Hacker News new | ask | show | jobs
by ndriscoll 304 days ago
In the sense that someone sending you a surprise crypto miner with their webpage or bundling a botnet trojan into a program they give you is just them putting it on their own space, sure. If they send it to me though, my security software will promptly filter it out or otherwise not allow it to run. My firewall will block connections to their known-dodgey payload hosts from all computers on my network. My computer is not for running someone's miner, and that's not the intended purpose of allowing scripting. Likewise, my screen is not for displaying ads; it's an abuse of scriptable documents that gets filtered out. Opening a web page doesn't create some obligation to run malware.

fwiw making an offline analogy, I also live in a city where outdoor advertising signs are generally banned (with some exceptions like saying the land is for sale, or small ground-level signs with height/width restrictions at an entrance indicating which businesses are on a lot), so even on their own land/their own space, businesses putting up things like billboards would be spam and disallowed.
1 comments
amadeuspagel 304 days ago
Displaying information is most basic feature of the web. An ad is simply information that someone paid for. It is not at all like a crypto miner or a botnet trojan.
link
ndriscoll 304 days ago
In practice ads are delivered by adware (and bundled with spyware), and are pretty much always a type of trojan (you never receive warning that a site is going to send you ads). Characterizing them as information is also misleading; their entire purpose is to get people to make suboptimal if not poor decisions. They're somewhere between noise and disinformation.

Without the malware part, there would obviously be no objection on the grounds that you're "free-riding" since there would be no measurement. But even simple images or text can be and frequently are a malicious attack on one's mind (e.g. soda/fast food ads, links to fraudsters), so even without a software component, it is good security posture to filter them.

The scripting capabilities of the web are meant for people like [0] to use. Using them for surveillance and propaganda distribution is abuse.

[0] https://ciechanow.ski/

link