Adblocking andCounter-Blocking
JuliaE.Powles
EmilianoDeCristofaro
HamedHaddadi
StevenMurdoch
RishabNithyanand
SheharbanoKhattak
MobinJaved
Narseo Vallina-Rodriguez
MarjanFalahrastegar
Inthispaper,we…
• Understandthecurrentstateofthecontentprovidervs. adblocker armsrace
AdobeandPageFair 2015adblocking report
August ‘15 March‘16
IABTechLabPublisherAdblocking Primer
March‘16
Eyeo wins5th straightcaseinGermany
Popularwebsitesdeployanti-adblockers
Securityandprivacyactivistsfightback
April ‘16
Andimmediatelyfacemalvertising scares
Inthispaper,we…• Understandthecurrentstateofthecontentprovidervs. adblocker armsrace
• Howwidespreadareanti-adblockers?• Anti-adblockers:Adblocker blockersanddetectors.
• Whatsitesareemployingthem?
• Whoarethemostpopularvendorsofanti-adblockers?
• Howdothepopularanti-adblockerswork?
• Canadblockers blockanti-adblockers?• Or,canadblockers blockadblocker blockers?
Howwidespreadareanti-adblockers?
• CrawlanddownloadallJSes intheAlexaT-5K.• Over200KJSinAlexaT-5K.• Analyzing(functionalityof)eachoneisnotfeasible.
• Observation:MostsitesusethesameJSes.• Boughtfromvendors,partofalibrary,etc.
• ClustersimilarJSes andanalyzeeachcluster.
ClusteringsimilarJSes
• FormulateastheCliqueFindingproblem.
• Findallcliqueswithedgeweight>=x (say,.80).
• JS1,JS2,andJS4arelikelytohaveidenticalfunctionalityandsourceforsufficientlyhigh“x”.
• Givesalower-boundofsharedJSes:FailswithdifferentlyobfuscatedcodeandcomposedJSes.
JS1
JS3
JS2
JS4
.9
.6
.9
.9 .7
.8
Similarityofcode(TF-IDF)
White-spaceinsensitivePosition insensitiveResistanttonoise
AnalyzingclustersofJSes
• Characteristics(scriptvendorandfunctionality)ofeachcliqueareidentifiedbyanalyzing:
• Sourcesofscripts.
• Externalresourcesutilizedbythescripts.
• (TF-IDF)Keywordsassociatedwiththescript.
• Manually.
Howwidespreadareanti-adblockers?
• Totalnumberofcliqueswithsize>=5:1882• 1882JSes sharedby5+websites.
• TotalnumberoftrackerJSes:456of1882• 456JSes usedfortrackingsharedby2741websites.
• Totalnumberofanti-adblocker JSes:22of1882• 22JSes usedfordetectingadblockers sharedby335websites.• Thisisalowerbound.
Howdoanti-adblockers work?
• Keyidea:Baitobjects.• Example1:UsingabaitDIVelement
var test = document.createElement('div'); //Create a new DIV elementtest.innerHTML = ' ‘; test.className = 'adsbox‘; //Set bait
document.body.appendChild(test); //Add element to document body
if (test.offsetHeight === 0) //Check element height{
document.body.classList.add('adblock');}
Howdoanti-adblockers work?
• Keyidea:Baitobjects.• Example2:UsingbaitJSes
// ads.jsvar foo = False
// main.jsvar foo = True// main.htmlif (foo is True){
document.body.classList.add('adblock');}
TL;DR
• Anti-adblockers areemployedbyatleast 6.7%oftheAlexaT-5K.
• Anti-adblockers aremostlyemployedby“News”websites.
• Anti-adblockers arebeingsuppliedmostlybyadvendors.• PageFair reportshouldbetakenwithagrainofsalt(conflictofinterest).
• Thearmsracehasenteredthenextphase.• Escalationseemslikelyunlessacompromiseisfound(e.g.,Eyeo AAI).