Ad blocking is on the rise

“The following message was paid for by our malvertisers”

No adblocker

It is becoming more and more common for internet users to block ads as they browse the web.

Yes, it hurts the pockets of websites that rely upon advertising to fund their content creators and infrastructure costs, but the truth is that the average man in the street is sick to the back teeth of malicious ads infecting their computers, their browsing being slowed down, and having their online activity tracked.

As The Guardian reports, a study by the Internet Advertising Bureau has found that 22% of British web users over 18 years old are using ad blocking software.

Sign up to our free newsletter.
Security news, advice, and tips.

That’s up from 18% in October 2015.

Of course, some websites are worried about the loss of revenue that ad blocking is causing. More sites are beginning to put up walls, asking readers to allow-list their sites so adverts can still be shown or encouraging readers to sign-up for a low-cost ad-free subscription.

It remains to be seen if these tactics are successful or not.

One thing that I think would help make readers less nervous of allow-listing a site’s ads is if they felt a greater confidence that the ads had been properly vetted, rather than simply spat into the site’s sidebar by a third-party ad network. Maybe we need more sites take on the responsibility of hosting the ads on their own servers, and have a direct relationship with their advertisers.

I don’t know what the solution is, but I’m glad I don’t have to rely upon web advertising to pay my grocery bills.

It does feel, however, that some sites are going out of their way to make users feel bad about running an ad blocker – as though it’s not a sensible thing to do when you surf the internet.

Maybe the boot should be on the other foot, and those of us who quite like ad blockers should take a stand too.

I wonder if I started blocking access to content on my site to anyone not running an ad blocker? What do you think?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

15 comments on “Ad blocking is on the rise”

  1. Bob

    There are a multitude of decent ad-blockers out there.

    I run one to on my mobile (a couple on my computer) to prevent overly intrusive interstitial ads appearing and ruining my browsing experience, to reduce the annoying pop-ups, pop-overs and pop-unders and to minimise the risk of me being infected my malware.

    An ancillary benefit is that by reducing those pesky ads pages load far more quickly because they reduce the amount of crap that is downloaded and, for users on limited data plans, you're saving yourself money.

    iOS users are okay – Apple allow you to use them and they integrate seamlessly with the native web browser (Safari).

    TIP: if a page doesn't load correctly in Safari then press and hold the refresh button in the address bar and it'll give you the option to reload the page without blocking ads; that 'hidden' option isn't immediately obvious.

    Android users are shafted – Google make money by selling your data and they do their best to prevent ad-blockers.

    Windows phone – I don't have much experience of this platform but my guess is that because of the low user numbers nobody has developed a decent ad-blocker.

    1. Crepuscule · in reply to Bob

      Huh? Android is pretty well covered –> https://adblockplus.org/android-install

      As for the Windows phone users, "cyber darwinism" and all that.

      1. Bob · in reply to Crepuscule

        http://www.androidpolice.com/2016/03/01/google-explicitly-bans-ad-blockers-from-the-play-store-except-all-those-ad-blocking-web-browsers-apparently/

  2. David G

    I think you need to send this article to John Whittingdale who appears to be the latest poorly-advised IT-illiterate government minister. See bottom of page…http://www.bbc.co.uk/news/entertainment-arts-35708623

    1. Bob · in reply to David G

      How are his comments "poorly-advised"? They seem to be an accurate statement; in fact they echo what Graham Cluley says.

      Quote:

      He pointed to research that showed while people do not dislike online advertising in general, they do not like advertising that "interrupts what they are doing", such as auto-play adverts and pop-ups.

      "If we can avoid the intrusive ads that consumers dislike, then I believe there should be a decrease in the use of ad-blockers," said the culture secretary.

      1. Dvaid G · in reply to Bob

        How does this echo Graham when what he said above was " the truth is that the average man in the street is sick to the back teeth of malicious ads infecting their computers, their browsing being slowed down, and having their online activity tracked." ???

        1. Bob · in reply to Dvaid G

          Graham said:

          "One thing that I think would help make readers less nervous of white-listing a site's ads is if they felt a greater confidence that the ads had been properly vetted…"

          The government minister said:

          "…while people do not dislike online advertising in general, they do not like advertising that "interrupts what they are doing", such as auto-play adverts and pop-ups."

