Princeton’s Ad-Blocking Superweapon May Put an End to the Ad-Blocking Arms Race
An ad blocker that uses computer vision appears to be the most powerful ever devised and can evade all known anti ad blockers.
Image: David Evers/Wikimedia Commons
A team of Princeton and Stanford University researchers has fundamentally reinvented how ad-blocking works, in an attempt to put an end to the advertising versus ad-blocking arms race. The ad blocker they've created is lightweight, evaded anti ad-blocking scripts on 50 out of the 50 websites it was tested on, and can block Facebook ads that were previously unblockable.
The software, devised by Arvind Narayanan, Dillon Reisman, Jonathan Mayer, and Grant Storey, is novel in two major ways: First, it looks at the struggle between advertising and ad blockers as fundamentally a security problem that can be fought in much the same way antivirus programs attempt to block malware, using techniques borrowed from rootkits and built-in web browser customizability to stealthily block ads without being detected. Second, the team notes that there are regulations and laws on the books that give a fundamental advantage to consumers that cannot be easily changed, opening the door to a long-term ad-blocking solution.
The Federal Trade Commission regulations require advertisements to be clearly labeled so that a human can recognize them, which has created a built-in advantage for consumers and, now, ad blockers. The team used several computer vision techniques to detect ads the same way that a human would, which they call "perceptual ad blocking." Because advertisers must comply with these regulations, the authors imagine an "end game" in which consumers—and ad blockers—ultimately win.
"Unlike the behavior of malware, the behavior of both publishers/advertisers and ad-blocking tools already is, and will continue to be, shaped by regulations," they write in a paper explaining the ad blocker. "A favorable legal climate and the existence of browsers friendly toward ad-blocking extensions are two key factors that may tip the scales toward users."
Ad-blocking is obviously a fraught ethical topic—especially for a journalist whose salary is paid for in large part by advertising. The rise of malvertising, invasive tracking and surveillance, and heavyweight scripts that can bog down browser performance mean that there is a strong case to be made for blocking ads (a recent study found that advertising and scripts slow down web pages by an average of 44 percent). On the other hand, ads allow companies like VICE to keep the lights on, and widespread ad-blocking has already made significant dents in the revenue streams of online publishers.
While the researchers don't take an ethical stance about whether you should use an ad blocker or not, they do believe that the advertiser/publisher/reader relationships must fundamentally change.
"The fundamental problem with online ads today is a misalignment of incentives—not just between users and advertisers, but between publishers and advertisers," Narayanan told me in an email. "We've consistently found that publishers are upset about rampant online tracking and the security problems with ads, but they don't have much control over ad tech. Changing this power imbalance is important if we want a long-term solution."
A proof of concept is now available for Chrome, but is not fully functional (as in, it only detects ads, it doesn't block them): "To avoid taking sides on the ethics of ad-blocking, we have deliberately stopped short of making our proof-of-concept tool fully functional—it is configured to detect ads but not actually block them," Narayanan said.
With two highly motivated parties involved—a largely open source ad-blocking developer community and publishers who have their bottom lines at stake—the ad-blocking arms race has gotten significantly more complex over the past several years. Popular ad blockers like Adblock Plus and uBlock Origin work by detecting code that is used by standard ads; urls and markup code popularly used in ads are shared on huge open source lists that are often maintained by humans.
This means advertisers and publishers can simply change the code they use to deliver their ads to defeat them. This type of ad-blocking is often easily detected by anti ad blockers, which are deployed on the sites of more than 50 popular publishers. Finally, traditional ad blockers fail to block native ads that look like normal content, which is why your ad blockers won't detect and block sponsored posts on Facebook.
Perceptual ad-blocking, on the other hand, ignores those codes and those lists. Instead, it uses optical character recognition, design techniques, and container searches (the boxes that ads are commonly put in on a page) to detect words like "sponsored" or "close ad" that are required to appear on every ad, which is what allows it to detect and block Facebook ads.
"As long as the disclosure standards are unambiguous and adhered to, a perceptual ad blocker will have a 100 percent recall at identifying ads governed by that standard," the researchers wrote. Because new disclosure standards generally have to go through legal vetting and are required, they are less likely to change than the code used to deliver the ads.
To defeat anti ad blockers, the researchers say they've borrowed techniques from rootkits, which are often used for malware but can be adapted to "hide their existence and activities" from ad-blocking detectors. This is done because browser extensions are given a higher "privilege" than advertisements and ad blocker detectors. Another technique that was not used but was proposed to hide the ad blockers' activities is even more impressive. They are able to "create two copies of the page, one which the user sees (and to which ad-blocking will be applied) and one which the publisher code interacts with, and to ensure that information propagates between these copies in one direction but not the other."
What we have, then, is research that points toward a potential end of the ad-blocking arms race. Your move, publishers.
Update: This article has been updated to clarify that a technique that would create two copies of a webpage was only proposed, not tested.