Why has nobody made a browser which adblocks without the website detecting it?

[peter-h]

Sites detect adblocking by checking if some specimen content got rendered. Not sure of the detail but somehow a site can read back what got rendered.

It is obviously possible, by rendering the data to a "hidden" page and then running the normal adblock code on a visible copy.

Yet, no such product AFAIK.

[Zero999]

Sites detect adblocking by checking if some specimen content got rendered. Not sure of the detail but somehow a site can read back what got rendered.

It is obviously possible, by rendering the data to a "hidden" page and then running the normal adblock code on a visible copy.

Yet, no such product AFAIK.

No doubt that would use double the memory and would slow it down considerably. One of the advantages of adblock is pages often load more quickly. I suppose if such an adblock did exist it could be configured so the stealth mode only works on sites which block it.

[peter-h]

IME, the speed of page loading is nowadays almost totally driven by the ADSL speed together with the server speed.

The latter is usually painfully slow; many sites take several seconds to deliver any sort of complete page.

Browsers running on modern hardware are incredibly fast.

[PlainName]

Part of the adblocking is defeating tracking - your browser picking up an ad from a known source is as good a tracking tool as a cookie or one-pixel image. The ad-provider, having a toe in many websites, has almost as good a view of your travels as google analytics.

[tooki]

IME, the speed of page loading is nowadays almost totally driven by the ADSL speed together with the server speed.

The latter is usually painfully slow; many sites take several seconds to deliver any sort of complete page.

Browsers running on modern hardware are incredibly fast.

Hah, if only that were true. Transfer rate is almost never the problem, nor server speed. The problem is how all the ad, tracking, and analytics systems work: as a web admin, you integrate a small script onto your page. But then that script runs and in turn loads more scripts, and then those load more… the chain of sequential scripts is what causes the delays. They can’t be preloaded, nor even parallelized, because they’re not known at the time of the initial page load.

And then heaven help if one of the servers hosting those scripts happens to be down or slow.

Nor is it a small difference: on some websites, those delays can make up 90+% of the page load time. Try wired.com for example: with JavaScript disabled or with an ad and tracker blocker, it loads practically instantly. With JavaScript active and no blocker, page load doesn’t usually end before 6-10 seconds.

One study, looking at a set of a million different websites, found that 60% of load times, on average, was due to ads and trackers: https://www.theregister.com/2019/02/15/javascript_delay_analytics/

(Hence why 90+% is well within the bell curve, if 60% is the average.)

When you see stuff load slowly and think it’s a slow web server, it’s almost guaranteed to not be the site’s web server, but the shitty ad and tracking network.

Additionally, many sites now use heavy client-side frameworks that demand insane amounts of local processing power, as they’ve essentially built giant, generic app frameworks within which they build the site. Not only are those frameworks often megabytes of scripts that need to download, but they need tons of CPU. Facebook is a perfect example of this. It’s so processing-heavy now that it’s nearly unusable on older systems. (Systems which have no trouble at all with more sanely written pages.)

Last but not least, there are even ads that max out your CPU (killing your battery life, making your system run hot, and negatively impacting actual system performance) to do… wait for it… Bitcoin mining at your expense.

[station240]

Also depends on what information the ads/trackers are trying to get out of the end user.
For instance, getting a list of browser addons requires looping thru a list to get the details of each one, that's not going to be fast.
Plus some websites get greedy, and have ads provided by multiple companies, so the same type of tracking code is run/downloaded multiple times.

I've found websites that literally will not load, unless and ad blocker is used.
Some ad companies let the client supply their own code, but don't actually check it's not crap.

[NiHaoMike]

Part of the adblocking is defeating tracking - your browser picking up an ad from a known source is as good a tracking tool as a cookie or one-pixel image. The ad-provider, having a toe in many websites, has almost as good a view of your travels as google analytics.

There's an adblocker (really an ad-hider) that still downloads the ad but blocks the display of it. To impede tracking, it fakes clicks to basically give them junk.
https://adnauseam.io/

[Whales]

I have both ads blocked and javascript blocked by default, defeating many anti-adblock strategies and keeping page loads faster.  Unfortunately many websites are utterly helpless without javascript, not displaying images or even hiding the text too.  I made a FF addon to try and fix some of these cases, but again it doesn't cover everything.

The paradigm of web content has shifted greatly.  Originally pages were sent to you in plaintext HTML, CSS and images were shown using <img> tags.  Now some sites serve a blob of javascript that runs in a (semi) secure VM in your browser to generate the page.  This dramatically shifts the level of control & power away from you and into the publisher's hands; they can do any sort of computations they want in return for you being able to see their pages.  Detecting adblockers is just the tip of the iceberg.

[wilfred]

Detecting adblockers is just the tip of the iceberg.

Another thing that adds to the iceberg is in the case of this forum is a plugin like Mathjax which was added to facilitate pretty display of equations. I don't know how much loading that slows down every page load but it is there. I don't say I object to it. I don't use it and from what I see almost no one does. I only get reminded of it when forum pages are loading slowly and I see the name pop up near the bottom of the screen long enough to read it.

I use a tool called NoScript in Firefox. I installed it out of curiosity once a few months ago. I am moderately irritated by constantly having to go enable scripts on sites to get them to load. I left Facebook on the untrusted list just to stake a claim to paranoia.  Jury is still out whether I persevere with it. I don't really know what I should be blocking or why.

[james_s]

The paradigm of web content has shifted greatly.  Originally pages were sent to you in plaintext HTML, CSS and images were shown using <img> tags.  Now some sites serve a blob of javascript that runs in a (semi) secure VM in your browser to generate the page.  This dramatically shifts the level of control & power away from you and into the publisher's hands; they can do any sort of computations they want in return for you being able to see their pages.  Detecting adblockers is just the tip of the iceberg.

I really dislike this trend. There are very few things on the modern internet that I find superior to the old days when sites loaded quickly on even a dialup connection. Most of the modern bloat just gets in the way of accessing the information.

[PlainName]

To impede tracking, it fakes clicks to basically give them junk.

I don't think it does. It is one thing to fake clicking on ads so they get a distorted view of what you might be interested in, but a click on an add from website A tells HQ you were on website A, regardless of what ad you faked looking at. The only way ad nauseum could fake your travels would be to actually visit random sites and click ads on there, but generating fake traffic to websites is a really bad thing to do.

[Red Squirrel]

Actually it would be a cool feature if you could set a mode where it does just this.  This would hopefully fool those sites that can detect ad blockers. 

[Black Phoenix]

The paradigm of web content has shifted greatly.  Originally pages were sent to you in plaintext HTML, CSS and images were shown using <img> tags.  Now some sites serve a blob of javascript that runs in a (semi) secure VM in your browser to generate the page.  This dramatically shifts the level of control & power away from you and into the publisher's hands; they can do any sort of computations they want in return for you being able to see their pages.  Detecting adblockers is just the tip of the iceberg.

I really dislike this trend. There are very few things on the modern internet that I find superior to the old days when sites loaded quickly on even a dialup connection. Most of the modern bloat just gets in the way of accessing the information.

I don't connote the fact that is discussed here, I hate Ads and the likes as any one. I never cared about ads to something I don't know I will buy. When I need to buy something then I will look for it. No need to source me that crap before I'm interested in it. If they want to use my computer they should pay for it as they pay to have their website hosted.

But the reality is that Ads and the likes is what makes possible for websites like this one to exist. Not everyone have financial headroom to pay for hosting. Yes nowadays hosting is very cheap, but is still a cost, specially because what is really the money maker (I'm may be wrong, last time I needed hosting were like 5 years ago) is the bandwidth and amount of data you are allowed to use.

Happens with Mobile Services, Happens with Internet Services, same in the Server World. A good bandwidth and a big data cap is what everyone wants. But that have a big cost. Add that to IT Support/Development of the website, plus how many people who insert info on them (talking about most news websites) plus a lot more people to support that people, etc and the fee starts to add.

This is a forum, their users post here their knowledge for free, they know that their info is available to anyone who wants to read, and can be used for profit by third parties (if it is technical info that may help to skew a company product in the right direction/out of the ditch for example). They know that when they accepted the terms and are OK with that. No one will ask for rates of their contributions. Although Dave still have to pay for the hosting and traffic. Someone have to do the maintenance and the hot line support when problems happen (see the data centre and the database problems in the last month and a half).

