Tuesday, 27 December 2016

Clearing the Air on Ad Blocking: Why Filtering Internet Traffic is Necessary

Hello everyone,

I often see flamewars on this site about the topic of adblocking, often publishers v. users and thought I could chip in my two cents to bring up another angle: An operational/administrative one. This post may be long, but has been several days in the making.

To run a successful international communications infrastructure, be it radio, Internet, phone, or whatever there needs to be operational cooperation among all stakeholders to keep the infrastructure and all of its endpoints healthy. Communication systems are almost constantly operated on the precipice of destruction due to the precarious nature of having everyone's cooperation in ensuring that health.

The key issue is that a huge number of publishers and those in advertisement approach the Internet as a publication platform and data farm — a simple vehicle, not a multi-stakeholder communications infrastructure. They don't see an operational angle to what they're doing, just design, content, products, services and business. They just see the Internet as a vehicle to their end goal of getting their content out there and income flowing through advertisements. Doing so in an operationally responsible manner just isn't in their sights.

This is why radio communications has such strict licensing requirements because it is known that those who simply use it as a vehicle would be negligent to the point it would become abuse and trample upon carefully engineered standards. Internet publishing and advertising proves that licensing correct for existing. It proves publishers and advertisement industry can't be left to their own devices to be responsible.

The Internet also has a mechanism to deal with negligence and abuse: Filters.

From the advent of the Internet, even before the web as a publication medium was a glimmer, there has always been selective filtering of traffic. Filtering can take place in the form of firewalls, routing rules, filtering proxy servers, mail/spam filters, killfiles, ban lists, access control lists (ACLs), and a multitude of other manners including ad blockers. It's how the Internet community seeks to regulate and marginalize bad behavior and seek to correct that behavior or at minimum reduce the impact.

In my opinion, the Internet has three unwritten operational core tenets: Stability, Security and Accountability centering around an element of Trust. If you end up in someone's filters, chances are, something you did violated at least one of the three and damaged others' trust in you.

If you dig in your heels and refuse to cooperate with the community and that causes you to lose money in doing so, the Internet's internal methods of correcting bad behavior are working. Legitimate mail server operators who are on spammer blacklists are losing money too, but they don't get the special treatment that publishers feel entitled to. Everyone needs to follow the same processes to earn trust and mend it after it is broken.

Publishers and AdTech companies, we need to talk:

You have broken everyone's trust in you and now you need to mend it. Stop side-stepping, stop talking about revenue. It's been talked about to death — we know you need revenue, but you need to respect the community.

The community has begged and pleaded with you to fix issues. Yet you chronically ignore these issues and treat them as non-existent because fixing them involves change.

You're not the only one on the Internet who gets filtered but you are making the biggest, most public scene about it. As I said, mail servers end up on blacklists all the time and lose money the longer they are filtered. Normally the operators of those servers are able to simmer their anger and contact those who blacklisted them to discuss how things can be fixed or contact mailing lists and forums for advice. Don't lament on how "greedy" your users are and how they are stealing from you, your hands aren't clean enough to lament about that.

Let me plead with you again with issues I've compiled from this site and other sources, excuse any overlap as some issues are complex and multi-part and some of these points bring up different angles, in no particular order:

  1. Can your terms of service, privacy policy documents, contact and help sections be accessed without any third party involvement, advertisements, tracking or volunteering information? If not, why not?
  2. Front-line services like your publications among others often anonymize third parties in your Terms of Service with phrases like "Third Party Partners", "Associates", "Contractors" or the like and people cannot make knowledgeable consent with that anonymization in place. Why can't people know who these third parties are in full detail with contact information.. addresses, email addresses, phone numbers (to actual people who work there) should they have concerns?
  3. Advertising, marketing and data mining is collectively a clandestine, opaque collective of middlemen upon middlemen. How can the community trust these massive networks of "John Does 1 through ~30,000,000" that we don't even know?
  4. Advertising, marketing and data mining isn't compartmentalized enough. This is why I said "John Does 1 through ~30,000,000". Once you share data with one party in advertising/marketing, you don't know who else will have access to that data or how. How can this obscure network of businesses be trusted if the travel of personal information can't be limited to a given scope and have that scope be known?
  5. AdTech works only from a "big picture" perspective, Google and Facebook being the prime examples of this. They work based on mass-statistics, details are rendered irrelevant. They operate from an altitude where the Grand Canyon is a mere scratch. How can we trust a big picture data-driven industry to respect individual choice and not to simply render it irrelevant in their quest for becoming ubiquitous?
  6. In tandem with that "big picture" perspective, AdTech tends not to care about malicious advertisements trying to push malware and scams. They are often played off as "minor incidents" simply because statistically they aren't the majority of ads. How can the public trust ads at all if they are processed through organizations that aren't accountable or secure for the minority because "it's insignificant"? It's like a police department saying since the majority of people aren't murdering that murder is irrelevant and practicing street safety is "being paranoid".
  7. Advertisements don't seem to be about informing anymore, but rather be about psychological exploitation and a "legitimized" form of stalking. Have you considered that people feel personally under attack and unsafe around anything to do with AdTech? Have you considered that people may feel that their computers are under constant attack in the quest for tracking and exploitation from unknown parties? Consider how the New York Times the had a partner that was actively using a WebRTC exploit. How can we trust that you aren't doing the same?
  8. Bloated advertisements that use heavy Flash, Javascript or HTML5 advanced features can cause stability issues for people with lower-end computers and devices. As the "Internet Is For Everyone" RFC 3271 highlights, the Internet should be made accessible for everyone. Some people who are on fixed income can't gain access to the devices you target your sites/ads for. Why can't you be more forgiving?
  9. Websites have naturally become more complex over time. However the amount of different components your website references and asks people's computers to download and execute automatically without being asked without prior disclosure or option is definitely concerning. You're asking people to sign a blank cheque to trust it all and allow any and all code to run unquestioned without first being allowed to inspect your "product" with all of its attachments for defects first. "My website can't possibly do anything wrong" is an unacceptable response.
  10. You're asking people to transfer secondary content from your server they may not even want like your autoplaying videos attached to text articles — making it a pointless expense for not only your users, but yourself and other service operators too (who like you also have bills to pay). Why insist on making things pointlessly expensive for everyone?
  11. By having posted third party elements on your website without their contact information for operational concerns, you are announcing that you want the buck to stop with you should accountability be required and are further announcing that you have control over the servers your those elements are served from to fix any problems.
  12. The Internet has many massive hierachial systems with multiple tiers like DNS, IP address allocations and routing databases where there is accountability at all levels and the "who's who" of operations is public. There's no reason why the web should be an exception except but to avoid accountability. Can we "whois" an advertisement to discover the chain of custody? Why not?
  13. AdTech routinely moves to work around filters much like spammers routinely do. How are you any better than spammers in not addressing why you are filtered?
  14. Many advertisements exceed the data size of the actual media or content being accessed. It's in no way proportional. How is this acceptable in a day and age where metered Internet connections are becoming more and more prevalent?
  15. With Youtube in particular among other video streaming service, if the video streaming experience is incomplete and it stops transferring due to packet loss or another network condition, users are often required to watch another advertisement to reload just to continue your singluar experience. It's understandable from a technical perspective why this happens, and may bring more income but it's wasteful and borderline abusive to people's data transfer to transfer yet another advertisement since you already have your revenue on the original view that wasn't completed.
  16. Often times you run inefficient content infrastructure because it "takes too much time" to do things right and you feel it takes away from your business. Ergo your servers are working harder and doing less than if you were to correctly set up with appropreate caching. To put a point to this, I wager if you were in charge of Wikipedia, you'd make it require at least an entire Google or Amazon-scale datacenter and require the appropriate ad revenue to cover it all. Why make your infrastructure cost so much to run with so little return?
  17. People often do not subscribe to your websites because they see all kinds of services getting compromised and feel that perhaps with your inattention to operational and security concerns, that you may be foolish with their personal information and you may get their information stolen and when that happens you'll just say "Oops".
  18. People often do not subscribe because likewise they may feel you don't want them to subscribe because you don't make it a valuable thing to have. Many online newspapers often don't remove their ads for subscribers for instance, wanting to double-dip. This is unacceptable.
  19. Some sites completely reject the notion at all of subscription because it makes their users actual customers they have to listen to as opposed to "mere users" who can be pushed around with errant Terms of Service updates that seek to strip those users of rights. Your only customers and the only people you deem it acceptable to be accountable to are your advertisement partners.
  20. Your collective opaqueness has given rise to those scammers who run sites that can look structurally legitimate, but are in fact abusive ad/link farms that in fact take money away from legitimate businesses like you.

Leaving my address to you in closing,

It's no wonder publishers and AdTech companies aren't trusted and as such are filtered. They don't seek trust, they seek to "own" "their" printing press and data farm that the Internet is to them. Filtration is inconvenient as it reminds them that they don't own it and need to respect others.

The Internet is not a printing press nor a data farm, it's a living, breathing complex network of networks governed by its participants that needs care in its operation. Everyone needs to do their part in that operation. That includes publishers who need to step up and start caring and addressing concerns with more than just "Users are greedy and are stealing from us!"

Without that care publishers and AdTech operators become like the cheap "Internet of Things" manufacturers who create cheap, substandard products that gave rise to the Mirai botnet. The same attitude that made their own or their colleague's sites unavailable with the Dyn attack. While those manufacturers can claim "We didn't do that", they are indeed part of the contribution to the Mirai botnet, and likewise publishers are a part of the security and accountability problem the Internet faces as they contribute to it with self-serving practices.

The community is trying to prevent that destabilization by blocking the unaccountable, unstable, opaque ads since publishers and AdTech companies are intent on not addressing operational and privacy concerns. It is unacceptable that publishers, advertisers, data mining companies, advertisement networks, social networks and whomever else is trying to side-step the tenets that make the network great. Terms of service don't trump those tenets and it's fully in everyone's right to moderate exploitative behavior.

Publishers, AdTech and their partners: You've created this problem. Everyone else has been sitting at the table patiently waiting for you to show up, but you've been in the hallway throwing a temper tantrum about "your revenue", so we've held the meeting without you and ad-blockers and the like are the result. We've held many discussions since and every time your reaction has been the same. Can you actually come to the table and be civil?



by Kaizyx http://ift.tt/2i2ckR3

No comments:

Post a Comment