It garbles advertisers’ data as a result, but you must disable uBlock Origin to run it; they can’t work simultaneously. I recently moved to it and, so far, am never looking back!
Just curious- if ads are for something illegal, couldn’t this expose me to liability for theoretically “clicking” it from my IP/device? And if ads are for something unsavory ( like a “chat with local cougars” site or something similar), wouldn’t they start to deliver me more such ads, thinking, wow this IP is the only one clicking every sex chat ad, send them more!
How many websites do you browse with links to truly illegal content?
If you live in a country with truly abysmal human rights, definitely don’t bother with this plugin, but in most cases you should be fine on the illegal side.
Even if somehow the website you’re browsing has some super sketchy ad to
buyillegaldrugshere.comor whatever, to get in trouble with the law in most civilized places you’d have to actually buy the illegal drugs, not just ping the illegal drugs IP. Especially since you can pretty easily prove to a judge that your system fetches ad links automatically and without further engagement.Not saying it can’t happen, just that it’s really unlikely you would be served an ad for something so illegal just clicking on it is a liability. The literally only case I can think of coming close is CSAM, but even then, if you’re regularly browsing websites that advertise CSAM, maybe find other websites to occupy your time? And I can just about guarantee any website serving CSAM ads is already doing illegal shit, so you should probably be more worried about that than an ad-click…
I’m not sure how many ads on different sites are sketchy. I don’t feel like finding out, that’s why I block it. There have been plenty of reasons that all sorts of illegal stuff gets inserted on well-meaning sites, so it seems like it’s inviting all sorts of trouble to automatically click stuff without consideration.
I don’t know, just sounds like I’d be contributing to the marketers metrics so they can show “it works”. it’ll only make them invest in ads more. if anyone thinks capitalists are these genius level manipulators who know how everything works I only refer to the richest person alive being the least charismatic, least knowledgable, unfuckable troglodyte who keeps making an ass of himself.
if any of these companies suffer any losses or reduced profits they’ll just fire hardworking people, not one of them will turn around and say maybe the ads aren’t working when you actively work to show them that it is working.
… until they keep having to dismiss people and go, “… huh.” This is a marathon we’re playing. You certainly don’t have to use it, but I think the philosophy makes sense, especially given how AdNauseam doesn’t click on acceptable ads that don’t track you.
they will never go “huh”. you give way too much credit to corporate management.
Couple of issues I’m wondering about…
First, wouldn’t clicking on everything just make you easier to track?
Second, how much bandwidth would all this use?
- not in this way
- not enough to matter
the way it works is sending an HTTP request that registers as a “click” to the advertiser (thus costing them money), but then doesn’t actually let the browser download any content and fetch the webpage, basically pi-holes the destination site and any attached tracking cookies. Combined with the fact that it does this to every ad, it would basically poison any click tracking.
edit: pedants
and before I get any more of you, this is just what I remember reading about adnauseam, do not take it as gospel, go look at AdNauseam’s FAQ.
deleted by creator
none
Ah great
it works [by] sending an HTTP request that registers as a “click” to the advertiser
Uh, wait a minute. 🤔
Sending a request also uses bandwidth, you know.
A basic GET request, even with a long querystring, will be negligible even on a 1998 dial-up connection.
Right, but thousands of them, possibly every day? Could perhaps affect your data consumption on your phone e.g. 🤷♂️
Edit: I got it guys, thanks.
I don’t know of any data plan that limits on the upload. Caps are usually on the download side, and TFA says it does not download the server response.
You aren’t terribly familiar with how much traffic we generate nowadays… are you? If we were still on 2G and isdn / dsl sure. You’d likely see a slight latency jump. On anything from this last decade+ ? Not a chance.
I’m not, am I. I hadn’t done any calculations regarding this. It was strictly hypothetical, as you can probably tell from the question mark and 🤷♂️. 👍
I’ll be honest - you weren’t really presenting your case in that way. Understand my confusion: you seemed pretty adamant about your concern with no backing data on it. Most people pick their hills with something to back them.
