Feeds

German freemail firms defend AdBlock-nobbling campaign

You're running 'content manipulating browser add-ons', citizen

The Essential Guide to IT Transformation

German freemail sites deny attempting to "trick" Firefox and Chrome users into disabling AdBlock, the popular ad blocking browser add-on.

Last week security blogger Michael Büker accused web.de and gmx.net of using what he claimed were "deceptive techniques" in order to hoodwink Firefox and Chrome users into removing AdBlock and its variants.

Users of the ad-blocking technology were apparently confronted with a "scary" message at the top of their page that said the security of their computers was compromised by a Firefox add-on. Surfers are invited to restore security by ridding their system of "content manipulating browser add-ons“.

Users are nudged towards this choice by an associated information-providing site called browsersicherheit.info (browser security dot info). Büker criticises the site for focusing on the supposed dangers of ad-blocking technologies while having little to say about browser ad-ons which antivirus vendors and browser developers characterise as malign or at least potentially unwanted.

Its Contacts page shows the site is actually run by a unit (specifically 1&1 Mail & Media) of German firm United Internet, which in turn owns web.de and gmx.net.

Büker charges that web.de and gmx.net were using FUD (fear, uncertainty and doubt) to get users to ditch a privacy-protecting technology purely because it interfered with the business's ability to make money.

We put this criticism to media representatives of web.de, who defended the security alerts. They conceded that they ought to be more up front about the source of these warning messages, but they defended the supposed neutrality of browsersicherheit.info.

We see the warning as a contribution towards more security on the internet, because especially software on users’ devices can be a gate[way] for attackers. Not all users are aware of the kind of add-ons they have installed and of the risks in changing a website’s content.

There are examples of add-ons being used to pass out content from the US. What scared us was how easy it is to manipulate add-ons; and especially [when malware-manipulated add-ons] were not [detected] by virus scanners in a lab test, which was confirmed by manufacturers of anti-virus software. The result: with just a few lines of code, an add-on can turn into spyware. More on that here. This was the reason [we wanted to] warn our users and make them aware of the installation in their browsers.

It may be true that the sender of the message was missing at first. We have revised the info box and it now clearly mentions WEB.DE and GMX as senders of the warning message.

The website www.browsersicherheit.info, however, has deliberately been chosen to be neutral because it is a comprehensive action, which other partners can link to. A browser, aside from transmission paths and data storage location, is the most important element of Internet security. As a provider, we take care of secure transmission and storage locations, but we need a user’s help to ensure the security of the browsers on their devices.

Web.de and gmx.net boast a combined total of several millions users.

United Internet has teamed up with Deutsche Telekom to roll out always-on connections between users’ computers and the companies' mail servers as part of the “Email made in Germany” campaign. As part of the same plan, Deutsche Telekom's email service T-Online together with United Internet's GMX and Web.de services will also try to avoid routing customers’ email traffic through US-hosted infrastructure - and thus avoid surveillance by Uncle Sam's spooks.

The whole idea only covers encrypting data in transit, not storing email securely, a factor that has allowed German hackers to dismiss the initiative as little better than a marketing gimmick.

This anti-NSA down-with-PRISM stance sits awkwardly with attempts to "persuade" surfers to ditch privacy-protecting technologies when it comes to bombarding webmail users with commercial ads based on their surfing habits.

We invited AdBlock Plus to comment on United Internet's GMX and Web.de warnings about ad-blocking technology but have yet to hear back from the US-based developer. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.