Bild by Axel Springer (bild.de)

“The Bild newspaper (or Bild-Zeitung, literally Picture Newspaper…) is a German tabloid published by Axel Springer AG.” – Source.

Strike three: Bild is off the Better web.

Bild was the site that inspired our Three Strikes And You’re Out! policy, so how fitting that they should be the first site to trigger it.

Since we wrote the Strike Two, section, below, Bild updated their blocking code to use malware-style functionality to effectively block Better from protecting you on iOS. (We could still circumvent their blocking on Mac using an additional Safari Extension but we can’t do this on iOS.)

We now classify Bild as a malware site.

To the folks at Bild, we can only say this: Stop acting like malware and we will stop treating you like malware. Until that time, the Better web is perfectly happy without you.

Strike two…

Bild with its blocker blocker blocked

Today, we are implementing a new policy to deal with malicious sites that actively threaten people’s safety on the web. If we are prevented from protecting you from trackers on a site, we will treat the site as malicious and remove it from your web experience. By filtering out malicious sites, we will enable sites that respect human rights, effort, and experience to rise to the top of search results.

The inspiration for this comes from a German tabloid, Bild, owned by Axel Springer. Last week, one of our customers alerted us that Bild was detecting Better and refusing people access to their site unless they turned it off. This is unacceptable as turning Better means leaving yourself open to behavioural tracking and other web malware. As we’ve already seen, when Forbes did the same thing, people who turned off their blockers were subsequently infected with malware served from Forbes’s advertising network.

Bild chose to implement their blocker blocker in the core JavaScript file that runs their site. This means that we cannot trivially block their blocker detection without breaking the whole site. This is by design on Bild’s part. They want the site to fail if you are protecting yourself from trackers and malicious advertising. In fact, Bild has such low regard for their readers that they their site doesn’t load at all if JavaScript is disabled

In this instance, we were able to block Bild’s blocker detection by finding the exact tracker they test for and allowing it to pass their detection script. So, “strike two!”, Bild.

Wired have taken a similar approach. Their blocker detection is also in a JavaScript file called core. However, blocking this file on Wired doesn’t have a hugely negatively impact on the site. Most of their ‘core’ functionality is concerned with implementing behavioural tracking and advertising. The only other feature we’ve seen affected is their slideshow galleries. So, it’s “strike two!” for Wired also.

While we are currently able to protect people from tracking and malicious advertising on these sites, it is trivial for either site to break what we’ve done. Needless to say, this is not a game of cat and mouse that we have the time or patience to play. We are not going to spend hours investigating and implementing blocker detection circumvention for every aggressive and malicious site spurred on by the IAB’s DEAL policy.

Instead, we are now implementing a “Three Strikes And You’re Out!” policy. If you make it difficult for us to protect people from tracking and malicious advertising on your site, we will treat your site as malicious and protect our customers by removing you from their web experience.

Three Strikes And You’re Out!

This outlines our policy for dealing with aggressive and malicious sites that threaten the privacy and safety of people on the web:

Strike one

Your site implements behavioural tracking and advertising.

Better: blocks trackers and behavioural advertising to protect people.

Strike two

Your site implements blocker detection and blocking (e.g., influenced by IAB’s DEAL policy).

Better: categorises your site as Aggressive and blocks your blocker detection/blocking.

Strike three

Your site makes it non-trivial or difficult to block your blocker detection/blocking without breaking the site (e.g., integrating blocking detection/blocking functionality into core functionality of your site, obfuscating it, etc.)

Better: categorises your site as Malicious and removes it from the web experience of the people who use Better.

Checkmate

Strike three is what we call checkmate in chess.

If your site is malicious, we will remove links to it from other sites, including search engines, for people who are browsing the web with Better enabled. We do this to protect our customers and to enable sites that do respect people’s rights, effort, and experience to filter to the top and gain visibility.

Needless to say, we have not implemented Strike Three for any sites yet and we hope that publishers ignore the IAB’s DEAL policy and do the right thing (respect the rights, effort, and experience of their readers) so we don’t have to.

Ethical design violations

(Learn more about Ethical Design.)

After Better

Summary of site performance statistics (before & after Better)

BeforeAfterImprovement
Requests: 287 requests 71 requests 4.0×
Weight: 2.46 MB 1.34 MB 45%
Speed: 49.31 seconds 12.4 seconds 4.0×

Statistics by Better Inspector based on the page as on Sunday, November 11th 2018

Block rules

These rules have been removed as we were unable to block with precision without accidentally blocking links to other sites with “bild” somewhere in the name.

Hide gaps left by blocked adtech

- trigger:
  - url-filter: bild.de
- action:
  - selector: .ad-mark
  - type: css-display-none

About Better

Better is a Safari content blocker for iPhone, iPad, and Mac. It protects you from trackers and malvertising by enforcing the principles of Ethical Design.

Get involved

Improve page | Report issue | Discuss