Hacker News new | past | comments | ask | show | jobs | submit login
Meet the Company Hijacking New York Times Ad Revenue (theatlanticwire.com)
59 points by digisth on Oct 21, 2012 | hide | past | favorite | 49 comments



Obviously the NY Times is not happy with its ads being replaced by someone.

However, in my opinion this would be acceptable if it were the intention of the user. I hold the point of view that it is entirely my decision how to display websites on my devices. For example, it is up to me whether I display ads, run Javascript, or Flash. Similarly it would be okay if I decided to install a program that replaced ads on popular websites by different ones.

But it seems obvious to me that the users installing this software have no clue what they are doing, and are in fact essentially installing hidden malware. And this should be the way this problem is attacked and dealt with. Not via some perceived moral rights by websites to not have their ads replaced, but simply by the fact that this company is essentially installing malware without consent. This is what should be criminally prosecuted in my opinion.


It all comes down to consent. I should be able to install a browser plugin that blocks ads entirely, or a plugin that replaces their ads with ones more relevant to me.

This is not a new technique, there have been adware/spyware apps for nearly a decade that do similar things. The ones that do it openly as a "legitimate business" claim the user consented, like Gator/Claria and Direct Revenue did. The netherworld ones dispense with that fantasy and just install.

Often the advertisers have no idea their ads are being served up through these shady networks. For example, in 2005 Gator was showing ads from the Yahoo network as part of the Overture keyword search. As an Overture advertiser you couldn't control whether ads appeared there.


Well, the perceived moral right is sometimes what it takes for an individual entity to "get things done". I think it's safe to say that the NYT can't wait until users become tech savvy or for Google to come up with a good blacklist policy. So the NYT, if holding on to revenue is still a priority, will have to approach this problem as a self-interested, self-righteous party.

Frankly, the route you propose --criminal legislation -- would not be possible without overbearing laws on the order of SOPA. How would you envision a law that banned a plugin provider from injecting "bad" content into a consenting user's browser? Defining the "bad" is what gets us into trouble here


I don't think new laws are needed. If the malware poses as one thing and then does another this should (hopefully, IANAL) be covered by existing laws against cracking or computer fraud. I'm not proposing putting any Orwellian laws on the book, but simply see this as a case of the company abusing the users' computer systems and apply existing laws to it. To me this is entirely analogous to some bored "hacker" talking people into installing a trojan on their computer.

Since malice seems obvious and the operation is clearly a commercial one, I don't see how this being anywhere in a gray area.


>This is what should be criminally prosecuted in my opinion.

It seems to me all the talk of laws is rather pointless. If the NY Times can detect that this is happening then they can refuse to serve pages to clients that do it, and instead give them instructions on how to remove the malware. That solves the problem for everybody. The user takes a minute to follow the instructions to clean their machine of malware, then continues on to read the article.

Why does everything need a legal solution?

(And yes, Malware Corp. can try to sue you for telling people to remove their crapware, but anybody can sue anybody for anything. Doesn't mean they'll win.)


I figure it's a legal liability issue. What if the NYT provides instructions for removing the adware, and if following those instructions create problems for some user(s)? NYT's legal team probably concluded that it'd create unnecessary legal exposure.

The culprit should not be NYT; it's the company that's spreading the adware.

An interesting thought experiment might be: what if TiVo replaced TV commercials with their own ad's..?


Why should the NYTimes have to spend their resources and lose their revenue to educate and support people removing that software? That's an expensive cat and mouse game that they shouldn't be forced to play.


Better that they should have to spend the same money in additional taxes to support government investigations and prosecutions, only to have the bad guys move offshore and keep at it?

I think you're perhaps overestimating the cost of banning such things too. For one thing, there is no reason to go it alone. Major ad networks should be providing websites with tools to identify and disinfect affected clients. Then the cost to the NY Times et al would be little more than installing the supplied tools on their servers.

In addition, there is a certain amount of "starve them and they die" that needs to happen here. If something is illegal but still profitable, it continues to happen. On the other hand, if it becomes unprofitable because no websites will service infected clients then it disappears even if it's still legal.


The cost isn't in implementing the detection or writing a nice notice, it's in supporting the people it's for. Removal can be hard, look at Sony's bs with rootkits the other year.

