1132
submitted 1 year ago by viking@infosec.pub to c/privacy@lemmy.ml

I don't really use facebook anymore so couldn't care less; but so happened to log in today to change my password and saw this on my front page.

you are viewing a single comment's thread
view the rest of the comments
[-] downpunxx@kbin.social 377 points 1 year ago

Ad Blocking is Cyber Security, never ever let anyone convince you differently

[-] Uranium3006@kbin.social 155 points 1 year ago

if ads were just static PNGs with a link you went to if you clicked I wouldn't have ever bothered. but ads became a major malware and tracking risk so plugging that security hole became mandatory.

[-] user224@lemmy.sdf.org 26 points 1 year ago

I tried finding that website, but I can't remember what it is. I've seen it use the static image advertisement. It changed on each reload too.

But yes, that website had last update somewhere in the early 2000s.

[-] RickyRigatoni@lemmy.ml 13 points 1 year ago

When I last used it a few years ago ExplainXKCD used static images and had a note about how they hand picked each ad to avoid any problems.

[-] rwhitisissle@lemmy.ml 7 points 1 year ago

People are gonna say I'm being hyperbolic or crazy, but I swear that the internet died the day the first line of production Javascript was ever written.

[-] Uranium3006@kbin.social 7 points 1 year ago

The internet died in September 1994 everybody knows that

[-] rwhitisissle@lemmy.ml 5 points 1 year ago

Hey, that's not too far away. Javascript came about in December 1995.

[-] PM_ME_FAT_ENBIES@lib.lgbt 6 points 1 year ago

Even static PNG ads are purpose engineered to grab your attention. People with attention disorders like ADHD and autism don't have as much attention to give, and when it's gone we're debilitated. We need to start considering cognitohazards a legally prosecutable form of violence.

Could attention grabbing dark-features be considered a violation of the ADA?

[-] zero_spelled_with_an_ecks@programming.dev -2 points 1 year ago* (last edited 1 year ago)

Which part of it, specifically?

Edit: No, the ADA word not apply. My point was that you should understand the ADA a bit better and what it covers. Accessing a building open to the public, not facing discrimination in employment, and accommodations in education environments are examples of things it covers. I'm willing to be proven wrong, but don't just guess or generalize. Please try and understand the topic a bit more as it's a very important piece of legislation that makes a big difference in a lot of lives and treating it lightly dilutes that in a similar fashion to emotional support alligators vs trained service animals.

[-] scroll_responsibly@lemmy.sdf.org 6 points 1 year ago* (last edited 1 year ago)

Did you really just compare accommodations for ADHD to “emotional support alligators?”

I am not a lawyer, but there is precedent for ADHD to be covered under the ADA and precedent that it (meaning the ADA) applies to websites for private businesses.

Edit: ADHD fits the definition of a disability as defined by Sec. 12102 of the ADA, specifically:

  • 1a: it’s a mental impairment
  • 2a1: it affects: learning, reading, concentrating, thinking, communicating, and working.
  • 3B: it’s not transitory/lasts longer than 6 months

Edit 2: a lawyer could argue that adblocking is an assistive technology for people with ADHD. If a person is looking at a tutorial at work and is inundated with ads that effect their performance at work that they can not block using an adblocker, that is denying a person with a disability as (defined by Sec. 12102 of the ADA) the full and equal (to a person who is neurotypical and can more easily not get distracted) use of a title III entities service.

Thanks for taking it seriously, that's what I was looking for.

I'm also not a lawyer, but I do have a disability covered by the ADA. I understand that ADHD is a recognized disability. That's not the specifics I was looking for.

That being said, the ADA doesn't define how to make a website accessible and that typically falls to the WCAG, which is not specifically mentioned in the ADA (though neither is ADHD, those cases you mentioned confirmed it is covered). The best things I can find than might cover the specifics of ads are maybe section 2.2.2 or 2.2.4 or 2.4.1 of the WCAG (the first and last are level A, the middle AAA, with the standard recommendation being AA.). How would you apply those (or others you think are more appropriate to ad blocking) given that the guidelines are for service providers and ad blocking is usually done client-side. Examples for 2.4.1 given by W3C just seem to specify a way to move past things like ads via a link.

Also, some interesting other things:

This mentions the following and cites the case on their site:

For example, a web-only service with no nexus to a physical place of public accommodation is not subject to the ADA under Ninth Circuit precedent.

I'm not sure if that's changed since 2019 or not. California has more specific legislation that covers that, though.

I'm all for ad blocking and accessable websites, I just don't think the ADA covers ad blocking through the WCAG.

[-] scroll_responsibly@lemmy.sdf.org 2 points 1 year ago* (last edited 1 year ago)

I'm all for ad blocking and accessable websites, I just don't think the ADA covers ad blocking through the WCAG.

How would you apply those (or others you think are more appropriate to ad blocking) given that the guidelines are for service providers and ad blocking is usually done client-side.

Probably under WCAG Principle 4: "Content must be robust enough that it can be interpreted by a wide variety of user agents, including assistive technologies." If we're treating ad blocking as an assistive technology, purposely attempting to break an assistive technology would run counter to that principle, much in the same way that purposefully breaking a screen reader would (although, it should go with out saying, purposefully breaking screen readability is much worse).

