Superfish Injects Ads In 1 In 25 Google Page Views 91
An anonymous reader writes: A new report from Google has found that more than 5% of unique daily IP addresses accessing Google — tens of millions — are interrupted by ad-injection techniques, and that Superfish, responsible for a major controversy with Lenovo in February is the leading adware behind what is clearly now an industry. Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.
To save the internet from fake ads (Score:5, Interesting)
Google sez we must remove ad blocker functionality!
I smell an ulterior motive..
Re: (Score:2)
First they came for the non mobile sites
Then they came for the ad blockers
??????
Profit!
Re: (Score:2)
Keep in mind that Google themselves promotes AdBlockPlus pretty heavily within their Chrome store, and that Google is whitelisted in ABP.
If this is indeed an ulterior motive, then it would seem to indicate that Google has become concerned about other ad blockers that fall outside their control.
Re:To save the internet from fake ads (Score:4, Informative)
Google sez we must remove ad blocker functionality!
I smell an ulterior motive..
Reading comprehension fail. The summary says:
Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.
I'd expect that most users who install ad blockers consent to having it modifying the browser environment.
No control is the real issue (Score:5, Funny)
As a serious coffee consumer, their main problem is you can't customize the cup of coffee. I drink so much coffee that I started making it weaker, and weaker, and then half strength. The last time I stayed in an office with a Keurig setup, I think I nearly killed myself before I realized what was happening.
I'd love to have one, but the 'my way or the highway' reality of those little cups doesn't work. And don't even start on the cost.
Re: No control is the real issue (Score:1)
Lol wut
Re: (Score:3, Informative)
I have no idea. It looked a lot like the previous story on the screen!
Shouldn't have used the words "no control"
Re:No control is the real issue (Score:4, Funny)
So even the Keurig 2.0 is infected by Superfish? This is worse than I thought!
Re: (Score:2)
How many cups do you drink total, though?
1) Get double-capacity mug.
2) Half fill with hot water.
3) Make one K-cup of coffee
4) Pour in larger mug.
5) Ta-da. 50% strength coffee,
Re: (Score:2)
How many cups do you drink total, though?
1) Get double-capacity mug.
As it happens, the SO got me this great TF2 'cup.' As it's double sized, I'm usually on #13-14 before I realize I need to Set the Twinkie Down and Step Away(tm)
Adding water is just.... gads, equal parts repulsive and rational
Re: (Score:2)
I am humbled the score 5 Funny for "No control is the real issue". I should reply to the previous post more often!
I'd like to point out by "no control" I was really talking about Google, Apple, police brutality, congress, Depends, the morning after Super Sushi Night and memes with cats
well, of course it does. (Score:2)
Or disable javascript (Score:5, Insightful)
whoever thought running scripts from random sites and ads was a good idea?
Re: (Score:2, Insightful)
90% of sites now don't work at all without javascript. It makes for a very boring internet.
Just don't allow all JavaScripts. (Score:5, Informative)
Re: (Score:2)
Seems interesting and reasonable.
How do you do this? With Ghostscript/NoScript/...?
Does it work well? A lot of websites use 3rd party js plugins for map display for example.
Re: (Score:1)
Re: Or disable javascript (Score:1)
Then leave. Those 90% of sites click baited you anyways. They never offered you anything that the 10% of actually functional sites can't do. Quit following the crowd if you despise it so much. Nothing I go to breaks from not allowing 3rd party connections and that includes here, YouTube, twitch...
Anyways, your 90% is BS because YouTube is 90% and it's not broken.
Re: (Score:2)
90% of sites now don't work at all without javascript. It makes for a very boring internet.
Most sites work fine once you enable their main URL. The ones that show up with a list a mile long of script sources are the ones where you just click the "X" instead.
Re: (Score:1)
whoever thought running scripts from random sites and ads was a good idea?
Probably the person who never realized somebody could run malicious activities from programs executed on your own computer, and that networking would turn it into a giant furball for the rest of the world.
1/25 = 4% not 5% (Score:1)
Jeez!
Re: (Score:2)
4% is Superfish, 5% is ALL ad injection. Jeez.
Math check (Score:2, Informative)
Since when is 5% the same as 1 in 25??
Re:Math check (Score:5, Informative)
5% of IP addresses accessing Google are interrupted by ad-injection techniques, and Superfish is the leading adware
Re: (Score:3)
ad injection isn't all Silverfish does (Score:1)
It also hijacks all your SSL/TLS sessions via MITM attack with the installation of a self signed root cert. It also goes to some unusual lengths to hide itself to prevent uninstallation, IIRC. It's straightup spyware.
Why should add blocking require side-loading? (Score:2)
Why should the add blocking plugin require side-loading without user interaction?
It don't as far as I know.
Re: (Score:1)
Only crippled adblockers for chrome do that.
Re: (Score:2)
Re: (Score:3)
Google is providing a service, or is serving ads on behalf of the webpage owner you are viewing.
Superfish is getting ad revenue without providing you a service.
If you can't tell the difference between a legitimate and limited advertiser and leech malware then you need your eyes checked.
Re: (Score:2)
Can you tell when looking at a normal webpage which ads are legit and which ones aren't?
The answer is of course no.
All advertising is malware.
Re: (Score:3)
I don't see ads because I run adblock.
But I'm not deluded enough to believe ads don't have a legitimate use.
Slapping a sponsored link to adobe at the top of my search for "pdf editor" is vastly different than overwriting the links and sending me to a hack job website trying to sell me genuine counterfit handbags, black magic love slavery spells, and adobe pro licenses for 1/10th what they normally cost.
Re: (Score:2)
Exactly my thoughts. Both do it against the users interests.
But at least Google is nominally in control of the page, so they have a certain right to do it. Superfish would argue that the user installed it, and so they have a right, too, but the way that it prevents removal indicates otherwise.
Advertiser: Don't Block Ads (Score:1)
So Google, an advertising company, recommends that browser developers disable the capabilities that ad blockers rely on? Surprise, surprise. It sounds a little too much like the FBI saying we shouldn't use encryption because a few terrorists or perverts might take advantage. Sorry, I'm not into throwing out the browser with the bathwater.
Firefox hasn't been doing so well lately, but getting out of bed with Google might have been a big benefit.
Re: (Score:2)
So Google, an advertising company, recommends that browser developers disable the capabilities that ad blockers rely on?
Actually, they recommend browsers disable those capabilities unless the user consents to enabling them.
Re: (Score:2)
Actually, they recommend browsers disable those capabilities unless the user consents to enabling them.
Right, disable user-positive features by default unless the user reconfigures their browser to the contrary.
No, disable potentially user-positive and potentially user-harmful features unless the user approves on a dialog containing suitably-scary text so they will stop and think about whether or not they trust this extension that they're giving control over and visibility into all of their browsing.
It's fine to actively prompt; no need to require users to go searching for the setting. But it's important to give users the control, so drive-by extension installs (like Superfish) don't assume it for them.
25th Post! (Score:2)
Buy Viagra!
Double your pleasure (Score:2)
No, Stupid (Score:2)
The relevant software products that are getting extensions sideloaded into them -- Firefox and Chrome -- are both open source. If a vendor like Lenovo wants to put ads in your browser with an extension, what do you think is going to happen when Google shuts off outside extensions in Chrome? That's right -- they're going to ship a fork of Chromium and call it "Lenovo Browser" and make it the default browser. You read it here first, folks.
The solution, for consumers, is simple. Don't use the pre-loaded OS ins
Re: (Score:2)
You can't kill your way through an idea, unless you kill every last human on the planet.
They're working on that, too.