Feeds

German freemail firms defend AdBlock-nobbling campaign

You're running 'content manipulating browser add-ons', citizen

Security for virtualized datacentres

German freemail sites deny attempting to "trick" Firefox and Chrome users into disabling AdBlock, the popular ad blocking browser add-on.

Last week security blogger Michael Büker accused web.de and gmx.net of using what he claimed were "deceptive techniques" in order to hoodwink Firefox and Chrome users into removing AdBlock and its variants.

Users of the ad-blocking technology were apparently confronted with a "scary" message at the top of their page that said the security of their computers was compromised by a Firefox add-on. Surfers are invited to restore security by ridding their system of "content manipulating browser add-ons“.

Users are nudged towards this choice by an associated information-providing site called browsersicherheit.info (browser security dot info). Büker criticises the site for focusing on the supposed dangers of ad-blocking technologies while having little to say about browser ad-ons which antivirus vendors and browser developers characterise as malign or at least potentially unwanted.

Its Contacts page shows the site is actually run by a unit (specifically 1&1 Mail & Media) of German firm United Internet, which in turn owns web.de and gmx.net.

Büker charges that web.de and gmx.net were using FUD (fear, uncertainty and doubt) to get users to ditch a privacy-protecting technology purely because it interfered with the business's ability to make money.

We put this criticism to media representatives of web.de, who defended the security alerts. They conceded that they ought to be more up front about the source of these warning messages, but they defended the supposed neutrality of browsersicherheit.info.

We see the warning as a contribution towards more security on the internet, because especially software on users’ devices can be a gate[way] for attackers. Not all users are aware of the kind of add-ons they have installed and of the risks in changing a website’s content.

There are examples of add-ons being used to pass out content from the US. What scared us was how easy it is to manipulate add-ons; and especially [when malware-manipulated add-ons] were not [detected] by virus scanners in a lab test, which was confirmed by manufacturers of anti-virus software. The result: with just a few lines of code, an add-on can turn into spyware. More on that here. This was the reason [we wanted to] warn our users and make them aware of the installation in their browsers.

It may be true that the sender of the message was missing at first. We have revised the info box and it now clearly mentions WEB.DE and GMX as senders of the warning message.

The website www.browsersicherheit.info, however, has deliberately been chosen to be neutral because it is a comprehensive action, which other partners can link to. A browser, aside from transmission paths and data storage location, is the most important element of Internet security. As a provider, we take care of secure transmission and storage locations, but we need a user’s help to ensure the security of the browsers on their devices.

Web.de and gmx.net boast a combined total of several millions users.

United Internet has teamed up with Deutsche Telekom to roll out always-on connections between users’ computers and the companies' mail servers as part of the “Email made in Germany” campaign. As part of the same plan, Deutsche Telekom's email service T-Online together with United Internet's GMX and Web.de services will also try to avoid routing customers’ email traffic through US-hosted infrastructure - and thus avoid surveillance by Uncle Sam's spooks.

The whole idea only covers encrypting data in transit, not storing email securely, a factor that has allowed German hackers to dismiss the initiative as little better than a marketing gimmick.

This anti-NSA down-with-PRISM stance sits awkwardly with attempts to "persuade" surfers to ditch privacy-protecting technologies when it comes to bombarding webmail users with commercial ads based on their surfing habits.

We invited AdBlock Plus to comment on United Internet's GMX and Web.de warnings about ad-blocking technology but have yet to hear back from the US-based developer. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.