Okay, fine, not enough to matter. Are you satisfied with that?
Jesus, you got defensive quick and hard. Sorry I rustled you.
https://lemmy.world/comment/16187642
🤷♂️
furthermore: lmao.
you’ve got to try a lot harder to “rustle” me, but I like your moxie for thinking you did, sport
doing the math, even the cheapest phone plans that don’t explicitly exclude data, nowadays include at least 1GB of data for free. Usually more. Almost any reachable amount of outbound requests to click on ads would barely put a dent in your data allowance.
You definitely seem rustled.
if you say so, whatever makes you happy.
Now the name calling. Cool, dude.
I’ll concede the data plan dent thing; I hadn’t done any math regarding that. Thanks for clarifying that to me and everyone else!
But you did say “none” so I just pointed out the fact that it’s not none. It’s some. I wasn’t wrong to point that out. No matter how much of a stickler you find me for that.
But that’s no reason to post images implicitly depicting me to be some kind of fat nerd.
You’re a rude person. Autistic or not.
I’ll concede the data plan dent thing; I hadn’t done any math regarding that. Thanks for clarifying that to me and everyone else!
I accept your concession, better luck next time.
But you did say “none” so I just pointed out the fact that it’s not none. It’s some. I wasn’t wrong to point that out. No matter how much of a stickler you find me for that.
pedantry is pedantry, if you interject with “well ACKSHUALLY” over literally a couple kilobytes of data in this, the Year Of Our Lord 2025 where common storage device sizes are in the multiple terabyte range, and 100mbps down/10 up is exceedingly common, expect to be called one. It is functionally none, because it is not 1993.
Autistic or not.
can’t even come up with your own insult for me, just gonna steal that sad attempt at bait from the other guy? how… underwhelming, must do better. 🤡
“I have drawn YOU as the soyjack and ME as the chad, therefore you lose the argument”
Are you autistic?
Yeah.
Is that a fucking problem?
It is when you’re being rude for no reason.
Using autistic as a derogatory slur is rude for no reason.
what a rude thing to say, especially considering I wasn’t talking to you.
I’m gonna keep it that way, best of luck baiting someone else champ.
I mean, that image is pretty rude, too.
lol I know right.
That HTTP request would also show up in the advertisers web logs with your origin IP address.
I think we’re far past caring about a website logging an IP address.
I’m past caring about giving my IP to a website that I want to use, but what this is doing is handing out your information to every single advertiser that is published on any page you visit. In some cases this plugin would match the definition of “leaking personal data”.
You do you though. I won’t stop you.
Most people dont have static IPs. All the ads would see is web requests from random residential ips from a certain country.
When was the last time you checked the length of your DHCP lease?
I don’t know about NZ (or wherever you are), but IP addresses for residential access in the US don’t really change all that much. It’s… concerning.
so use a VPN? if you’re the sort of user using AdNauseam, and is concerned about tracking, you’re probably also the sort of user who already uses a VPN.
I’m behind SEVEN proxies!
What are they going to do? blacklist me and stop serving me ads?
Oh no
If you care about your information and privacy, why are you giving them your information for nothing?
You do have a point, but… It’s not for nothing. It’s to hurt the predatory ad industry. And what you give up isn’t much: your IP address and likely the referral (so they know you visited website X that was serving their ad). It’s up to you to decide whether that’s an acceptable privacy cost to conduct this kind of guerilla ad warfare.
It would be cool if it could somehow integrate to a VPN and only do that while the VPN is active. I don’t think it’s possible, though.
edit: Just found out from their FAQ:
Does AdNauseam respect the browser’s private-browsing/incognito modes?
Yes, AdNauseam does not collect or click Ads that occur on pages loaded in private-browsing or incognito windows, unless manually enabled by the user.It would be cool if it could somehow integrate to a VPN and only do that while the VPN is active. I don’t think it’s possible, though
Potentially possible, but I agree, likely not worth the effort.
