arms race that likely disfavors ad-blockers. Unexpectedly, perceptual ad-blocking can also introduce new vulnerabilities that let an attacker bypass web security boundaries and mount DDoS attacks.
The researchers devised eight different strategies to attack perceptual ad blockers and grouped these into four categories:
- Attacks against Data Collection and Training -- if the perceptual ad blocking systems use crowd sourcing, most do according to the searchers, then it may be possible to dilute the learning process and thus the effectiveness of the blocking by submitting training data with visual backdoors or through other means.
- Attacks against Page Segmentation -- the attacks targets blockers that "segment webpages based on their DOM" either by overloading through the use of a large number of HTML elements or by using techniques such as image sprites and CSS styles.
- Attacks against Classification -- classification determines whether an element is considered an advertisement or not. Attacks that target classification aim to evade detection or detect the use of ad blockers. The researchers discovered, for example, that "most visual classifiers, the perturbation
necessary to induce mis-classification [was] near-imperceptible to humans". - Attacks against Ad-Blocker Actions -- sites may exploit the high-privilege context in which ad blockers run, e.g. to block non-ad parts of a site for all users that use an advertisement blocker or by triggering requests.
The researchers evaluated the effectiveness of attacks and concluded that "all visual ad-detection techniques are fundamentally broken in the challenging attack model" that they used.
You can check out the research project's Github page here.
I assume the resource must be downloaded first in order to be analyzed whether it is an ad or not locally. This kind of defeats the purpose of why most people run an adblocker.
Perceptual Ad Hiding would be a better name.
That’s exactly what I had in mind. Perceptual ad-blocking requires the ad to have been downloaded to start with, which illustrates a major difference between “traditional” ad-blockers (AdBlock, AdBlock Plus and tutti quanti) and ‘uBlock Origin’, the latter blocking the very download of what has been blocked by the user, implicitly or explicitly.
I discovered yesterday this debate over a Princeton’s team research about “perceptual ad blocking” and I was at first skeptical about the feasibility of such a concept, not to mention the fact the intruder must be downloaded to be defeated as above expressed, which is the very first reason I switched from ‘Adblock Plus’ at the time to ‘uBlock Origin’.
Whatever the outcome this research illustrates if needed the tremendous clash between advertisers, publishers and users. And we know that the ad industry’s only policy is to force-feed, basically essentially radical and, as such and if maintained, the assurance of web advertisement decline : in all clashes there is no solution without compromising. IMO of course.
It’s a simple solution for ads (at least for me). Make them static, non-moving, silent, and small, and you can be seen. Once they start moving, playing a video, makes a sound, or scrolls with the user scrolling the page, they get blocked. It’s the ad’s fault, not the user, if they get blocked. The user is not trying to take money from ads, but just want a clean web experience.
And get them ads untied to tracking and malvertisement.
Less ads, better ads, non graphically omnipotent but discreet (a word advertisers hate), clean (malvertisement is a real problem) and without tracking and/or built on trackers. Those conditions agreed upon, applied and I’d remove from my system defense arsenal all anti-ad dedicated filters, but not otherwise.
That’s how it was back in the day – computers were slow and ads caused heavy loads and some stuttering when scrolling the page. Now computers can handle websites riddled with ads, but ads have evolved with popups on click, so now you need to have a popup blocker too and then you need a tracker blocker as well…
I’ve had my first computer at the age of 13 in 2005 and I discovered how to block ads by 2008 and since then I refuse to browse the internet on my devices without and adblocker. Even my phone has some way of blocking ads.
If they find a way to push ads again, people will find a way to block them again, I’d rather use a browser like Lynx than see ads.
> “I’d rather use a browser like Lynx than see ads.”
You underestimate the power of ASCII Advertisement
Screenshot → http://666kb.com/i/dymfjzljwassdr2zs.jpg
Yes, truly those were the glorious times ;~)
@Weilan
Yeah, there’s really no change in web ads compared to the past. In the past we had moving large size gif images. After that they changed to Flash, the ads’ size became bigger again. Now the flash ads are changing to video ads because html 5 specs forces you to auto play any videos on the page.
The difference is now we have adblockers, the most useful thing for web browsing lol
@Anonymous: “Yeah, there’s really no change in web ads compared to the past.”
I disagree, there’s an enormous difference. Back in the day, ads didn’t engage in user tracking. Now they do. Given the choice, I’d prefer to go back in time on this one.
So far uBO has done a terrific job for me in hiding/blocking ads.
