:blobnotlike: blocking ads is evil grr
:blobuwu: HTTP is a pull-based medium. it is within the original philosophy of HTTP to selectively pull the data, for example, a device that doesn't support images won't download them. by circumventing ad "blocking", you are spitting in the face of HTTP. a more accurate term would be ad rejection. ads are not "blocked", they are simply not asked for.


@lynnesbian Which is why Google and pals were pushing (pun intended) HTTP 2.0. Also why they’re pushing for obfuscated/binary formats. We’re already seeing CDNs bake in content and ads and proxy tracking via first-party calls etc., to circumvent blocking. In extension-based blockers that can run arbitrary JavaScript, what we have is literally a JavaScript battle in your browser as the blocker and anti-blocking scripts go at it in a game of cat of mouse. Adtech is malware.

@aral @lynnesbian Can you give an example of the first party tracking injection? I wonder if Tor Browser's first party isolation already makes this useless. (You also get this experimentally in Firefox in PB mode).

@irl @lynnesbian Sure; will look it up properly and have a chat with Laura (who deals with the sewer on a daily basis) when I get a moment and send you a link. We also have issues filed in the tracker. Feel free to ping me again if I faff.

@aral @irl @lynnesbian

I'm curious too... Please mention me when you have some example...

@aral @lynnesbian push isn't forced; the protocol sends a push frame to say it wants to push and the client is ultimately in control of accepting or rejecting it. The binary format saves processing time (e.g. faster) on both ends, in both directions, and takes less bandwidth to transport and power, making it better for the environment.

@dshafik @aral @lynnesbian I think it's popular here to hate Google, justified or not.
A lot of the tech enables soooo many cool things but "nooo they just want to push ads on you". Ffs people, there's a guy running a free photoshop in a browser. Web and web getting capabilities is a _good_ thing for us all!

@zladuric @dshafik @aral @lynnesbian

#Ads are the least annoying issue with #Google.


As for HTTP/2, it's not a #Google thing, but Google is who gains a comparative competitive advantage by its introduction and implementation complexity.

We should always remember that each increment in complexity strengthen the position of the biggest players and often half-addresses the problem they created.

@aral @lynnesbian also, TLS is an obfuscated binary format, arguably… are you against that too?

@dshafik @lynnesbian Yeah, man, I’m definitely against TLS. You really got the measure of me there. Tell me, are blocks on Mastodon binary formats?

@dshafik @aral @lynnesbian

Uhm... well I'm against TLS abuse...

Would you like to prove I'm wrong? :-D

@Shamar what abuse do you mean? Except for rogue CAs/nation states, and — to a lesser degree because HSTS — network operators, I'm ignorant of other abuses. Obviously I'm against those abuses I mentioned though. (Also, removed others, as a courtesy).


Exactly: very good example of #incompetence and #GroupThink: disable JavaScript by default and you will completely block the attack described and with proper mitigations it also improve security when the user willfully enable it: bugzilla.mozilla.org/show_bug.

#LetsEncrypt can make them worse: fireeye.com/blog/threat-resear



In general, people who cannot think a context where NOT to use a technology, are not ready to use it and need more study of the topic.

@Shamar this is a very polite way of calling me ignorant, nice job 👍🏼

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.