So I hate Ads, but I understand why they exist. Unfortunately the what was Ads now are mining scripts that mine crypto while that browser tab is open and you are still in the website, with in some cases being persistent in the browser memory until it is closed/restarted. That I disagree.

[NiHaoMike]

So I hate Ads, but I understand why they exist. Unfortunately the what was Ads now are mining scripts that mine crypto while that browser tab is open and you are still in the website, with in some cases being persistent in the browser memory until it is closed/restarted. That I disagree.

Exactly how do those crypto miners hidden in ads really work? If they work the way pool mining normally does, could it be possible to more or less hack it so that it submits a lot of invalid shares (i.e. claim that a nonce solves the hash to the pool's satisfaction but actually doesn't) and gets the account blacklisted for excessive invalid shares?

[Circlotron]

I use a hosts file. Works okay for me.

https://someonewhocares.org/hosts/

I've also got Adblock Plus running too, so between them both I see nussink. Amost.

[AntiProtonBoy]

Sites detect adblocking by checking if some specimen content got rendered. Not sure of the detail but somehow a site can read back what got rendered.

Not just about whether something is rendered. The server could also potentially detect whether an ad resource/asset has been accessed by the client. For example, if an ad element has been hidden by the browser, then the browser may not even bother sending additional HTTP requests to pull content and assets from the ad server. Consequently the ad server may detect this, as there is an expectation of such requests when the web site is loaded.

[Whales]

So I hate Ads, but I understand why they exist. Unfortunately the what was Ads now are mining scripts that mine crypto while that browser tab is open and you are still in the website, with in some cases being persistent in the browser memory until it is closed/restarted. That I disagree.

Exactly how do those crypto miners hidden in ads really work? If they work the way pool mining normally does, could it be possible to more or less hack it so that it submits a lot of invalid shares (i.e. claim that a nonce solves the hash to the pool's satisfaction but actually doesn't) and gets the account blacklisted for excessive invalid shares?

I'm lead to believe that proving a specific mining solution as correct or incorrect is generally very cheap to do.  Remember that even a CPU's performance is measured in kilohashes/second and (if I'm not mistaken) you only need to perform one "hash" to verify whether or not a solution is correct.  The javascript crypto miners probably send your mining results directly back to the author's servers rather than directly interacting with any blockchain or other system.  They can then verify your work before cashing it.

I suspect (?) that the cost of running/verifying a single hash is < the cost of submitting a single hash to them over the network, so DOSing them with false results probably isn't worthwhile. 

[rdl]

When using NoScript, start off with the option to "Temporarily allow top-level sites by default" enabled. This will for example allow scripts from Newegg, but if Newegg's site wants to go run a script from somewhere like google.com it will be blocked.

Also be aware that many sites will require an associated cdn url that it will need for things like images (neweggimages.com, ssl-images-amazon.com). I generally just set these permanently "Trusted".

Embedded videos are almost always a problem as it can be hard to figure out where they are actually coming from. For Youtube all I ever need to allow is youtube.com and googlevideo.com, but a youtube video embedded somewhere else (here for example) will still not play.

If you go to any of the old school media sites, you'll find they are among the worst offenders. I can got to cnn.com and at first NoScript will only show the option to allow cnn.com, but once that's done you will see that cnn.com wants to run scripts from over 25 other domains!

[Whales]

A few comments regarding addons mentioned so far

Noscript

I used to love this addon pre-firefox-quantum.  Post it seems to have really been gutted (including the removal of script surrogates).

It's new UI was too far different and hard to use compared to the old one, so I moved to using ublock origin's UI (to do essentially the same) instead.  It lets me whitelist 1st party scripts, 3rd party scripts or specific domains (all per website) with a few clicks.  Still not as nice as middle-clicking the noscript icon used to be, but it gets the job done.

Adblock plus

These guys accept money to let ads through their filter by default.  This action spawned lots of competitors, ublock origin seems to be one of the most popular at the moment.

[peter-h]

I used noscript ages ago and it just crippled most websites.

I use Adblock nowadays but many sites detect it.