I think if websites were judicious in their use of web ads, we probably wouldn’t have seen the blowback that created the adblockers we have today.
Visual layout has a lot to do with the annoyance. Design with intelligent placement isn’t something the industry has considered to be important. So it’s biting them in the rear.
My own web ads are horrible, maybe I should sell t-shirts instead.
Nothing wrong with ads, but some sites over do it and that it what kills it for them, maybe 50 percent or more of their page footprint is nothing but ads. The worst one for it seems to be my local “print” newspaper after their latest buyout by a national chain. For me it all started with the popup ads in your face for the “BSR X-10”. Guess that was 1994 – 95? The old Prodigy model of banner ads at the bottom of the screen seem tame and tolerable today.
The link in your third paragraph contains the URL to an outdated an abandoned CITY repositories from 2 years ago:
ad-blocking/perceptual-adblocker at master — https://github.com/citp/ad-blocking/tree/master/perceptual-adblocker
I suggest the following up to date URL:
GitHub – ftramer/ad-versarial — https://github.com/ftramer/ad-versarial
coresponding to the linked research paper in your article.
Thank You!
Hi, I am a software developer and have used ad-blocking software for years. However, I have recently, in about the past year, modified my all-or-nothing (mostly nothing) attitude toward ad-blocking. The quandary, to me and I believe a lot of people, is how much advertisement is acceptable to the user and how much is needed by the sites frequented. I certainly do not want good web sites, such as yours, to go out of business.
I have started disabling ad-blocking on certain web sites that I frequent to be supportive of their needs. That being said, it is *very* frustrating, and sometimes counter productive, for a single page that I visit, to be inundated by the volume of advertising that many of them have. The consequences, for me, are: 1) Pages take much longer to load with the advertisements, 2) They eat up bandwidth that can slow my entire home network down for others using it, 3) If I am subject to data caps, the excessive traffic, that I do not want or need, contributes to uselessly eating away at my available data.
It seems, to me, that the much of the issue is to be decided by the web sites that need the income. In many businesses, income is received through multiple channels. It is obvious that the advertisement-only approach is no longer sustainable. It seems to me that using advertisement plus donations plus some other model could help with that. I am not in marketing so I do not have any answers, but, as an example, your site uses the donation plus advertisement approach. If donations are sufficient, then possible advertisements could be reduced.
I am not, and I do not think most people are, against advertisements, just the volume of them. The point being is that it is a difficult issue for both the site hosts and the users with no easy answers.
@kscmint: “The quandary, to me and I believe a lot of people, is how much advertisement is acceptable to the user and how much is needed by the sites frequented.”
For me, the problem isn’t the ads themselves, it’s the tracking they bring. As long as ads are engaging in tracking, then the acceptable number of them is “zero”.
“I certainly do not want good web sites, such as yours, to go out of business.”
Me neither, but I’m also not about to expose myself to those scumbags in the digital marketing industry, period. There is no web site that I love so much that I’m willing to throw myself under the bus for it.
I don’t have a problem with static ads with low byte count content. I can ignore them. Which is why ads aren’t like that, and people block them as an irritance.
Hmmm . . . I thought advertising was essential to a consumer driven society, a capitalist economy, wherein the masses need the most up-to-date information on the latest prices for the latest in goods and services. Advertising exists because, ironically, there is a demand for it–a demand for information. Of course, web site owners discovered the essential need for advertising as well–a monetary reward that covers expenses, hopefully–in their attempt to deliver information of a different kind to consumers.
As a verb–mimic, mimicked, mimicking
That sounds plausible until you realize that the information content of ads is negative.
The end goal of advertisement is to get you to purchase things you otherwise would not have, for prices you would normally would not be willing to pay. Information is an anathema to that goal.
@jasray: “wherein the masses need the most up-to-date information on the latest prices for the latest in goods and services.”
The vast majority of advertising does not provide this information, though. It tends to avoid giving you actual, useful information about products and instead engages in emotional manipulation to coerce you into buying stuff.
I’m ok with sites crypto mining as long as the user is in control of gpu/cpu usage, maybe some type of browser control with presets. You could spread out usage between tabs or even disable mining on tabs not used, have a performance meter showing the current usage. Not sure how browsers could roll this out safely or what kind of doors this would open up to hackers. Its a lot to think about but it would give control of the web back to individual sites and minimize the control advertisers have over content.
What we really need is a no-ad whitelist. Completely block any site unless it has pledged to never use ads. This is, of course, never going to happen.
I don’t mind 1st party ads…I do block 3rd party.
