Ariel Millennium Thornton
image/svg+xml Follow

Cleaning up a customer's PC, I made the mistake of leaving a tab open on Yahoo's home page. Only 1 minute later: malvertized. Sunuva...

I did it again to pin down the cause, & indeed it's Yahoo's ads breaking out, taking over the page, & loading scary messages that make it difficult to leave.

I can't stress enough, folks, that an ad blocker is Internet SECURITY software.

@arielmt I used to joke around about that years ago when ad blockers became vogue but I had no idea how true it would be. I would argue it's even more effective than antivirus when it comes to casually browsing the internet.

@Saxxon @arielmt i'm reading this thread while listening to Magnatron 2.0 and i feel like the world isn't real rn what is happening

@Saxxon And you would be right. The majority of Web-borne malware gets its foot in the door via ad networks.

@arielmt Yup. It is impossible to fully trust a site to serve non-malware ads unless they're hand-inspected by the admin, static files on the admin's server, and don't report anything back to the buyer-- which basically is never going to happen any more.

@arielmt I have one user at work who uses Yahoo, most of the rest are on Gmail. There's a marked difference as far as how often I need to troubleshoot slowness issues for that one workstation, and Gmail isn't exactly light. So thanks for the reminder, I will be checking the adblock on his terminal tomorrow.

@arielmt What do you do about anti-adblocks like Admiral popping up?

@Tathar For that, I usually recommend the more extreme action of blocking JavaScript on that website, either through "Site Settings" behind the info icon in the Chrome address bar, or through an extension such as NoScript for Firefox & ScriptSafe for Chrome/Chromium.

If the page content is completely inaccessible with both ads & JS blocked, then there's nothing for it; I recommend abandoning the site. Like a game of Three-Card Monte in an alley, the only winning move is not to play.

@arielmt I've been increasingly horrified at the pages where I've seen this happen. Major newspapers etc. Yahoo is a whole other level though.

For anti-adblock pop-ups, I usually recommend the more extreme action of blocking JavaScript on that website, either through "Site Settings" behind the info icon in the Chrome address bar, or through an extension such as NoScript for Firefox & ScriptSafe for Chrome/Chromium.

If the page content is completely inaccessible with both ads & JS blocked, then there's nothing for it; I recommend abandoning the site. Like a game of Three-Card Monte in an alley, the only winning move is not to play.

@arielmt JavaScript isn't necessary to make websites, so it's good to disable altogether.

It's a security vulnerability in & of itself since it's literally remote code being run on your system, capable of all the same things as an installed program but without the ability for verification like we can with a Debian repo.

All it takes is one DNS redirect from a popular site by a malicious entity & it's thousands -- or worse, millions of infected devices.

@arielmt If the site breaks with JavaScript disabled, it's probably not worth using period.

HTML5 can go fuck itself.

@arielmt Oh, and yes, I know Mastodon's site breaks without JavaScript. But why would you want a webapp when native apps are so much smoother since they're made to run on your system w/o an interpreter & can be sandboxed much easier?

@KitsuneAlicia In my case, I don't have much of a choice because my main OS is FreeBSD Unix, and even native Linux apps are incompatible. NoScript lets me contain the allowed JS to just the ones my instance's website need.

@arielmt Ooh, fun. I admit FreeBSD does need more development, but it suffers from corporate control over the means of production worse than Linux since it bans all proprietary stuff & heaven forbid customers have control over their devices on that level.

@KitsuneAlicia Please tell me a smoother Mastodon native client for Linux which is feature-competitive with the web app.

@frumble If I knew of one, I'd be using it myself. My point is that there *should be* one, not whether there is or isn't one.

@KitsuneAlicia There *should* be a killer e-mail client too but the best we got is Thunderbird in all its cross-platform XUL glory.

@KitsuneAlicia Your complaints about JavaScript's ubiquity & blind trust are spot-on identical to mine, but HTML5 looks like an unrelated improvement that, like XHTML & all the HTMLs before it, quickly turns to mush when any browser-based program script is thrown in.

@arielmt I'm admittedly not all that familiar with HTML specs, but I know HTML5 did expand on how scripts could be used, so it's pretty much mush as a standard itself simply because of that.

Unlike the simple on-off switch built into some browsers, NoScript & ScriptSafe are selective & granular JavaScript blockers. That means, with either of them, you can allow JavaScript from a website's domains while blocking & distrusting JavaScript from ad network domains. And that distrust of an ad network's JavaScript (or any domain's JS) follows you across the World Wide Web to every website attempting to use it on you, not just the one site you distrusted it on.

Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!

This instance uses Mutant Standard emoji made by Dzuk, which are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.