from Hacker News

Show HN: Detecting adblock, without JavaScript, by abusing HTTP 103 responses

by mechazawa on 3/25/24, 2:32 PM with 199 comments

  • by wrigglingworm on 3/25/24, 6:28 PM

    I wouldn't even mind ads if most sites weren't malicious with how they serve them. Do not make a new window pop up, do not try to download anything to my computer without my explicit instruction, do not make me click an x to view the content, do not interrupt the content to serve an ad. Why can't they just have a nice little ad on the left and/or right side of the page that doesn't interrupt my intake of their content? Heck, even on the top is fine.

  • by hedora on 3/25/24, 2:56 PM

    Sounds like it might make sense to drop this early hints feature (whatever it is).

    I wonder how much longer it will be before the next major escalation happens with ad blockers. I can imagine mainstream browsers that fetch unmodified pages and click ads in the background (do subvert pay per click ad business models and make it harder to compute targeting metrics), but then display an ad/tracking-free version in a separate rendering pipeline.

  • by soco on 3/25/24, 3:14 PM

    We're all complaining and blaming the big corporations for the pitiful state the internet got to be now but seems we are all contributing our little to bring it even lower. Because corporations pay, I know, but we are the ones pulling the trigger.

  • by jedberg on 3/25/24, 5:11 PM

    My first question was "Why would someone do this and release it?" but it looks like they answered that question at the end of the README. :(

  • by josephcsible on 3/25/24, 3:38 PM

    Is this already being exploited by any sites in the wild? If not, then I kind of wish that it would have been privately reported to Mozilla and the major ad blocker developers to give them time to patch it.

  • by zzo38computer on 3/25/24, 7:23 PM

    Mozilla says the following about HTTP 103 Early Hints:

    > Note: For compatibility reasons it is recommended to only send HTTP 103 Early Hints responses over HTTP/2 or later, unless the client is known to handle informational responses correctly.

    > Most browsers limit support to HTTP/2 or later for this reason.

  • by guitarlimeo on 3/25/24, 2:54 PM

    This makes sense, but I guess adblockers could just start loading the data and not show it to the user?

  • by thenewnewguy on 3/25/24, 3:06 PM

    Probably too unreliable to use in real life - for example, I suspect many crappy corporate proxies will block HTTP 103 responses as some unknown danger.

  • by kevmo314 on 3/25/24, 2:54 PM

    TIL about HTTP 103, that's pretty neat.

    It seems pretty easy to mitigate this by always loading the early hints though, as in Firefox should adopt Chrome's approach as described in the README.

  • by hn_acker on 3/26/24, 2:58 AM

    Haha. The copyright license is a parody of the MIT license [1]:

    > Copyright (c) 2024 Mechazawa

    > Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software with specific restrictions, provided that the user intends to use the Software explicitly FOR the purposes of evil or advancing evil, including but not limited to:

    > Genocide, Wanton Destruction, Fraud, Nuclear/Biological/Chemical Terrorism, Harassment, Prejudice, Slavery, Disfigurement, Brainwashing, Ponzi Schemes and/or the Destruction of Earth itself,

    > with this, including without limitation the rights to copy, modify, merge, publish, distribute, sublicense, sell and/or run copies Software or any executable binaries built from the source code.

    HN converts single newlines into spaces. The license text on Github [1] has apparently intentionally obstructive newlines within the "paragraphs".

    [1] https://github.com/Mechazawa/103-early-anti-adblock/blob/mas...

  • by ahmedfromtunis on 3/25/24, 6:28 PM

    I really wish the pay-with-compute model stuck.

    Lending webpages some CPU-cycles (probably to mine crypto) in a controlled and safe way would be a win-win(-win) situation.

    Websites won't have to submit to their advertising overlords and still be able to incrementally monetize their content.

    Users won't have to deal with the downgraded experience — while sacrificing compute cycles anyway to download and display the awful ads.

    Even advertisers would win, as they won't have to deal with content farms trying to fake impressions and clicks.

  • by gxonatano on 3/25/24, 9:52 PM

    I think what is needed is rather an adblock detector detector, or something which can trick the detectors into thinking there's no adblock.

  • by lakomen on 3/25/24, 3:08 PM

    Just once and for all understand, people who do not want to see ads and you force ads on them, will not come to your site. All you're doing is making the user experience worse and decreasing your site's worth. And people will remember who was so rude to them.

    I've been there.

    Don't do it.

  • by esbranson on 3/25/24, 6:35 PM

    > Chrome does not allow adblockers to interact with resources loaded using early hints, nor does it display resources loaded using early hints in the developer console.

    I wonder if Brave has these same limitations? Not sure where its Shields JS fits into the architecture.

  • by deadbabe on 3/25/24, 4:01 PM

    SMS is the next big frontier for ads, every few messages with someone you can see a little ad about something related to your conversations. Or if a conversation has gone stale and someone hasn’t replied in several days, inject an ad to wake it back up.

  • by shmde on 3/25/24, 5:00 PM

    If I say whats on my mind after seeing this I will be banned from HN.

  • by _rm on 3/26/24, 8:17 AM

    My strategy for managing ads is adblock + a mouse with a thumb button configured to CTRL + F4.

    If adblock doesn't catch it, my thumb twitch reflex when a popup appears will.

  • by skrtskrt on 3/25/24, 6:30 PM

    Anyone know what happened to ethicalads.io? Website has been offline for over a month, but founders/engineers seem to be active on LinkedIn & GitHub still

  • by Tabular-Iceberg on 3/25/24, 6:18 PM

    If ad blockers go by URLs, why don’t advertisers simply serve ads from the same domain with a path masquerading as content?

  • by failedartifact on 3/26/24, 8:01 AM

    Nit: The use of asci diagrams cause formatting problems when viewing on mobile.

  • by darepublic on 3/26/24, 1:22 AM

    The freedom fighters will find a way to avoid these ads, just you watch

  • by terrycody on 3/26/24, 4:08 AM

    Can someone make this into a Wordpress plugin?

  • by ceving on 3/25/24, 4:44 PM

    It should be illegal to sabotage adblocking.

  • by harrygeez on 3/27/24, 8:47 AM

    does anyone know to make a diagram using text like that in the README?

  • by unstatusthequo on 3/27/24, 12:55 PM

    Are people still relying on only browser plugins to de-trash their browsing experience? DNS is your friend. Block the asshats at their media delivery source. DNS Filter, NextDNS, PiHole...