Bild by Axel Springer (bild.de)

“The Bild newspaper (or Bild-Zeitung, literally Picture Newspaper…) is a German tabloid published by Axel Springer AG.” – Source.

Strike three: Bild is off the Better web.

Bild was the site that inspired our Three Strikes And You’re Out! policy, so how fitting that they should be the first site to trigger it.

Since we wrote the Strike Two, section, below, Bild updated their blocking code to use malware-style functionality to effectively block Better from protecting you on iOS. (We could still circumvent their blocking on Mac using an additional Safari Extension but we can’t do this on iOS.)

We now classify Bild as a malware site. Since you cannot visit Bild in a manner that protects your human rights, the only way we can protect you from Bild is by removing it from the Better web.

What this means is that we are now actively blocking links to Bild from the web in general. This means that people running Better will no longer be accidentally exposed to Bild from search engine results or from other sites like Twitter.

Blocked on the web in general

Any links that include bild.de on any web site are now removed.

Blocked on Google

Here’s how Google search results look for Bild without Better enabled:

Bild.de: Google, before blocking

And with Better:

Bild.de: Google, after blocking

As you can see, the links for Bild’s site are no longer in the results and you cannot click from Google to Bild.

Blocked on DuckDuckGo

Here’s how DuckDuckGo search results look for Bild without Better enabled:

Bild.de: DuckDuckGo, before blocking

And with Better:

Bild.de: DuckDuckGo, after blocking

Similarly to Google results, the links are no longer visible and you cannot click them to get to Bild.

Blocked on Twitter

We have also blocked links from Twitter to Bild. This is how Bild’s Twitter account looks without Better enabled:

Bild.de: Twitter, before blocking

And with Better:

Bild.de: Twitter, after blocking

As you can see, the links to Bild’s web site have also been removed on Twitter.

Please let us know if you notice any links on the Web to this malware site that are not being blocked by Better and we will look into it.

To the folks at Bild, we can only say this: Stop acting like malware and we will stop treating you like malware. Until that time, the Better web is perfectly happy without you.

Strike two…

Bild with its blocker blocker blocked

Today, we are implementing a new policy to deal with malicious sites that actively threaten people’s safety on the web. If we are prevented from protecting you from trackers on a site, we will treat the site as malicious and remove it from your web experience. By filtering out malicious sites, we will enable sites that respect human rights, effort, and experience to rise to the top of search results.

The inspiration for this comes from a German tabloid, Bild, owned by Axel Springer. Last week, one of our customers alerted us that Bild was detecting Better and refusing people access to their site unless they turned it off. This is unacceptable as turning Better means leaving yourself open to behavioural tracking and other web malware. As we’ve already seen, when Forbes did the same thing, people who turned off their blockers were subsequently infected with malware served from Forbes’s advertising network.

Bild chose to implement their blocker blocker in the core JavaScript file that runs their site. This means that we cannot trivially block their blocker detection without breaking the whole site. This is by design on Bild’s part. They want the site to fail if you are protecting yourself from trackers and malicious advertising. In fact, Bild has such low regard for their readers that they their site doesn’t load at all if JavaScript is disabled

In this instance, we were able to block Bild’s blocker detection by finding the exact tracker they test for and allowing it to pass their detection script. So, “strike two!”, Bild.

Wired have taken a similar approach. Their blocker detection is also in a JavaScript file called core. However, blocking this file on Wired doesn’t have a hugely negatively impact on the site. Most of their ‘core’ functionality is concerned with implementing behavioural tracking and advertising. The only other feature we’ve seen affected is their slideshow galleries. So, it’s “strike two!” for Wired also.

While we are currently able to protect people from tracking and malicious advertising on these sites, it is trivial for either site to break what we’ve done. Needless to say, this is not a game of cat and mouse that we have the time or patience to play. We are not going to spend hours investigating and implementing blocker detection circumvention for every aggressive and malicious site spurred on by the IAB’s DEAL policy.

Instead, we are now implementing a “Three Strikes And You’re Out!” policy. If you make it difficult for us to protect people from tracking and malicious advertising on your site, we will treat your site as malicious and protect our customers by removing you from their web experience.

Three Strikes And You’re Out!

This outlines our policy for dealing with aggressive and malicious sites that threaten the privacy and safety of people on the web:

Strike one

Your site implements behavioural tracking and advertising.

Better: blocks trackers and behavioural advertising to protect people.

Strike two

Your site implements blocker detection and blocking (e.g., influenced by IAB’s DEAL policy).

Better: categorises your site as Aggressive and blocks your blocker detection/blocking.

Strike three

Your site makes it non-trivial or difficult to block your blocker detection/blocking without breaking the site (e.g., integrating blocking detection/blocking functionality into core functionality of your site, obfuscating it, etc.)

Better: categorises your site as Malicious and removes it from the web experience of the people who use Better.

Checkmate

Strike three is what we call checkmate in chess.

If your site is malicious, we will remove links to it from other sites, including search engines, for people who are browsing the web with Better enabled. We do this to protect our customers and to enable sites that do respect people’s rights, effort, and experience to filter to the top and gain visibility.

Needless to say, we have not implemented Strike Three for any sites yet and we hope that publishers ignore the IAB’s DEAL policy and do the right thing (respect the rights, effort, and experience of their readers) so we don’t have to.

Ethical design violations

(Learn more about Ethical Design.)

After Better

Summary of site performance statistics (before & after Better)

BeforeAfterImprovement
Requests: 138 requests 60 requests 2.3×
Weight: 1.96 MB 1.53 MB 22%
Speed: 11.82 seconds 4.5 seconds 2.6×

Statistics by Better Inspector based on the page as on Friday, May 5th 2017

Block rules

- trigger:
  - url-filter: .*
- action:
  - selector: a[href*="bild.de"]
  - type: css-display-none

Twitter uses t.co shortening URLs.

- trigger:
  - url-filter: twitter.com
- action:
  - selector: a[title*="bild.de"]
  - type: css-display-none
- trigger:
  - url-filter: .*
- action:
  - selector: a[href$="twitter.com/bild"], a[href$="twitter.com/BILD"]
  - type: css-display-none
- trigger:
  - url-filter: twitter.com
- action:
  - selector: a[href^="/BILD"], a[href^="/bild"]
  - type: css-display-none
- trigger:
  - url-filter: .*
- action:
  - selector: a[href$="facebook.com/bild"]
  - type: css-display-none
- trigger:
  - url-filter: .*
- action:
  - selector: a[href$="google.com/+bildde"]
  - type: css-display-none
- trigger:
  - url-filter: duckduckgo.com
- action:
  - selector: div[data-domain*="bild.de"]
  - type: css-display-none

Block Bild.de from loading.

- trigger:
  - url-filter: bild.de
  - load-type: first-party
- action:
  - type: block
- trigger:
  - url-filter: www.bild.de
  - load-type: first-party
- action:
  - type: block

About Better

Better is a Safari content blocker for iPhone, iPad, and Mac. It protects you from trackers and malvertising by enforcing the principles of Ethical Design.

Get involved

Improve page | Report issue | Discuss