Commit 814847b9 authored by Aral Balkan's avatar Aral Balkan

Add three strikes policy

parent 153da0fc
......@@ -4,31 +4,51 @@
> “The Bild newspaper (or Bild-Zeitung, literally Picture Newspaper…) is a German tabloid published by Axel Springer AG.” – [Source](https://en.wikipedia.org/wiki/Bild)
## This shit has got to stop
## Strike two…
Bild knowingly added a content blocker blocker to the core JavaScript file that runs their site. Not loading this file is not an option as it basically disables the whole site. [Wired](/sites/wired.com) does the same thing. This appears to be an increasingly common tactic being employed by the [behavioural advertising industry](/sites/iab.com) to force people to stop protecting themselves from tracking.
Today, we are implementing a new policy to deal with malicious sites that actively threaten people’s safety on the web. **If we are prevented from protecting you from trackers on a site, we will treat the site as malicious and remove it from your web experience.** By filtering out malicious sites, we will enable sites that [respect human rights, effort, and experience](https://ind.ie/ethical-design) to rise to the top of search results.
**In fact, Bild are such bastards that [they don’t load the site at all if JavaScript is disabled](https://twitter.com/aral/status/758234563663495168).** No, no, not bastards… unadulterated, Class A, “we couldn’t care less about your human right to privacy” bastards.
The inspiration for this comes from a German tabloid, Bild, owned by Axel Springer. Last week, one of our customers <a href='https://twitter.com/dahanbn/status/758027299316965376'>alerted us that Bild was detecting Better and refusing people access to their site</a> unless they turned it off. This is unacceptable as turning Better means leaving yourself open to behavioural tracking and other web malware. As we’ve already seen, when [Forbes](/sites/forbes.com) did the same thing, [people who turned off their blockers were subsequently infected with malware served from Forbes’s advertising network](http://www.extremetech.com/internet/220696-forbes-forces-readers-to-turn-off-ad-blockers-promptly-serves-malware).
So, anyway, Bild’s blocker detection script checks if it can load one of their trackers, [SmartAdServer](/trackers/smartadserver.com). Disabling their blocker blocker is as trivial as [allowing that tracker to pass their detection](/trackers/Ω-ignore-previous-rules). This is, of course, less than ideal, and I’m going to look into further disabling parts of that tracker on Bild.de.
Bild chose to implement their blocker blocker in the core JavaScript file that runs their site. This means that we cannot trivially block their blocker detection without breaking the whole site. This is by design on Bild’s part. They want the site to fail if you are protecting yourself from trackers and malicous advertising. In fact, Bild has such low regard for their readers that [they their site doesn’t load at all if JavaScript is disabled](https://twitter.com/aral/status/758234563663495168)
But before that, let me say this: this shit has got to stop. And, one way or another, it will. We’re not going to spend hours trying to track down how you’re detecting and sabotaging the tools people use to defend themselves on the Web. Instead, if we cannot trivially disable your blocker blocker, we are going to remove you from the web.
In this instance, we were able to block Bild’s blocker detection by finding [the exact tracker they test for](/trackers/smartadserver.com) and allowing it to pass their detection script. So, “strike two!”, Bild.
Let me say that again just so it’s crystal clear: **we’re going to remove you from the web.** Ever play chess? That’s what’s known as checkmate and every game in this silly game of cat and mouse ends there.
[Wired](/sites/wired.com) have taken a similar approach. Their blocker detection is also in a JavaScript file called core. However, blocking this file on Wired doesn’t have a hugely negatively impact on the site. Most of their ‘core’ functionality apparently has to do with implementing behavioural tracking and advertising. The only other feature we’ve seen affected is their slideshow galleries. So, “strike two!” to you too, Wired.
You see this rule?
While we are currently able to protect people from tracking and malicious advertising on these sites, it is trivial for either to break what we’ve done. Needless to say, this is not a game of cat and mouse that we have either the time or patience to play. We are not going to spend hours investigating and implementing blocker detection circumvention for every aggressive and malicious site spurred on by the [IAB’s DEAL policy](sites/iab.com).
```
- trigger:
- url-filter: *
- action:
- selector: a[href^='http://bild.de'], a[href^='https://bild.de'], a[href^='http://www.bild.de'], a[href^='https://www.bild.de']
- type: css-display-none
```
Instead, we are now implementing a “Three Strikes And You’re Out!” policy. **If you make it difficult for us to protect people from tracking and malicious advertising on your site, we will treat your site as malicious and protect our customers from it by removing you from their web experience.**
**A rule like that, plus a few others, can remove Bild from every search engine and every site on the planet.**
### Three Strikes And You’re Out!
It’s not live at the moment but please, go ahead and block our blocker blocker blocker and make my day. – [Aral](https://ar.al)
This outlines our policy for dealing with aggressive and malicious sites that threaten the privacy and safety of people on the web:
#### Strike one
Your site implements behavioural tracking and advertising.
**Better:** *blocks trackers and behavioural advertising to protect people.*
#### Strike two
Your site implements blocker detection and blocking as per the [IAB’s DEAL policy](/sites/iab.com).
**Better:** *categorises your site as **Aggressive** and blocks your blocker detection/blocking.*
#### Strike three
Your site makes it non-trivial or impossible to block your blocker detection/blocking by including it as part of core functionality of your site.
**Better:** *categorises your site as **Malicious** and removes it from the web experience of the people who use Better.*
### Checkmate
Strike three is what we call checkmate in chess.
**If your site is malicious, we will remove links to it from other sites, including search engines, for people who are browsing the web with Better enabled.**
Needless to say, we hope that publishers [ignore the IAB’s DEAL policy](/sites/iab.com) and do the right thing, which is to [respect the rights, effort, and experience of their readers](https://ind.ie/ethical-design).
## Ethical design violations
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment