Measuring the Impact and Perception of Acceptable Advertisements Robert J. Walls Eric D. Kilmer Nathaniel Lageman Patrick D. McDaniel DepartmentofComputerScienceandEngineering PennsylvaniaStateUniversity,UniversityPark,PA,USA {rjwalls,ekilmer,njl5114,mcdaniel}@cse.psu.edu ABSTRACT strike a balance between the needs of users and publishers, and theyemphasizetransparencyaskeytotheprogram’ssuccess[6, In2011,AdblockPlus—themostwidely-usedadblockingsoftware— 22]. However, Eyeodrewstrongcriticismwhentheyconfirmed begantopermitsomeadvertisementsaspartoftheirAcceptable somecompanies—includingGoogle,Microsoft,andAmazon—paid Adsprogram. Underthisprogram,someadnetworksandcontent undisclosedamountstobeincludedinthewhitelist[9,32]. Some providerspaytohavetheiradvertisementsshowntousers. Such viewthisarrangementasaconflictofinterest;theorganizationthat practiceshavebeencontroversialamongbothusersandpublishers. providesblockingsoftwareisinapositiontoindirectlyprofitfrom Inasteptowardsinformingthediscussionaboutthesepractices, adsbeingshown. we present the first comprehensive study of the Acceptable Ads TheAcceptableAdsprogramimpactsmillionsofusersandbil- program. Specifically,wecharacterizewhichadvertisementsare lionsofdollars,1butlittleisknownaboutthewhitelistingprocess allowedandhowthewhitelistinghaschangedsinceitsintroduction orhowitimpactsusers.Inthispaper,weprovidethefirstcompre- in2011.Weshowthatthelistoffiltersusedtowhitelistacceptable hensivestudyoftheAcceptableAdsprogram.Weidentifyhowthe advertisementshasbeenupdatedonaverageevery1.5daysandgrew usersexperiencetheWebunderthisprogrambyexploringtheuse from9filtersin2011toover5,900intheSpringof2015. More ofadpolicies(calledfilterlists,orjustwhitelists).Wedeveloptools broadly,thecurrentwhitelisttriggersfilterson59%ofthetop5,000 andtechniquestoexploreandcorrelateinformationfromInternet websites. Ourmeasurementsalsoshowthattheprogramallows measurements,acompletehistoryoftheprogram’swhitelist,instru- advertisementson2.6millionparkeddomains.Lastly,wetakethe mentedbrowserbehavior,andusersurveys.Inthis,wehavefocused lessonslearnedfromouranalysisandsuggestwaystoimprovethe onthefollowingquestions: transparencyofthewhitelistingprocess. 1. Whatisinthewhitelistandhowhasitchangedovertime? CategoriesandSubjectDescriptors Wefindthatatthecurrentrevision,Rev. 988,thewhitelist H.3.5[On-lineInformationServices]:Web-basedservices;K.4.4 contains5,936filtersandisupdatedevery1.5daystoaddor [ComputersandSociety]:ElectronicCommerce modify11.4filtersonaverage. 2. Whobenefitsfromthewhitelist? Wefindthatthewhitelist GeneralTerms identifies 3,545 unique explicitly listed publisher domains (including15ofthetop100),andthatfivegeneral-purpose AcceptableAds;AdblockPlus;AdAvoidance filtertypesareresponsibleforallowingcontenton2,676,165 parkeddomains. 1. INTRODUCTION 3. Howdowemeasuretheimpactofthewhitelist?Wesurvey Over144millionusersemployadblockingsoftware[27].Users whitelistuseintheAlexatop5,000mostpopularwebsites aremotivatedbyadesiretohideintrusiveads,increasetheirprivacy, aswellas5,000sitesfromthe5kto1millionmostpopular. orprotectthemselvesfrommaliciousadverts[34].Yet,someclaim Thecurrentwhitelisttriggersfilterson59%ofthetop5,000 adblockingthreatenstheWeb’sbusinessmodel.Indeed,Googlelost websitesbutexplicitlywhitelistonlyafewpercentofless anestimated$887millioninrevenuetoblockinginQ22013[26,31]. popularsites. In2011EyeoGmbH—themakerofthemostpopularadblocker, 4. Howdousersperceiveacceptableadvertisements?Asurvey AdblockPlus—introducedtheirAcceptableAdsprogram.Through ofover300usersshowedwidedissensiononmanyadver- thisprogram,AdblockPlusallowssome“non-intrusive”adsthat tisementsthatwerejudgedasbeinginvasive. Oneareaof satisfyasetofcommunity-drivenguidelines,suchas“adsshould agreementwasclear: advertisementsinterspersedwithand neverobscurepagecontent.” AccordingtoEyeo,theirgoalisto largelyindistinguishablefromwebcontentweredeemedas Permissiontomakedigitalorhardcopiesofallorpartofthisworkforpersonalor undesirable. classroomuseisgrantedwithoutfeeprovidedthatcopiesarenotmadeordistributed forprofitorcommercialadvantageandthatcopiesbearthisnoticeandthefullcitation Our study is motivated by other large-scale Web and security onthefirstpage. Copyrightsforcomponentsofthisworkownedbyothersthanthe measurement studies, including those characterizing SPAM [14, author(s)mustbehonored.Abstractingwithcreditispermitted.Tocopyotherwise,or 17], affiliate programs [20], domain abuse [4,7], and malicious republish,topostonserversortoredistributetolists,requirespriorspecificpermission and/[email protected]. advertising[19,34].WebeginbydetailingtheoperationofAdblock IMC’15,October28–30,2015,Tokyo,Japan. 1TheInternetAdvertisingBureaureportedarecordhighof$12.4bil- Copyrightisheldbytheowner/author(s).PublicationrightslicensedtoACM. lioninU.S.advertisingrevenueforQ32014,breakingtheprevious ACM978-1-4503-3848-6/15/10...$15.00. recordof$12.1billioninQ4of2013[13]. DOI:http://dx.doi.org/10.1145/2815675.2815703. 107 <iframe id="ad_main" frameborder="0" scrolling="no" name="ad_main" src="http://static.adzerk. net/reddit/ads.html?sr=-reddit.com,loggedout&bust2#http://www.reddit.com"></iframe> Figure1:SampleadcodefromReddit.ThiscodedisplaysaniframeforanAdzerkadvertisementontherightsideofthepage.Similarcodeconstructions arecommonacrossdifferentsitesusingthesameadnetwork.ThisallowsAdblockPlustouseasinglefiltertoblockadsonmultipledomains. PlusandtheAcceptableAdsprogram. Wethencharacterizehow theprogramworksinpractice. Finally,weoffersuggestionsfor improvingthetransparencyofthewhitelistingprocess. 2. ADBLOCKPLUS AdblockPlusisthemostwidelyusedbrowserextensionwithover 50millionusersacrossallmajorbrowsers.2 In2014,theextension’s Firefoxversionwasdownloaded68milliontimesandboasted19.2 millionusersdaily.3 AdblockPlusisopensourceandavailablefree ofcharge. Adblock Plus was created by Michael McDonald’s as a fork of Henrik Aasted Sørensen’s Adblock project. In January 2006, Wladimir Palant rewrote the code and released it as a separate Figure2: AcceptableadsonReddit.com. Redditisamemberofthe projectforFirefox. Sincethen,AdblockPlushasbeenportedto AcceptableAdsprogram.Consequently,AdblockPlusallowsbothoftheads run on all major browsers: Chrome (Dec. 2010 [28], formerly onthispage.Athird-partynetwork,Adzerk,servestheadontherightside AdThwart[3]),Opera(Nov. 2012[10]),InternetExplorer(Aug. (labeled1). Thesponsoredlink(labeled2)isembeddeddirectlyintothe 2013[29]),andSafari(Jan. 2014[25]). EyeooffersanAndroid page. version,butitisnotavailableintheGooglePlaystore[30]. AdblockPlususestextuallyencodedfilterstodeterminethecon- tentshownonapage.Blockingfiltersrestrictpagecontent,while networks make it possible for publishers to show ads by simply exceptionfiltersoverrideanymatchingblockingfilterstoallowthe includingasmallsnippetofcodeprovidedbytheadnetwork.This content. Filterdefinitionsgenerallyconsistof: (i)amatchingex- straightforward interface also simplifies the blocking process by pressionthatspecifieswhatcontenttoblock(orallow),e.g.,the allowingasinglefiltertoblockadsonmultiplesites. URLofanadvertisingnetwork;and(ii)asetoffilteroptions,e.g., For example, reddit.com uses the code in Figure 1 to show theimageoptionappliesthefiltertoimagerequests. Adetailed Adzerkadvertisements.WhenanAdblockPlususervisitsthepage, descriptionofthefiltersyntaxisincludedinAppendixA. theirbrowserwillmakeathird-partywebrequesttofetchtheadver- AdblockPlususersrarelywritetheirownfilters. Instead,they tisementfromAdzerk. AdblockPluswillpreemptthisrequestto subscribetoregularlypublishedtext-basedfilterlists. Bydefault, checkiftherequestURLmatchesanyfilters.Ifthematchisfora AdblockPlussubscribesuserstotwofilterlists:thefirst,EasyList, blockingfilter,suchasthefollowing,AdblockPluswillcancelthe containstensofthousandsoffilterstoblockadvertisementsand request,stoppingthebrowserfromfetchingthead. coversmostcommonadnetworks.Otherblockingextensionsalso 1 ||adzerk.net^$third-party useEasyList,includingthesecondmostpopularblocker,AdBlock. Theseconddefaultfilterlist—whichwerefertoastheAcceptable Inshort,theabovefilterwillblockallthird-partyrequeststoadzerk. Adswhitelist—isusedtoimplementtheAcceptableAdsprogram. netoranyofitssubdomains.Foramorecompleteexplanationof Inshort,thislistoverridestheuser’sotherfilterlistsallowingcertain filtersyntaxseeAppendixA. publisherstoshowadvertisments. Wecharacterizethescopeand Iftherequestmatchesanexceptionfilter,5thenAdblockPlusal- impactofthewhitelistinlatersections. lowsit,regardlessofanyblockingfiltermatches.Theadvertisement Userscansubscribetoadditionalfilterliststhatprovidefunction- isthenshownasanimageontherightofthepage—denotedbythe alitybeyondblockingadvertisementsincluding:disablingtracking, bold1inFigure2. allowingtheuserto“browsethewebtrulyanonymously”,blocking 2.1.2 MatchingPageElements knownmaliciousdomains,andremovingsocialmediabuttons,such astheFacebookLikebutton.4 Wedeferanalysisoftheseliststo AdblockPlususesdifferentfiltersyntaxformatchingadvertising futurework. elementsembeddeddirectlyintothepage.Similartohowrequest filtersmatchURLs,elementfiltersuseCSSSelectors6toidentify 2.1 FilterMatching elementsbasedonattributessuchastheelement’sclassorid. Broadly,individualfiltersmatchoneoftwotypesofcontent:Web The following filter blocks the “sponsored link” at the top of requestsorpageelements.Webrieflydescribeeachbelow. Reddit’sfrontpage(bold2inFigure2)bymatchingelementswith anidattributeofsiteTable_organic. 2.1.1 MatchingWebRequests 1 reddit.com###siteTable_organic Publishersoftenrelyonthird-partyadnetworks,suchasAdzerk orGoogleAdsense,todisplayadvertisementsontheirsite.These However,AdblockPlusdoesnotblockeitheroftheadvertise- mentsinourexample.ItallowstheseadsbecauseRedditisapart 2https://adblockplus.org/en/about oftheAcceptableAdsprogram. 3https://addons.mozilla.org/en-US/firefox/addon/ adblock-plus/statistics/ 5Requestexceptionfiltersaredenotedbythe@@prefix. 4https://adblockplus.org/en/features 6http://www.w3.org/TR/CSS21/selector.html 108 Filter Restricted Blocking Unrestricted Sitekey Category 6000 Added Added Unrestricted About.com AdSense for Search ● Added Google Whitelist Released Search ads ers4000 in ABP 2.0 Added Conversion Filt Added Sedo Tracking for ● of Sitekey DoubleClick er b Added m u2000 Reddit ● N ●● 0 ●● −01 −07 −01 −07 −01 −07 −01 2012 2012 2013 2013 2014 2014 2015 Figure3:ThegrowthoftheAcceptableAdswhitelist.Thewhitelisthasgrownsteadilysinceitsintroductionin2011.Onaverage,thisfilterlistisupdated every1.5days,addingormodifying11.4exceptionfilters.Themostrecentversion(Rev.988onApril28,2015)includes5,936filters.Amongtheseareexceptions fordomainparkingservices,conversionstracking,andthird-partyadnetworks. 3. ACCEPTABLEADS Eyeo’spracticeshaveincensedsomepublisherstosuchadegree InMay2011,AdblockPlus’screator,WladimirPalant,outlined thattheyhaveaccusedthecompanyof“extortion”and“shaking the criteria for Acceptable Ads with the goal of “encourag[ing] down”websites[23]. Recently,thiscriticismhasescalatedtothe websitestouseadvertisingthatusersdon’tperceiveasannoying.”7 courtroom,andEyeoisfacinglawsuitsinFranceandGermany[11, Theseguidelineshavebeenrefinedmultipletimesbasedonfeedback 12,16]. In Germany, publishers filed suit against Eyeo claiming fromthecommunity. Whitelistedsitesarerequiredtoadhereto thattheirproductisanti-competitiveandthreatenstheirabilityto theseguidelines. Toparaphrasethemostrecentcriteria[1],sites generaterevenue.TheregionalcourtinHamburgruledinfavorof mustensurethat: Eyeoafterafourmonthtrial[15,33]. 