I'm not sure if that's changed since 2019 or not. California has more specific legislation that covers that, though.

I'm wondering if legal action is something that could be done on a state by state basis starting with California (which conveniently is where Google is headquartered) or if the case could be made that Youtube is used to stream live events and those events should count as a physical nexus under the ADA.

[-] scroll_responsibly@lemmy.sdf.org 2 points 1 year ago* (last edited 1 year ago)

I’m assuming that addictive ui designs fuck with people with ADHD disproportionally. Since ADHD is considered a disability, could things like infinite scroll that can’t be turned off (for example) be considered an ADA violation?

A violation of which part of the ADA? Can you point an a specific part of the law that would cover it?

[-] Tlaloc_Temporal@lemmy.ca 1 points 1 year ago

That was the question posed, yes.

And remains unanswered. The ADA is real law with real text; it doesn't just mean whatever someone wants it to. So I'm asking, in the text freely available at https://www.ada.gov/law-and-regs/ada/, where is the part that would apply in this case. There's even other parts of that site that break things down in laymen's terms. If the person doesn't understand the ADA, the opportunity to learn a little about what it does and does not cover is available.

[-] monsterpiece42@reddthat.com 57 points 1 year ago* (last edited 1 year ago)

It's true. I work in a computer shop and we see literally thousands and thousands of dollars lost from people clicking on ads that look like normal buttons (things like "Download", "Next", etc). And not just the elderly either. Everyone has a a combination of inputs to get scared and comply. Folks that are otherwise extremely competent and savvy can get scammed too.

The best security you can have online is adblockers, only beaten by using trusted websites.

Edit, fair points with sites being slimy these days. I meant using legitimate versions of websites rather than copy/fake websites designed to steal credentials.

[-] MotoAsh@lemmy.world 27 points 1 year ago

I dunno', the way Google themselves have served vulnerable ads, it might be true that ad blocking is more important than using "trustworthy" sites.

[-] hstde@feddit.de 20 points 1 year ago

But what websites can you trust these days?

YouTube? Serves up scammy bitcoin ads. Google? Places ads as "search results" Twitter?

Maybe that one website unchanged since 1998.

[-] stoy@lemmy.zip 13 points 1 year ago

You can't trust any website 100%

You need to continously verify and reverify the details you can.

[-] Hamartiogonic@sopuli.xyz 6 points 1 year ago* (last edited 1 year ago)

I can totally trust the hmpg site.

[-] WhiskyTangoFoxtrot@lemmy.world 2 points 1 year ago
[-] Rai@lemmy.dbzer0.com 3 points 1 year ago

It was updated when the shitty new one came out :c

[-] moitoi@lemmy.dbzer0.com 10 points 1 year ago

Does anyone have screenshots of these buttons? I didn't see an ad for so long that I don't even know how they look like.

[-] KpntAutismus@lemmy.world 25 points 1 year ago
[-] monsterpiece42@reddthat.com 4 points 1 year ago

Yes, these exactly. There does seem to be a bias towards sites with multi-page articles (think Yahoo news, BuzzFeed type stuff), and what I'll call "disposable income listings" like boat and sports car-listing websites.

[-] viking@infosec.pub 33 points 1 year ago

Definitely. Ads are eye cancer at best, and infiltration channels for malware at worst. Compromised ad networks pumping out executable code via javascript (or back in the days, Flash) are still a major source of trojan infections.

[-] Teon@kbin.social 29 points 1 year ago

And just to add to your important point, Ad Blockers are really Content Blockers. They allow the user to delete annoyances that have nothing to do with advertising. We should all start calling them Content Blockers.

[-] Churbleyimyam@lemm.ee 9 points 1 year ago

Have tried the zapper in ublock origin? I love it.

[-] Teon@kbin.social 4 points 1 year ago

I use it often for sites I rarely will visit again. It keeps My Rules file from getting cluttered.
And it's fun!!!

[-] Churbleyimyam@lemm.ee 1 points 1 year ago

So fun! I think it gives me a tiny power trip when I feel like Bruce Lee karate-chopping away an annoying part of a website :D

[-] stoy@lemmy.zip 19 points 1 year ago

I have said it before, snd I will repeat it as many times as it takes.

Adblocking is security, untill website owners take legal and financial responsibillity for the harm that a hacked ad spreading malware or attenpting any kind of deception, I won't even consider removing my adblocker.

If this changes, I will consider it, but will still not do it, the risk to my data is too large.

[-] Churbleyimyam@lemm.ee 15 points 1 year ago

Ads are malware for the mind, even when they're not malware for the machine.

[-] GrappleHat@lemmy.ml 4 points 1 year ago
[-] Churbleyimyam@lemm.ee 1 points 1 year ago

Thanks :) I was quite pleased with that one!

[-] NightOwl@lemmy.one 17 points 1 year ago

Yeah, there's no proper screening process and companies aren't help liable for malicious advertisements. It's the Wild west out there, and companies take money from anyone due to there being no consequences. Internet advertising has no proper screening process like network television.

this post was submitted on 06 Nov 2023
1132 points (99.1% liked)

Privacy

32161 readers
240 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS