Because I work at Stanford I have a discounted subscription to the New York Times, so I'm that rarity on the Web, a paying customer. You would think they would try to make my Web browsing experience pleasant and hassle-free. So here I am, using my hotel's WiFi and Chrome on my totally up-to-date Google Nexus 9 tablet with no ad-blocker. I'm scrolling down the front page of the New York Times and I notice a story that looks interesting. My finger touches the link. And what happens next amazes me. In fact, it tips me over the edge into full-on rant mode, which starts below the fold. You have been warned, and I apologize for two rants in a row.
So, why do I pay the New York Times $7.50/month? Two reasons:
- First, in any society it is useful to know what the governing elite wants you to think. That's why Soviet citizens read Pravda. Its why Chinese citizens read the People's Daily. It's one reason I read the New York Times. For example, the governing elite wants you to believe the too-big-to-fail banks weren't to blame for the 2008 financial crash. Of course, they were to blame, but its useful to know you're not supposed to believe that.
- Second, as well as the instruction in right thinking, the paper publishes work by reporters that I usually enjoy reading. For example John Markoff, or Gretchen Morgenstern.
With that preamble out of the way, lets see what happened when I followed the link to the story:
- The first thing that happened was, well, nothing. There was a brief pause until:
- The URL in the headline bar changed from http://nytimes.com/ to the URL of the story, but I'm not seeing the story, I'm still seeing the content of the front page.
- Then the top of the story became visible in the bottom 2/3 of the window with a large blank space above it. I started to read the article.
- I got to the end of the text that was visible in the window, and scrolled down.
- I continued to read for a short time, until:
- Without me doing anything, the page jump-scrolled back to the top, so I saw the text I'd already read with an advert where the blank space had been.
- So to continue reading, I scrolled back to where I had been. The page started fighting me. As soon as I lifted my finger, the page jump-scrolled back to the top.
- I tried to scroll back again, but now the page was immovable. No matter what I did, the page had stopped scrolling. All I could see was the section of the page that was visible initially. And the ad.
I'm paying the New York Times so I can read the articles but their ad system is preventing me getting the content I HAVE PAID FOR!
I AM NOT OK WITH THIS!
Sigh! Rant over.
This actually happened back in April while I was at the IIPC's General Assembly. I wrote the rant above, put it aside to add more information, then forgot about it. I tried re-visiting the page, but of course the ad system fed me a different, less obnoxious ad, so the experience wasn't repeatable. But last week I had a similar experience, when an ad on the New York Times grabbed the page I was reading away from me so I wasn't able to finish reading it. I had to kill and restart the browser to regain control. So I was reminded of this unfinished post.
The ad networks' name for this robotic deception is 'ad fraud' or 'click fraud'. ...
Ad fraud works because the market for ads is so highly automated. Like algorithmic trading, decisions happen in fractions of a second, and matchmaking between publishers and advertisers is outside human control. It's a confusing world of demand side platforms, supply-side platforms, retargeting, pre-targeting, behavioral modeling, real-time bidding, ad exchanges, ad agency trading desks and a thousand other bits of jargon.
Because the system is so automated, and because there's no way for the reader to complain to the New York Times about an ad, especially because the reader no longer has control of their browser, and even if there were the problem is unrepeatable, the New York Times probably never even finds out that someone paid them to degrade the reader's experience. They are happily ignorant of why their customers are up to here with paying for this kind of miserable user experience.
It turned out that this was only one of three Angler malvertising campaigns. Similar attacks are routine. Many of them happen when systems in the complex ad ecosystem are compromised. So the trustworthiness of the New York Times as a place to visit depends on the trustworthiness and the security systems of everyone in the ad ecosystem. The New York Times probably doesn't know who the entities in the system they deal with are themselves dealing with, and who those entities are dealing with, and so on. And it certainly can't audit all their security systems to see whether they match the New York Times' (assumed to be) impenetrable security.
Publisher Traffic (monthly)* msn.com 1.3B nytimes.com 313.1M bbc.com 290.6M aol.com 218.6M my.xfinity.com 102.8M nfl.com 60.7M realtor.com 51.1M theweathernetwork.com 43M thehill.com 31.4M newsweek.com 9.9M
* Numbers pulled from SimilarWeb.com.
As John Oliver points out, news organizations are in big trouble because:
One news industry veteran, who has long since ditched newspapers for radio, once summed up the situation perfectly for me. "It's not that newspapers don't make money. They just don't make enough money for their greedy owners."They are in such desperate pursuit of these long-gone margins that they have sold off control of their user experience to the highest bidder. They wonder why people don't trust them and run ad-blockers. They refuse to supply content to those who do.
Historically, newspapers have had sky-high profit margins. At their peak in the late 90's, seven publicly traded media companies saw profit margins at nearly 30%. The now-defunct American Journalism Review even reported in October 1994 that the Warren Buffett-owned Buffalo News had a 34.6% profit margin.
Trevor Pott on The Register's Sysadmin Blog sums it up:
I'm not turning off my browser's defences. It isn't going to happen. I've been bitten one too many times by malvertising and other web nasties and those shields are staying very, very up. ... Ad blockers aren't just for the lazy and the selfish. They are part of browser defence and are absolutely mandatory on today's web. There's no getting around it: advertising has been a vector for malware for far too long. The trust is comprehensively lost and it isn't coming back.This will not end well, as the arms race between Facebook and AdBlock Plus shows. First, as Casey Johnston writes at the New Yorker, if Facebook succeeds it is another nail in the coffin of the open Web:
Publishers are caught between a rock and a hard place. Advertisers often demand that you use the ad networks they are familiar with. The ad networks see no percentage in ensuring clean ads. The publishers have little to no control. If they want to stay in business they need to advertise, and they need to use the advertising networks the advertisers demand.
To understand Facebook’s motivation, it helps to revisit Apple’s mobile ad blockers, which the company introduced last year. Apple’s mobile ad blockers, which have earned a lot of attention, work only on Safari’s mobile browser. But Apple’s entire mobile platform is built on closed-system apps, not Web-based sites. Ads served within these apps cannot be blocked by anything, not even Apple’s own ad blockers. So, by blocking Web-based ads, Apple’s move would, in theory, drive businesses away from the open mobile Web, where the future of advertising is shaky, and toward apps, where there are fewer business variables. It’s not a coincidence, either, that Apple makes money from apps through both sales and advertising, while it earns nothing from its mobile browser.Second, as Cory Doctorow writes, if AdBlock succeeds they get to censor the Web:
What was true of Apple then is even more true of Facebook now. Over the last few years, Facebook has seen rapid growth within its mobile app, where blockers don’t work and it can easily control the ad experience in the same way that Apple can control the app experience.
If online services successfully make ads and content indistinguishable to attempts to block them, content becomes the only target to work onYet again, it is lesser-of-two-evils time.
A blunter tool than ad blocking as it mostly works now (if you let it block 𝓫𝓻𝓪𝓷𝓭, you'd never see your friends talking about 𝓫𝓻𝓪𝓷𝓭), this has far greater potential for censorship and other unpleasantness, once a successful provider ends up in a middle-man position akin to the one Ad Block currently has.
Imagine how easy it would be for Ad Block 2020 to influence an election if it had evolved to understand the political meaning of any given block of content—having long ago established the legitimacy of this approach by backing user-end controls in Facebook's war on them.