New York Times CEO Mark Thompson caused a minor stir a couple weeks ago when he gave a speech at an advertising conference declaring that “No one who refuses to contribute to the creation of high quality journalism has the right to consume it.” He went on to say that while the Times is “not there yet,” the company may soon prevent users with ad blockers from accessing its site.
But newspaper executives like Thompson often focus exclusively on the drawbacks of ad blockers, leaving a big part of the story untold. Thompson did not say one word in his keynote address about the significant security benefits of ad blockers, which is ironic, because his paper was one of several news organizations that served its users ransomware–a particularly vicious form of malware that encrypts the contents of your computer and forces you to pay the perpetrators a ransom in bitcoin to unlock it–through its ad networks just a few months ago. Several major news sites—including the Times, the BBC, and AOL—had their ad networks hijacked by criminal hackers who attempted to install ransomware on readers’ computers.
Advertising networks have served malware onto the computers of unwitting news readers over and over in the past couple years. Ads on Forbes, for example, attacked their readers in January, right after the magazine forced readers to disable ad-blocking software to view its popular annual “30 Under 30” feature. As Engadget reported, “visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information.” It wasn’t the first time this had happened at Forbes, either. And it’s not just in the US. A couple months ago, almost every major news site in the Netherlands served malware through its ads to its users.
You can bet this problem is only going to get worse. According to a 2015 study, malware served by advertising networks tripled between June 2015 and February 2015. So the longer people wait to install an ad blocker, the more vulnerable they become.
News orgs: Please turn off adblockers.
Reader: An ad on your site infected my PC w/ ransomware. Will you pay to get my data back?
— Christopher Soghoian (@csoghoian) March 16, 2016
Even when malware infection is not a problem, advertisers’ pervasive tracking of users on news organization websites is really disturbing to any reader who cares about privacy. One Princeton study that looked at a million websites found that news sites were the most likely to feature trackers–even more than porn sites. The nonprofit research group Citizen Lab surveyed the top 100 news sites last year and found that many had dozens of trackers running on their website, allowing advertisers to spy on visitors’ every move. Worse, most of the trackers were using unencrypted connections, which means malicious actors could more easily track users’ online movements, as well.
This isn’t just conjecture: The Washington Post revealed in 2013 that the NSA “is secretly piggybacking on the tools that enable Internet advertisers to track consumers, using ‘cookies’ and location data to pinpoint targets for government hacking and to bolster surveillance.” Edward Snowden himself recently said: “If the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response.”
News sites and advertising networks also lag behind the rest of the internet when it comes to protecting reader privacy by switching over to HTTPS encryption-by-default (a standard feature on sites like Facebook and Google that prevents malicious parties from spying on your web viewing habits if they share the same wifi connection or have access to ISP-level internet traffic).
On top of preventing your computer from being hijacked by criminals and preventing spying by shady and unnamed companies, as the Times itself demonstrated recently, the other benefits of ad blockers are enormous. They cut website load times by more than half in some cases, as well as significantly lowering data usage and increasing battery life on smartphones.
To his credit, Thompson opened his speech by saying that users are not the only ones to blame for the rise of ad blockers. He allowed that newspapers and advertisers have made ads so invasive and annoying that both groups should understand why so many people want to rid their internet experience of them. But news sites around the internet, including the Times and The Washington Post have experimented with pushing people to disable ad blockers, and countless other sites are now serving pop-ups asking users to whitelist them before continuing. Others, like Wired, are barring users of ad blockers from accessing their sites at all.
I certainly have sympathy for news organizations that see their revenue streams declining and worry that ad blockers are hurting their business (though it’s worth pointing out that the eye-popping figure of $22 billion in lost advertising revenue that has been widely cited by a variety of newspapers has been thoroughly debunked as a gross exaggeration). But when are newspaper executives going to realize that people do not use ad blockers just to block ads? Whether or not journalists like to admit it, ad blockers are a vital tool for internet privacy and security. Until news organizations face the fact that the readers who use them aren’t simply freeloading, ad blockers will continue to spread.