Aside from that websites are a terrible way to fix a problem, there's probably still a massive amount of the internet 'best viewed in X' even though standards and non-IE browsers have been popularized for years. It's taken like a decade of campaigning, education and updates to reduce IE6 to insignificance.

Browser / operating system vendors are in a good position to tackle it and there's precedence for that too, but a single website even as big as the NYTimes is in a weak position to do anything except sue.


You don't literally have to have every website on board. You just need a critical mass such that any given malware-infected user will encounter a website that they consider important but that they can't access, and therefore have an incentive to take steps to remove the malware. That goes a long way to deprive the malware authors of infected users, even if there continue to be some websites that don't block the malware.

And as for browser and OS vendors, it seems like there is a clear way for the Times to push that along: If this problem is nontrivially impacting ad revenue then Google has a clear incentive to work with them on Chrome and Android, and with that as leverage, they can go to other browser and OS vendors and say "take the same measures to keep your users from coming to our website infected with this crap or we'll be recommending that they use Google's products instead."


I'm concerned about the the integrity of the user's computer. That is where I propose legal steps should be taken against the company.


The problem with legal solutions is the global market problem. Ban it in the US and EU and you'll still see it being peddled from Russia and China and infecting world-wide computer users all the same. But at the same time you shackle your economy with (invariably overbroad) legislation that increases compliance costs for small businesses and entrepreneurs and gives large corporations another bludgeon to use against smaller competitors.

Better to just let the market put the bad guys out of business because the good guys all blacklist them.


This is really no different from hiring a butler, with the understanding that he will clip out some of the ads in your physical newspaper and replace them with personals for shell companies he operates.


I'm not sure I agree with that.

When you load the NY Times website, you use up their resources (hosting, delivery, etc) and they're paying some fee to give you the privilege of viewing that page.

They pay for that using ads. Their choice.

You don't like that? Great. Stop visiting that website. That's your prerogative. But to visit the website, use their resources, AND block their way of generating revenue to pay for that...well, that's both immoral and wrong.


"You don't like that? Great. Stop visiting that website. That's your prerogative. But to visit the website, use their resources, AND block their way of generating revenue to pay for that...well, that's both immoral and wrong."

That's a summary opinion without the backing of law or even a thorough examination of the ethics involved. What is unethical/annoying to you may not be to someone else.

The poster is free to use AdBlock and other scripts to improve his browsing experience and the NYT is free to install ways to get around ADB (of which many exist) or make content available to those who want it for free.


The NewYork times servers send information to an information processing device, they are going to have to accept the fact that the data they send back is not the webpage on your screen and instead must be processed by the browser and other software. If the NYT doesn't like it, they can stop serving content to devices that don't render the content the way they prefer.


I remember the day I figured out a Chrome plugin I regularly used was doing this. It was a Gmail notifier that had been widely used when I started using it. And after a while, I was getting the most annoying ads on YouTube without realizing that Google hadn't changed anything.

Rather, the plugin changed and added the ads to YouTube. It was so under-the-radar that I wouldn't have noticed unless I had decided one day to look up why YouTube was allowing allowing ads with sound to play over videos.

I'm a savvy user, but that was literally slipped under my nose. I think a lot of users that wouldn't have been nailed by such plugins in the past are starting to find them to be a huge problem.


Well, the official YouTube ads are rather invasive and awful as well...


The New York Times could probably commission a Sambreel detector for less money than it's losing to these scumbags. You have a right to the screen real estate in your own browser, of course, but the NYT has the right not to serve you content if you're not going to abide by its terms.

Whatever you think about the ethics of ad blocking (not a quagmire I want to wade into), NYT ads fund one of the best regarded operations in all of journalism, while Sambreel ads fund... what, exactly? Let's not lose sight of what a scam this is.


If a user knowingly choses to install a plugin that includes Sambreel, it's not a scam. It's their browser to do with what they will. Having said that, I'm guessing that there are a lot of scummy plugins/extensions that don't alert the user to Sambreel being installed. That's what's the scam here.

Also, the target of the funding shouldn't enter into a discussion about legality/ethics of the method.


The NYT is entitled to set terms that forbid the viewing of their site with Sambreel installed.


I agree it is a scam, but I disagree that NYT is good journalism. Good journalism is meassured in impact and NYT haven't gotten anybody kicked out of office in years.

