[Rejected] Whitelisting broken sites

[theouterspace]

I think instead of a whitelist, there should be a "possible whitelist list"

Make a list of websites that adblock things are broken by being blacklisted. If that website is visited then a message comes up saying "adblock thinks certain elements on this page are not working correctly because they are blocked" then give the user to either:

1- permanently whitelist the content or
2- whitelist the content for a period of time (like 12 hours or something) or
3- disable all whitelist suggestions in the future (for people who really dont like to whitelist)

This gives the non technical users the ability to visit websites that might be incorrectly blacklisted ... At the same time people won't feel like adblock has sold out. There's just a new feature to more easily "unbreak" websites that are broken by popular adblock subscriptions.

If you try to a) force the whole whitelist or b) enable the whitelist by default people are just going to feel betrayed.. I highly advise against it.

[revolutions]

1) Stop blocking safe ads, allow websites to make some money from ads that people don't mind too much.

Why do websites have to make money? Can't the website owner get a job to pay for hosting without relying on advertisement money.

Why do programmers have to make money? Can't they get a job to pay for coding without relying on software revenue.
Please tell me you were joking there. Either that, or this whole "Write blogs to help people and get money" thing has gone over my head. You don't think the world is so altruistic as to create entire websites for free, do you?

2) End up at a point where websites can only make money with a paywall.

That won't happen. Paywalls reduce userbase, no website wants that.

If the userbase is giving no ad revenue, why would they care about it?

[Ares2]

I am still not sure what will actually be added to it (and you don't seem to like the idea of providing any examples either)

I would if I could but we are discussing about early ideas for general imrovements of ABP, this hasn't been completely worked out yet.

Fair enough, I guess I will just have to wait. But I still hope this obviously controversial list and it's policy will be open for discussion and especially adjustment if it becomes reality - at that point "it's just an experiment", "it's a temporary solution", "you can untick the checkbox anyway, don't complain" etc. aren't very convincing arguments. Also, not adressing certain worries that in the current circumstances are pretty relevant isn't helping the list's trustworthiness either:

Just to clarify: is there any money involved in this decision?

I just hope that this is not ultimately going to be about all about the money. We've seen a controversial facebook campaign to increase usage numbers (seemed a bit weird and unneeded for an open source project), now this whitelist scheme is revealed where only sites meeting the good advertising criteria are listed. From there it is all too easy for money to change hands and the whitelists grow...

Off topic: I really like the extremes outlined here :

Why do websites have to make money? Can't the website owner get a job to pay for hosting without relying on advertisement money.

If the userbase is giving no ad revenue, why would they care about it?

[Wladimir Palant]

Just to clarify: is there any money involved in this decision?

Ultimately - yes, this is a potential revenue source for the Adblock Plus project. Not at this stage but probably later. Which is all the more reason to define clear criteria so that the impact of this feature is positive no matter what.

PS: It's funny to see how a Reddit "news" that somebody created to get users angry about my proposal actually caused a more differentiated discussion than we've seen here so far...

[Hubird]

Ultimately - yes, this is a potential revenue source for the Adblock Plus project.

Will ABP remain open source ?

[Wladimir Palant]

Yes, Adblock Plus will always remain open source. As I mentioned here (unfortunately in German) - this is explicitly written down in the contract. We have never done anything behind your back in this project and we don't plan on starting.

[revolutions]

Just to clarify: is there any money involved in this decision?

Ultimately - yes, this is a potential revenue source for the Adblock Plus project. Not at this stage but probably later. Which is all the more reason to define clear criteria so that the impact of this feature is positive no matter what.

Can you explain what kind of revenue? Will adservers be able to "buy into" the whitelist? At what point will we differentiate between ads that are clean and are whitelisted for our criteria, and ads that paid to be whitelisted?

PS: It's funny to see how a Reddit "news" that somebody created to get users angry about my proposal actually caused a more differentiated discussion than we've seen here so far...

I think it's pretty lucky that all the Redditors who commented there didn't jump over. There was quite a bit of anger there.

P.S.: The last two "guest" posts were by me--the layout being similar to Mozillazine, I was sure I was commenting from my Mozillazine account. Created a separate account just now.

[revolutions]

... Sorry about that. That last post was supposed to be from this account.

Also, a translation of that German link: http://www.microsofttranslator.com/bv.a ... ct#c003537 [scroll down to comment 11].

[maybee]

How should that checkbox be called? It will definitely have a link next to it leading to a webpage with detailed explanation on the purpose and policies but we still need a simple title.

how about these? you can select one of them.

• Adjusting[controling] the level of blockng list
• protective domains(sites) list
• relief[good, trusted] domains(sites) list

[Wladimir Palant]

Can you explain what kind of revenue? Will adservers be able to "buy into" the whitelist? At what point will we differentiate between ads that are clean and are whitelisted for our criteria, and ads that paid to be whitelisted?

I cannot really comment on the kind of revenue because that would be pure speculation at this point. However, the rules will definitely be the same for everybody - any website on the list will have to meet the criteria. If a website on the list no longer meets the criteria it will need to be removed (which is why I said that the criteria need to be defined in such a way that it is obvious to a human whether a website still meets them).

[nitrox]

If you whitelist a ad domain because it follows your points, the server is still vulnerable to hackers exploiting the server and serving malicious ads.
If the server is not running updated or latest patched version then hackers can exploit the vulnerability to serve malicious ads or drive by downloads.

[p2u]

If you whitelist a ad domain because it follows your points, the server is still vulnerable to hackers exploiting the server and serving malicious ads.
If the server is not running updated or latest patched version then hackers can exploit the vulnerability to serve malicious ads or drive by downloads.

You can say that again. On anti-malware.ru (Russian security forum) we've had that more than once; mainly nasty fake-AV's that block you out of Windows for a ransom (delivered through holes in Google Adsense and of course easily bypassing regular security suites). Also lots of porn-spammers abusing the usually white-listed image-host servers to shock the community. Just don't tell the webmasters; they don't want to hear about it. It's our problem, not theirs... No wonder people who participate there (mostly security experts) apply a default deny approach and block ANY third party, either with a proxy or with tools like ABP.
P.S.: I hope that if this experiment succeeds, the owners of white-listed resources will apply the "scratch my back and I'll scratch yours" approach and will do everything they can to prevent this from happening.

Paul

[Wladimir Palant]

If you whitelist a ad domain because it follows your points, the server is still vulnerable to hackers exploiting the server and serving malicious ads.
If the server is not running updated or latest patched version then hackers can exploit the vulnerability to serve malicious ads or drive by downloads.

Unfortunately, the same is true for every other website. Ads are only a prominent target because the same ads are used on a large number of websites. It's exactly the same with all the third-party widgets however that are way too popular right now, e.g. I can imagine that hackers would love to hack Facebook's "Like" button (don't worry, the button in Adblock Plus itself is all static, nothing like those on web pages). Which is why I talked about third-party scripts at the beginning, they are very critical security-wise. Unfortunately, it seems that this ship has sailed - webmasters love third-party widgets and I don't see us (or anybody else) in the position to change that. And scripts are the preferred way to use such widgets because the widget providers like to have full control and webmasters usually don't see the implications.

To sum up: I don't like the current situation any more than you do. But we have to choose our battles and try to change what we realistically can change.

[lewisje]

I think that in the struggle between security and usability, the more usable solution should be the default in this case; I'd still default-deny the ad-servers, and if the social-networking widgets get hacked too then I'll start using Fanboy's Annoyances or Adversity Antisocial, but most users are primarily concerned about still being able to use the sites they visit, and they're willing to see ads if that's what it takes to be able to use some websites.

[tlu]

[ Which is why I talked about third-party scripts at the beginning, they are very critical security-wise.

It seems that you're finally becoming a Noscript fan