An organization called the "Interactive Advertising Bureau" should understand better than most that this would be a bad move. They'd have to really try hard to dig their heads deeper into the sand.
What's the worst thing that could happen as a result of letting Adblock Plus attend? They'd gain a better understanding or ad-blocking technology? Or maybe get some insight into why so many people feel that ad-blocking is necessary?
I guess Adblock Plus just doesn't fit well with the IAB brand's "core value proposition".
From the conference notice front page: Ad blocking is the latest crisis du jour, a potentially existential threat to the industry.
I would guess you are correct. What's ironic is that adblock plus understands their value proposition and whitelists advertisers if they are not too shitty. I run Adblock plus for this very reason (as opposed to a less forgiving blocker).
Also, they just landed Larry Ellison of Oracle as a featured speaker.
>whitelists advertisers if they are not too shitty.
I don't have any source with me right now, but I've heard that they only whitelist advertisers that pay them (I recall some people comparing this to blackmail).
TL;DR is that if by participating in the "Acceptable Ads" initiative the organization gains 10 million more ad impressions per month, then they have to pay. If they are "smaller" than that, it's free to them.
Everybody has to keep their ads acceptable, however; you can't bribe your way out of it.
Found one source that indicates that the payment may be substantial: "Financial Times reports that one digital media company (which asked not to be named) was told that it would cost 30 percent of its advertising revenue to be whitelisted by Eyeo and AdBlock Plus." - http://arstechnica.com/business/2015/02/over-300-businesses-...
In a weird way it manages to fix many people's problems with advertising. Ads are sometimes horribly intrusive (to the point that ad-blockers are necessary to me) and it forces companies to adhere to some kind standards when none are technically required.
On the other hand; it's blackmail. It also falls apart if there are too many competing services or people generally catch on and switch to another ad-blocker. Then companies either pay N-vetting services or their investment is completely wasted. The end result is an (arguably) overly-strict vetting service because people will switch if they don't block enough ads.
As a consumer; I just wanted an ad-blocker sooo....
It is comparable to blackmail if they aren't doing any vetting/work or if the advertiser isn't at risk of blacklisting/losing their investment when they put out a troublesome ad.
But the fundamental idea of forcing ad networks to pay for vetting of their ads before they are shown seems very pro-consumer.
I wonder if it really is a threat. Serving anything related to ads from same domain as content will make it much harder to create reliable blocking rules[1]. If ad blocking requires heuristics like the ones in Readability extension it won't be as popular.
[1] as a bonus it instantly kills simplistic host file method
The EasyList[0] already has blocking for DOM elements and querystring parameters in addition to domain blocks. So even with hosting ads from the same domain, they get blocked.
For example, ABP blocks our same-domain, self-hosted trackers with the default settings even though our domain is not listed there.
I tend to agree with you but I also think that the IAB is recognizing the unique threat that ABP specifically (as opposed to adblocking generally) poses to the industry. I'll explain what I mean.
ABP has a mafia-style business model based on extorting advertisers for inclusion on an acceptable ads list. Whether you agree with the concept of acceptable ads or not, it's pretty clear that ABP's narrative is hollow and their implementation is focused on their own bottom line: nearly every programmatic ad exchange who is willing to pay money is whitelisted as ''acceptable''.
It's a client-side tollbooth erected between users and the sites they visit, extracting money from the ecosystem for little value in return. At some point it isn't even ''adblock'' any more because so many ads are whitelisted, and (as a former user) I think ABP clearly passed that point awhile back. Their brand, momentum, and marketing allow them to keep users captive. There's probably opportunity in creating new adblock clients with no whitelist, growing the userbase, and then selling out to someone with an acceptable ads list, as there should be slow but eventual migration (which uBlock's growth points to).
At the point that the acceptable ads business model becomes normalized, it's fair to ask, where does it end? You will see every company with client software rolling out adblocking features (with tollbooth, of course). It's senseless, inefficient, and doesn't reward good actors (actually, likely rewards bad actors). I'm not saying that web publishers and their ad tech minions didn't bring this sandstorm upon themselves (I believe they did, and shed no tears for them), but even so, the future of the web is not dueling mobs of client-side adblocking thugs with variable rate cards for ad networks to bypass their intended functionality. At least I hope it's not.
I'm no fan of the IAB but I can at least admit to being impressed that someone there had the insight to take this stand, if that's indeed what it is.
The issue is that AdBlock Plus isn’t really someone neutral.
It’d be easier to get other adblockers to attend, but a company whose business is to blackmail ad companies and get over 30 million USD a year out of that is hard to justify at such a conference.
This reinforced to me that Adblock is a company, while uBlock Origin is just an open-source project. uBlock doesn't need to go to ad conferences and talk to people, it just filters content.
