Adverts on large screens

Why blocking ads is good for your digital health

Online content is largely powered and paid for by advertising. Almost every site you visit, every forum you browse, and even the online stores you buy things from is an advert extravaganza, and they don’t just stop at showing cool offers for shirts at 50% off. The scaffolding the adverts sit on goes out of its way to track you, tie you to clicks, associations, and more. More adverts, tailored to your theoretical interests, then start to follow you around across other sites. Sometimes, it’s not very sophisticated: Ever searched for the one and only quarter height stepladder you’ll ever buy in your life? Congratulations, every advert is a stepladder.

Sadly, dozens of stepladder adverts are far from your only concern. We’re going to explain why running an ad blocker is a good thing for your digital health, and highlight all of the ways things can go wrong with ads enabled.

Adverts are the biggest of business, with billions of ad impressions per month. Individual companies can rack up billions of impressions just for their own ads, before you try and figure out overall tallies. Disney and Amazon had a total of 40bn impressions between them in the first quarter of 2020, and Google is pretty much powered by advertising:

Google is an attention merchant that – in 2022 – generated over $224 billion (almost 80% of revenues) from ads (Google Search, YouTube Ads, and Network sites.

If you want some idea of the scale of advertising you’re subjected to on a daily basis, things are only moving up. Recent research by Lunio claims that, on average, people might have seen between 500 and 1,000 ads a day in the 1970s. By 2007, when adware vendors dropping ad-spewing installers was common and ad affiliate networks in meltdown was a daily occurrence, it was estimated at 5,000. By 2021, it was an average of 6,000 to 10,000 per day.

You have adverts and pop ups on your phone. You have advertising on your video game console dashboard. There’s another batch of stepladder adverts on your desktop. Your IoT home hub either plays an occasional ad or is plugged into some other service you use to buy things from.

Your television? Well, it might be one of the upcoming models where the TV is free in return for built in adverts constantly playing on a smaller screen. This is probably as good a place as any to remind you to always read the small print, however:

Some of the most common types of advertising you’ll encounter include:

  • Pay per click (PPC). Advertisers pay publishers every time an advert is clicked.
  • Affiliate marketing. With this form of marketing, the creator of a product avoids taking up the marketing slack. Instead, it is essentially outsourced to others in the form of unique affiliate links or clickthroughs offered by apps or programs. If a sale is made, the affiliate earns commission money. There may be additional incentives on offer depending on the product.
  • Mobile ads. These are hugely popular in “free” games, where ads may be served by the app itself, or through a network being used by the app. The links may also lead to additional phone installations.

You’ll bump into others, but these are the three main areas of advertising which you’ll probably experience on a daily basis. They’re also a potential goldmine for scammers.

PPC is one of the oldest forms of advertising. Bogus ad clicking tools that artificially inflate revenue have been around forever, to various degrees of sophistication. Basic forms of malware are programmed to autoclick ads detected on websites. Other enterprising individuals concoct ways of manually clicking ads in ways which would not look suspicious to the advertisers.

Affiliate advertising is where much of the ad network chaos takes place. Back in the adware vendor days, rogue ad campaigns using malware, exploits, or fake products to make adware cash would be shut down after much outrage. The adware vendor would make a lot of noise about “rogue affiliates”, and claim it wasn’t their fault. Everything would go back to this same routine the day after and adware vendors would pretend they were somehow free of blame in all of this. Sometimes they would be sued into the ground and abandon the adware life, and other times the evidence of dubious antics were on display for all to see.

Even now, in the case of rogue advertising involving malware (malvertising) there’s often an affiliate component to the “your PC is now compromised” pipeline. You’ll encounter it in many ways:

  • Rogue sponsored adverts which sit above organic results in services like Google and Yahoo! search engines. These links may imitate brands or other services to entice you to click
  • Fake adverts embedded on websites. These also mimic popular brands to drive clicks
  • Compromised websites which may look like a familiar service, but every link offered up is potentially harmful to your PC

The ads in search engine results which look as though they resolve to legitimate sites like Amazon can also be harmful. This is as a result of advertisers being able to display a brand’s official URL within the ad snippet, even when an ad URL has nothing to do with the brand. From here you could be sent to a phishing page, a fake tech support site, or worse. Below you can see an example of a supposedly genuine sponsored ad which actually leads to a fake Amazon login.

Ad assets

Exploits are often a key component of malvertising attacks, and without the right protection on board you may realise too late that something has gone badly wrong.

On top of all this, we have the previously mentioned tracking going on under the hood. Web beacons are used to monitor activity on a website. Tracking cookies shared by multiple services constantly build up a picture of what you’ve done. So-called “shadow profiles” are used to track the activity of people who don’t even use a particular service.

Finally, we have the issue of speed. Lots of ads, tracking, and page elements being served up from different points of origin can all contribute to slowing down your browsing. You’ve almost certainly experienced the “thrill” of a website serving up the ads before the content at some point. This often happens because the ads are served from dedicated content delivery networks (CDNs). Their purpose is to get the ad in front of you as fast as possible, which can mean ads are the first thing you see. While your connection is (probably) a lot better now than it was five years ago, this can still cause issues in some cases…and who wants adverts to be the first thing they see on a page anyway?

As you may have gathered, it’s the marketing Wild West out there. It’s also worth noting that sites such as YouTube are now experimenting with detecting ad blockers, and disallowing users to view videos until their ad blocker is turned off.

So what can we do about it?

  • Pick the right browser for your needs. Increasingly, browsers offer more options to specify a level of tracking and advertising that you’re comfortable with. Back in 2020, Safari started blocking third party tracking cookies by default. Firefox has gone down the path of individual cookie jars, called “Total Cookie Protection”, which prevents tracking across websites. Elsewhere, Google is still delaying the sunsetting of third party tracking cookies.
  • Extend your options. On the subject of browsers, most will allow you to install extensions to increase your blocking capabilities. Some browsers like Opera include their own ad blocker by default which can be enabled in two clicks. You can also try Malwarebytes Browser Guard, which filters out ads and scams as well as blocking trackers that spy on you.
  • Beware shady blockers. You’ll sometimes see fake blockers riding on the coat tails of legitimate products. You may also run into websites or services which claim to dodge ad blocker detection, but serve up spam or surveys. Always do some research on anything you plan to install. Reviews and store rankings can help with this.
  • Tackle the scripts. It’s not “just” ads on the surface level. You also need to consider the tracking scripts, cookies, and everything else happening invisibly. Ensure your setup allows for taking care of third party ad tracking.
  • Things will break. A note of caution: Blocking scripts or other functionality can break some websites. You’ll need to customise your settings in these situations. Some products integrate ads into the actual structure of a product, so removing or blocking will break the product. Tablet games where you’re granted a new life by watching an ad, for example. There may not be much you can do when this happens. Use the product as is, or cut your losses and move on.

Malwarebytes protects against annoying ads and scams while blocking trackers that spy on you.

TRY NOW

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.