For websites, it’s either ads or a pay wall.
My essential problem with online ads is the tracking, Like we’re their property, as chattel being subjected to tracking and surveillance for our master’s benefit. Generic, non tracking ads are the only ethical solution to ads in a world that claims to value freedom.
Knowledge if power. Knowledge collected specific to an individual or a group, is power over that individual or group.
Next, is the manic, “look at me, hear me, see me’ ads popping up and around web pages that make browsing a tedious exercise. Static and non intrusive ads are all we should be asked to endure.
Comply or continue with the ad-blocker arms race.
But who’s going to pay for the internet the advertises will/have ask?
I/we all pay for the internet! I just got a pretty hefty monthly bill.
Oh yeah, If you’re wondering when all this tracking started in earnest. It started with the Patriot act, signed just after 9/11 2001. In it were provisions to end personal privacy by enlisting commercial entities as spies on their users/clients. All your phone, internet and cable companies issued new, updated privacy notices that assumed full user tracking and removed any meaningful privacy saving opt-out provisions.
Remember “TIA” (total information awareness)? How about “Know your customer”? How about libraries being required to track all book being taken out by patrons?
The issues are greater than simply advertiser’ intrusive ads and tracking users, it’s everyone tracking users for the government and the highest commercial bidders….
It is what it is…there are tools available to help with that.
Web sites need revenue to keep the lights on.
The only guaranteed way is to unplug from the Internet and you should be fine…
Non-internet tracking takes place as well…the financial institutions you do business with, insurance companies you have policies with, vehicle registration.
Ahh, the always helpful “just drop your pants and grab your ankles” solution.
@OldNavyGuy: “there are tools available to help with that.”
But there aren’t any that are highly effective.
“Web sites need revenue to keep the lights on.”
But they don’t need to sign up with ad networks to do that.
“Non-internet tracking takes place as well”
Indeed, but did you notice what all your examples have in common? They all need that information in order to perform the service that people want from them, or to adhere to regulatory requirements.
Ad-related tracking falls into neither of those categories. If you are collecting information about people without their consent, then you are spying on them — and spying is never acceptable.
I only have problems with trackers, and “spyware” scripts as well. There are so many scripts running in the background, and so they muck up the page speed. The ads themselves weren’t a problem, and I wasn’t going to block them, when I started noticing the bloat on pages like yahoo. The speed slowdown of web-pages is well documented, mirroring software bloat.
There are plenty of add-ons, like u-block origin, where you can simply block tracking scripts and behind the scenes scripts, you don’t have to block ads completely.
At this point though, there is the “computer fingerprint” technology using canvas, battery status, webgl fingerprints etc. Ironically, it renders the other bloat moot.
@NA: “At this point though, there is the “computer fingerprint†technology using canvas, battery status, webgl fingerprints etc. Ironically, it renders the other bloat moot.”
Yes, this is a serious problem, as it’s pretty hard to block tracking based on that stuff.
I’ve been starting to think about maybe writing a genuinely privacy-oriented browser myself, as I can’t really find one (outside of Lynx) that actually is. It would not implement most of the HTML 5 stuff, as the majority of that has very serious security issues, it would not execute Javascript or other client-side code execution, and it would lie about its identity and machine characteristics.
It would also not work with a lot of the most popular sites — but for my purposes, that’s fine as I wouldn’t want to actually use sites that it wouldn’t work with anyway. They’re never indispensable, and I don’t want to expose myself to such sites or to reward their bad behavior.
@John Fenderson: I thought Tor was the go-to browser for the best privacy possible. Why is that no longer the case?
Full disclosure: I got labeled as a Russian troll here a few months ago by 1 of our fellow commenters when I suggested that Tor has a backdoor for the NSA and is therefore not so private. So maybe there is something else that compromises Tor’s privacy?
I’ve stopped using those ‘free’ adblockers and extensions. I’ve paid for multiple ad guard lifeltime licenses on PC and multiple android devices. More than happy with the set and forget thing system wide block and awesome configurability.
“The first thing we do, let’s kill all the advertisers.”
I feel like “Perceptual Ad Blocking” has a role to play from a development point of view as it would significantly decrease the time in regards to blocklist development. If this can be configured to scan pages and harvest ad placements and details then we could be onto something.
Ad lists can then be hand checked and reviewed if need be until the “perception” improves.
I am not sure how the backend development works but developers could set up a computer to scan various websites to find ads and ad them to lists.
There is some sort of potential for this there but I’m not sure if it is on 1 to 1 consumer level.