I don't understand why DNS ad blockers (Ad Guard, Pi-Hole, other) aren't frequently used across corporates. Especially given the regular-ish training on cybersecurity and related.
I don't understand why Apple does not ship Safari with an adblocker. They advertise how they keep you safe on the web but deliver one of the worst browser experiences and don't even support the plugins that would make it better, let alone include them.
I found the Orion browser and am never touching Safari again.
I'm skeptical that inside counsel would really have an issue with adblock or a moderate approach -- whitelist a subset of a subset of sites like YouTube that they might see risk.
Malware is absolutely distributed through ads. In the case of more reputable ad platforms that don’t allow arbitrary scripts, it’s by linking to malware, but they’re also used to serve drive-by exploits.
> You have higher chance of getting a malware from `pnpm add` than seeing an ad on the web.
If you’re a normal computer user who browses the web without an ad blocker and never runs `pnpm add`, the relevant chance is a little different. (Fun side fact: current pnpm wisely doesn’t run install scripts by default.)
Ads are basically running a program they wrote on your computer. If there’s any exploitable feature in your browser’s JS sandbox, count on someone sending you an ad that will exploit it.
To add to the other reply, there were even targeted malware campaigns through ad networks. Because nowadays, you can choose who sees your ads so precisely (by IP block or geolocation) that you can target individual organizations.