Back

The "scam" of "opt-out" features

The multiple issues of advertizing servers

Advertizing servers may be criticized for a number of reasons:

The multiple issues of "opt-out" features

We could conclude that "opt-out" features are considered harmful, or even that they are borderline "scams", because of the following reasons:

Actual solutions to the advertizing (or "spam") problem

Protecting yourself and your network from advertizing servers and web bugs is unfortunately made as hard as possible by browser vendors and advertizing corporations. However, here are some known solutions, as well as their drawbacks:

Solutions Drawbacks
Disabling javascript, Flash and access to all third party images and iframes at the browser-level. Although this seems ideal on a security standpoint, many contemporary sites will not function properly. Although disabling javascript and Flash is easy in most browsers, disabling access to third party images and iframes is often harder, sometimes requireing third-party modules or patches. This will also only protect this browser, not other web/HTTP clients or machines, unless they have the same configuration.
Using a custom "hosts" file. Requires a large up to date database of host names to redirect to localhost. Requires one entry per domain variant, when web bugs and advertizing sites may even autogenerate permutations. Only protects the local machine. May inadvertently affect other services than HTTP. Requires trust in the database provider if using a "hosts" file from a third party. The "hosts" file is also not designed for this task, and the DNS libraries normally only expect this file to hold a few entries for small networks. A DNS server is normally used for larger networks with more entries. Using the "hosts" file for this is thus inefficient on several levels.
Using a custom DNS server. Has all the disadvantages of using a "hosts" file above, except for more efficiency looking up entries in the database, and the fact that the DNS server can also be used by other machines of the network. Requires a more competent systems administrator to install, configure and secure the server, as well as to configure the clients to use the custom DNS server (either via DHCP or statically).
Using browser-level specialized third-party modules such as "adblock", "noscript" and "requestpolicy" for Firefox. Requires regular administration or update of the advertizing servers database. Requires trust in third-party databases if using them. Can only protect the local browser, not other web/HTTP clients or other machines, unless they share the same configuration. Sharing the configuration among several browsers and systems may not be trivial.
Using a custom HTTP proxy server which specializes in filtering requests based on regular expressions matching to protect the whole network, such as Privoxy. Filters are less problematic to update than DNS filters because of regular expressions matching, and transparent firewall rules could cause all HTTP/web clients to connect though it. Will not affect non-web protocols. May also be taken advantage of to forge HTTP-Referer to point to the destination site, or the User-Agent to a more secure string that avoids disclosure of specific software and version, etc. Can also redirect requests transparently to another HTTP proxy server specialized on caching, such as Squid, and may also be used in conjunction with a custom caching DNS server for enhanced network performance. We recommend this solution if possible. Requires regular administration or update of the advertizing servers filters database. Requires trust in third-party databases if using them. Requires a competent enough systems administrator to install, configure and secure the server, as well as to configure the clients to use the custom HTTP proxy server, in browsers or through transparent proxying firewall rules (we recommend the latter).