It is a rag.


> At first glance, it seems unlikely that Sambreel is pervasive enough to affect the ad industry. After all, how many people are going to download junky browser plug-ins? On the other hand, Sambreel’s reported use of underhanded tactics could mean it is indeed widespread.

The pervasiveness of hijacking plug-ins is depressing. I lent my roommate my top-of-the-line MBP from 2008 and within a couple of months it was filled with bizarre homepage hijacking plugins. A few days ago I got a hijacked DM-tweet from a top investigative journalist. I wonder if general computer literacy and best practices will ever outpace spammers' ability to infect computers?


Why is it even possible to install these plugins in the first place? Shouldn't they be blacklisted?


Some folks are using general purpose computing devices to access the web.


I'm aware of that. I meant that Chrome should be blacklisting these plugins so that they cannot be installed, even manually.


Blacklists are a constant game of whack-a-mole. Anything you add to the blacklist will be replaced by 10 more variants.

Whitelisting would be a more reliable solution. It has snuck into consumer computing under a different name: app stores.


Interestingly, this is what Crome has done. The app store used to be a distribution point, but as of recent versions of Chrome it's become an exclusive source of extensions for exactly this reason. (There are fortunately ways around it, but it does minimize the threat of malware).


Correct, that's why I said "manually". I'm assuming these plug-ins are not already available in the Chrome store. I'm saying that in addition to that, Google should implement some sort of blacklisting, so that it doesn't get installed manually either.


This sort of ad replacement is one of the ways Kim Dotcom intends to keep himself in his mansion: http://news.ycombinator.com/item?id=4576834


A social media professional (relatively computer savvy) I know came to me recently thinking the Facebook page she managed had banner ads on it. I quickly found she had a browser extension adding it (don't remember if it's one this company created).

This company is parasitic, not adding value for anyone, the publisher or user. Despite the complaints about the Chrome store becoming more of a walled garden, perhaps it would help situations like this.


You hit the nail on the head, the walled garden isn't about malware, it's about killing ad replacement and the adwords revenue it kills.


I'm surprised we haven't seen more of this. I fully expect companies like refer.ly and skimlinks.com to implement this model with a twist: share the revenue with customers.

Customers could install the extension/plugin and browse sites as normal. However the ads they see would be earning them cash.


Yeah that was tried over 10 years ago with AllAdvantage.

http://en.wikipedia.org/wiki/AllAdvantage


This would violate the TOS of Amazon and I'm pretty sure most other similar programs.

In general I don't expect skimlinks' business model to work. Referral programs exist to incentivize linking to your site, not to share profit with a third party when a user of their site would have linked to you anyway.


I own my browser. I may choose to replace all ads on content I consume with poetry, or white space.

We need to be careful here. Simply because an ad-centric revenue model grew up around web content doesn't mean it is written in stone.


I'm not sure if I can agree with this. While I do understand where you're coming from I'm hesitant to say its okay to willfully replace ads on web pages. That's a point I don't have very strong opinions on but I do strongly believe that plugins like the one in question are unquestionably unethical and not okay.

You do own your browser but you don't own the sites you visit or their content. To me when someone argues for being able to replace ads on a website that's almost the equivalent of saying "I am entitled to take ownership of and alter anything I lay my eyes on". Some people counter by arguing that if it's not alright to replace ads then it's not okay to use custom CSS rules or plugins or apps designed to enhance readability. The fundamental difference between those things is that site owners want you to read their content and almost universally happily accept people using custom CSS and readability type plugins but replacing ads is different in that you are making a choice to put someone else's content on their site to the site owmer's detriment. If I were running a site that relied on ad revenue I'd almost prefer plugins that stripped out the ads altogether to one's that replace ads with one's that someone else will profit from. In the case of the former you could reasonably assume the visitor wouldn't be clicking any ads anyway but in the case of the latter that user may still click and youd get nothing.

Imagine there was an eyeglass company that sold glasses that would replace certain things you saw with other things that they decided on. I know this is far out but just follow me here. Now imagine owners of these glasses walk into a mall and the glasses replaced window signage and ads with ones from the eyeglass maker's preferred partners. The shop owners in the mall would be upset but the maker of the eyeglasses would claim they're just giving their customers the deals they want. And then a certain portion of the people who wear these glasses say "I own my eyes. I may choose to replace anything I see with whatever I want".

