Forum - View topicOffsite advertising
|
|
| Author | Message | |||||
|---|---|---|---|---|---|---|
|
PetrifiedJello
Posts: 3782 |
||||||
I block any requests from servers which the content was not referred to by the url I'm visiting because of issues similar to this. Most of this information isn't known to the public, but these issues are increasing, especially when many websites are farming because it's cheaper for everyone involved. It may suck to host ads on ANN's server(s), increasing bandwidth, but it's audacious ANN expect us to trust ads coming from servers which periodically cause ANN and its users trouble enough to have to create an "Intrusive Ad" forum to deal with the issues. Just something to consider when asking people to support ANN. |
||||||
|
Takeyo
Posts: 736 |
||||||
|
My reasons for running the add-ons mirror PJ's. I just don't trust many third parties and like to see where requests and scripts are originating. Even so, I tend to let advertising through on this site both because I know it helps pay the bills and, more pragmatically, I'm actually interested in advertising related to anime and manga (not so much the Dyson vaccuum and MTV programming commercials I've seen in the video player, however).
|
||||||
Tempest
I Run this place.ANN Publisher Posts: 10539 Location: Do not message me for support. |
||||||
Hosting ads on other domains has nothing to do with bandwidth. We do use a CDN for bandwidth reasons, but we could easily put all the ads we shift to the CDN on "animenewsnetwork.com" regardless. What's more, none of the ads moved to our CDN are the ones you need to even concern yourself with, those are image and flash ads. The potential problems come from scripted ads. Unfortunately all advertising agencies and ad-networks require the use of scripted ads. If we stop accepting scripted ads, we can kiss all blue-chip advertising goodbye. No more ads from Toyota, Warner Bros, etc... Unfortunately, some networks are lax in testing their client's ads for security problems. Google Ads for example. Because of this, we started hosting all scripted ads on 4nn.cx. By moving them to 4nn.cx, the default security settings in modern browsers stop the ads from doing anything they shouldn't. For example the exploit you just linked to. By default, it doesn't work if the script is hosted on a domain other than the one you're visiting. This was largely designed to protect our visitors from things like pop-ups, layovers, redirects, etc... But it provides similar protection against some hijack attempts and security/privacy issues. Of course it isn't in any way foolproof, but it is beneficial. With the default browser settings, 4nn.cx protects visitors to ANN. We're not willing to give up the fact that we're able to protect the majority of users who don't understand any of this, in order to make the site work better for the small number of users who block content for security reasons. Secondly, I honestly don't believe that most of the people blocking content are doing it for security. They're doing it because they don't like ads. We could completely do away with this whole discussion by moving all ads onto AnimeNewsNetwork.com (and still host the bandwidth intensive ads on a CDN, that's easy), but that would increase the possibility of invasive advertising for most of our users (the ones with default internet settings). On a related note though, I am thinking of ditching Google Ads. Most of the problems come from there. Last edited by Tempest on Thu Jan 27, 2011 2:35 pm; edited 2 times in total |
||||||
|
PetrifiedJello
Posts: 3782 |
||||||
Of course, completely understandable.
Thank goodness!!!!! Not that I've anything against Google, but I concur with this.
This is good to know and I hope this gets posted in a reasonable location for those who do block 3rd party domains (which I do, aside from streaming). *adds 4nn.cx to whitelist. Though, not sure if this will do anything since I'm a subscriber turning them off. |
||||||
Tempest
I Run this place.ANN Publisher Posts: 10539 Location: Do not message me for support. |
||||||
I completely rewrote my above response. As for adding 4nn.cx to your whitelist, I actually don't know what kind of effect that will have (I have no idea what security software you are using, or if you're just using more restrictive browser settings, and even if I did, I wouldn't know how it affected this). If your whitelist makes it such that 4nn.cx is completely trusted, then you may lose the security benefit of the sandboxed ads. That said, if you block advertising in your subscriber settings, it won't affect you in any way... |
||||||
|
PetrifiedJello
Posts: 3782 |
||||||
And I'm re-writing this one. I added 4nn.cx to the white list, but it was irrelevant given it wasn't even on the blacklist (I didn't want to peruse it and just assumed it was an ad farm). If users block this domain, there's a reason why the page will break... looks like Dan put a few other files out there as well, like the stylesheets (rather important if one wants a pretty page). Regardless, one needs to be careful about the assumption people are purposely blocking ads. You'd be surprised at how many people use software they don't know what it does. Someone sees "AdBlock" and just assumes all the ads are blocked, but may not realize they're blocking more than just ads. (something one of our clients just realized when their filter software was updated and included several of our aspx file names). It's tough for websites like ANN, but it's unfortunate there are "web developers" out there who feel an intrusive ad is an effective ad, leading to the development of this software. Remember pop-ups? As for those ads people are blocking, perhaps this is an indication the ad's more intrusive than it should be. People generally don't block ads unless they're annoyingly bothersome. Heck, I have to turn off my Strike Witches ad because I'm at work. Last edited by PetrifiedJello on Thu Jan 27, 2011 3:54 pm; edited 1 time in total |
||||||
|
Takeyo
Posts: 736 |
||||||
|
So the script for the tabs at the top of ANN pages, as well as some of the forum code, is now apparently coming from 4nn.cx. If ANN is also using that domain for third party ad scripts, that makes me a bit nervous. Maybe I'm just being paranoid, but while I don't mind pulling resources off the domain, I'm not crazy about having to choose between the site not working as intended and explicitly granting permission to off-site code.
|
||||||
|
Dan42
Chief Encyclopedist
Posts: 3817 Location: Montreal |
||||||
|
I think there's a fair amount of confusion about cross-site scripting. Hosting scripts on a different domain is no different than hosting images on a different domain, and in fact no different than hyperlinks in general; that's cross-site linking (aka "pulling resource off the domain"), and the web is MADE OF cross-site linking.
The security comes from where the script is *running*. Ads running in a 4nn.cx iframe cannot interfere with a www.animenewsnetwork.com page. But I must admit that using bob.animenewsnetwork.com would have been just as effective as 4nn.cx at stopping misbehaving ads; I did not realize that when I first made the ad sandbox. As for our newly implemented CDN content, the only reason I used 4nn.cx was to make the urls in the page shorter. But given the problems described here I think I'll stop using that domain for content, including ads. |
||||||
|
Dessa
Posts: 4438 |
||||||
|
Does moving the ads to another host fix the auto-refresh ad-nauseum problem? That's why I had to install ad-block, because my browser kept crashing from auto-refreshing (and my "don't allow redirects" setting won't stop the refreshing).
|
||||||
| All times are GMT - 5 Hours |
||
|
|
Powered by phpBB © 2001, 2005 phpBB Group
I Run this place.