Revealed: The naughty tricks used by web ads to bypass blockers

'Hostile'

"I consider this to be extremely hostile to users, even those not using a content blocker, as it allows third-party servers to read/write cookies even if a user chose to block third-party cookies," Hill explains.

Luke Mulks, a developer who works on the Brave browser, reports Instart's code also detects network analysis tools Wireshark and Charles Proxy.

Attempts to bypass content blocking decisions turn out to be fairly common. Hill sees websites increasingly turning to the WebRTC API to bypass content blockers.

In a phone interview with The Register, Peter Blum, VP product management at Instart Logic, said there's a battle going on between "quality publishers like The Register" and people who block ads.

"The problem has been over the past few years, the amount of people coming in with ad blockers has risen dramatically," he said. "If it keeps up, it's going to put publishers out of business and it's going to cost reporters their jobs."

Blum said other approaches haven't worked. Most people won't pay for content and they ignore polite requests from websites to disable ad blockers. And he said companies like Eyeo that make ad blocking software and sell advertisers access through whitelisting make some publishers uncomfortable.

"What we do is we work with publishers to help them create a better experience," said Blum, who attributes the desire to block ads to companies that market obnoxiously.

There are other reasons people cite, such as security, privacy, bandwidth, page load time, disinterest, a desire not to be manipulated, and fundamental antipathy to an industry does not guarantee the effectiveness of its product.

Asked to address how his company rationalizes overriding the technical decisions of users who have expressed their preference not to see ads by deploying a content blocker, Blum demurred by suggesting that was up to publishers.

"We provide this tool and we let the publishers have a lot of control over how they use it," he said. "I don't really get into it. We give the publishers a bunch of options."

It is perhaps worth noting that Google did something similar several years ago when it ignored content settings in Apple's Safari browser to place tracking cookies. The FTC fined Google $22.5 million – a paltry sum for the company – but the Chocolate Factory's sin was going back on a previous promise to avoid such behavior rather than, say, hacking Safari users.

Asked why Instart Logic attempts to conceal the activity of its software when a browser's developer console is active, Blum cited the open nature of JavaScript code and said, "Like other companies we just want to protect our IP." ®