Wikipedia:Reference desk/Archives/Miscellaneous/2018 February 2

Miscellaneous desk
< February 1	<< Jan | February | Mar >>	February 3 >

Welcome to the Wikipedia Miscellaneous Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

February 2

Are there any online ad networks which are not at risk of being a malware vector?

Question as above. I have been selectively blocking scripts pretty much as long as I've been online (started with Proxomitron, and now use Firefox with Noscript, and I'm about to setup Greasemonkey with an anti-anti-adblocker script) but the need to do that has given me a small attack of conscience. I actually wish I could selectively allow some sites whose content I value to run at least non-intrusive, Google search type text ads, but I'm concerned about the malware risk. Programmatic advertising, AFAIK, is unfixably vulnerable to bad guys using it to spread malicious scripts. Am I right about that, or does a way to manage the risk exist? I'm not sure if Adblock Plus has this handled (never used it). What about The Guardian newspaper, which actually hosts its own ads on its own dedicated domain?

I can disrupt tracking by only letting whitelisted sites see my referer or save persistent cookies (the rest are cleared when I close Firefox) and only logging into the usual suspects as and when I need them, so I'm not so concerned about privacy. Just malware, and obnoxious screen-hogging or autoplaying video ads.

Hope this makes sense, and thank you in advance. 129.67.117.221 (talk) 18:05, 2 February 2018 (UTC)[reply]

I don't think there's an easy way to solve this. I have the same concerns and use similar tools, but really I'm not sure you can trust any website these days. Even Forbes, of all places, has infected people by accident. Adblock Plus by default allows "some non-intrusive advertising", which has been implied to mean networks that pay Adblock Plus developers, but I'm not sure what that would be, I see the same things with and without that option, so I presume NoScript kills everything.

That being said, I've seen some small sites return to non-active-content ads, i.e. simple GIFs and JPEGs statically loaded. This can be blocked by Adblock Plus and similar programs if you desire but not by NoScript, and ostensibly has a much smaller chance of doing damage to your PC, as one would have to exploit image handling specifically, and if there's a bug there you're at risk on any website with any ad blocker unless you're browsing with Lynx and such. 93.136.42.200 (talk) 19:08, 2 February 2018 (UTC)[reply]

Agree there is no good solution. In my experience, you are currently doing the best thing: FF/NoScript. True, it breaks much of the web, but I'd rather be annoyed by crippled shitty webpages than annoyed by malware/autoplay etc. Also, I've found that if you have a force gently nudging you away from sites that ask to load scripts from a zillion different places, you often end up getting better content ;) SemanticMantis (talk) 16:31, 4 February 2018 (UTC)[reply]

I believe that ad provider Project Wonderful only allows flat graphics as advertisements. Such advertisements themselves are generally considered safe.

However, clicking the banner could still lead to an unsavory site. And there's always the (small) chance that at some point in the future security holes will be found allowing flat .jpg,.png, or .gif files to carry malware. ApLundell (talk) 21:02, 4 February 2018 (UTC)[reply]