EasyList blog: Giorgio Maone actively bypassing ABP filters?

Discussion in 'other security issues & news' started by Eice, May 25, 2011.

Thread Status:
Not open for further replies.
  1. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    http://easylist.adblockplus.org/blog/2011/04/25/giorgio-maone-noscript-net-and-flashgot-net
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    despite claims otherwise, cat & mouse again. neither side appears whiter than the other.
     
  3. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    This is quite an old story that has been bubbling on and on and on. My sympathies are on one side but there's no point fighting futile battles.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Once again issues between NS and ABP. Oh well, not visiting NS or FG website anymore.
     
  5. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    FG? Please expand.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    FlashGot, the other mentioned site by Giorgio Maone.
     
  7. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Yeap...Same old story...:isay:
     
  8. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    It's such a shame that this has to happen between the 2 best (IMO) FF extensions available to us. But you are all right. It's an old news "fire" that never dies...
     
  9. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    A couple of bickering children who have made discrediting each other a priority. Why would anyone trust their security to coders with this mentality? Fortunately, Proxomitron makes both of them unnecessary.
     
  10. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'd like to figure out why the hell every time I open Firefox now, Noscripts' homepage pops up. The browser is updated, the add on is updated, Sandboxie is set to keep those changes. Is it because I have ABP? If so, Noscript can kiss it. And, more on topic, I'm not surprised these guys are going at it again. Noone-Particular is right, why trust them? The only issue with Prox is that it's a PITA to set up and keep going, at least in my view.

    Edit: I went off on a rant without properly viewing the date of the article and the specifics. I'm sure my issue isn't because of that, unless it's some new thing between them. Whatever those two are doing, they need to grow up
     
  11. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It can be a pain keeping the filters up to date. The constantly changing ways they find to track you, feed you ads, and get data from your browser requires that the filtering tool be kept updated to remain effective. I think Sidki still maintains a Proxomitron filterset. Beyond that, you pretty much have to maintain your own in order to really keep the junk out, which is more than most users want tot do. That said, even the original Prox filters still do quite a bit. The other option is using tools like those maintained by these childish coders.

    I've never used AdBlock. A few hosts file entries blocks most of the bigger ad servers. They seem to be about half of the garbage on most pages. Other more annoying ads get added to Proxomitrons blocklist. Never felt a need for software just for blocking ads.

    As for NoScript, I tried it once a long time ago. The very first thing I saw was its whitelist, which included his own sites and Google. I immediately deleted them, and on the next restart, they were back. That made my decision right there. I have no use for any security tool or developer that presumes to override my choices, especially when it comes to Google. I had heard that this particular behavior was removed due to user complaints, which IMO changes nothing. It showed the mentality of the coder, that he considered it his right to tell users what they should and shouldn't be allowed to blacklist. Looking at the present situation, it's clear that he still has that same attitude. AFAIC, anything he is involved in is on my blacklist.
     
  12. I've personally found Noscript to be quite useful... So needless to say I'm a bit annoyed by this. Are there any alternatives for Linux out there? GUI frontends for Privoxy, for instance?
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I've heard that Proxomitron can be run on Linux with Wine. Haven't tried it. No idea on Privoxy.
     
  14. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Privoxy is supposed to work just fine directly on Linux but Gullible Jones wants a GUI.
     
  15. To clarify: the GUI part is important so you can easily add domains to a Javascript whitelist, or temporary whitelist...

    I dunno. Maybe I'll cobble something together myself, once I get a bit better with Perl/Python/what have you; a nice GUI using Tkinter or something. Assuming I ever develop the necessary grasp of program design.

    For now, well, Maone may not be the nicest software maintainer; but Noscript has served me quite well in the past, so I'll continue to use it until a viable replacement appears.
     
  16. Giorgio Maone

    Giorgio Maone Developer

    Joined:
    Mar 13, 2007
    Posts:
    27
    This probably means that either you accidentally included it in your home tabs (you can check in Firefox's Tools|Options main panel) or that something (a sandbox?) is preventing your Firefox preferences from being saved on the disk, therefore NoScript cannot "remember" that first run after update already happened and keeps acting as it had just been updated.

    Either way, this is an anomaly and not the intended behavior. If you still have troubles in fixing it, feel free to look for help here.

    Again, if that really happened to you, that was a problem with your browser being unable to flush its preferences to the disk.
    The default whitelist is, and has always been, fully erasable (except for chrome:, resource and a few about: URLs, which are internal to the browser and required for it to work).

    Annoyed by what, exactly?
    By a webmaster configuring his own websites to work around a filter list which made a crusade of blocking his 1st party embedded banners (no adservers, no tracking, not even view logs involved: in other words, the most security and privacy respectful ads you can find anywhere on the net)?
    Easylist brags about seven millions users, many of whom likely to be also NoScript users, who must not even know who are the sponsors helping their favorite security tool to stay free. Not to mention when Easylist fails to block ads but succeeds at killing content, such as FAQs or the Donate button.

    And before you say "there's no such thing as a good ad", you may want to read this thread, for a glimpse of the future ABP is planning for us.

