Blocking Adblock without Javascript

javascript-promisesWhile the rants of a particular activist bent on misrepresenting technology seem to be capturing the ears of Eurocrats this week — it might serve as a useful reminder that detecting and blocking adblock can be achieved very simply without using Javascript at all.

What activists call “detection” is just the perceived action of the script. To illustrate this, let’s use simple CSS to show that many adblockers can be “detected” and thwarted without scripting at all.

A simple way to block a large number of ad blockers is to name the page’s <body> element with the name of a commonly-used advertising-element.

For example:

That ridiculously simple strategy will result in many first-generation Adblockers attempting to hide the entire body of the page. Did that constitute some invasion of user privacy? Obviously not.

The same strategy can be applied to any container DIV on the page which is part of normal content.  Likewise any useful content-related image on the page could be similarly named with a filtered element name.

Which raises the hypothetical question: What if publishers around the world started naming every page element on every web page on the Internet using ‘advertising-sounding’ element names?  What if every single element of the DOM, in every corner of the web was made to look and smell like an ad?

(I’ll tell you:  EasyList would weigh in at around a terabyte).  But I digress. That’s not likely to happen… at least not any time soon.

Another example of the wrong-headedness of the activists’ claims is that the standard Javascript mechanism can be reversed.

Using Javascript to show, not hide

Javascript can be used to show the page and not hide it.

This technique involves making the entire web-page “javascript dependent“.  To do this, one could hide the entire body of the page (or any other container) by default, and then use Javascript to “un-hide”  the page.  If one places that particular “unhiding” code in the body of an already filtered external javascript, the user would have to whitelist in order to view the page. Note: In this scenario, the javascript isn’t “blocking” anyone, it is piggy-backing in an already blocked script and actively revealing the page.

For example:

Any script that might otherwise be blocked by Adblock, would then include the appropriate code to “unhide” the hidden container. Any users who are blocking that particular script won’t benefit from the script’s embedded “unhiding” feature.

This technique for defending against ad blockers isn’t detecting anything at all. It is simply creating a dependency within the page code.

Granted, these aren’t particularly effective mechanisms to block Adblock, or anywhere near the most difficult to circumvent — but again — what activists call “detection” is only a perceived action of the scripts. The reality is that there are non-Javascript techniques which can achieve the same result. And there are script dependencies that can be created between already filtered scripts and the visibility of the page.

Of course, I recommend a more robust, scripted solution (like BlockAdblock)  — but the notion that blocking adblockers must by definition constitute a violation of privacy is obviously absurd.

As I have already demonstrated, the activists who are claiming that javascript detection of Adblock is “illegal” under section 5(3) of the EU Cookie law have misrepresented the action of javascript (and browsers) at the outset. Inline scripts do not need to be “stored”, and neither receive nor transmit stored user data. On top of that the exceptions to the EU Cookie Law would seem to permit Adblock detection anyway as advertising is “necessary to provide the service”.  It should now also be obvious that “information” about the users’ browser (even by the broadest definition of “information”) is not required to block Adblock.

The next question is…

If one circumvents anti-adblock defenses or even an inactive, pure-CSS method of blocking Adblock as described above — are they in violation of the DMCA “anti-circumvention” laws?

As I have pointed out before, unlike EU laws — the DMCA says it very clearly:

No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof,that—

[a] is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work

Seems pretty straightforward to me. Maybe it’s time to flip the script?

 

  • Making the whole page JavaScript dependent is a good way to make search engines unable to see the text of your page, resulting in far fewer side-door visits.

    • Silicon SEO

      Google spiders with Chrome. So… Totally not true.

      • Search engines, plural. Do Bing and Duck also spider with JavaScript?

        Besides, does Googlebot Chrome execute ad delivery scripts?

        • Silicon SEO

          Nobody crawls in plaintext anymore. It’s why padding doesn’t work. It’s all interpreted. And DDG doesn’t even crawl. Those are licensed results. …Not that they have any users in the big picture anyway.

          • Then does a hit by Bing or by one of the spiders that DDG licenses count as an ad view for purposes of anti-adblock?

  • Frugal Freak

    or how about serving up relevant material instead of 75% ads that move and pop up!

  • Even if the major web search engines (Google, Bing, and whatever DDG uses) use JavaScript nowadays, there’s another danger: a site adopting this could get sued.

    I was under the impression that making an HTML document unnecessarily dependent on JavaScript for proper viewing could cause the site to become inaccessible to users with disabilities. This could cause the site’s operator to incur liability under applicable disability anti-discrimination laws.