1. Advertisementscannotcontainanimations,sounds,or“attention- 3.1 FilterListMaintenance grabbing”images. Eyeoregularlyupdatesthewhitelist. Onaverage,thecompany 2. Advertisementscannotobscurepagecontentorobstructread- addsormodifies11.4filtersevery1.5days,andhasadocumented ingflow,i.e.,theadcannotbeplacedinthemiddleofablock processforrequestingnewwhitelistfilterstobeadded.Theprocess oftext. ofaddingnewsitestotheAcceptableAdsprogramcomprisesfour 3. Advertisementsmustbeclearlydistinguishedfromthepage steps:contact,application,agreement,andinclusion. contentandmustbelabeledusingtheword“advertisement” Thefirststep,contact,consistsofcommunicationbetweenEyeo orequivalentterms. andaperspectivepublisher.Eitherpartymayinitiatethisdialog[24]. 4. Banner advertisements should not force the user to scroll Next, Eyeoworkswiththepublishertoensuretheirsitefollows downtoviewpagecontent. theAcceptableAdsguidelines(theapplicationstep). OnceEyeo confirmsthesite’sadvertisementsadheretotheirpolicy,theyestab- AfterpublishingtheinitialAcceptableAdsrequirements,Palant lishaprivateagreementwiththepublisher.Theseagreementsmay andhispartner, TillFaida, createdEyeoGmbHinAugust2011. involveafee,butEyeodoesnotcurrentlydisclosethefeestructure, TheirgoalwastomaketheAdblockPlusproject“moresustain- monetaryvalue,orlistofpayingpublishers. However,anecdotal able”[8].Thefollowingmonth,thecompanybegansurveyingusers abouttheirwillingnesstoallowadvertisinginsomeform.8 Bythe sourcesclaimthecompanyhasrequestedupto30%ofrecovered revenue[5],andEyeoacknowledgestheyhaveexperimentedwith year’sendreleasedAcceptableAdsasanopt-outfeatureinAdblock Plusversion2.0.9 bothflatandperformance-basedfees[24].Afterreachinganagree- ment,AdblockPlusaddsthefiltertothelistandsolicitscommunity Theprogramhasbeencontroversial.Eyeodrewcriticismfrom feedbackontheapplicationviaanonlineforum.10 Forumposts bothusersandpublisherswhentheyconfirmedthatsomecompanies— madeafterNov. 2014includelinkstothewhitelistrevisionand includingGoogle,Microsoft,andAmazon—paidundisclosedamounts optionalsamplescreenshots. tobeincludedinthewhitelist[9,32].Eyeohasstatedthatreceived funds are used to sustain the program. Further, they state that whitelistingisfreeforsmallersitesandallparticipantsofthepro- 4. WHITELISTANALYSIS grammustabidebytheacceptableadscriteria. Inthefollowingsections,weexaminethecompletehistoryof 7https://adblockplus.org/forum/viewtopic.php?f=4&t= Eyeo’sAcceptableAdsprogram.Ouranalysiscombineswhitelist 7551 8https://adblockplus.org/releases/ changeswithpublicdisclosuresandempiricalobservationsofbrowser adblock-plus-1310-released behavior.Wefocusonansweringthefollowingbroadquestions. 9https://adblockplus.org/releases/ adblock-plus-20-released 10https://adblockplus.org/forum/viewforum.php?f=12 109 Year Revisions FiltersAdded FiltersRemoved DomainsAdded DomainsRemoved 2011 26 25 17 5 1 2012 47 225 30 59 4 2013 311 5152 1555 2248 73 2014 386 2179 775 859 125 2015 219 1227 495 371 207 Total 989 8808 2872 3542 410 Table1: YearlyactivityfortheAcceptableAdswhitelist. Thistableshowstheyear,numberofrevisions,numberoffirst-partydomains,andnumberof changestoexceptionfilters—modificationsarecountedasnewfilters.ThedatacoverschangesuptoApr.28,2015(Rev.988). 1. Howhasthewhitelistchangedovertime? Weanalyzeall Whitelist revisionsofthewhitelisttoquantifythenumberofdomains Filters andfilters.Section4.1. 2. Who benefits explicitly from the whitelist? We first char- e p acterizethewhitelistfiltersbasedontheirscopeandtarget o Restricted Sitekey Unrestricted c content.Then,weparsethewhitelistfilterstoextractexplic- S itlylistedpublisherdomainsandgroupthesedomainsbased e p Request Element Request Element onpopularityandcategory.Section4.2. Ty 3. How do we measure the impact of the whitelist? We run anautomatedsurveyacrossthetop5,000mostpopularweb- Figure4:HierarchyofFilterTypesintheWhitelist. sitesand5,000additionalsitesfromthe5Kto1Mtopsites. Section5. 4. Howdousersperceiveacceptableadvertisements?Wesurvey Figure 4 illustrates a hierarchy of whitelist filter types and their 305usersonAmazon’sMechanicalTurkplatformandask scope.Wediscusseachclassindetailbelow. themtorate15“acceptable”advertisements.Section6 4.2.1 RestrictedExceptionFilters 4.1 WhitelistHistory Arestrictedexceptionfilterexplicitlydefinesthefirst-partydo- Eyeo tracks all whitelist changes in a public Mercurial repos- mainsforwhichitactivates,i.e.,thefilterwillonlymatchwhenthe itory.11 Using this repository, we extracted 988 versions of the userisbrowsingapageononeofthesedomains. Thesyntaxfor whitelistdatingfromthestartofthewhitelistinOct.2011toApr. definingthedomainlistdependsonthefilter’stype.Forexample, 2015.Themostrecentversion(Rev.988)comprises5,936distinct the following are two of the whitelist’s restricted exceptions for filters.Themajorityoftheseexceptionsallowadvertisementsand reddit.com. otheradvertisingfunctionalitysuchasconversiontracking. 1 reddit.com#@##ad_main Figure3showsthegrowthoftheAcceptableAdswhitelistover 2 @@||adzerk.net/reddit/$subdocument, time. There are two large jumps visible in the figure. The first document,domain=reddit.com correspondstoGoogle’sofficialadditiontothewhitelistonJune 21,2013(Rev.200).12 Intotal,thisrevisionadded1,262filtersfor Thefirstfilter—anelementexception—instructsAdblockPlusto allowanyreddit.comelementswiththead_mainidentifier. For Googlesearchadvertisementsongoogle.comandothervariations elementfilters,restricteddomainsareprependedtothestart. The ofthisURL,e.g., google.co.uk. Thesecondjumpwascaused secondfilterallowsrequeststoadzerk.net, theadproviderfor byfiltersforask.com,about.com,andrelatedsubdomains,e.g., reddit.com. In this case, the filter is restricted via the domain cars.about.com.TheseadditionsarediscussedinSection7. option. Table1summarizestheyearlychanges.Thesecondfullyearof Restricted exception filters make up 89% of the whitelist and thewhitelist(2013)sawthelistgrowbyanorderofmagnitudeover cover3,545fullyqualifieddomains,includingsearchengines(Mi- thepreviousyear:Eyeomade4,633filterchanges,bringingthetotal crosoft, Yahoo, Google), commercial sales (Walmart, Amazon), to2,319publisherdomainscomparedtojust60domainsin2012. contentpublishers(Reddit,About.com,Cracked),andISPs(Com- However,aswediscussbelow,thesenumbersbelietheactualscope cast,TimeWarner),amongstothers. Manyofthefullyqualified ofthewhitelist. domainsappearinginthewhitelistmaptothesamepublisher.Forin- 4.2 WhitelistScope stance,thewhitelistincludesover1,044subdomainsforabout.com, including cars.about.com and food.about.com. Additionally, InordertounderstandwhobenefitsfromtheAcceptableAds thereare919country-baseddomainsforGooglepropertiesincluded program,weneedtofirstunderstandthescopeofawhitelistfilter, inthewhitelist,e.g.,google.co.ukandgoogle.de.Table2shows i.e.,thesetofdomainsthatcanactivatethefilter.Forsomefilters, therespectivecountandAlexarankingsforfullyqualifieddomains. thislistofapplicabledomainsisexplicitlyenumeratedinthefilter’s definition. We call these restricted filters. For others—namely 4.2.2 UnrestrictedExceptionFilters unrestrictedandsitekeyfilters—thefiltercanapplytoanydomain. Anunrestrictedexceptionfilterappliestoallfirst-partydomains, Theimplicationhereisthatitisimpossibletodeterminetheactual i.e., these exceptions can match on any site. The whitelist uses impactofthesefiltersusingfilterdefinitionsalone.Instead,wecan unrestricted exceptions primarily for two purposes. First, many onlyempiricallyestimatethisvaluethroughsitesurveys(Section5). of these filters enable conversion tracking. Broadly, conversion 11https://hg.adblockplus.org/exceptionrules trackingisusedtomeasureifanadvertisementresultedinsome 12https://hg.adblockplus.org/exceptionrules/rev/ useraction,e.g.,userpurchasedtheproductafterclickingonthead. 8bdf815a5291 Second,unrestrictedfiltersareusedtowhitelistspecificadnetworks. 110 Alexa FullyQualified Company Whitelisted Domains(.com) Partition Domains Sedo 2011-11-30 1,060,129 All 1,990 ParkingCrew 2013-05-27 368,703 Top1,000,000 1,286 (0.12%) RookMedia 2013-07-31 949 Top5,000 316 (6.32%) Uniregistry 2013-09-25 1,246,359 Top1,000 167(16.70%) Digimedia 2014-07-02 25 Top500 112(22.40%) 2,676,165 Top100 33(33.00%) Table3: Domainstatisticsforthefiveparkingserviceswhitelistedby Table2: Domainsexplicitlyincludedinthewhitelist. Thewhitelistcon- AdblockPlus.RookMediawasremovedfromthewhitelistonSept.16,2014 tainsrestrictedexceptionfiltersfor3,544fullyqualifiedpublisherdomains. (rev.656);allothersremainactive. Thiscorrespondsto1,990effectivesecond-leveldomains,e.g.,google.com istheeffectivesecond-leveldomainofmaps.google.com.Percentagesare onthetotalnumberofdomainswithintheparticularAlexapartition. Germany(thesamecityasEyeo). Thecompany’sfounder, Tim Schumacher,isalsoEyeo’schiefinvestorandparticipatedinthe initialdevelopmentoftheAcceptableAdsprogram[24]. Thispracticeallowstheadnetworktoshowadvertisementsacross Currently,thereare4sitekeysand25sitekeyfiltersinthewhitelist, multipledomainswithouthavingtoexplicitlyincludethesedomain all belonging to domain parking services. They are, in order of inthewhitelist.PageFairisanexampleofthelatter. introduction,Sedo,ParkingCrew,Uniregistry,andDigimedia. A PageFair. While PageFair is oft-quoted for their reports on the fifthsitekey(forRookMedia)wasremovedfromthewhitelistin prevalenceofadblockinganditsmonetarycosts—infact,wecite Sept.2014. oneintheintroduction—thecompanyisalsoanadnetworkinvolved Parkeddomainstypicallyexisttoshowadvertisements(andsell intheAcceptableAdsprogram.13 domains),usuallyintheformoflinkstopagesrelatedtothedomain name. Misspellings of popular sites are also frequently parked. 1 @@||pagefair.net^$third-party Forexample,reddit.cmisaparkeddomainthatadvertisesdating 2 @@||tracking.admarketplace.net^$third- servicesandphotosofcelebrities;thisdomainiswhitelistedunder party theAcceptableAdsprogramusingasitekey.Foramorecomplete 3 @@||imp.admarketplace.net^$third-party treatment of domain parking, see the recent work by Alrwais et TheseunrestrictedexceptionfiltersallowPageFairtoshowadver- al.[4]. tisementsonanypartneredwebsitewithoutneedingaseparateex- Using the top-level domain zone file for .com domains, we ception for each domain. The company takes a “minority share identified approximately 3 million parked domains managed by of the additional advertising revenue” that they provide publish- one of the parking services listed in Table 3. Specifically, we ers.PageFairalsopaysEyeotoparticipateintheAcceptableAds focusedonthosedomainswhosenameserversbelongtooneof program. thesitekeyparkingservices. Forexample,Sedodomainsusethe Anotheradvertisingnetwork,Influads,hassimilarunrestricted ns1.sedoparking.comandns2.sedoparking.comnameservers. exceptions. Thelistofparkingnameservers,inpart,wasderivedfromtheexam- plesitesgiveninAdblockPlusonlineforums.Weusedautomated 1 @@||influads.com^$script,image 2 #@##influads_block toolstovisiteachsuspecteddomainandonlyrecordedthosethat presentedasitekeysignature. Thesecondofthesefilters—anelementexception—isnotactually Table3providesalowerboundonthenumberofdomainsfor limitedtoInfluadsadvertisements;instead,thisfilterwillmatchany each parking service. In total, we find the four active sitekeys elementonanysiteaslongastheelement’sidisinfluads_block. accountforatleast2,676,165distinctwhitelisteddomains. This is the only example of an unrestricted element filter in the Finally,someoftheabovesitesrequiredspecialaccommodations whitelist,andpossiblyanoversightbythewhitelist’sauthors. toscrape.Forexample,ParkingCrewdomainsemploycountermea- InSection5,wefurtherexploretheimpactofthe156unrestricted surestopreventscraping,returninga403responseiftheuser-agent exceptionfiltersusingasurveyofpopulardomains. stringmatchesthatofatoollikecurl.Further,somedomains,e.g., Uniregistry, behave differently given the presence or absence of 4.2.3 SitekeyExceptionFilters specificcookievalues. Forinstance,whenauservisitsaUnireg- AsitekeyexceptionfilterincludesaDER-encoded,base-64repre- istrydomainforthefirsttime,thesitewillreturnapagethatfirst sentationofanRSApublickey. generatesacookieandthenredirectstheusertoanotherpagewith 1 ! Text ads on Sedo parking domains advertisements(andthesitekeysignature). 