pleaseletmeadvertise.com WebSocket ads

[ghostwords]

URL(s) where the issue occurs

http://www.thecountrycaller.com/47805-att-inc-t-now-faces-opposition-from-politicians-as-well/

Describe the issue

If you wait a second or two, you should see ads appear to the right of the above page's content. At some point later, you might get a banner overlaying the page.

pleaseletmeadvertise.com is already in EasyList, but the following EasyList entries do not seem to cover WebSockets:

uAssets/thirdparties/easylist-downloads.adblockplus.org/easylist.txt
55628:@@||pleaseletmeadvertise.com/*-$script
55629:@@||pleaseletmeadvertise.com/*.$script,domain=linkshrink.net
55630:@@||pleaseletmeadvertise.com/*_$script
55631:@@||pleaseletmeadvertise.com/.adcenter.
55632:@@||pleaseletmeadvertise.com/.adforge.$script
55633:@@||pleaseletmeadvertise.com/ad*.$script
55634:@@||pleaseletmeadvertise.com^*/ads.js

Notes

See here for the responsible inline script as well as its unpacked, beautified version.

Screenshot(s)

[gorhill]

pleaseletmeadvertise.com is already in EasyList, but the following EasyList entries do not seem to cover WebSockets:

These are exception filters, their purpose is to cancel existing block filters, and to make things worst, except for one they are all generic, i.e. they override block filters for pleaseletmeadvertise.com on all sites. This tremendously sucks -- such exception filters usually exist to address limitations of ABP specifically.

What is your browser/version? I do not see the ads on my side using Chromium or Firefox -- they end up hidden.

[ghostwords]

I should have mentioned I turned off cosmetic filtering ... Would that explain why you are not seeing the ads?

[gorhill]

Yes.

In any case, I added a filter to completely block stuff from pleaseletmeadvertise.com so with this there is no images in need of hiding and the page loads faster -- pleaseletmeadvertise.com was probably pushing a bunch of crappy scripts.

[gorhill]

@ryanbr thecountrycaller.com needs to be added to $websocket,domain=.

[ghostwords]

I'll look for more examples of this script, fairly certain it's deployed on multiple domains ...

[gorhill]

Best would be to have EasyList remove these generic exceptions -- such exceptions will always end up abused by ad/tracker pushers.

[ghostwords]

Here are some more sites that include this tag:

allkpop.com
celebdirtylaundry.com
collectivelyconscious.net
destructoid.com
dumpaday.com
headcramp.com
i4u.com
instanonymous.com
mobipicker.com
navbug.com
opensubtitles.org
pwinsider.com
snoopfeed.com
sportsmole.co.uk
stream2watch.cc
streamgaroo.com
surenews.com
thinkinghumanity.com
toptenz.net
tribune.com.pk
vidmax.com
viralands.com
whydontyoutrythis.com
wrestlingnews.co
yourtango.com

Do you have to tie WebSocket blocking to particular site domains? Can we block pleaseletmeadvertise.com from making WS connections everywhere?

[ghostwords]

I'm pretty sure the company behind this tag is www.adreclaim.com, by the way.

... the FREE system that overcomes ALL adblockers so your ads are seen by everyone. We successfully get ads past adblockers caused by malware, adware, JS injections, plugins, extensions, toolbars and more.

[ryanbr]

Added the suggested domains to Easylist. Should work in uBo and ABP-dev.

[ghostwords]

@ryanbr I see the rule in easylist/easylist_specific_block.txt ... Would it make more sense to deny all connections (including websockets) to the advertiser's domains? Instead of enumerating the much longer list of publisher domains? Let me know what I'm missing please.

$websocket,domain=allkpop.com|boards2go.com|celebdirtylaundry.com|celebritymozo.com|collectivelyconscious.net|dailycaller.com|destructoid.com|dumpaday.com|extratorrent.cc|firstrowau.eu|firstrowus1.eu|flash-x.tv|flashsx.tv|flashx.me|flashx.run|flashx.tv|flashx1.tv|flashxx.tv|fmovies.to|free-torrent.org|free-torrent.pw|free-torrents.org|free-torrents.pw|gofirstrow.eu|gorillavid.in|gsmarena.com|health-weekly.net|i4u.com|ifirstrow.eu|ifirstrowit.eu|instanonymous.com|itechpost.com|izismile.com|jpost.com|lifehacklane.com|livescience.com|mobipicker.com|natureworldnews.com|navbug.com|ncscooper.com|newsarama.com|nowfeed2all.eu|nowvideo.sx|okceleb.com|omgwhut.com|openload.co|opensubtitles.org|parentherald.com|pornhub.com|postimg.org|putlocker9.com|pwinsider.com|snoopfeed.com|sportsmole.co.uk|stream-tv-series.net|stream-tv2.to|stream2watch.cc|streamgaroo.com|technobuffalo.com|the-watch-series.to|thevideo.me|thinkinghumanity.com|todayshealth.buzz|tomshardware.co.uk|tomshardware.com|toptenz.net|tribune.com.pk|uberhavoc.com|universityherald.com|vidmax.com|vidzi.tv|viewmixed.com|viralands.com|wccftech.com|webfirstrow.eu|whydontyoutrythis.com|wrestlinginc.com|wrestlingnews.co|xilfy.com|yourtango.com

[gorhill]

@ghostwords

Content Security Policy ("CSP") works on a whitelist basis, not a blacklist one. CSP is the only sure way to block websocket connections on Chromium-based browsers.

[ghostwords]

Got it, technical limitation. Good news though, looks like there is progress on the ticket to get this fixed: https://bugs.chromium.org/p/chromium/issues/detail?id=129353#c77

[gorhill]

Nice development, a patch for webRequest/WebSocket has just been submitted: https://bugs.chromium.org/p/chromium/issues/detail?id=129353#c77. If it is accepted, that will make a lot of websocket issues go away.

Edit: oops, I hadn't seen @ghostwords' comment above.

[Hrxn]

The patch referenced in that new comment, https://codereview.chromium.org/2449913002/

Well, I wouldn't say that I am an expert, but I think I know how to read a diff. And the only interesting change there, basically, is just one additional check: url.SchemeIsWSOrWSS()

Seriously? What am I missing here? It was basically all there before, already implemented?

[ghostwords]

Yeah, just not exposed to extensions. If you look at the updated code review thread, they note that more changes are necessary (URL match patterns need code/doc updates for one).