Inspired by the discussion in ‘they already have your data’ I was reminded that AdNauseam exists. I rarely see it mentioned in privacy circles but the idea seems attractive to me, I’ve used it before and since it’s based on uBlock Origin it was just as effective in adblocking and the “poisoning” itself unobtrusive. How do you guys feel about it? Are there reasons it should be avoided?
I used to work for a company that did the kind of data analysis AdNauseam is meant to foil. It doesn’t. If anything, it was kind of a joke around the office because the kind of junk that it throws out is easy to remove with a little statistical filtering. Just one more step in the processing pipeline.
Stick to just entering fake data when you have to enter data.
Considering there are services that remove false positives like that from your tracking data, I think it’s probably not worth using AdNauseam. Just use regular uBO and don’t connect to the ad servers in the first place.
I’m a big fan, especially because it not only makes my “profile” much harder to identify, it also costs the advertisers more. Anything that harms advertising is a good thing IMO.
Agreed! It blocks ads and malware while costing advertisers a ton. I’d love to see this go more mainstream and see all the panic by costing advertisers money without having people buy anything.
I think its a waste of time as they still get your data. They have algorithms designed to identify false positives in their click through rates and they have access to info from databrokers and things like facebook. Once they correlate that they know who the person is and the ip addresses and fingerprints of the hardware.
Instead I would recommend tails or use a combination of blockers and default with JavaScript and cookies disabled , only allowing on trusted sites.
Do you know if there are any writeups on this identification of falsw positives?
Not off hand but here is a product tailored to advertisers that claims to be able to do it https://www.anura.io/product
It stands to reason that this company must be successful in doing it if they are able to stay in business. That means ad companies are paying for it so they see value in it. So they are successful in eliminating or reducing their false positives.
This was a quick search as I’m on mobile and in a meeting at the minute but you can be sure the big guys have in house teams for this eg Google, Meta etc
You’re giving them way too much credit. These companies sell the illusion of success. It’s in their interest to only find just as many false positives to seem like they have it under control. They make money from these false positives, after all.
I do it myself by using belivable fake personal data where i can.
I am happy with it, I run it on all compatible devices. In the ad vault it says how much money was wasted on ads to you, but I do not believe that amount shown.
I’m not sure to what extent this works better than not clicking on anything at all:
Given that there’s already a quantity of data about me on the internet from before my “privacy adoption”, the brokers already have an idea about me. If i stopped clicking on ads, that idea would remain frozen in time with my preferences from that time.
If I started clicling on everything to poison that profile, couldn’t the brokers just filter the period when i started clickning everything? In that case, their profile of me would again remain the same they had when I stopped clicking at all, am I right on this?
They can, and they do. That kind of filtering is a grad school homework project.
, couldn’t the brokers just filter the period when i started clickning everything?
They don’t care about the quality of an individual profile, it’s the quality of the aggregate data that’s important to them. If anything, your profile might be identified as an outlier compared to the average and simply discarded. They’re not going to look any further than that and try and “rescue” your data, they’ve got a million other profiles to sell to advertisers.
Outlier profiles don’t get discarded. They get run through another statistical filtering step to smooth them out by eliminating the weird data points so that they’re less than a couple of standard deviations away from the core aggregate.
What happens if one of the ads is a malicious link?
Nothing. Because it discards any data returned from the click.
https://github.com/dhowe/AdNauseam/wiki/FAQ#how-does-adnauseam-click-ads
Sensible. Thanks.
From the FAQ: AdNauseam simulates clicks on Ads by issuing an AJAX request to the adserver in a background process. This request is made without opening any additional windows or pages on your computer. The text-only request is safely discarded by AdNauseam before it has a chance to execute in the browser (no DOM is constructed and no code is ever allowed to run). Further, all cookies from AdNauseam’s visits are automatically blocked before they reach the browser’s local storage.
Do advertisers maybe require a bit of JS to be run to validate a click? I can’t imagine they’re happy to lose money to completely invalid clicks…
The ad serving companies (Google) don’t care about what happens after the click (yet). As far as I’m aware no “handshake” process exists that would allow an advertiser to communicate with the as server and validate a click (such a process could be abused).
Most likely the advertiser would be using some form of client side analytics, so the click wouldn’t show up in their statistics, meaning the advertiser would see a huge discrepancy between the clicks they saw in the campaign and the clicks the ad server reports.
it just wastes my system’s resource for no gain. imo it’s sufficient to have a proper adblock + js/cookie/xhr whitelist + container tabs.
if you’re really paranoid you can rotate ip address or something similar,
