Feeds

German freemail firms defend AdBlock-nobbling campaign

You're running 'content manipulating browser add-ons', citizen

The Power of One eBook: Top reasons to choose HP BladeSystem

German freemail sites deny attempting to "trick" Firefox and Chrome users into disabling AdBlock, the popular ad blocking browser add-on.

Last week security blogger Michael Büker accused web.de and gmx.net of using what he claimed were "deceptive techniques" in order to hoodwink Firefox and Chrome users into removing AdBlock and its variants.

Users of the ad-blocking technology were apparently confronted with a "scary" message at the top of their page that said the security of their computers was compromised by a Firefox add-on. Surfers are invited to restore security by ridding their system of "content manipulating browser add-ons“.

Users are nudged towards this choice by an associated information-providing site called browsersicherheit.info (browser security dot info). Büker criticises the site for focusing on the supposed dangers of ad-blocking technologies while having little to say about browser ad-ons which antivirus vendors and browser developers characterise as malign or at least potentially unwanted.

Its Contacts page shows the site is actually run by a unit (specifically 1&1 Mail & Media) of German firm United Internet, which in turn owns web.de and gmx.net.

Büker charges that web.de and gmx.net were using FUD (fear, uncertainty and doubt) to get users to ditch a privacy-protecting technology purely because it interfered with the business's ability to make money.

We put this criticism to media representatives of web.de, who defended the security alerts. They conceded that they ought to be more up front about the source of these warning messages, but they defended the supposed neutrality of browsersicherheit.info.

We see the warning as a contribution towards more security on the internet, because especially software on users’ devices can be a gate[way] for attackers. Not all users are aware of the kind of add-ons they have installed and of the risks in changing a website’s content.

There are examples of add-ons being used to pass out content from the US. What scared us was how easy it is to manipulate add-ons; and especially [when malware-manipulated add-ons] were not [detected] by virus scanners in a lab test, which was confirmed by manufacturers of anti-virus software. The result: with just a few lines of code, an add-on can turn into spyware. More on that here. This was the reason [we wanted to] warn our users and make them aware of the installation in their browsers.

It may be true that the sender of the message was missing at first. We have revised the info box and it now clearly mentions WEB.DE and GMX as senders of the warning message.

The website www.browsersicherheit.info, however, has deliberately been chosen to be neutral because it is a comprehensive action, which other partners can link to. A browser, aside from transmission paths and data storage location, is the most important element of Internet security. As a provider, we take care of secure transmission and storage locations, but we need a user’s help to ensure the security of the browsers on their devices.

Web.de and gmx.net boast a combined total of several millions users.

United Internet has teamed up with Deutsche Telekom to roll out always-on connections between users’ computers and the companies' mail servers as part of the “Email made in Germany” campaign. As part of the same plan, Deutsche Telekom's email service T-Online together with United Internet's GMX and Web.de services will also try to avoid routing customers’ email traffic through US-hosted infrastructure - and thus avoid surveillance by Uncle Sam's spooks.

The whole idea only covers encrypting data in transit, not storing email securely, a factor that has allowed German hackers to dismiss the initiative as little better than a marketing gimmick.

This anti-NSA down-with-PRISM stance sits awkwardly with attempts to "persuade" surfers to ditch privacy-protecting technologies when it comes to bombarding webmail users with commercial ads based on their surfing habits.

We invited AdBlock Plus to comment on United Internet's GMX and Web.de warnings about ad-blocking technology but have yet to hear back from the US-based developer. ®

Designing a Defense for Mobile Applications

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.