Skip to content
Naked Security Naked Security

77% of adblocker users feel guilty about it

Hopefully, they also feel just fine about the lessened possibility of being victimized in a malvertising campaign!

We might not exactly be tossing and turning at night, but according to a new report, we of the adblocker-using ilk do have consciences.

The report, from ad tech startup Gladly, found that 77% of ad blocking users feel “some guilt” about blocking ads.

This contradicts rhetoric that suggests most of us either don’t understand that publishing sites live off advertising revenue to provide the content we consume, or we don’t care whether they wither up and die.

We know, it turns out, and we’re torn about it.

Gladly relied on anonymized data from its own ad blocker – Goodblock – and from an internal, randomized survey of 243 users.

Some of the findings:

  • 77% of Goodblock users turn their ad blocker off for at least one whitelisted site.
  • Most adblocker users whitelist a few, select websites: 59% whitelisted between 1 and 4 sites.
  • Around half – 51% – people who download adblockers use them to fend off ads on a few annoying sites, as opposed to stamping out advertising everywhere they go.

These are the reasons users gave for downloading an adblocker:

  • 51% said a few sites had particularly annoying ads.
  • 21.8% wanted to speed up their browsing.
  • 16% said they hated all advertising and never want to see another ad.
  • 8.2% said a friend told them to.
  • 2.9% had concerns about privacy.

Notice anything missing from that list? Something big, and hairy, and dangerous?

Interestingly enough, the survey apparently didn’t ask users if protecting themselves against malvertising was a reason they downloaded an adblocker.

Malvertising is short for malicious advertising, which is where usually-trustworthy sites temporarily go rogue because one of the ads they display turns out to be booby-trapped and tries to foist malware or potentially unwanted content on your computer.

Gladly might well have gotten quite a different set of responses if it surveyed Naked Security’s audience, given that we’ve shared news of malware-delivering ad networks poisoning people’s systems at a number of sites, including:

The Gladly survey found that many adblocker users find it frustrating when a website forces them to disable their adblocker in order to get at content, as does Forbes. 30% said they’re less likely to use a site that forces whitelisting in exchange for content.


No matter how much your conscience twinges at the idea that sites are being starved of advertising revenue, turning off your adblocker can be a whole lot riskier than might appear at first blush.

As we reported, tests run by SophosLabs very quickly revealed that at the time of its malvertising infection, Forbes was using well over 100 different ad-serving domains on repeat visits.

That’s a lot of potential for malvertising attack. How’s your conscience feeling now?

At any rate, Gladly said that the report shows that adblocking is “a much more nuanced phenomenon than many have assumed.”

The majority of ad blocking users are aware that their decision to remove ads has negative consequences for the content they support, so they will opt back into ads to help the content creators they care about.

Moreover, the majority of ad blocking users are not downloading ad blockers to remove online advertising completely, but rather to fix user-experience problems on a subset of websites with particularly annoying ads.

Content providers argue that “free” content, subsidized by ads, will face extinction if we block ads, given how all the advertising money will be drained from “free”.

But with malware like the sharp-toothed Angler exploit kit out there ready to eat us alive, that’s about as smart as turning off your anti-virus because it just might gum up software installs.

There’s one word for both “turn-it-off” requests: DON’T!


I don’t feel guilty one bit, I’m annoyed more than anything else that websites want to put zero effort into advertising better without tracking every single click and interaction. I will unblock sites that are responsible with their ads, but otherwise I have to block everything due to the inherent security risk it brings.

If there were significant legal ramifications for creating and serving malware, it would be a totally different world. The person buying the ad-space must prove that there’s no malware/trojan shells in their ad. The ad-network must scrub and test every ad campaign.
They are legally responsible for any security mishap if their ad infects a computer.
Fine the buyer or the network $50,000 per infection depending of if it was intentional or hacking. (Make it so painfully expensive that it’s cheaper to fix the ad structure, than serve malware) If it was a buy and blast malware campaign, the ad network would be immediately liquidated, and the owner must turn over all assets to the regulatory acronyms and they would be blackballed from the entire digital and print advertising industry.