And it sometimes bases those filters on personal grudges. Which is why all of SourceForge is blocked by default due to bad behavior last year on a handful of projects out of 400,000 that they discontinued after public outcry. Meaning that there is no forgiveness for giving in to public pressure. At the same time, tons of download sites with all kinds of malware and bundleware are allowed right through.
I don't remember hearing SF apologize for or announce that they're stopping their malware bundling. The sourceforge block is a little extreme, although it's easy to get past it with the big buttons. Overall, I'm OK with punishing that kind of malicious behavior super hard, although I don't feel strongly about it and understand why you object to it.
There are two separate things here. First, there's the Dev Share program which is opt in to allow projects to make money. This puts a bundleware installer up first that then downloads the main installer as the primary "Download" button with an alternate main installer only link alongside. Projects like FileZilla do this to support their development.
Second, there was a program where some of SourceForge's mirrored projects were distributed in the same fashion. SourceForge does mirroring of open source projects not hosted on SourceForge. SourceForge, in an effort to make more money, used the same bundleware style download installer for projects like GIMP. As GIMP wasn't repackaged in this installer, there was no GPL impact. However, it was distasteful to say the least. After both publishers like GIMP and the wider open source community reacted negatively, SourceForge discontinued the program and announced on their blog that they would not reinstate it. They also stated that they would form an open source community advisory board before implementing any additional open source monetization strategies in the future.
SourceForge currently has about 10 projects that opt in to their Dev Share program. Every one is available for download without using the bundleware installer. And their custom bundleware installer is far clearer about what it is than the majority of the commercial bundelware installers out there, though, like all bundleware installers, it does still make use of dark patterns which I am not a fan of (see also: Avast updates, Flash updates, Java updates all of which pre-bundle Google Chrome and trick you into installing via dark patterns).
So, all 400,000 projects on SourceForge are blocked permanently with no possibility of unblocking because of a few weeks of legal but unethical bad behavior that SourceForge publicly backtracked from and no longer engages in.
Punishing bad behavior makes a lot of sense. But when someone reacts in a positive way to that punishment (stopping it, publicly talking about it, setting up a committee before exploring further options, etc), it makes sense to remove the block. Otherwise, once you're blocked, there's no reason to reform.
I think the difference in opinion between you and some of the people you're replying to mainly comes down to "bundleware". You use that word a lot but to me, "bundleware" is malware.
I'm no fan of bundleware. I've been running PortableApps.com for over 10 years with over 500,000,000 app downloads all 100% bundleware free. Our format disallows bundleware and many of our users use our software on their local machines due to that.
uBlock didn't start blocking SourceForge because of the Dev Share opt-in bundleware program. They started blocking SourceForge because of the GIMP situation which SourceForge backed off of as a result.
uBlock isn't designed to block bundleware. uBlock lets tens of thousands of download sites and software publishers that distribute bundleware. Most of them distribute far worse bundleware, far more of it (some come with 10 offers or more), and use far more dark patterns to trick users into installing than anything distributed by SourceForge. But uBlock still specifically blocks SourceForge despite only about 10 of 400,000 projects using it, all of which have opted in to the program.
Essentially, uBlock appears to be blocking based on the whims of the developer rather than any balanced and fairly applied policy. That's one reason I decided to stop recommending it to others.
Incorrect. There are two separate things here. First, there's the Dev Share program which is opt in to allow projects to make money. This puts a bundleware installer up first that then downloads the main installer as the primary "Download" button with an alternate main installer only link alongside. Projects like FileZilla do this to support their development.
Second, there was a program where some of SourceForge's mirrored projects were distributed in the same fashion. SourceForge does mirroring of open source projects not hosted on SourceForge. SourceForge, in an effort to make more money, used the same bundleware style download installer for projects like GIMP. As GIMP wasn't repackaged in this installer, there was no GPL impact. However, it was distasteful to say the least. After both publishers like GIMP and the wider open source community reacted negatively, SourceForge discontinued the program and announced on their blog that they would not reinstate it. They also stated that they would form an open source community advisory board before implementing any additional open source monetization strategies in the future.
Today, SourceForge has 400,000 projects hosted, many of which are hosted nowhere else, all of which are blocked by uBlock. Of those, about 10 participate in the Dev Share program on an opt in basis to fund their development. No other projects are presented as a bundleware installer by SourceForge. It's been this way for months since soon after the publisher and community backlash and SourceForge's subsequent apology and policy changes.
The exact bundleware you describe is a badware risk, no matter for what reason it is designed. It is badware since you would not install it if the installer did not trick you, and it is a risk since the bundling bets on your inability to catch all the UI patterns designed to make you install it.
I personally deactivated the block after stumbeling over it. The dialogue is straight forward and takes exactly one click to never bother you with the specific rule ever again. (It looks like this: https://i.imgur.com/A7pA5mb.png )
It may be targeted at the tech crowd, but I think this could be said for the whole extension.