2 @@$sitekey=MFwwDQYJK...wEAAQ,document Factoring Sitekeys. All current sitekeys use 512 bit RSA keys AdblockPlusallowsadvertisementsonanydomainthatpresentsa (RSA-155). Such small key sizes are well within the factoring validsignaturesignedwithacurrentsitekey. Effectively,sitekeys capabilities of an individual or publisher with modest hardware delegatethetaskofwhitelistingtothepublisher. resources.Todemonstratethis,weconstructedaclustercomprising AdblockPluscalculatesthesignaturebysigningastringcontain- 8desktopcomputersrunningUbuntu14.04,eachwithanIntelXeon ingtheURI,hostname,anduser-agentstringoftheHTTPrequest. E5-2630clockedat2.30GHzand32GBofmemory.Weusedthe AdblockPlusthencomparestheresultwiththesignaturereturnedby CADO-NFS14implementationoftheNumberFieldSievealgorithm. theserverin:(i)theX-Adblock-keyheaderoftheHTTPresponse, Thissetuptookapproximatelyoneweekonaveragetofactoreach and(ii)thedata-adblockkeyattributeofthereturnedpage. sitekey. Thefirstsitekey—addedtothewhitelistbeforeitsrelease—belongs InFigure5,wedemonstratehowanadversarialpublishercould toSedo,adomainparkingandhostingcompanybasedinCologne, useafactoredsitekeytoshowintrusiveormaliciousadvertising. 13https://pagefair.com/about/ 14http://cado-nfs.gforge.inria.fr/ 111 (a)Withoutsitekey. (b)Withsitekey. Figure5:Exploitingsitekeys.Usingaclusterofdesktopcomputers,wewereabletofactoroneofthewhitelistsitekeysinfivedays.Thederivedkeyallowed ourtestsitetobypassAdblockPlus’sblockingentirely. Forourproofofconcept,weusedAdblockPlus’sdefaultsettings matchesbytheheightandcolorofthebars,respectively.Domains withboththeEasyListblacklistandtheAcceptableAdswhitelist explicitly included in the whitelist are shown in bold along the enabled.Thefigureshowsourtestsitebeforeandafteraddingthe x-axis. sitekey.Inshort,ourtestsitebypassedallblockingfilters. Thisfigureillustratesanumberofsubtleissueswhenmeasur- ing filter behavior. First, 12 domains not explicitly included in 5. MEASURINGFILTERBEHAVIOR thewhitelistneverthelessactivatewhitelistfilters,e.g.,youtube. com.Second,whitelistfiltersactivateneedlessly.Thatis,thefilter Ourpreviousanalysis—focusingonthecontentofthewhitelist— matchescontentthatwouldnothaveotherwisebeenblockedbythe providesanecessarybutincompletepictureofthewhitelist’sbe- EasyListblacklist. Third, sitesmaybehavedifferentlybasedon havior. Forinstance,thewhitelistincludesanexceptionfilterfor browserstateandconfiguration.Forexample,ask.comwillactivate PageFairadvertisements,butitdoesnotlistanyofthedomainsthat morefiltersiftheuserdoesnothavespecificcookiesinthebrowser usePageFair. cache.Further,somesiteswillshowdifferentadvertisementsifthe Complicatingmatters,whitelistbehavioralsodependsonamyr- sitesdetectsthepresenceofAdblockPlus,e.g.,imgur.com. iadofmoresubtlefactorsincludingfilterambiguity,unpredictable Finally,notallwhitelistfiltersaredirectlyresponsiblefordis- websitebehavior,andcomplexinteractionsbetweendifferentfilters playingadvertisements,e.g.,gstaticexceptions.Manycommon andfilterlists.InthisSection,weexpandonourpreviousanalysis exceptionsareforconversiontrackinganddonotvisuallyimpact usingempiricalmeasurementsoffilteractivation. thewebsite. Theseresultssuggeststheneedformorecomplexanalysistech- Methodology.WeinstrumentAdblockPlustomeasurefilteractiva- niquestofullycharacterizethewhitelist’sbehavior.Weleavesuch tionsondomainsdrawnfromfoursamplegroups:(i)the5,000most populardomains,15(ii)1,000domainsrandomlysampledfromthe explorationsforfuturework. rank5K–50Kpopularitystrata,(iii)1,000domainsrandomlysam- pledfromtherank50K–100Kpopularitystrata,(iv)1,000domains 5.1 ActiveFiltersontheTop5KDomains randomlysampledfromtherank100K–1Mpopularitystrata. OftheTop5,000domains,3,956activatedatleastoneAdblock WeinstrumentedAdblockPlustorecordfilteractivationsand usedSelenium16tovisiteachdomain.Wesurveyedonlythelanding PlusfilterfromeithertheEasyListblacklistortheAcceptableAds whitelist.Theremaining1,044domainswerelargelynon-English pageofeachsite.Bylimitingourvisittothefirstpage,oursurvey (andthusoutofthepurviewofEasylist)orrequiredadditionaluser producesalowerboundonthenumberofmatchingfiltersassome interactiontotriggerfilters,e.g.,logins,searchqueries,etc. filterswillnotactivatewithoutuserinteraction.Forinstance,Google Figure7showsthedistributionofthetotalanddistinctwhitelist searchadsonlyappearafterasearch. filtermatchespersurveyedsite.Weincludeonlydomainswithat Figure6showsthefilteractivationsonthetop50siteswithat leastonewhitelistfilteractivation(2,934sites). Toyota.comsaw leastonefilteractivation. Weshowthenumberandtypeoffilter themostfilteractivationswith83totalmatchesfor8distinctfilters, 15WebsitepopularitywasbasedonAlexarankingsfromApr.2015. 5%ofthesurveyedsitesactivatedatleast12exceptionfilters(non- http://www.alexa.com/topsites distinct),and,onaverage,eachsiteactivated2.6distinctwhitelist 16http://www.seleniumhq.org/ filters. 112 filter_survey Filter Whitelist EasyList EasyList−Overlapping Source 20 n Filters11055 Whitelist Whitelist o pti 0 e xc 0 Number of E2100 Sans Whitelist Sans Whitelist googyloe.utcuobyme a.