In 1996 I was 10 years old and grew up from that point on with the web. Ads were annoying for a time but the people posting and creating them learned really fast that their strategy wasn't working and from then on ads have been pretty polite. They mostly just sit in their grid positions. Sometimes they're animated and sometimes they have sound but it's off by default. I don't get why people hate online ads so much. They're easy to ignore and rarely if ever become intrusive these days. But that's a whole 'neither topic. My main point is that suppressing ads is one thing but to replace ads with others that deprive a site from the CPC revenue is unequivocally wrong. It may be legal but it's wrong.


The sites are free to ban/block users who use AdBlock and other plugins. The technology exists.

I use AdBlock and selectively whitelist domains that I support.


I don't get why people hate online ads so much. They're easy to ignore and rarely if ever become intrusive these days.

For my own part, I don't mind text ads; but animations or movement of any kind completely kill my ability to read. It's just the way I'm wired. I can't focus with movement or animation in close peripheral vision.

I also have no time for pauses or delays. I can't watch TV or listen to the radio at all any more because of ads. I just can't do it; an ad break comes on and I just want to turn the thing off and do something different.


> And then a certain portion of the people who wear these glasses say "I own my eyes. I may choose to replace anything I see with whatever I want".

Eh... I certainly wouldn't mind if I could buy a pair of glasses that blanked out ads, although replacing them with alternative ads would be pretty much equally scummy.


"My main point is that suppressing ads is one thing but to replace ads with others that deprive a site from the CPC revenue is unequivocally wrong. It may be legal but it's wrong."

This is exactly what I feared: a generation who grew up not knowing any better somehow deciding that simply because things were a certain way when they were 15 that it's wrong to change them. It is not.

The web is a communications protocol. It is not a way of life, the meaning of the universe, or written in stone. There are lots of communications protocols.

I can create content (interactive) or not and surface it on the web for others to consume. How, when, or why they consume it is none of my business (aside from perhaps wanting to control access to my content to certain people).

Look at it this way: who is in charge of my consuming your content? If I am blind, would you require me to listen to ads before my text reader started browsing the site? If I had difficulty seeing, would you prevent my browser from scaling the text so that I could see it better even if it ruined your layout? If I were busy, would it be a crime to have my secretary read relevant parts to me over the phone?

It's clear. I, and only I, control how I consume your content once you make it available. Now you might want me to go to some seminar where they'll hard-pressure me to buy timeshares before you turn on access. Fine and dandy. But once the port is open, I might telnet in and read the whole thing one byte at a time for all you care. Content providers are perfectly free to own and control access. They are not free to determine how I consume their content.

You know, there might be a lot more interesting and effective business models for folks interacting on the internet. Simply because we picked one back in 1995 doesn't make it the optimum for all time.


The site is welcome to have a login system with a terms of use agreement, or to use quizzes to verify ad exposures, etc, if they so chose.


But this isn't about exposure or impressions. This is outright stealing. There's a certain portion of users who will never click an ad and blocking them out completely is really no loss. But what's happening here is that ads are still displayed and in the event a person clicks the ad the revenue goes to someone else. The visitor didn't come for the ads, they came for the content. So the plugin maker is basically a leech. Replacing another site's ads with your own and taking the revenue is theft and if it happened to you I'm not sure you'd feel the same way. You know damn well your suggestion is totally unrealistic but it totally misses the point anyway.


I have to say I have more of a problem with the advertising exchange that is allowing this to happen than the "adware" company itself. Rubicon has to not only represent the campaign buyers interests but also maintain publisher brand safety to sustain a business model. It's just a matter of time before real publishers will inevitably leave Rubicon if they continue to disregard this fact.


What a coincidence... I removed this junk yesterday from my fathers computer. In this case, it inserts ads on top of Google search results and shows options to search using yahoo search among the other junk. Very annoying.


What's amusing to me is that you can build something like this with 100 lines of JavaScript and a bit of Rails scaffolding (I know because I've done it).


Is this new? Advice : Read all user reviews when downloading addons / plugins or any software.


astroturfing & paid reviews.


Curious. Doesn't bode well for the Kim Dotcom's MEGA project.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: