clever google: httpS <--ok ad blockers, you have your hands full now

[superboyac]

So if you guys have noticed, google is sticking the https on all their stuff lately.  First, it started with their google searches, they are now default https whether you are logged in or not.  That's why you may have noticed the yellow ads at the top of your searches now, where your ad blocker would have blocked it before.  Also, for the first time in however many years, I am now seeing ads on youtube.  I have never seen Ad Muncher miss an add previously on youtube.  And i look up, and lo and behold, the https is there.

So google is now implementing this clever little trick.  So Ad Muncher, I hope you soon figure out how to block https.

[superboyac]

Well this is not good news...straight from the developer of Ad Muncher's mouth:

I guess I wasn't being clear.

It's encrypted to prevent it from being read or modified.

That includes modifying it to remove the ads.

Ad Muncher will more than likely never filter https pages.

Either another company will be able to figure out how to block it, or I'll probably say goodbye to youtube for the most part.  Already, i don't use it much anymore because it is quite an unpleasant experience and is only getting worse.  Good job google.  See ya.  I hope google remembers that it took off when it offered a much more pleasant search engine than yahoo and whatever else was around at the time.  Now, they are the ones making their own search and products unpleasant.  And the masses may be fine with it for now...until the new google alternative arrives.

[4wd]

I've been running Google searches/mail over HTTPS for 3+ years - don't have any problem with ads.

Perhaps you need a better ad remover?

eg. AdBlock+ disabled

clever google: httpS <--ok ad blockers, you have your hands full now

AdBlock+ enabled

clever google: httpS <--ok ad blockers, you have your hands full now

[rgdot]

Same as 4wd, AdBlock+, haven't seen yellow area in years.
(Google, any site really, with https is a good thing.)

[app103]

Can't help with the youtube ads, but the ads in search can easily be hidden if you are a Firefox or K-Meleon user, with the userContent.css file.

I posted how here, about a year ago: https://www.donation....msg271805#msg271805

[superboyac]

Very interesting...
If Adblock+ can block it, why is the Ad Muncher developer saying he can't?  Is he bullshitting so people won't complain?

[mwb1100]

If Adblock+ can block it, why is the Ad Muncher developer saying he can't?

-superboyac (December 02, 2012, 01:01 AM)

I think it's because the blockers that run as a plug-in deal with the content from inside the browser so it deals with the page from the DOM - after it's been decrypted.  Ad Muncher is a proxy - it doesn't run inside the browser, so it deal with the raw HTTP stream between the browser and the server.  however, that means that it can't see inside an encrypted stream.

So I think for Ad Muncher to deal with HTTPS would require a fundamental change in the design of the software.

[superboyac]

If Adblock+ can block it, why is the Ad Muncher developer saying he can't?

-superboyac (December 02, 2012, 01:01 AM)

I think it's because the blockers that run as a plug-in deal with the content from inside the browser so it deals with the page from the DOM - after it's been decrypted.  Ad Muncher is a proxy - it doesn't run inside the browser, so it deal with the raw HTTP stream between the browser and the server.  however, that means that it can't see inside an encrypted stream.

So I think for Ad Muncher to deal with HTTPS would require a fundamental change in the design of the software.

-mwb1100 (December 02, 2012, 01:41 AM)

Sounds to me like all they'd have to do is develop browser plugins and continue to use the same engine they currently have.  I don't know how easy or hard that is to do, but a lot of other companies are able to develop browser plugins for their platforms...java, flash.  I do have a problem with developers saying something "can't" be done, when really what they're saying is that they "won't" do it.  Especially when there's already an example of it being done with ABP.

Now, some interesting things have been happening.  Firstly, ABP had some issues recently with some weird thing about not blocking certain ads that got people suspicious about their latest "updates".  Also, Ad Muncher recently had trouble being honest about their pricing schemes and lifetime license issues, etc.  When companies start being unclear, vague, and evasive about their latest changes and updates, that's usually a sign that things aren't going to go well for the customer in the future, and it's on us at that point to demand for alternatives or let them know we are aware of what they're trying to do.

So what I'm saying is that for ABP and Ad Muncher, I don't give them the benefit of the doubt any longer.  Sounds like ABP is doing ok now, Ad Muncher has been great so far, but this latest development, if it turns out to be a "can't" or "won't" situation, is going to disappoint me.

[Tinman57]

  Hmmmm, when I went to the GoOgle HTTPS search I didn't see any ads.  I'm using Privoxy.

[4wd]

How can Privoxy filter Secure (HTTPS) URLs?

Since secure HTTP connections are encrypted SSL sessions between your browser and the secure site, and are meant to be reliably secure, there is little that Privoxy can do but hand the raw gibberish data though from one end to the other unprocessed.

The only exception to this is blocking by host patterns, as the client needs to tell Privoxy the name of the remote server, so that Privoxy can establish the connection. If that name matches a host-only pattern, the connection will be blocked.

As far as ad blocking is concerned, this is less of a restriction than it may seem, since ad sources are often identifiable by the host name, and often the banners to be placed in an encrypted page come unencrypted nonetheless for efficiency reasons, which exposes them to the full power of Privoxy's ad blocking.

"Content cookies" (those that are embedded in the actual HTML or JS page content, see filter{content-cookies}), in an SSL transaction will be impossible to block under these conditions. Fortunately, this does not seem to be a very common scenario since most cookies come by traditional means.

[Cloq]

My guess as to why Ad muncher hasn't done it yet is possibly because ad muncher tries to remove (intercepts) any ad code before an application or browser can render the page, where as majority of the other ad blockers/removers allow the browser to download it the complete page then remove any ads.

My assumption is that once the page has been downloaded (http, https) then it is easy to remove any ads. Ad muncher (vaguely recall) works before the page is downloaded.

Still hoping that one day Ad muncher will some how figure out how to filter https or as a stop gap measure, fix it like the current batch of no ads apps/scripts etc.

[barney]

Still hoping that one day Ad muncher will some how figure out how to filter https ...

-Cloq (December 02, 2012, 08:49 PM)

I hope not.  If it does, it would totally invalidate any advantage https provides.  It would totally break the security, and allow any [malevolent] access that https is supposed to provide.

[superboyac]

Still hoping that one day Ad muncher will some how figure out how to filter https ...

-Cloq (December 02, 2012, 08:49 PM)

I hope not.  If it does, it would totally invalidate any advantage https provides.  It would totally break the security, and allow any [malevolent] access that https is supposed to provide.

-barney (December 02, 2012, 11:44 PM)

Sorry.  I understand your point, but I find it a little ridiculous.  I'm not an "impossible" person...I totally think it's possible for https to provide the encryption advantages it has while being able to somehow intercept ads.  But I've been called an idealist on more than one occasion...

[f0dder]

I totally think it's possible for https to provide the encryption advantages it has while being able to somehow intercept ads.

-superboyac (December 03, 2012, 12:19 AM)

It isn't. Or rather, it isn't for programs like privoxy and admuncher. And even that is not entirely correct.

If you want an ad blocker that handles HTTPS, you need a browser extension/plugin, like AdBlockPlus (yes, there was fuzz about "allowing non-objectionable ads", but that's a configuration option. I don't like that it's there, but people gotta make a living.)

For filters/blockers that work as proxies or certain kinds of winsock hooking, you can't really do much about SSL-encrypted (i.e. HTTPS) traffic. The protocol is designed not just to keep your confidentiality, but also to avoid tampering. There is a way it can be done, and that's for the program to act as a man-in-the-middle - the same way ev0l hax0rz would attack SSL data. This means doing de- and re-encryption on the fly, messing with certificates and whatnot... and isn't really a thing you'd want done to normal web sessions.

So, either give up filtering of SSL-protected pages, or move to a browser-based ad blocker.

[MilesAhead]

Is there a better alternative to AdBlock+ ?? I'm wondering because I just installed it. I turned off the "allow not so bad ads" option.  Then I run it enabled, restart, disabled,restart. I can't tell the difference. Seems like it does nothing but placebo on my setup. If I go to videohelp.com as example, the ad on the right hand side is showing. If I open chromium to the same page, it's totally not there. Even google searches have the same yellow paragraphs in results in exactly the same places if Block is enabled or not.


edit: just from preliminary trial, this one seems to just work
Updated AdBlock

[f0dder]

MilesAhead, did you add any filterlist subscriptions to ABP? I don't see any ads on videohelp - it does show a "We've detected that you're using an adblocking software. Please support our site by donating! Donate $5 - $20 here." message, though.

[MilesAhead]

No. I just ran it out of the box, with the exception I unchecked "allow" as I noted. The Updated one I just posted about shows the same on google search as ABP. No improvement there. I just tried a couple of searches to compare. But it did cleanly block the ad on VideoHelp. There's no box with 'x' or any trace I could see.

edit: Ok, now I see what you mean. At the top of the page there's a double lined text about using an ad block. That still shows. But the ad on the right is cleanly excised.

I've been going on VideoHelp for so long, some things I just don't see anymore.