The basic issue is that nowadays most ads are served from the base site IP. The price you, as site owner, pay is that your server bw goes way up, but you get a lot more ad click revenue because dumb adblocking mostly doesn't work. As a user, in the old day you could just block google-ads.com or whatever and that was the job done. Now, ad blocking has to use scripts which detect the ads explicitly by pattern. This is what the excellent Facebook Purity does, and FB are constantly changing their HTML to get around it, but it generally works very well.

I still don't know why there isn't a browser which renders the ads to an invisible page.

[Miyuki]

Can I ask you why you are so into this adblocking thing? Or you are on pages filled with ads?
I see how it can be a problem on a laptop with heat and battery drain, but on desktop 
Like I have opened chrome for two weeks with gazillion tabs and it takes some RAM (like 6-8GB) but CPU load is minuscule with ads here and listening to youtube (around 2-4% on ancient 7 years old 16 core)

[JPortici]

Can I ask you why you are so into this adblocking thing? Or you are on pages filled with ads?

I assume you never use youtube

[rdl]

I don't like my browser running code from multiple random sites all over the internet and sending data back and forth without my knowledge. It still does, but I try to minimize it as much as possible.

Here is one example, and I'm not picking on Newegg. Their site is relatively benign compared to the rest of the internet. Actually most retail sites are okay. As I said before, old school media sites are by far the worst. Try installing NoScript then go visit the web site of one of your local TV stations (or CNN, Fox News, etc.) with the top level domain trusted.



Why should my browser need to connect to all those other domains just to buy something from Newegg?
It doesn't. Last time I bought something there it worked fine like this.

I use NoScript and uBlockOrigin and a hosts file. I like multiple lines of defense. I don't think most people have any idea what their computers are actually doing behind their back and without asking.

[tooki]

Can I ask you why you are so into this adblocking thing? Or you are on pages filled with ads?
I see how it can be a problem on a laptop with heat and battery drain, but on desktop 
Like I have opened chrome for two weeks with gazillion tabs and it takes some RAM (like 6-8GB) but CPU load is minuscule with ads here and listening to youtube (around 2-4% on ancient 7 years old 16 core)

...because it reduces page load times a LOT? As i shared above, on average 60% of page load times is ads and trackers...

The paradigm of web content has shifted greatly.  Originally pages were sent to you in plaintext HTML, CSS and images were shown using <img> tags.  Now some sites serve a blob of javascript that runs in a (semi) secure VM in your browser to generate the page.  This dramatically shifts the level of control & power away from you and into the publisher's hands; they can do any sort of computations they want in return for you being able to see their pages.  Detecting adblockers is just the tip of the iceberg.

I really dislike this trend. There are very few things on the modern internet that I find superior to the old days when sites loaded quickly on even a dialup connection. Most of the modern bloat just gets in the way of accessing the information.

100% agree. What with “sign up for our newsletter!” lightboxes, dickbars (boxes and bars that don’t scroll away and partly obscure content, like social media sharing doodads), the “accept cookies” popups (thanks, EU...), “let us send you notifications!” popups (originally through notification APIs, then when those got locked down, as javascript popups), etc, it takes forever to just be able to read the damned content.

I resisted installing an ad blocker for a long time, since I understand the value ads provide to website operators. But I had to draw the line due to the performance issues they cause. I do not consent to having website performance reduced dramatically. Had ad networks been respectful of computing resources and usability, I wouldn’t have blocked them, because I’m not against advertising. IMHO, they made that bed, now they can lay in it.

[Ranayna]

Regarding page loads, for sites that are either geographically close, or use big CDNs, i made the observation that, with adblock enabled, your connection speed barely matters.

Last year, I went from 8 MBit/s DSL to 120 MBit/s Fiber, and i noticed very little difference when surfing. Of course downloads are faster, and more users can use the connection without really affecting each other, but for a single user just surfing the web, the upgrade was almost meaningless.

Earlier this year i upgraded my PC significantly, going from a 6 year old intel i7 (5820k) to a current Ryzen 5900x. I was very surprised that i was actually able to notice that upgrade, just surfing the web.
Modern pages are so heavily reliant on running local scripts, that local processing power seems to be a bottleneck.