Why you need ad blocking tools

By Simon, 14 December, 2015

Ad blocking tools have become popular in the recent months, especially with Apple allowing ad blocking apps in IOS. Having been somewhat of a dot com pioneer in advertising technology, I'm going to delve into the realities of online ads and ad blocking. It's not pretty, and it will no doubt upset some people in the ad industry.

But first, let me tell you a little story. In June 1994, I registered the domain name coupon.com. After a few months of arguing with Network Solutions, they finally gave in and allowed me to register the plural, coupons.com, so as not to avoid a nasty legal dispute over similar conflicting names (remember boys and girls, back then there was only one domain name allowed per "organization").

Why had I registered these names? Well... back then the National Science Foundation ran the Internet with a fairly strict non-commercial policy. Advertising, or any other kind of commercial solicitation, was frowned upon.

But we knew the advertising dollars would eventually show up. So the question was, how to work with the NSF's non-commercial guidelines, and provide a method for paid advertising to exist on a voluntary non-solicitation request-only basis. Respecting the end user's privacy was a given back then.

Call me crazy, but I'm not a big fan of unsolicited ads. Until recently, I religiously used a very popular ad blocker plug-in, which I'd become more and more pissed off with as time passed because it broke more and more web sites and started allowing more and more ads through. Then the Electronic Frontier Foundation (EFF) came out with the Privacy Badger plug-in and it made the ad blocker plug-in I used totally redundant. Where have you been all my life?

Confused yet? How does someone who embraced internet advertising not be a big fan of um... internet advertising? Actually, it's pretty simple, and it turns out to be a question of how the advertising transaction works and how it reaches the consumer. Some methods are absolutely fantastic and go viral, while other methods reveal that the advertiser had no good ideas, and has settled for the lowest quality invasive idea possible.

It partly came about from a late night phone call in the early 1990's with my good friend, Seth Shapiro, who is now a two-time Emmy Award winner, USC Professor, and Television Academy Governor. We were both working on an interactive project at the time (Charlton Heston's Voyage Through The Bible CD-ROM), and we were trying to figure out how to market it on this new fangled web thing. Neither of us wanted to run afoul of the NSF non-commercial guidelines, or put the project in jeopardy of being blacklisted/blackballed by the general Internet population at the time (or whatever else the angry gods of Nanog & Usenet could throw at us).

After having this discussion percolate in my mind for a few weeks, it became apparent that this was a simple matter of where to put the incentives. The first rule was that you could not invade an individual's personal computer space. This meant that they had to come to you to retrieve the advertising. Voluntarily. But the assumption at the time was that no-one in their right mind is going to show up at a web site just for the adverts.

Or would they?

Doing a quick bit of math, it didn't take very long to figure out that this could completely disrupt the traditional advertising model if it worked. So I started an informal census, asking people "would you visit a web site if you were offered $50?" Everyone said yes. Awesome. "Will you do it for $10?" Most people still said yes. "Would you do it for a dollar?" Some people still said yes.

OK, so the conclusion was that reaching people on the web is just like any other vice, it was just a matter of negotiating the best price for them to show up.

Discovering that we could destroy a web site's entire marketing budget in just a few hits, and that this was probably not a good idea, it became a question of what sort of in-kind incentive could be provided to get someone to show up on the web site. Well, if we couldn't give them cash, then maybe we could give them some other kind of token instead. Something they could redeem either elsewhere on the internet, or offline in a regular brick'n'mortar store. What if we could offer them a coupon for a dollar? That's fair, they can print it out, take it to the store, and then redeem it by taking the amount off their purchase price. Plus we knew that the advertisers would absolutely pay to reach those consumers who would follow through to a product purchase.

It was at this point in time, it suddenly dawned on me that we needed to own this web site. Which brings us back to the top of this story.

To cut an even longer story short, the NSF decommissioned their backbone to the Internet in April 1995 which removed any doubt about what commercial restrictions still existed (none apparently) and the advertising floodgates suddenly opened. In September 1995, I proposed creating the .COUPONS top level domain name to Jon Postel to try to cat herd advertisers into a controllable trademark-friendly name space, but Jon didn't exactly jump up and down with excitement at the thought. Jon was one of the good guys and I totally understood his reluctance.

By 1996, Coupons.com was trading under the brand CouponNet (for reasons I'll explain at another time), and had built a thriving online community around consumer coupons. Advertisers were screaming for women to reach on the Internet and we had an 80%+ female demographic. As a result, in October 1996, we won the CommerceNet '96 Very Innovative Practice Award for Best Online Community beating out a team from MIT. Then, after the usual dot com trials and tribulations, a buyer, Steven Boal, came along in early 2000 and proposed a deal for me to walk away. I took it.