          "… he would be meeting "representatives from all sides of the argument" in the coming weeks to discuss the issue, adding that he did not think ad-blockers should be banned."

          I can't see from any of his comments that the government minister is "poorly-advised".

          He's making a sensible statement and one which Graham has touched upon – properly vetted ads (e.g. clear of malvertising, not intrusive etc.) would be accepted by most consumers.

          In fact Graham himself uses advertising on this site – see 'This week's sponsor' underneath the blue banner at the top of the page. Clearly he accepts (as do many others) that advertising is necessary, just not in its current third-party form.

  3. furriephillips

    Hi Graham,

    I think that's a perfectly good idea – I'd be happy to be shown an alternate page, warning me that I'm browsing insecurely, as long as the page linked me to some top flavoured Ad blockers, so that I could secure my shit and come back & view your super content :)

  4. stateside

    Krebs site is a good example of vetted ads by a responsible author

  5. Steve Media

    Seriously – the ad industry and those who use to finance their content COULD of abided by the Do Not Track standard – but most places did not.

    It COULD be simple to show ads that are not hacking visitor's systems with drive by malware.

    Instead we have gotten to this point where users NEED to block third party scripts in order to be safe, you can't blame the pop ups and malware on porn sites any more, yahoo and huff post and many others have distributed horrible malvertising – not on purpose, but certainly greed / lack of proper investment in tech / vetting.

    There are ads like in newspapers that don't cover the whole page, don't animate and slow down your paper, and don't auto play loud noise to interrupt everyone around you, and don't track what you read, and sell that info to dat combining places who are building up profiles on people.. those kind of ads are fine.. the kind we've been hit with time and again are inappropriate and deserve to be blocked.

    I don't think all ads should be blocked all the time, and I don't think whitelisting a site makes anyone safer – I do think a new standard for "fairblock" may be an answer / part of the solution.

    More on this fairblock idea here: http://www.ideasandwritings.com/02/adblock-into-fairblock/

  6. Katy

    For sites that I really like, I do tend to relent and add them to my whitelist… but, I also don't have Flash or Java installed on my computer. Ideally I would also like to disable Javascript, but doing that makes it almost impossible to view many web sites. In any case, keeping my computer fully patched and updated, and removing unsafe software like Flash, does provide some mitigation against malicious advertising.

  7. Mark

    I really don't understand this fixation with ad-blocking. They are just white noise, ignore them. Similar to fast forward on a Sky/Humax.

    1. Graham CluleyGraham Cluley · in reply to Mark

      No TV adverts track what channels you're watching.

      No TV adverts infect you with malware.

  8. Ants

    @Bob Whittingdale's poorly advised because he should be speaking to the ad agencies to ensure their security, not complaining people for using ad blocking!

  9. coyote

    Most important:
    'I wonder if I started blocking access to content on my site to anyone not running an ad blocker? What do you think?'

    No. You should encourage them but you shouldn't block because the fact you do everything you can to raise awareness is far more important. I understand it might be a rhetorical question but I think (even if I wasn't one to enjoy answering rhetorical questions) this one especially should be answered because definitely your attempts (difficult as it is!) at raising awareness is especially important (it's not even a matter of thinking it true; it is true).

    'It remains to be seen if these tactics are successful or not.'

    That kind of manipulation – and it most certainly IS manipulation whether anyone admits it or not – would have the opposite effect for me (which is not to say that it is reverse psychology; indeed even if they suggested I do use an ad blocker I would still do that – and noscript especially [although I use more than that]). That is how everyone should act (to manipulation), too, although I realise many will sympathise with the organisations (if they're going to show sympathy they should show it for everyone who has to deal with their rubbish). They want adverts? They should have never created problems – and malvertisements is only one type of problems.

    'Maybe we need more sites take on the responsibility of hosting the ads on their own servers, and have a direct relationship with their advertisers.'

    I've said it for years: websites really should stop referencing third party servers which then also reference additional servers, going to ridiculous depths. This isn't only about security. Obviously I'm not referring to embedded youtube clips (or similar).

    That's something noscript is really useful for: enable only as many scripts (sites) as necessary and then it will make things easier (after you have a decent list). It also has the benefit of detecting clickjacking, XSS attacks and other things. But it is irritating when I have to enable all scripts for a website (or some sites) and then reload, then do it again, and then again, and again N times.

Leave a Reply to Bob Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.