EasyList blog: Giorgio Maone actively bypassing ABP filters?

http://easylist.adblockplus.org/blog/2011/04/25/giorgio-maone-noscript-net-and-flashgot-net

 

despite claims otherwise, cat & mouse again. neither side appears whiter than the other.

 

This is quite an old story that has been bubbling on and on and on. My sympathies are on one side but there's no point fighting futile battles.

 

Once again issues between NS and ABP. Oh well, not visiting NS or FG website anymore.

 

FG? Please expand.

 

FlashGot, the other mentioned site by Giorgio Maone.

 

Yeap...Same old story...

 

It's such a shame that this has to happen between the 2 best (IMO) FF extensions available to us. But you are all right. It's an old news "fire" that never dies...

 

A couple of bickering children who have made discrediting each other a priority. Why would anyone trust their security to coders with this mentality? Fortunately, Proxomitron makes both of them unnecessary.

 

I'd like to figure out why the hell every time I open Firefox now, Noscripts' homepage pops up. The browser is updated, the add on is updated, Sandboxie is set to keep those changes. Is it because I have ABP? If so, Noscript can kiss it. And, more on topic, I'm not surprised these guys are going at it again. Noone-Particular is right, why trust them? The only issue with Prox is that it's a PITA to set up and keep going, at least in my view.

Edit: I went off on a rant without properly viewing the date of the article and the specifics. I'm sure my issue isn't because of that, unless it's some new thing between them. Whatever those two are doing, they need to grow up

 

It can be a pain keeping the filters up to date. The constantly changing ways they find to track you, feed you ads, and get data from your browser requires that the filtering tool be kept updated to remain effective. I think Sidki still maintains a Proxomitron filterset. Beyond that, you pretty much have to maintain your own in order to really keep the junk out, which is more than most users want tot do. That said, even the original Prox filters still do quite a bit. The other option is using tools like those maintained by these childish coders.

I've never used AdBlock. A few hosts file entries blocks most of the bigger ad servers. They seem to be about half of the garbage on most pages. Other more annoying ads get added to Proxomitrons blocklist. Never felt a need for software just for blocking ads.

As for NoScript, I tried it once a long time ago. The very first thing I saw was its whitelist, which included his own sites and Google. I immediately deleted them, and on the next restart, they were back. That made my decision right there. I have no use for any security tool or developer that presumes to override my choices, especially when it comes to Google. I had heard that this particular behavior was removed due to user complaints, which IMO changes nothing. It showed the mentality of the coder, that he considered it his right to tell users what they should and shouldn't be allowed to blacklist. Looking at the present situation, it's clear that he still has that same attitude. AFAIC, anything he is involved in is on my blacklist.

 

I've personally found Noscript to be quite useful... So needless to say I'm a bit annoyed by this. Are there any alternatives for Linux out there? GUI frontends for Privoxy, for instance?

 

I've heard that Proxomitron can be run on Linux with Wine. Haven't tried it. No idea on Privoxy.

 

Privoxy is supposed to work just fine directly on Linux but Gullible Jones wants a GUI.

 

To clarify: the GUI part is important so you can easily add domains to a Javascript whitelist, or temporary whitelist...

I dunno. Maybe I'll cobble something together myself, once I get a bit better with Perl/Python/what have you; a nice GUI using Tkinter or something. Assuming I ever develop the necessary grasp of program design.

For now, well, Maone may not be the nicest software maintainer; but Noscript has served me quite well in the past, so I'll continue to use it until a viable replacement appears.

 

This probably means that either you accidentally included it in your home tabs (you can check in Firefox's Tools|Options main panel) or that something (a sandbox?) is preventing your Firefox preferences from being saved on the disk, therefore NoScript cannot "remember" that first run after update already happened and keeps acting as it had just been updated.

Either way, this is an anomaly and not the intended behavior. If you still have troubles in fixing it, feel free to look for help here.

Again, if that really happened to you, that was a problem with your browser being unable to flush its preferences to the disk.
The default whitelist is, and has always been, fully erasable (except for chrome:, resource and a few about: URLs, which are internal to the browser and required for it to work).

Annoyed by what, exactly?
By a webmaster configuring his own websites to work around a filter list which made a crusade of blocking his 1st party embedded banners (no adservers, no tracking, not even view logs involved: in other words, the most security and privacy respectful ads you can find anywhere on the net)?
Easylist brags about seven millions users, many of whom likely to be also NoScript users, who must not even know who are the sponsors helping their favorite security tool to stay free. Not to mention when Easylist fails to block ads but succeeds at killing content, such as FAQs or the Donate button.

And before you say "there's no such thing as a good ad", you may want to read this thread, for a glimpse of the future ABP is planning for us.