Why am I telling you all this? Well... to explain that I have some experience with this online advertising malarky. Another piece of almost-but-not-quite irrelevant trivia is this: Wired magazine is generally credited with the "invention" of the banner ad. At the time, I thought the entire concept of the banner ad was a massive mistake. I still think it's a really dumb idea. In the new era of disruptive business models, the banner ad was as traditional as it gets. More recently, in patent litigation discovery, the law firms of several major corporations have discovered that I coded some of the earliest examples of prior art for making banner ads rotate. As a result, I've been able to trounce some of the most despicable & degenerate patent trolls on behalf of some of the most irresponsible corporate entities on the planet. You're welcome. I think.

Advertising is disruptive by nature. It's very purpose is to interrupt your thoughts and insert it's brand message in a way that will change your behaviour. You will buy their product. You will buy their service. And, with repeated brand exposure, you will become loyal to their brand.

Except it rarely works like that in practice.

Ad agencies are always rushing to meet client & publishing deadlines and often end up pushing out some genuinely terrible dross. Even if a truly magnificent promotional campaign is created, it still requires the buy-in of it's intended audience and this doesn't always happen. Just remember what happened to Sony Betamax or New Coke or Crystal Pepsi or the DeLorean or the Ford Edsel or the Apple Lisa. Or, like Lifelock CEO Todd Davis discovered, you mostly get the buy-in of your unintended audience after putting your social security number on every ad for all to see. And what could possibly go wrong with that?

The difference between online ads and traditional print ads is significant. Print ads are passive. They may interrupt that article you were reading but they don't record anything about you and they don't transmit it back to the mothership. The NSA don't have any tools to intercept how and when you read a print ad. Cough... (they have other methods).

Yet online ads aren't passive. They are very much actively monitoring you and communicating information about you. Not only are they designed to disrupt like traditional ads, they carry with them the ability to monitor who saw them, when they were seen, and what action was taken in response to the ad (i.e. clickthoughs). And those are the relatively benign parts of the invasive online ad. The problem is that the ads don't stop there.

Today we're seeing more and more active ads served up. I can't really call them interactive because the consumer has little control over them and the payloads are no longer benign or passive. Also, and let this sink in for a minute, the number of URLs involved in a simple single page view sometimes exceed one hundred thanks to embedded advertising. That article, that 10k of text that you simply want to read, is sometimes behind several megabytes of advertising, which now has to load before you will ever see that text. On mobiles, until recently, there's been almost no way to address this. And worse still, these ads eat up a significant amount of bandwidth and can regularly cause data-cap overages. The New York Times found that boston.com is one of the worst offenders with ads costing their regular users over $9.50/mo in data usage.

The situation has got so bad that recently, EE, Britain’s biggest mobile operator, announced that it might start blocking mobile ads. Olaf Swantee, EE’s chief executive, said: “Advertising, when done well, can be a valued part of the experience. Not all ads are bad. When a business gets it right, it’s appreciated and sparks a connection. But when it’s intrusive or crass it can drive people crazy.”
Any piece of code that is allowed to run on/in your web browser has the ability to violate your privacy. Or worse. Even passive code like cookies will store information about your interaction with the ad. But cookies can do many other things. Back in the late '90's, as a consultant to the DoD, we discovered we could actively scan internal networks behind a firewall and report back a large data set about a target network just by setting a few cookies in a user's browser behind that firewall. Some simple phishing emails and an innocent click later and all that data is collected. That was almost 20 years ago and I'm pretty sure that exploit still wouldn't be flagged by Google as malware.

So how long until an advertising CERT advisory? How long until a deliberately malicious payload came from ad servers? Too late. They're already here. When Flash ads started showing up I started to worry. I'd worked with Director prior to the web and been a big fan, but there were some major differences with Flash. Firstly, it was optimized for use online as a browser plug-in. Content was served over the web and was executed inside the browser. Client side executables are never good. And by 2005, Flash Player was installed in more browsers than Java, QuickTime, RealNetworks and Windows Media Player.

The earliest Flash Player vulnerability currently listed on Adobe's web site is from 2006, but this definitely wasn't the first vulnerability. For the last year or so, Adobe have been releasing security advisories on an almost weekly basis. Let's just remember that, in 1998, the Flash 3 specifications for SWF files were published and the world hasn't been the same since. But there's plenty of blame to go around. Java is equally as vulnerable and Microsoft have not had an exploit free day since, well... ever. And even more recently, Adobe has actually started telling people to stop using Flash as they are finally transitioning to HTML5.