I'm not arguing that any bundleware is a badware risk. At all. I was arguing that it's disingenuous to block 400,000 projects on SourceForge because of 10 that do bundleware that's on the less worse end of the spectrum (bad but less bad) while still allowing download sites that have much worse bundleware (closer to or actually malware, 10x offers instead of 2, more dark patterns making it more likely you make a mistake, installers that install bundleware even when you select not to, etc) to get through without an issue.
> And it sometimes bases those filters on personal grudges
That I hold "personal grudges" is your personal opinion.
I took care to document the rationale behind my decision to block `sourceforge.net`[1]. Notice that it is not a hard-block, it is a soft-block, which purpose is to act as a warning for the uninitiated. One can easily dismiss and go ahead.
If you followed the project closely you would have seen that I have resisted adding sites as "Badware risks" unless there are enough well supported, credible and repeated references in support of such decision.
Not the OP, but I've stumbled upon this wiki page before, and I just wanted to thank you for writing it all up.
Not only was it interesting, but the fact that you're open and transparent enough to document WHY certain things like this are blocked, is a huge bonus in using uBlock (which is already an essential tool IMO). Thanks.
My apologies for the statement that it is a personal grudge as I now see that doesn't seem to be the case.
Unfortunately, the evidence you're including is a bit out of context and outdated. Here are the most recent 3:
2015-10-16: "FileZilla binaries from sourceforge ... Malware warn" -- This was a temporary false positive in Windows antivirus on a clean download of FileZilla without bundleware that was then posted to Twitter. I belive it was fixed within 48 hours. To my knowledge, FileZilla has never posted an infected download of their official Windows binaries. And I have downloaded and scanned just about every single FileZilla binary package for Windows going back to version 3.0.6 in February 2008 as part of packaging FileZilla for portable use on USB drives and cloud drives. Note that I am not talking about the "SourceForge installer" that's downloaded first by default because FileZilla has opted into the Dev Share program to generate revenue which I'll detail in a moment.
2015-07-24: Downloading from SourceForge? Official links deliver fakes also -- FileZilla is one of the ~10 projects opted into the Dev Share program. When you click the main download link, you get a "downloader" installer. Essentially, it's a stub installer that offers up bundleware of some sort and, whether you accept or refuse, then downloads the main FileZilla installer. It's not a "wrapper" as mentioned in the article and I'm unsure why they call it that. It's entirely separate. If you dislike the bundleware installer, there's a "Direct Download" link right below the main download button. The main download button is also labeled as "Installer enabled" with an info icon next to it. (An odd nomeclature that I disapprove of.) If you hover it says "This is an ad supported installer. Our secure installer might provide you with an ad during the install process."
2015-06-18: A hotbed of malware: Another blow for SourceForge as Google discovers 588 pages with malicious software -- While most of this has been cleaned up according to the current Google scans, this appears to be due to the fact that SourceForge provides free web hosting to tens of thousands of open source projects and was letting those projects handle what was hosted themselves. Unfortunately, many of these projects were hosting outdated CMS, wiki, issue tracker, and forum installs a while back that would then wind up automatically infected by bots that constantly scan for exploits in hosted apps and use them to distribute malware. SourceForge made changes that discontinued many of these free-for-all hosting setups last year in an effort to increase security but it's been a long process from what I heard. They didn't want to cut off open source projects without warning when these installs where often the only existing communities, manuals, etc for many of these projects. Other open source hosts like Github don't have these kinds of issues because they don't offer full-featured site hosting.
Basically, today, it can be boiled down to two real issues:
#1 - SourceForge has a program called Dev Share that allows projects to opt-in to place a bundleware download installer as their default download. This bundleware or stub installer will show 1-2 offers of additional software to the user as they try to install. The download links are relatively well marked as mentioned in my point regarding '2015-07-24' above, though I would like to see that improved. The direct download link is very well marked as "Direct Download" though I would like to see the font size increased. At present, there are about 10 projects out of the 400,000 hosted projects that participate in this program.
#2 - The incident with GIMP and a couple other projects will live in open source hosting infamy for some time. SourceForge made the (absurdly bad) decision to implement the same Dev Share setup for a handful of hosted binaries for open source projects that either never used SourceForge or left SourceForge last year, including semi-commandeering the SF projects of projects that had left. This behavior was rightly and loudly criticized by the affected project teams and everyone else in the open source community including myself. While technically legal since they weren't adding anything to the open source apps and weren't wrapping the existing binaries or installers in their own bundleware installer (the way some other sites have in the past and do today) it was unethical in most of our eyes. After quite a bit of outcry, SourceForge reversed their decision (IIRC within a couple weeks), promised not to do it again, and agreed to setup an open source community advisory board before exploring other means of monetizing open source downloads. I know about the last part as I was approached to be a part of that board.