Mess with ads, you will be banned from all advertising networks.


Guilty? Umm, not at all. I’ve even planned to donate to the adblockers’ developers for cleaning my browsers from that “trash” and saving my data from data-sucking ads


We are the 23%.

Unless and until you make sites *and* ad-networks responsible for the malvertising, I will continue to block everything by default. If they were responsible (whether self-imposed, or by legal mandate), the situation as it exists would not exist.

I have privacy concerns too, but those are de minimis compared to the rampant problems with crapware-as-ads.

So NO, I don’t feel guilty. Not one whit. And my anecdotal experience is that like 10% of people feel otherwise, not over 3/4. Clean up your act, and then we can talk. If you can’t, the culture of free-paid-for-by-garbage needs to die instead. No matter how many publishers\content providers go down the drain with it, we’ll be better off in the long run.

And by “Some guilt” I expect the real feeling is more along the lines of “It’s a shame I have to do this, but you’ve driven me to it”.


I use it to block malicious advertising. I don’t feel guilty about blocking malicious advertising. If websites did a better job of making sure adds where clean perhaps I would change my mind. I have had bad adds from sites like and in the past.


I don’t feel guilty but some sites ask me to turn it off and I usually do. If they start bombarding me with ads though I’ll turn it back on. I only installed AdBlocker because I was tired of going on YouTube to watch videos and in the middle of watching videos they’d play another video over it. Sometimes every 30 seconds. Did YouTube ever stop doing that? How can you watch videos when ads keep playing? Can’t they just play an ad at the start of each video? The smart YouTubers just have deals where they mention a product at the start of their video.


“Do you feel guilty that the website owners will lose money from the lack of ad revenue, won’t be able to pay their mortgage, their other half will leave and take the children, the dog has to be put down, little baby kittens will die, you won’t be able to play Pokemon and your phone will explode?” Duh, yeah! Or was it “Would you watch ads if they infected and corrupted your device, slowed down you internet connection, stole all your personal details and posted them on Pastebin?” It really depends on how the question was phrased.

Personally I don’t know what all the fuss is about – Adblockers only work on external domains. If you host the ad natively then they won’t block it. It’s only the ad industry that’s creating all the problems. They don’t trust site owners unless they can track clicks – that’s their problem and not the site owners problem. You don’t have tracking with printed adverts (you know, old stuff that doesn’t need batteries). This has worked for decades, so why do you need to track online? Get over it – the internet changed. And, guess what, any malware served up would be the site owners problem – no more 3rd party excuse / not responsible for trashing your machine crap. You wouldn’t put up with that from a restaurant – “I’m sorry for your projectile vomiting sir, however, this food poisoning is down to our supplier and we’re not responsible.” Man up and start taking responsibility for your own sites and stop hiding behind ad companies.

As for Ad companies (cough, Google), profits soared 24% in the second quarter of this year. Did your ad click revenue also soar 24%? No? Maybe you should ask for more of the pie? Don’t you think there is an element of the ad companies short changing the site owners too?

Come on people, apply a bit of common sense to this!