Yeah, I can’t find an answer whether the “click” is behind some obfuscation, or if the “click every ad” is the obfuscation step itself by attempting to poison the data. The latter may work but yes, may actually increase tracking. Wish that answer wasn’t so hard to find on their site.
Did you look at the FAQ?
https://github.com/dhowe/adnauseam/wiki/FAQ#how-does-adnauseam-click-ads
Thanks, I didn’t see this, there was a different embedded FAQ that didn’t have the specific Q & A below.
But, if anything, it seems to confirm the ad itself is just legitimately clicked from the user’s IP address and hidden from the user, and that there is code execution protection, but not that there is any privacy protection? It’s still very ambiguous.
How does AdNauseam “click Ads”?
AdNauseam ‘clicks’ Ads by issuing an HTTP request to the URL to which they lead. In current versions the is done via an XMLHttpRequest (or AJAX request) issued in a background process. This lightweight request signals a ‘click’ on the server responsible for the Ad, but does so without opening any additional windows or pages on your computer. Further it allows AdNauseam to safely receive and discard the resulting response data, rather than executing it in the browser, thus preventing a range of potential security problems (ransomware, rogue Javascript or Flash code, XSS-attacks, etc.) caused by malfunctioning or malicious Ads. Although it is completely safe, AdNauseam’s clicking behaviour can be de-activated in the settings panel.
You know this is the good shit because when it first came out a few years back google was running a huge disinformation campaign against it. You’d search for “adnauseum” in google and the first result would be an article from some weird advertising company calling is “insecure” and “malware” without any actual argumentation behind those claims, while no other search engine returned that article (I lost the screenshots, so yall are just gonna have to take my word for it). They also delisted it from the chrome store for not discernible reason. They were afraid.
But nowadays I’m willing to bet that they figured out how to detect adnauseum’s fake clicks and filtering it out. Stuff like that needs a talented development team to keep it up to date.
Has the same limitations as uBlock Origin with Manifest v3 and won’t work in Chrome.
If you’re still using chrome at this point that’s on you.
I was actually curious about this as we’re forced to use Edge or.Chrome at work.
I use Librewolf. The comment was meant as info for those who think that having uBlock as a base still holds significance in light of Manifest v3.
I meant the general “you.” “People” would have worked.
Or a Chrome derivative
The solution is simple. Chrome ditches manifest v2? Ditch Chrome.
deleted by creator
deleted by creator
Is there an aspect of privacy through throwing loads of bullshit data though? Instead of blocking the tracking you flood it with crap
You could try being just a little optimistic if you want to sell your actually good points. Consumerism wins when you let it, and the only way to judge when it has are by your own merits, even now it gets to you with that mindset.
Google has put a lot of effort into detecting and blocking stuff like this. They call it “click fraud”, if you want to look it up.
It’ll just mean they start ignoring clicks from you.
That, I guess, it’s the whole point. Stopping being tracked 🙂
They call it “click fraud”,
No, click fraud is using botnets to click ads in your site to increase your revenue.
When Google can’t extract money from you that’s fraud!
deleted by creator
OK… If trust is bro, then they won
But I ain’t no middle schooler, so you need to explain like I am 5 how this solution is in fact superior to uBlock
Is there any proper research on this?
It is literally uBlock. It updates with uBlock, uses uBlock filtering, uBlock options, uBlock UI.
The only difference is that it also does ad fuckery and there is a button that you can press to configure the ad fuckery and see a log of the ad fuckery.
Other than that it is exactly uBlock.
deleted by creator
if enough people start doing it might be effective
Not sure how true it was, but there was a YouTuber claiming that their videos were getting entirely demonetized because too many of their viewers had Ad blockers enabled. So even though 75% of people were seeing ads on the video, Google was keeping that ad revenue, withholding it all from the creator because 25% weren’t getting ads. The claim the youtuber made is that this will probably predominantly impact creators with a more tech savvy / privacy aware audience, resulting in less of that niche content.
