Every now and then, the topic of whether or not to use adblock comes up in conversation online. I’m always surprised when the conversation takes a turn for the deep. This seems like a really simple conversation to me, so hopefully I can keep this post short and sweet. Not new information, but short.

One of the many, many security threats people can face online is called a drive-by-download. Getting hit isn’t really a statement of the user. However, if you own a website and allow an advertiser to run javascript in your page, you are potentially allowing that advertiser to attack your users with a drive-by-download. This could lead to software being installed that the user never consented to. And that means a possible infection, and these days, infections are very hard to clean.

This angle has a term in the computer security industry: malvertising. That page lists major websites and specific attacks that have happened via ads.

(This post ignores cross-site scripting as a possible attack because it’s hard for me to document & articulate the risk of it.)

For those who are tech saavy, none of this is new information. It’s been a concern since at least Facebook, possibly since MySpace, possibly earlier. However, with the introduction of “content creator” as a career supported primarily by advertisements, the humans behind the curatin who are impacted are often harder to ignore.

Sadly, from my perspective, the risk of getting infected via ads is simply the bigger issue. If others feel generous, kudos to them. But from my view, even the largest of websites make mistakes, so adblock is an important defense-in-depth. And if that limits the viability of the internet, then we’ll simply have to innovate more to figure out how to make the internet work better.