−ch aoo1mom. a−cz oow3inmk. i−cp oe4ditm a−w.i totr6egr .−cg qoo7q.om cg−lo e.m9 c−lol ii.i1nvn0ke .e−c doi1nm1. w−ce io1bym2o .a−ch oo1om4. e−cb og.aj1oyp5. o−cbgl loo1e.m6g cs−o p.j1otp8. g−co oo1hgm9al o−e. 1d22e03 .−cg mo2osm3no .−gcal oe2m.m6ac z−o. ou2n.k7 c−go .oj2rop8 eg−ld e.d2iftr9. g−coa oso3kmg0. l−ce .o3cm2o s−wm oo.r3hbdr3u .p−rc eo3sm4s .−co on3clm5mi a−acilli k.er3axu6d ps−r. enx3sevt7si .−dc eo3opm8s .a−cy op3iam9l .m−c go4urm2. g−co moi4ocm3gr l−oe s.r4ofu4t .g−c mo4aim5l .−cg oo4om7 g−l fe.4cit82 .g−co oo4gm9l i−e. me5das1bd .−cc ao5sgam2ho .−omc gaol5zem3o a−nddi. sstpd5leaer4y .cv−ick coo5evm6se .r−fcl oo5gm7w .go−co ooo5glgm8l e−.e. cc6oa0 nm−.a vm6ex3rg .−tcoi ooa6gnm5l y−ea. .cc6on6 −m. h6gk7o .−c o6m8 − 69 Figure6:Filtermatcheswithandwithoutthewhitelistenabled.TheupperpanelshowsthefiltermatcheswhenboththewhitelistandEasyListareenabled, thebottomshowsmatcheswhenjustEasyListisenabled.WelimitthisfiguretositesthatmatchatleastonefilterfromeitherthewhitelistorEasyList(andelide sina.com.cnforeaseofpresentation).Eachbarislabeledwiththedomainandrank.Bolddenotesdomainsexplicitlyincludedinawhitelistfilterdefinition.The heightofthebarrepresentsthenumberofmatchesandthefillspecifiesthefilter’ssource.Filtersthatmatchinbothconfigurationsareshowninblack. Filter(Truncated) Domains Modified Purpose 1 @@||stats.g.doubleclick.net^$script,image 1,559 2013-02-21 Conversiontracking. 2 @@||googleadservices.com^$third-party 1,535 2013-06-21 Googlesearchads. 3 @@||gstatic.com^$third-party 1,282 2013-06-21 Googlesearchads. 4 @@||googleads.g.doubleclick.net/pagead/view... 929 2013-08-08 Experimental. 5 @@||google.*/ads/user-lists/$image,subdoc... 892 2013-05-31 Conversiontracking. 6 @@||googletagmanager.com/gtm.js 746 2013-08-08 Experimental. 7 @@||fls.doubleclick.net^$subdocument,image 300 2013-03-20 Conversiontracking. 8 @@||doubleclick.net/activity*$subdocument,i... 135 2013-08-08 Experimental. 9 @@||google.com/adsense/search/*.js$domain=~... 78 2015-01-22 GoogleAdsense(A-filter) 10 @@||google.*/ads/conversion 69 2014-11-28 Conversiontracking. 11 @@||p.skimresources.com/px.gif?ch=1&rn= 53 2013-11-07 Texttoaffiliatelinks. 12 ||p.skimresources.com/px.gif?ch=2&rn= 53 2013-11-07 Blocking,texttoaffiliatelinks. 13 @@||r.skimresources.com/api/?$script 48 2013-08-27 Texttoaffiliatelinks. 14 @@||s.skimresources.com/js/*.skimlinks.js^$... 48 2013-08-14 Texttoaffiliatelinks. 15 @@||t.skimresources.com/api/track.php?$script 47 2013-08-27 Texttoaffiliatelinks. 16 @@||pagefair.net^$third-party 31 2014-01-30 PageFairads. 17 #@##influads_block 30 2012-11-08 Influadsads. 18 ||viglink.com/images/pixel.gif?ch=2$third-party 25 2014-06-02 Blocking,texttoaffiliatelinks. 19 @@||doubleclick.net/json 22 2013-08-08 Experimental. 20 @@||google.com/gen_204 20 2013-08-08 Experimental. Table4:Mostcommonwhitelistfiltersinthesurvey.Thistabledisplaysthe20mostcommonexceptionfiltersfromoursurveyofAlexa’stop5,000websites. Number9onthislistwasaddedwithoutcommunityvetting;itallowsGoogle’sAdSenseforsearchonnearlyalldomains. Table4showsthe20mostcommonwhitelistexceptionfiltersin other resources to sites to increase browsing performance. The theTop5,000group.Asexpected,allofthesefiltersareunrestricted. necessityofthegstatic.comfilterisuncleartous,giventhatEa- Aswediscussedpreviously,unrestrictedfilterscantriggeronany syListdoesnotcurrentlycontainanyfiltersthatwouldblockthe site. observedgstatic.comrequests. The most activated filter, @@||stats.g.doubleclick.net^ We observed one unrestricted element exception filter, #@## $script,image,triggeredon1,559domains(31.2%). Thisfilter influads_block, which activated on 30 different domains. As isusedtoallowsconversiontracking.Thesecond-mostpopularfil- discussedinSection4.2.2,thisfilterpreventstheblockingofcon- ter, @@||googleadservices.com^$third-party, wasobserved tentcontainedwithinanyelementwithanidofinfluads_block. on1,535domains,andallowsadvertisementsfromGoogle’sAd- Sensenetwork. Thethird-mostpopularfilter,@@||gstatic.com 5.2 FilterActivationsAcrossCategories ^$third-party,occurredon1,282domains. Thisfilterdoesnot appear to contribute to the visibility of advertisements. Instead, Figure 8 shows the number of filters triggered by domains in theGoogle-ownedgstatic.comservesfonts,scripts,images,and each group. The top portion shows categorical filter activation frequencieswhilethelowerportionshowsfilteractivationfrequency 113 FSioltuerrce ● Whitelist ● EasyList GPrroopuoprtion ● 0.2 ● 0.4 ● 0.6 SWpoorrltds ●●●●●●●● ●●●● ●●●● ●● ●● ●● ●● ●● ●● ● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ● ● ●● ●● ●● ● ● ●● ●● ●● ● ● ●● ● ● ●● ● ●● ●● ●● ● ●● Society ●●●●●●●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Shopping ● ● ● ● ● ● ●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Science ●●●● ● ●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Regional ●●●●●●●●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Kids_aRRneedcf_ereHTrNeaeoentemiwocneenss ●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●● ●●●●● ●●●●● ●●●●● ●●●●●●●●●● ●●●● ●●● ●●●● ●●●● ●●● ●●●●● ●●●● ●●●●● ●●●●● ●●●● ●●●●● ●●●●● ●●●● ●● ●●●●● ●●●● ●●●●● ●●●●● ●● ●●● ●●●● ●● ●●● ●●●●● ●●● ●●●● ●●●● ●●● ● ●●● ●●● ●●● ●●● ●●● ●●●● ●●●●● Category Health ●●●● ●●●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Games ●●●● ●●●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● Computers ●●●●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● BusinAerstss ●●●●●●●●●●●●●●●● ●● ●● ●● ●● ●● ●● ● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●●●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ●● ● ●● ●● ● ●● ●● ● ● ●● ●● ●● Adult ●●● ● ● ● ● ● ● ● ● ● ● top5k ●●●●●● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● P tottopop1p50100mkk ●●●●●●●●●●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● ●●● opularity @ @||@st@@a|t|[email protected]||sgt.gado@tiooc@ug.