I love the part about contracts between ABP and advertisers who don't want their ads to be blocked. Here in Sicily we've got quite a long and well known tradition with this kind of business model...

However, for the time being, the only "good" ads exempted by blocking seem to be their own (e.g. the WOT banner at the bottom of this page).


@proxomitron users:
provided that script blocking per se can be very challenging at the proxy level (without in-browser support), but nevertheless admitting that proxomitron might be good enough at it, could you explain me technically how is it supposed to replace NoScript against XSS, Clickjacking or cross-zone/DNS rebinding attacks (just genuine curiosity)?

 

From the page itself: "This is of course only a question for people who think that some ads are allowed to exist to help webpages make money. The others will simply not use this new list."

As for a developer of a security add-on actively trying to bypass adblock filters for financial benefit regardless of user choice...

 

This is misleading: "the others will have to opt out from this list and choose another" is more accurate. If you cared to read the rest, it should be clear the good/bad ads list is meant to become the default.

Could you please elaborate what crafting in-page ads (no tracking, no 3rd party servers, no security or privacy risk whatsoever) in a way which is difficult for Easylist to block has to do with security, exactly? Your seems more appropriate for an adblocker with unblocked ads on its webpages... And BTW, "user choice" is not in question here. EasyList has been the default list offered by defaultABP for a long time: very few of its users choose it consciously, and even less choose it because it is the only one including filters tailored specifically for my web sites. On the other hand, users who actually choose to block my ads can do it independently from Easylist, by creating their own filters.

Regarding the "financial benefit" OMG, I develop NoScript as a full-time job (actually, I work on it even 20 hours a day, when it's needed), and I've got two children with another coming. If you, instead, can afford to work for free, and can prove you've got the needed technical skills, I'll be happy to exploit them for NoScript development and gain a few hours for my sleep

 

It looks like I'm having trouble locating that particular quote. Could you tell me which post it's in? Thanks.

People opted to install ABP and use filter lists because they want to block ads. So respect that. I just expect the people behind security software to promote user trust by acting in an ethical and responsible manner. But if disagree, then I guess we'll just have to agree to differ.

FWIW, your ability (or lack thereof) to earn a living is none of my concern.

 

https://adblockplus.org/forum/viewtopic.php?f=4&t=7551&p=47404&sid=c058a88686a613bb70d665aa44037494#p47404 :

 

That's not a quote, but a really easy deduction from posts like this, this, this or this. And this upset post by a filter subscription author seems to confirm that this is not just a "malicious" interpretation, doesn't it?

Not all ABP users want to block all the ads: many (most?) just want to block the annoying/dangerous ones. This seems to be also ABP's vision, as you can see in the discussion above.

There's nothing unethical in linking your sponsors (with no trackers and no adservers involved, it's worth repeating), even if those links bypass a popular filter list which holds double standards about "good" and "bad" (why ads on adblockplus.com are "better" than mine?) As I said, users can still choose to hide them if they want: I'm not fighting users, I'm just reacting on Easylist's attacks.

Also, the ads on my website are not paid per impression, but per product installation. The fact that whenever Easylist blocks them I can see significant drops in revenue logically implies that many Easylist users have no issue with them, doesn't it?

FWIW, neither your ability (or lack thereof) to understand the implications of the forum posts linked above, nor the security of web browsers had to be my concern, but fortunately for millions of NoScript users (and IE, and Chrome too) I'm nicer than the monster someone tries to paint me

 

.org?

That's amazing!

 

.com, they're getting serious about business

 

Thanks! I didn't know it existed. I had the .org link bookmarked and used to update through Firefox.

 

Those posts merely explain the rationale behind the decision to provide a separate list. I'm not quite sure how you made the leap to the conclusion that ABP and EasyList will be making users opt-out of the new list; would you care to provide that explanation?

Yes, it's obvious how you've simply made the decision that - like it or not - that's how it's going to be for your users.

You're right. What IS unethical to bypass user choice by forcing ads on them whether they like it or not. But I guess we just have different ideas about ethics. Like I said earlier, if as a security add-on developer you have no qualms about foisting ads on your users whether they want it or not, I suppose we'll just have to agree to disagree.

Come now, Mr Maone. The whole point of this debacle is that you're deliberately making it difficult to create rules to block your ads. Or do users somehow have the ability to manipulate ABP/EasyList in ways that the developers and list maintainers don't?

And I guess in addition to a lack of sense of ethics and responsibility, you're not quite above fudging the truth as well. In your email published on the EasyList blog post you claimed that "this picture of an evil and obsessive webmaster actively watching subscription authors and changing site design in an effort to thwart attempts is quite off base," and yet here you are, openly admitting that you're reacting to EasyList's "attacks". Am I missing something here?