[RamRodification]

> only one person has to report an ad for it to go into a crowdsourced list that blocks it for millions of others

Is it that easy? Sounds very abusable

[rvnx]

Yes, and some list maintainers accept money to add or remove you from the list (officially, or officiously through a secondary maintainer, depending on the list), but otherwise it's no different than getting a domain marked as malware or phishing (with a few paid editors on Phishtank or VirusTotal).

It's easier to get a domain added than removed. and for the "corruption"/"rackeetering" part, it's a "win-win" for the adblockers and the list maintainers.

Adblockers also often pay browsers to be integrated by default (AdGuard, Adblock Plus, etc), and then they negociate with publishers to whitelist some domains (not necessarily the most obvious, can just be analytics).

"We offer your domain to be unblocked on xx millions of devices by default, this will create you a uplift of revenue of +yy%"

[bityard]

Which lists do this? Do any of them ship with uBlock Origin?

[JAlexoid]

Humans are really the primary attack vectors for any security system.

[kmlx]

yes, one of my clients was hit by this and i was tasked with solving the situation.

i had to create a ticket in a repo explaining why blocking a whole domain instead of a single subdomain was actually pretty bad. they approved it and reverted the change.

finding where exactly i had to open the ticket and what to write was a “down the rabbit hole” experience.

[pbhjpbhj]

Domains are cheap, don't serve content on an ad domain maybe?

Sounds like perhaps your task was to ensure a company's ads got through an adblocker?

[kmlx]

my task was to rectify an issue in one of these crowd sourced lists of ad servers.

they were blocking a whole domain instead of blocking the ad-serving subdomain.

the issue was rectified, the main domain was replaced by the ad-serving subdomain.

[hathawsh]

Still, as pbhjpbhj suggested, if I were publishing both content and ads, I would consider publishing the ads on a different domain (not just a subdomain) to reduce technical issues. Domains with ugly names are very cheap.

[kmlx]

of course, and this is a valid proposal. but that was outside the remit.

[__jonas]

You could be right but you are definitely jumping to a conclusion here.

The default lists used by uBlock for example include things like error tracking telemetry, Sentry for example.

I can see why people want to block that stuff (privacy) but it’s not exactly an “ad”

[fckgw]

Yes, but the effects of that abuse are observable and easily fixable. If suddenly a whole site goes offline for a bunch of people a change like that is likely to get reversed very quickly.