But Flash isn't the only culprit. Entire ad server networks and third-party analytics servers have been compromised. Reuters was hit badly in 2014 via Taboola's ad servers. The problem is that Taboola's other clients include Yahoo!, the BBC, Fox News, and the New York Times who may also have been served compromised ads. Taboola's reach is reported to be 350 million unique users so if one percent of one percent was compromised that is still 35,000 users, a sizable botnet.

Ad placement isn't limited to online. CDs & DVDs come loaded with ads. Once upon a time you could trust a reputable publisher putting out a disk. But this trust was completely shattered by Sony when they included rootkits and malware in their legitimate music products. In the online world, that kind of trust has hardly ever existed. We rely on Google not to be evil and inform us in our browsers of malicious web sites but Yahoo's Yield Manager, Fox Audience Network's Fimserve.com, MySpace, as well as Google's own DoubleClick, have all been caught serving up viruses and other malware in ads on high-profile sites like The New York Times, Drudge, Huffington Post, TechCrunch and WhitePages.com. Because the ad code is executed in the browser, users don't need to click on anything as the computer becomes infected as soon as the ad loads. Welcome to the brave new world of "malvertising." Wikipedia describes malvertising as "injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages."

Is it any wonder that people have resorted to using ad blockers? No duh! Ad Blockers today have become a necessary part of online self-defence along with firewalls and virus & malware detection. There is no question of whether ad blockers are useful. If you don't use some kind of ad blocker, you have no control over the code appearing in your browser or on your device and you're effectively naked on the interwebs.

In the grand scheme of things, publisher & advertiser revenue comes a distant second in the quest for a secure Internet. The last thing anyone wants is for their PC to be turned into a botnet or spam server. And if you feel guilty about publishers losing ad revenue, don't be. Publishers have been getting raped by dwindling CPM rates for decades. In some instances it's easier just to turn off the ads and reclaim your site back from rubbish CPMs and lengthy load times.

As a publisher, I made the decision a while back to remove advertising completely from several of my sites. One of the objections was that the ads slowed the site down and this caused the content took too long to load. Another was that it simply didn't pay enough anymore to justify the extra work involved in managing the ads. In the good old days, it was common to see a good ad get $150-$350 CPM from Google ads and various affiliate programs and that actually helped to pay the mortgage for several years. Then Google got greedy. The first indication that things weren't working out was when Google halved the bid amount on their ads. We watched the ad revenue per impression and per click literally drop overnight and the checks were never the same afterwards, even with more traffic driven to the sites.

My personal view is that the current model of online advertising just doesn't work anymore and needs to change, for a number of reasons. On top of that, security now appears to be the final nail in the coffin.

The whole idea of a disruptive ad is hundreds of years old. From being simply painted on the side of a barn, or part of a neon light on Main St, the purpose is to interrupt your train of thought and insert a brand message into your stream of consciousness. But those old ads didn't cost the consumer anything except the time their attention was captured. On TV, these ads have always been viewed and sold as sponsorships - covering the cost of content production and subsidizing the viewing experience. But poorly designed incentives online have changed all this, especially within the mobile experience. It now costs money to receive ads and the bandwidth costs to deliver ads are being paid for by the consumer without their consent. This is, in it's simplest form, completely unforgivable as advertisers are now requiring the consumer to subsidize the disruptive intrusion. Consequently, the consumer has every right to fight back and to block any ads that they have not consented to receive but are being forced to pay for. When it costs the equivalent of 32 cents worth of 4G cell data just to receive the Boston.com home page, you know this is an issue.

When fiber and gigabit ethernet is delivered to every home, and the mobile phone companies and ISPs eliminate their many tiers of data caps, we can revisit the validity of ad blockers. In the meantime, the ad industry has to get it's incentives in order or ad blockers will just become more and more prevalent. Don't get me wrong, there are ads that people want. But don't make the consumer pay to have those ads delivered to them. Don't compromise their computers or mobile phone. Remember, you have to show value in your ad and consumer discounts are the in thing. Show me a way to save money with your product. Or show me a way to pay for your product and it often sells itself. And they have to be the right ad in the right context because the traditional linear thinking about the mass circulation of ads is over.

Disclosure: Simon Higgs holds shares in Quotient Technology Inc., formerly known as Coupons.com (NYSE:QUOT). It offers digital coupons, including coupon codes and media and advertising through its platform which includes Web, mobile and social channels as well as consumer packaged goods companies, retailers and publishers. Quotient Technology Inc. is headquartered in Mountain View, California.