Even before I knew about malvertising, I was blocking ads due to the sheer uselessness of the ads I was receiving.
Back in the early days of the internet, there were promises of targeted advertising that would use my search and browsing history (now more popularly known as “big data”) to analyze my likes and dislikes and automatically serve up focused, targeted ads for what I liked and other things in which I might be interested. Such ads would be welcome in moderation.
Lo and behold, online ads turned out to be just as random as their offline counterparts had always been, and it never changed. In many cases, the ads are exactly the same, and are not optimized to conserve bandwidth. Sure, occasionally, you might receive targeted ads or an ad based on a recent search term, and those were interesting, even useful advertisements, but mostly, online ads are as random as any other medium.
As long as it is not a 3+ minute mini-movie ad, I will generally let ads roll on free media, such as YouTube, with no guarantee that I am paying any attention whatsoever. So I know that even as of yesterday, online ads are still not focused and based on my likes. More likely, they are based on the highest bidder getting more screen time, which tells me about where the revenue is going for hair product companies and overpriced department stores in which I have never displayed any online interest whatsoever. I have to go to very specific entertainment and shopping websites to have any hope of advertisements that focus on my particular interests.
Random online ads would be relatively welcome if they were converted into micro-blipverts that were rolled into a fast-talking multi-item advertisement. For example, maybe make a 30-second ad that shows 3 10-second ads for 3 different department stores, instead of one big 30-second ad that says the same thing six times in a row. That way, I still get exposure to things that might interest me that I show no other interest in, but it’s not as tedious. At least then, the advertisement would perform its function of attracting interest, instead of utterly repulsing potential customers, regardless of the danger of malvertising. After all, these ads are not meant to influence thoughtful consumers who care about security, but rather consumer zombies that do not have a second thought on the term “malvertising”.


From what I have read only 20-30% of users are adblocking. That leaves at least 70% of all users not blocking. I fail to see the huge impact on advertisers.


Nuanced, my foot. I have blocked everything, not just with Adblocker. And then those tearjerkers try to make me come back and view those most wonderful pictures. Sorry but you’ve just been deleted from my bookmarks. NO newspaper or retailer has the right to bombard me with advertising. I have threatened people who come to my door. But that’s just me. So take your ads and stick them….. I know what to buy and where.


It is entirely true that many good websites will be lost due to the spread of ad-blockers. My site is a prime example. I am a lone publisher, I have no staff, no support but I have created one of the most extensive websites about Western Australia on the net. Many thousands of people use the site and I have tried to switch from advertising to donations as a source of revenue. Guess how much money I have raised so far? $0, that’s right NOTHING. If the people who use and enjoy websites don’t want to see advertising and won’t help support good sites, what are publishers supposed to do? Don’t I have some right to get at least a small return for all the effort I put in to site creation? According to some people, no, I don’t. Well, I made the decision to block ad-blockers from my site, I had no other choice. If people want the information I supply then they have to be willing to see the ads. My hit rate has not dropped due to this policy and revenue, which had fallen by 60%, has started to recover. I would urge all publishers to take the same measures and stop the ‘leeches’ who all want something for nothing, from using your information.


This comment highlights the extreme – and unhelpful – responses on both sides.

Users: “Every site that serves ads is deliberately trying to infect my computer with malware!”

Publishers: “Every user who uses an ad-blocker is a thief / leech who wants something for nothing, and deserves to be completely blocked from accessing the Internet!”

There needs to be a sensible middle-ground, where publishers can get paid for their work *without* putting users at risk. Unfortunately, every attempt to clean up the advertising system seems to be met with cries of “extortion racket!” from the existing advertising companies.

So for now, we’re stuck in an endless cycle of “ad-block-blockers”, “ad-block-blocker-blockers”, “ad-block-blocker-blocker-blockers”, etc. All of which only server to decrease the performance of your site, negating one of the benefits of an ad-blocker.

And both users and publishers suffer, simply because the ad companies are too lazy to clean up their act.


Ad-blocking software allows for ads when they are done correctly. Ad-block plus has instructions for how can do ads correctly so that your ads will not be blocked. You just refuse to listen to your visitors and thus deserve to lose money.


Guilt? Not here! And it has nothing to do with malware advertisements. It’s due to Just Plain Bad Implementations! Examples follow:

1) Yahoo! mail runs a frame off to the side which actually does a very good job of targeting. The ads they show are welcome.. But the ads cycle every 30 seconds or a minute, and none of the ads releases memory before it’s overwritten. The Yahoo! tab memory leak is so bad that browser memory grows from less than 100 MB to 1GB in a few hours. I prefer to leave email open all the time, but I had to close the Yahoo! mail tab and re-open it every few hours.

2) The Yahoo! mail ad left a rather small column for reading and writing email. There is an option to expand it, covering the ad. That function used to be rather sticky. Once you clicked it, the mail pane stayed expanded and the ad stayed gone while you were viewing or editing. Then they made a change, so that every time you scrolled or moved the insertion point off the current line, the mail pane shrunk and the ad returned. This was maddening if you were reading/responding to an email that had been formatted with text lines longer than the mail pane width. Every few seconds you had to move the pointero re-close the ad and then re-position it where you wished to modify text. Equally infuriating if you were viewing an email with a series of images wider than about 600 pixels. And especially annoying if I was using my older laptop with a 4:3, 1024×768 screen. The Yahoo! programmers could have implemented this function only on widescreen monitors but they chose not to.

3) I have a paid subscription to the morning newspaper, the McClatchy-owned Raleigh News and Observer. Included in the subscription is an afternoon email with breaking stories. It was so heavily laden with ads that it took the connection (21 Mb/s) to its knees and stalled the laptop–rendering took measurable seconds. The ads were intrusive, excessively numerous, and often immovably covered the text. And I was forced to pay for this.

Those items were finally enough to lead me to install an ad blocker. After reviewing a few, I chose uBlock Origin. It’s offered by a dedicated programmer who continues to improve it, and it filters by aggregating lists from four or five ad blacklists and custom settings. It’s very lightweight in memory footprint and there’s no noticeable slowdown with it. The custom settings are compatible with AdBlock Plus, the leader in the field. The programmer refuses to accept donations for his work, directing them to the curators of the filter lists he references. I rejected AdBlock Plus due a philosophical reason: AdBlock Plus allows certain ads through if they meet the author’s conditions. That’s blackmail (or extortion) of the advertisers and it also means he might permit ads I don’t wish to see.


I feel guilty that I cannot block Ads in my android device without rooting.

Try to browse into those malvertising websites with your mobile phone and see how full screen Ads will eat your browser and enjoy how the vibration rotor will go nuts every time you try to navigate back to the page that you want to read. I will keep enjoying my clean web browsing in my PC as long as I can.

Only when I stop suffering from the poor web browsing due to annoying Ads in the mobile, only then I may consider about disabling an Adblock in my PC, which is the last device that I really own and control, or at least I think so.


I do not feel guilty about it. Ad blocking software allows ads that are non-intrusive. The websites that block ad-block software just refuse to deliver ads in an acceptable manner. Some sites even have malicious ads. I once white listed the [name removed] and promptly was delivered a popup that hijacked by browser with a warning that a virus was on my computer and that I needed to call this number to fix this. The websites that block ad-blocking software should be the ones who feel guilty for contributing to malware and online scams. Ad-block software makes the internet safer.


Clearly what is needed is an UNDETECTABLE ad blocker. In the meantime, do I feel guilty for blocking the initiatives of dirty-fingered money-grubbing business parasites? HINT: That’s a rhetorical question!


The problem with an “undetectable” ad blocker is that you pretty much have to let the ad run inside the browser anyway, so it can cause all the side effects (cookies, DOM objects, call-home traffic and so on) that can be measured to see if it’s working. Even if you subsequently blank out its window, suppress its audio and crush all its links…

…you more or less have to let it in first.

That’s a bit like letting all your spam into your inbox but not displaying it properly when you open the message – better than nothing, but as a security measure it feels, well, it feels a bit “soft”, if you know what I mean.

(You could detect ads in a proxy, I suppose, and then trick the ad network into thinking that the ad displayed. But that would require eternal tweaking and it would miss the chance of making the point that it’s not so much that you don’t want to see ads but that you don’t want to receive them in the first place.)


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!