I was under the impression that the GIMP et al incident was the reason uBlock added the sitewide block, which is why it seemed like a personal grudge to continue the block after SourceForge backed down and agreed not to engage in that behavior again. It seemed counterproductive to continue the block because it had achieved what seemed to be the desired result. And unblocking them now would allow you to hold the threat of a block over them should they go back on the promise not to engage in the unethical behavior again in the future.
My apologies again for the accusation that it was a personal grudge as it does not seem like that was the case based on your documentation. I still believe that blocking them sitewide now is the wrong call and counterproductive to educating and disciplining bad actors and a bit of a detriment to the open source projects that are hosted there.
I'm not a part of SourceForge or directly affiliated with them, so I don't claim to speak for them. I do host one of the largest open source projects there, PortableApps.com. We've served up hundreds of millions of downloads from them over the years for free. We've never participated in the Dev Share program and SourceForge has never in 10+ years altered any of our download files. And there still isn't a replacement for the download hosting they provide for projects like ours that host hundreds of different apps across all kinds of open source licenses and genres that would like download stats and similar features. And that need the ability to do direct downloads of large Windows installers (up to 1GB for some open source games) directly over an HTTP connection without using a web browser.
I'd be happy to discuss any of this further with you if you'd like. My email address is on my personal site: johnhaller.com
I'd also mention Pi-Hole (http://pi-hole.net/), a Raspberry-Pi-based DNS server and DNS blocker for all devices on your web - even those that don't have an adblocker for their browser.
Excerpt from the summary for one of the two keynote speeches...
"But this has brought along the unintended consequences of viewability challenges, fraud, and ad blocking. What’s more, this myopic pursuit of success has created burnout and disengagement...2016 must mark a significant shift in our thinking" [1]
The ad companies simply don't want ABP to come along and tell them stuff they don't want to hear. They also don't want ABP knowing what they are talking about and planning to do. So they used a system to prevent ABP changing their experience.
Ah, that was way too subtle for me - the number of hn posters who argue weird (imo) positions means that I need a sarcasm tag to know someone's not serious.
"The IAB Annual Leadership Meeting is for serious conversation among important digital industry stakeholders."
Evidently those who prevent any ads from being served by their oh-so "important digital industry stakeholders" won't be part of any "serious conversation".
Adblock, and the many others on the market, will continue to do the non-serious work of blocking ads.
What adblock says to companies is "We feel your advertising is no good so we will blanket block it for millions of viewers a day"
HOWEVER, if you contact, let us review your advert and then WE decide it's not a bad add, we'll let it be shown to the millions of visitors that were supposed to see it anyway...
We'll just take a percentage of the money.
There's certainly a need for this sort of adblocking service on some level but from a money-making side of thing, their business model is just downright dirty.
Just imagine if I stood in the middle of the road at the end of your street and said "NO cars are coming down here because the residents said so"
"However, give me a few bucks because I decided you look like a decent person and you can come through"
In a real world situation, this would be classed as blackmailing and you'd be arrested for something.
Reviewing whether an ad network meets their Acceptable Ads policy takes time. Are you suggesting they should not charge for their time? Or that they should not have an Acceptable Ads policy at all?
It's "reported" that Google and some other companies have been paying Ad Block Plus in the region of $120 million per year for their ads to be whitelisted.
Secondly, their taking 30% of revenue for the whole period the networks ad's are approved. If they stop paying, their adverts get blocked.
The main issue is that they go into it with a blanket statement of all ads are evil and are blocked for the "users sake" but we'll make a decision on behalf of users if we think your paying enough to get the adverts showing.
As a user myself, I hate bad adverts but how do they know what I think is an acceptable? They've never asked me.
If I said to you, you're not allowed to reply to any thread on Ycombinator until I've decided you can on behalf of the community, oh, and you need to pay me 30% of your wages so I can keep "reviewing" the situation... you'd tell me to bugger off.
I suspect it's the pricing model. Reportedly, the charge is "30% of your ad revenue". There's also no concrete definition of why some sites are whitelisted for free, and others have to pay.
I think is understandable IAB's position. The only reason which makes sense to me to pay such high fee to get in is chase some big guys into "acceptable ads" program. Charging money to whitelist is a little questionable attitude to me. Something between hypocrisy and irony.
Reviewing ads to verify that they meet their Acceptable Ads policy takes time. Time is money, so they charge for that time. Seems OK to me.
That said, I use uBlock Origin because I think it's better written and also I morally object to advertising, so there is no such thing as an "acceptable ad" to me.
What's the worst thing that could happen as a result of letting Adblock Plus attend? They'd gain a better understanding or ad-blocking technology? Or maybe get some insight into why so many people feel that ad-blocking is necessary?
I guess Adblock Plus just doesn't fit well with the IAB brand's "core value proposition".