Anyway, this is anecdotal, but I wouldn’t put it past Google to pass the issue to the creators for the actions of their consumers, even though it’s not their fault.
google has way too much power. its threat to everything
Creators who care about privacy should not support Google’s monopoly by using YouTube as their platform of choice.
legit, there are so many platforms out there, idc which one they use, but pretty please, just mirror your content. Why’s it so hard 😵💫. The group im referring to doesnt even have the “money ads” argument as what most small creators earn on yt is peanuts.
Throw in a dash of track-me-not (https://www.trackmenot.io/) and maybe they’ll start ignoring your search queries too! Worst case my actual searches are so buried in the bs deciding what to market would be easier from my screen-name.
can confirm. You know those ‘google rewards’ things? they slowly stopped going for the results from trackmenot lol
it was nice to get $1 a month off my VPN subscription lol
Fascinating, thanks for sharing! What is the best, current Firefox fork of this one, if you know?
it’s a browser extension for Firefox, not a fork of Firefox. Or did I misunderstand you?
I was reacting to its GitHub:
This project is NOT currently being maintained. Code is made available for developers to fork. This is the FireFox version of the project, for Chrome see https://github.com/vtoubiana/TrackMeNot-Chrome.
So I’m wondering which active fork is best to go off of for Firefox. I could’ve been clearer; my bad.
deleted by creator
Automated ad clicks probably are breaking the rules, TBF.
Don’t care. At this point I will take being actively malicious toward them.
Monopoly money
That comment is correct on so many levels…
This would still make a connection to the ad servers that can then track me though.
I guess with a hardened browser and a VPN it would be alright.
At this point I think it’s better to poison the well.
Good start. Now make a version that clicks each ad a random number of times from randomly generated IP addresses.
That’s not how IP addresses work.
It does if it reports the URL to click home somewhere and users can opt in to pull the list to auto click.
It would DDoS the ad servers. Muwhahahaa
Yes. That’s just what I want. An extension sending all ads served to me to a central location, so my fingerprint can be very easily indexed and stored on a definitely never hacked, leaked, or sold database.
And it would totally never get abused or hit a false positive.
Totally doable if this was a distributed service.
ok not randomly generated, but you know
What if we use a Visual Basic UI to hack the IP address by netmask?
Is it from this? https://youtu.be/hkDD03yeLnU
Have it form connections to all the other browsers using the extension and they all send a click.
now you’ve broken the law by creating a botnet.
peer networks are not illegal if the peers are consenting members.
Naw, it’s an MMORPG.
Is the botnet itself breaking the law or is breaking the law with a botnet breaking the law?
I’m pretty sure it’s not a botnet until it’s used as one or the intent of it is to be used in the same way a botnet is used.
Okay okay, how about a counter that is updated with each user clicking on an ad, and the client can decide what they want to do with that information, totally not a botnet right?
It just changes the user agent instead…
Nothing is random
In bot cases like this you would have a proxy list that it “randomly” picks from
deleted by creator
You would need to literally connect to a proxy and send the request through that proxy in order for ads to see an IP different than you own.
Yes that is what was proposed, you’re the only one who seems unclear on it
deleted by creator
You can fake your IP. There isnt really any authentication at the IP level. Just make a packet and overwite the IP field.
Edit: I was corrected. The TCP handshake requires you to have a valid IP you can respond from. So even though you can fake your IP, you can’t use that to talk to most websites.
You need a TCP handshake prior to sending any http payload.
Oh yeah. Forgot about that.
deleted by creator
I misremembered my internet class. Sucks that it made ya feel bad.
Edit: and you can put whatever you want as your source IP at the IP level. Though idk how modern security deals with that. I know I was taught that that was a way to DoS attack, so I imagine it’s protected against.
Interesting, was wondering about this. This would also “help” the websites with more ad income right?
if thats true, brb setting up a website and a bot farm
Haha I imagine they need at least unique ip addresses to count. Now I wonder if for clicks to count you need to properly click through and load the target website with the same “browser fingerprint”.
Careful: that then enters the world of ad fraud, which randos like us doing the clicking isn’t considered as.
Potentially.
deleted by creator
This would just give money to the advertisers.
This transfers money from the advertiser to the advertising agency, without creating a sale for the advertiser. This devalues the services of the agency.
I still don’t want to give those fuckers money. If I just use uBlock, the ad is never seen, thus no sale is made and the slimy ad company gets money.
Totally, it’s up to you. The idea for fake-clickers is the long game: the marketers think they’re landing clicks over months or possibly even years, but
willmay slowly realize (gotta account for the stubborn ones) that it’s ineffective and eventually pivot to different approaches, hopefully ones that involve less tracking (I can’t imagine what any worse approach could be, at least).
Why can’t uBlock Origin and this thing work at the same time?
because it’s a modified uBlock Origin, so it’s like running two ad blocking plugins at once, which isn’t recommended. and if uBO blocks an ad first, AdNauseam won’t be able to detect it and click on it.
anyway, I remember reading a long time ago how that approach isn’t going to harm ad companies anyway, because [technical reasons that I don’t remember at all].
It’s a bit redundant to run both at the same time, considering they both practically do the same thing and one is built off of the other.
It’s not even practically the same thing, it is exactly the same plugin as uBlock Origin, same UI, blocklists, etc but with added features.
Can’t tell if 4/1 gag or not! Brilliant!
This has been around for years. It’s legit.
Oops, lol, I forgot about the date. This has existed for years.
Some ads have used browser exploits to infect visitors in the past. So this is a very, very bad idea, if it actually is implemented in a way that is hard to filter for ad networks.
So the way I understand this to work, it’s 100% safe from the type of attack you’re describing.
You are clicking the link (asking the advertiser for the data) but then never actually fetching it.
So you can never get the malicious payload to be infected.
Im too scared to trust it works out fine in the end to use it, been raised on the idea that interacting with an ad in any way other than task managering the pop up is dangerous. Wheres the part of the code that makes it safe and a write up of how it functions, otherwise im fine just blocking ads with regular ublock.
What makes you think uBlock is safe without checking relevant code sections?
Here you go, from the repo:
const visitAd = function (ad) { function timeoutError(xhr) { return onVisitError.call(xhr, { type: 'timeout' }); } const url = ad && ad.targetUrl, now = markActivity(); // tell menu/vault we have a new attempt broadcast({ what: 'adAttempt', ad: ad }); if (xhr) { if (xhr.delegate.attemptedTs) { const elapsed = (now - xhr.delegate.attemptedTs); // TODO: why does this happen... a redirect? warn('[TRYING] Attempt to reuse xhr from ' + elapsed + " ms ago"); if (elapsed > visitTimeout) timeoutError(); } else { warn('[TRYING] Attempt to reuse xhr with no attemptedTs!!', xhr); } } ad.attempts++; ad.attemptedTs = now; if (!validateTarget(ad)) return deleteAd(ad); return sendXhr(ad); // return openAdInNewTab(ad); // return popUnderAd(ad) }; const sendXhr = function (ad) { // if we've parsed an obfuscated target, use it const target = ad.parsedTargetUrl || ad.targetUrl; log('[TRYING] ' + adinfo(ad), ad.targetUrl); xhr = new XMLHttpRequest(); try { xhr.open('get', target, true); xhr.withCredentials = true; xhr.delegate = ad; xhr.timeout = visitTimeout; xhr.onload = onVisitResponse; xhr.onerror = onVisitError; xhr.ontimeout = onVisitError; xhr.responseType = ''; // 'document'?; xhr.send(); } catch (e) { onVisitError.call(xhr, e); } } const onVisitResponse = function () { this.onload = this.onerror = this.ontimeout = null; markActivity(); const ad = this.delegate; if (!ad) { return err('Request received without Ad: ' + this.responseURL); } if (!ad.id) { return warn("Visit response from deleted ad! ", ad); } ad.attemptedTs = 0; // reset as visit no longer in progress const status = this.status || 200, html = this.responseText; if (failAllVisits || status < 200 || status >= 300) { return onVisitError.call(this, { status: status, responseText: html }); } try { if (!isFacebookExternal(this, ad)) { updateAdOnSuccess(this, ad, parseTitle(this)); } } catch (e) { warn(e.message); } xhr = null; // end the visit };That’s pretty much it! Let me know if it doesn’t make sense, I can annotate it
That’s the stupidest thing I’ve heard, you’d have to be deranged to want an extension clicking random shit.
Edit: I’ve actually read it now and while not so bad, I still wouldn’t use this on a computer that has my stuff on it.
it doesn’t actually click on stuff. it “clicks” so that the advertisers’ and your digital footprint’s statistics get messed up, but you never see the results of the clicking, nothing pops up, nothing gets downloaded
It also adds noise to the site metrics and recommendation algorithm making them less valuable overall.
It’s like the application that will watermark images with digital noise designed to throw off AI training that uses that image.
You’re no longer a user who is able to be profiled (because you ‘like’ things completely at random). If everyone was using a plugin like this then advertisers wouldn’t be able to serve targeted content because they wouldn’t know what content types work best for each user because every user clicks ads randomly and so there is no detectable signal, just noise.
You get the same effect, but reduced, if less people are using it.
In addition, if half of the users on a website are using adblockers and suddenly those users start clicking ads, then it costs twice as much to advertise while not providing any additional customers which makes spending money on web advertisement less attractive.
IMO, this is a bit much.
It’s one thing to block ads, it’s another thing to essentially participate in an ad fraud scheme. If this simply hurt Google, I would have no issues (they are corrupt criminals, an American oligarchic institution), but you also risking harming independent sites that have done nothing wrong.
Why is advertising ok, but any response in opposition of it, is not?
This is an excessive approach that risks collateral damage to 3rd parties who are not involved.
I have no issues with blocking ads (internet is unusable without ublock origin + Pihole), but actually simulating clicks is IMO not the right approach.
I still don’t get why you think it’s not the right approach. Seems perfectly fine to me.
Because this will cause problems for independent website operators.
Blocking ads is one thing, but this risks fucking up their digital advertising accounts.
Isn’t that the point, to fuck up digital advertising accounts so the data is unreliable and can’t be used?
this will cause problems for independent website operators.
This may seem to be a legit criticism at first, but AdNauseam allows ethical ads so anyone using good, safe stuff should not get affected. There is an entire section in AN’s documentation about not clicking on this specific ad group.
As for the vast majority of the rest who don’t use ethical, non-tracking ads: let 'em have it! ⚔ AdNauseam users (and users of any similar tools; I don’t know what else is out there) must first hold a fundamental view that the tracking world is extremely violating, of which ads are a subset. Long gone are the glory days when ads were funny, appealing, and well-made, and didn’t track people; ad companies gather data on us and if they get hacked, that info flies out in the open: all without our knowledge or true consent. Is that something you’re fine with? Additionally, more and more ads are proving to be entire scams, or otherwise shams that did not fully deliver, that have harmed consumers who legitimately click through.
The long-term goal is to teach those who use malicious ads that this is an unacceptable, unsustainable practice and that they need to market in better ways if they wanna keep doing this (again, going back to the pre-Internet glory days when Coca-Cola, etc. ran awesome TV ads and when there was no or nearly no account-tracking—or just any semblance of it).
Good to hear.
No of course I am not down with tracking BS.
But I do use some smaller niche sites (for some of them I have subs or patron) and I would not want them to be hit (no clue what ad providers they use).
Collateral damage to advertisers? Sounds like a feature, not a bug.
Remember, advertising is jist a new word they made to wash over the ick with its original name, propaganda. I’d rather not participate in any propaganda.
You incorrectly use the term ad fraud, which addresses advertisers themselves automating clicks on their own links to generate fake income. There is nothing wrong with people-with-no-corporate-interest who click.
To each their own. I’m in your boat too, I think.