|l|bclegoea@ocdmlois^@gc|le$||krte|.gvhagiin@[email protected]−.|.lsg|..glep.gc.ead*oosr/otoyamyugndl^bdlse$i/ttec.ua.ca.lsigtiecromk−.na.l.i.ncsatogs.m.e/.r.scafo..#.m/#/gdpit|.vu|@.[/.ibapd@ad|a^|dng=ssx.."@esy.datiic@dv||o−:2mf/.l/gmgs.a.^pctdd$−otso.haium/rdbly−dt−|e"|s]c/plaisadcrrwtkf|#o.|ylb#lnic..renicat/t.od^.e.s|$om||.b|s^ccyaur$i.otgt.m.hoemiaroo^.zdg$lon−tenehpti−r^aard$t#−t/dy#shs|ipi|feyrtarcsrduatt−rueyrmnp.eemac[.pritocudyob^m|a^=m|"d$^ktrgs|$|.|htx|oirarhdoi.eddrg..nvl−.d.seeptoc_i^a.uar$|tnbt|dlyehsneti@r_ec^ilifxd$.@−tc.a|.|hkcpi..drancordteo−u|ty|b^|pmla|$^aedar|$~ct|[email protected]−@en.r|sr.|etpgtoig/r^as.iroa$tntnco|yte|higgtirl.rv^iucetd.$.bo−ti.c.hcopmiro^amrdn$/t−tpayrhpidorajsrde|te−|cyntbp.isaczer/ootsygmre^aar$p.t.h?.hifiircl||sde..s.=c.eaordv.imso^n|&p|$gt#−eefh#nisf.rxyeb.d@sca−.tinc@pv|.no|.e/.eg|mra|mo^_@deo$mastagod@lehs|iro|eruf.vkrid*be/e−er.e.a|1|pxn.dtpaecset1r/urto^7cbytn$rmotaml^anh−|ia$cv|.tt.ikeas..h.rci.nrsamicekdatoo−r,atn5pmamn^adarie$|stt|htyewhi/rids.rdavondade.li−[email protected]@y^|mos|/$^tp*m.$.|h$t.|is.rh~kpii.dsr−sudm.k−r/i.b.edwpmsoraworcetuwusy/rocdmueeerlisnc.vtceesor.yc/m/*opmx/..p..x.gi... Figure8: Filtermatchespergroupranking. Eachrowrepresents1,000domainswithintherespectiveAlexarankinggroup. Foreachgroupweplotthe frequencyeachfilteristriggeredbydomainsinthatgroup. Wealsofindthat4ofthesefiltersweretriggeredmoreoftenby thetop5,000websitesthanbyanyoftheothergroups.Thereisone Total Distinct filterthatwasusedmostoftenbythegroupofdomainsconsisting fromAlexarank100,000to1,000,000.Thisparticularfilterisused 1.00 forconversiontracking. es0.75 6. USERPERCEPTION Sit of Underlying the Acceptable Ads program is the goal that both n 0.50 publishersandusersfindthewhitelistedadstobeacceptable.There o cti havebeenmanystudiesofhowusersperceiveWebadvertisements Fra0.25 (e.g.,[21]),andthedegreetowhichtheyintrudeontheuserexperi- ence(e.g., [18]).Inthissection,webuildontheseeffortstosurvey userperceptionofadvertisementsonpopularwebsitesbasedonthe criteriastatedinEyeo’sAcceptableAdsguidelines[1]. Weused 0.00 Amazon’sMechanicalTurk[2]tosolicitparticipation,limitingour 1 10 100 Number of Exception Filters pooltoworkerswithatleast5,000approvedsubmissionsandat least98%approvalrate. Eachofthe305respondentswerepaid 1$USandcompletedthe72questionsurveyinabout10minutes. Figure7:ECDFoffiltermatchespersurveyeddomain.Weonlyinclude 50%oftheusersusedsomeformofadblockingsoftwarebefore, domainswithatleastonematch.Asinglefiltermaymatchmultipleelements (orrequests)onasingledomain;thesolidlinerepresentsthetotalnumberof with61%usingtheGoogleChromebrowser,28%usingFireFox, matcheswhilethedashedlineisthenumberofuniquematchingfilters. 9%Safari,and1%eachforOperaandInternetExplorer.Theresults ofthesurveyarediscussedbelowandshowninFigure9. Theonlinesurveyshowedeightdifferentsites,eachcontaining forthemostpopularsitestakenfromAlexa. Wechosethetop50 oneormoreadvertisementsallowedbyAdblockPlus. Theeight mostfrequentlyactivatedfiltersandfoundthatthe5mostactivated sites were selected based on their popularity and diversity of ad filtersoutofboththeEasyListandWhitelistwereallfiltersfrom placement. Specifically,wechooseasearchengine(Google),an thewhitelist.ThesefiltersalsorelatedtoGoogle.Thisimpliesthat imagehostingservice(Imgur),anonlineretailer(Walmart),aWeb thesefiltersmaybemorebroadthannecessary. service(IsItUp.com),anonlinegameforum(Utopia-game.com),a Wefindthatthewhitelistfiltersareskewedmoretowardsshop- humorwebsite(Cracked.com),aviralcontentcurator(ViralNova), pingwebsites,whichwecanattributetothefilter’spurpose. andauser-submittedcontentsite(Reddit). 114 S1: The advertisements are eye catching and grab my attention. S2: The advertisements are clearly distinguished from page content. 75 75 Google #1 Utopia #1 Viralnova Taboola #2 Google #1 Utopia #1 Viralnova Taboola #2 Google #2 Utopia #2 Viralnova Taboola #3 Google #2 Utopia #2 Viralnova Taboola #3 65 Google #3 Reddit #1 Walmart #1 65 Google #3 Reddit #1 Walmart #1 Imgur #1 Reddit #2 Cracked.com #1 Imgur #1 Reddit #2 Cracked.com #1 IsItUp.com #1 Viralnova Taboola #1 Cracked.com #2 IsItUp.com #1 Viralnova Taboola #1 Cracked.com #2 55 55 Percent of respondents 234555 Percent of respondents 234555 15 15 5 5 Strongly disagree Disagree Neutral Agree Strongly agree Strongly disagree Disagree Neutral Agree Strongly agree (a)Attentiongrabbingadvertisements (b)Advertisementdistinguishedfromcontent SearchEngineMarketingAdvertisements S3: The advertisements on this page obscure page content or obstruct reading flow. Attention Distinguished Obscuring 75 µ 0.217 0.597 -0.260 Google #1 Utopia #1 Viralnova Taboola #2 Google #2 Utopia #2 Viralnova Taboola #3 VAR(X) 0.304 0.095 0.219 65 Google #3 Reddit #1 Walmart #1 Imgur #1 Reddit #2 Cracked.com #1 IsItUp.com #1 Viralnova Taboola #1 Cracked.com #2 BannerAdvertisements 55 Percent of respondents 234555 VARµµ(X) AAC-tt000tto..ee.102nnn514tttii25e7oonnntAdDDviiessttr-00ii0tnn..i.71ggs9e53uu3m51ii5sshheneeddts OObb-000ss..cc.106uu241rr523iinngg 15 VAR(X) 0.009 0.305 0.178 5 (d)Meanandvarianceofthesurveyresponses. Calculatedbyassigning Strongly disagree Disagree Neutral Agree Strongly agree integervalues[-2,2]totheLikertscale,e.g.,stronglydisagreewasgiven-2. (c)Advertisementobscuringcontent Figure9:Userperceptionsurveyresults. Foreachwhitelistedadvertisement,weaskedtheparticipantsto fromthecontent.HencetheallowancebyAdblockPlusseemsto ratetheirlevelofagreementwithstatementsrelatingtoacceptability beinconflictwiththeprogram’sstatedpolicies. onaLikertscale,e.g.,“StronglyDisagree,”“Disagree,”“Neutral,” Statement3:Theadvertisementsonthispageobscurepagecon- “Agree,”or“StronglyAgree.”Eachstatementisadirecttranscription tentorobstructreadingflow. -Thislaststatementmeasuresthe fromtheAdblockPluspolicy(withminoradjustmentsforclarity) degreetowhichusersfeeltheadsareintrusiveoncontentuse.While andstatescharacteristicsthatmustormustnotbetrueforanad- themixedcontent/advertisinggridsseemtoinhibitsomecontent vertisementtobe“acceptable”.Ideally,AdblockPlusshouldonly use,otheradstrategieswereviewedasmoreinvasive.Inparticular, allowadvertisementsthatmeetthesecriteria. alittlemorethanathirdofusersviewedsidebaradvertisements Statement1: Theadvertisementsareeyecatchingandgrabmy (e.g.,Reddit#1,notshown),firstsearchresults(Google#1),and attention. -Thisfirststatementmeasuresthelevelofdistraction topbaradvertisements(Cracked.com#1)asinhibiting. thattheadvertisementhasontheuser. Thereweretwotypesof Summary. While theabove results areinstructive, onemust be advertisementsthatmanyusersfoundtobeattentiongrabbingor carefulnottoover-readthemeaningofonesurvey.Asummaryof distracting. Figure10showstwoexamplesoftheadvertisements thesurveyresultsinFigure9(d)showsthatthereisbroaddissension deemed most attention getting, (10a, Google Ad #2, with 73% amongst the participants about what was acceptable, confusing, agreeingorstronglyagreeing)theimage-basedsalesadvertisements orinhibiting. However, thisreenforcesourexperience; wehave displayed with search results on engines and, (10b, Utopia Ad observedthateachpersonviewsadvertisementsdifferently—often #2,45%)theadvertisingbarnexttonavigationbuttonsonmany vastlyso. Therefore,anysinglepolicyofwhitelistingisunlikely websites. to serve the needs of a large and diverse user community well. Statement2:Theadvertisementsareclearlydistinguishedfrom Developingdeeperandlargerstudiesofuserdesiresisneededto pagecontent.-Thisstatementisdesignedtomeasurehowwellthe developabetterunderstandingofuserpreferencesandultimatelya usercandistinguishtheadvertisementsfrompagecontent. Illus- morepreciseandflexibleadvertisementblockingpolicy. tratedinFigure10,themixedcontent/advertisinggridimagesused incuratorwebsitessuchasViralNovaappearstointentionallyblur thelinesbetweenadvertisementandcontent.Almost90%ofusers 7. UNDOCUMENTEDFILTERS viewingallgrid-layoutadsstatedthattheywerenotdistinguished Overthecourseofouranalysisoutlinedintheprevioussections, wediscoveredseveralinstanceswherefilterswereaddedwithout 115 (a)GoogleAd#2 (b)UtopiaAd#2 (c)ViralNovaAd#1 Figure10:Surveyadvertisementexamples. community vetting or public disclosure. For completeness, we !A6 discusstworepresentativeinstanceshere. @@||Ask.com^$elemhide @@||us.ask.com^$elemhide Google’sintroduction.Googlewasofficiallyaddedtothewhitelist @@||uk.ask.com^$elemhide onJune21,2013(Rev. 200).17 Priortothis,Eyeoallowedsome publishers(butnotall)toshowGoogleAdSenseforsearchadson !A29 theirownsearchpages.Ofparticularnoteamongtheseexceptions @@||google.com/adsense/search/ads. arethetwofiltersaddedforgolem.de(Rev.67,Dec.2012).18 js$domain=search.comcast.net 1 @@||google.com/ads/search/module/ads/*/ @@||google.com/ads/search/module/ads/*/ search.js$domain=suche.golem.de|www. search.js$script,domain=search. google.com comcast.net 2 www.google.com#@##adBlock @@||google.com/afs/$script,subdocument, document,domain=search.comcast.net TheseexceptionfiltersarestructureddifferentlythanpreviousAd- Sensefilters.Namely,thefirstexceptionspecifiesbothgolem.de !A46 and www.google.com in the domain list. This is unusual as the @@||kayak.com.au^$elemhide additionofGoogleinthefirst-partydomainoptionisnotneces- @@||kayak.com.br^$elemhide saryforshowingsearchadvertisementsongolem.de.Rather,this @@||checkfelix.com^$elemhide option makes the filter active on www.google.com. The second filter is even more unusual as it unblocks the adBlock element !A50 onwww.google.com, i.e., thefilterdoesnotmakeanyreference @@||twcc.com^$elemhide togolem.de. NoneofthepreviousAdSenseexceptionsincluded @@||google.com/adsense/search/ads. analogousfilters. js$domain=twcc.com Roughlytwoweekslater,Eyeomodifiedthesefilters19tomatch @@||google.com/ads/search/module/ads/*/ otherrestrictedAdSenseexceptions. Inparticular,theyremoved search.js$script,domain=twcc.com www.google.comfromthedomainlistinthefirstfilteranddeleted thesecondfilterentirely. Figure11: SubsetofA-filtergroups. Incontrasttotypicalfilters,A-filter 1 @@||google.com/ads/search/module/ads/*/ groupsdonotcontainacommentwithalinktotheforum.Insofaraswecan search.js$domain=suche.golem.de determine,noneofthesefilterswerepubliclydisclosedbyEyeo.Intotal,we uncovered59A-filtergroups. Theforumpostforthegolem.defiltersdoesnotprovideanyra- tionalefortheinitialdissimilaritiesbetweentheseotherAdSense exceptions,nordoesitindicatethepurposeofthelaterchanges(or evenmentionsuchchangesweremade).However,duringthetwo A-Listfilters.Thereare61instancesofEyeoaddingwhitelistfilters weekstheoriginalfilterswereactive, Googlecouldconceivably withoutcommunityvetting—manyofwhichareexceptionsforlarge haveusedthefilters(especiallytheelementfilter)tomeasurethe companies.WerefertotheseasA-filtersbecauseofthenondescript impactofwhitelistingbyaddinganelementwithidadBlock.This commentsprecedingeachgroupinthewhitelist,e.g.!A1.Figure11 elementwouldbeactiveviathewhitelistwhennormaladswerenot. shows four example sets. Insofar as we can determine, none of 17hg.adblockplus.org/exceptionrules/rev/8bdf815a5291 thesefilterswerepubliclydisclosed. Inotherwords,noneofthe 18hg.adblockplus.org/exceptionrules/rev/feb913d65a21 A-filtergroupsappearinEyeo’snotificationforum. NearlyallA- 19hg.adblockplus.org/exceptionrules/rev/9c5f8032d88b filteradditionsusethesamerepositorycommitmessage,“Updated 116
Description: