German freemail firms defend AdBlock-nobbling campaign

German freemail sites deny attempting to "trick" Firefox and Chrome users into disabling AdBlock, the popular ad blocking browser add-on.

Last week security blogger Michael Büker accused web.de and gmx.net of using what he claimed were "deceptive techniques" in order to hoodwink Firefox and Chrome users into removing AdBlock and its variants.

Users of the ad-blocking technology were apparently confronted with a "scary" message at the top of their page that said the security of their computers was compromised by a Firefox add-on. Surfers are invited to restore security by ridding their system of "content manipulating browser add-ons“.

Users are nudged towards this choice by an associated information-providing site called browsersicherheit.info (browser security dot info). Büker criticises the site for focusing on the supposed dangers of ad-blocking technologies while having little to say about browser ad-ons which antivirus vendors and browser developers characterise as malign or at least potentially unwanted.

Its Contacts page shows the site is actually run by a unit (specifically 1&1 Mail & Media) of German firm United Internet, which in turn owns web.de and gmx.net.

Büker charges that web.de and gmx.net were using FUD (fear, uncertainty and doubt) to get users to ditch a privacy-protecting technology purely because it interfered with the business's ability to make money.

We put this criticism to media representatives of web.de, who defended the security alerts. They conceded that they ought to be more up front about the source of these warning messages, but they defended the supposed neutrality of browsersicherheit.info.

We see the warning as a contribution towards more security on the internet, because especially software on users’ devices can be a gate[way] for attackers. Not all users are aware of the kind of add-ons they have installed and of the risks in changing a website’s content.

There are examples of add-ons being used to pass out content from the US. What scared us was how easy it is to manipulate add-ons; and especially [when malware-manipulated add-ons] were not [detected] by virus scanners in a lab test, which was confirmed by manufacturers of anti-virus software. The result: with just a few lines of code, an add-on can turn into spyware. More on that here. This was the reason [we wanted to] warn our users and make them aware of the installation in their browsers.

It may be true that the sender of the message was missing at first. We have revised the info box and it now clearly mentions WEB.DE and GMX as senders of the warning message.

The website www.browsersicherheit.info, however, has deliberately been chosen to be neutral because it is a comprehensive action, which other partners can link to. A browser, aside from transmission paths and data storage location, is the most important element of Internet security. As a provider, we take care of secure transmission and storage locations, but we need a user’s help to ensure the security of the browsers on their devices.

Web.de and gmx.net boast a combined total of several millions users.

United Internet has teamed up with Deutsche Telekom to roll out always-on connections between users’ computers and the companies' mail servers as part of the “Email made in Germany” campaign. As part of the same plan, Deutsche Telekom's email service T-Online together with United Internet's GMX and Web.de services will also try to avoid routing customers’ email traffic through US-hosted infrastructure - and thus avoid surveillance by Uncle Sam's spooks.

The whole idea only covers encrypting data in transit, not storing email securely, a factor that has allowed German hackers to dismiss the initiative as little better than a marketing gimmick.

This anti-NSA down-with-PRISM stance sits awkwardly with attempts to "persuade" surfers to ditch privacy-protecting technologies when it comes to bombarding webmail users with commercial ads based on their surfing habits.

We invited AdBlock Plus to comment on United Internet's GMX and Web.de warnings about ad-blocking technology but have yet to hear back from the US-based developer. ®