Revealed: The naughty tricks used by web ads to bypass blockers

A behind-the-scenes look at the cat and mouse game played by publishers and devs

instart logic screenshot

Analysis Netizens may choose to block unwanted content – such as intrusive and misbehaving ads – but some advertising companies do not to accept that choice.

Instart Logic describes itself as a content delivery service and much of that content happens to be advertising. The California-based biz is determined to help its clients present online ads despite the technical choices made by internet users to avoid that content – adverts bypassing ad blockers, in other words.

The company's technology disguises third-party network requests so they appear to be first-party network requests. This allows ad services used by website publishers to place cookies and serve ads that would otherwise by blocked by the browser's same-origin security model.

Raymond Hill, who maintains the popular uBlock Origin content blocker, on Wednesday updated his uBO-Extra add-on software to prevent Instart Logic's code from bypassing uBlock Origin.

In an explanatory note on UBO-Extra's GitHub repository, Hill describes UBO-Extra as follows: "To foil hostile anti-user mechanisms used to work around content blockers or even privacy settings in a browser."

It defends against anti-content-blocking code, in other words.

Efforts to push back against content blocking have taken on greater urgency as adoption has increased. Last year, the technology became more of an issue for mobile devices when Apple introduced support for a Content Blocking API in its Safari browser.

According to PageFair, a digital publishing consultancy, content blocking grew 30 per cent last year and is now practiced by 11 per cent of internet users around the globe.

Facebook last year took steps to disable content blocking on its network, and companies like Instart Logic, PageFair, Sourcepoint, and Uponit aim to provide similar anti-blocking capabilities to other online publishers.

Uponit provides publishing clients with JavaScipt code that attempts to bypass content blocking. "Our JavaScript detects all blocked ad calls, fully recreates them (including targeting) and communicates them to our servers through a secure, undetectable channel that bypasses ad blockers," the company explains on its website.

According to Hill, Instart Logic's code attempts to conceal the way it disguises cookie files. "Instart Logic will detect when the developer console opens, and cleanup everything then to hide what it does," he says.

Detecting when a browser developer console is open for the purpose of concealing code from the technically inclined has been flagged as a bug in Chromium.

Next page: 'Hostile'

Biting the hand that feeds IT © 1998–2017