    I love the part about contracts between ABP and advertisers who don't want their ads to be blocked. Here in Sicily we've got quite a long and well known tradition with this kind of business model... ;)

    However, for the time being, the only "good" ads exempted by blocking seem to be their own (e.g. the WOT banner at the bottom of this page).


    @proxomitron users:
    provided that script blocking per se can be very challenging at the proxy level (without in-browser support), but nevertheless admitting that proxomitron might be good enough at it, could you explain me technically how is it supposed to replace NoScript against XSS, Clickjacking or cross-zone/DNS rebinding attacks (just genuine curiosity)?
     
  17. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    From the page itself: "This is of course only a question for people who think that some ads are allowed to exist to help webpages make money. The others will simply not use this new list."

    As for a developer of a security add-on actively trying to bypass adblock filters for financial benefit regardless of user choice... :thumbd:
     
  18. Giorgio Maone

    Giorgio Maone Developer

    Joined:
    Mar 13, 2007
    Posts:
    27
    This is misleading: "the others will have to opt out from this list and choose another" is more accurate. If you cared to read the rest, it should be clear the good/bad ads list is meant to become the default.

    Could you please elaborate what crafting in-page ads (no tracking, no 3rd party servers, no security or privacy risk whatsoever) in a way which is difficult for Easylist to block has to do with security, exactly? Your :thumbd: seems more appropriate for an adblocker with unblocked ads on its webpages... And BTW, "user choice" is not in question here. EasyList has been the default list offered by defaultABP for a long time: very few of its users choose it consciously, and even less choose it because it is the only one including filters tailored specifically for my web sites. On the other hand, users who actually choose to block my ads can do it independently from Easylist, by creating their own filters.

    Regarding the "financial benefit" OMG, I develop NoScript as a full-time job (actually, I work on it even 20 hours a day, when it's needed), and I've got two children with another coming. If you, instead, can afford to work for free, and can prove you've got the needed technical skills, I'll be happy to exploit them for NoScript development and gain a few hours for my sleep :)
     
    Last edited: May 29, 2011
  19. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    It looks like I'm having trouble locating that particular quote. Could you tell me which post it's in? Thanks.

    People opted to install ABP and use filter lists because they want to block ads. So respect that. I just expect the people behind security software to promote user trust by acting in an ethical and responsible manner. But if disagree, then I guess we'll just have to agree to differ.

    FWIW, your ability (or lack thereof) to earn a living is none of my concern.
     
  20. tlu

    tlu Guest

  21. Giorgio Maone

    Giorgio Maone Developer

    Joined:
    Mar 13, 2007
    Posts:
    27
    That's not a quote, but a really easy deduction from posts like this, this, this or this. And this upset post by a filter subscription author seems to confirm that this is not just a "malicious" interpretation, doesn't it?

    Not all ABP users want to block all the ads: many (most?) just want to block the annoying/dangerous ones. This seems to be also ABP's vision, as you can see in the discussion above.


    There's nothing unethical in linking your sponsors (with no trackers and no adservers involved, it's worth repeating), even if those links bypass a popular filter list which holds double standards about "good" and "bad" (why ads on adblockplus.com are "better" than mine?) As I said, users can still choose to hide them if they want: I'm not fighting users, I'm just reacting on Easylist's attacks.

    Also, the ads on my website are not paid per impression, but per product installation. The fact that whenever Easylist blocks them I can see significant drops in revenue logically implies that many Easylist users have no issue with them, doesn't it?

    FWIW, neither your ability (or lack thereof) to understand the implications of the forum posts linked above, nor the security of web browsers had to be my concern, but fortunately for millions of NoScript users (and IE, and Chrome too) I'm nicer than the monster someone tries to paint me ;)
     
  22. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    .org?

    That's amazing!
     
  23. Giorgio Maone

    Giorgio Maone Developer

    Joined:
    Mar 13, 2007
    Posts:
    27
    .com, they're getting serious about business :)

    o_O
     
  24. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Thanks! I didn't know it existed. I had the .org link bookmarked and used to update through Firefox.
     
  25. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Those posts merely explain the rationale behind the decision to provide a separate list. I'm not quite sure how you made the leap to the conclusion that ABP and EasyList will be making users opt-out of the new list; would you care to provide that explanation?

    Yes, it's obvious how you've simply made the decision that - like it or not - that's how it's going to be for your users.

    You're right. What IS unethical to bypass user choice by forcing ads on them whether they like it or not. But I guess we just have different ideas about ethics. Like I said earlier, if as a security add-on developer you have no qualms about foisting ads on your users whether they want it or not, I suppose we'll just have to agree to disagree.

    Come now, Mr Maone. The whole point of this debacle is that you're deliberately making it difficult to create rules to block your ads. Or do users somehow have the ability to manipulate ABP/EasyList in ways that the developers and list maintainers don't?

    And I guess in addition to a lack of sense of ethics and responsibility, you're not quite above fudging the truth as well. In your email published on the EasyList blog post you claimed that "this picture of an evil and obsessive webmaster actively watching subscription authors and changing site design in an effort to thwart attempts is quite off base," and yet here you are, openly admitting that you're reacting to EasyList's "attacks". Am I missing something here?
     
Loading...
Thread Status:
Not open for further replies.