Thursday 10 December 2015

Adblockers: First battle lost, but we should keep fighting

Hey everyone,

I'm back, and I'm angry/sad/confused/sleepy. Yesterday a German court ruled that it is illegal to distribute guides and tutorials how to disable the Anti-Adblocker of the Axel-Springer Verlag on Bild.de. The justification of the court has not yet been published, but according to golem.de [1] it is probable that they agreed with Axel-Springer, that these guides would explain how to disable a software encryption to protect copyrighted material. This is the second time in a week, that a German consortioum of the copyright industry has made claims to politics and judicature to prune users rights and protection systems on the interwebz to ensure more/equal profit of the copyright lobby [2]. As I said, it is fine for the content/copyright industry to make as much money as they can, I dont't give a shit. But the unwillingness of these industries to invest in secure and working technical solutions to ensure this profit is alarming. Because they are not willing to invest anything! They want to cut the internet users rights and technical abilities instead because it is the most simple and cheapest way to do that. This is outrageing. It cannot be that the security and freedom of citizens is endangered just because one or several lobbies suck at using new technologies. Lobbies and citizens have to mature in using new capabilities and technical solutions, I am sure of that. But as of now, I see no effort of the industry (and sadly now also from polititcs) to make a path to a common demoninator. We urgently need to change that and to find a way to communicate again. But until then one fact *evil grin*: In your browser you can, by default, deactivate all javascript. There are also free and legal plugins to block individual scripts if you add these scripts to the plugins filter list. Just give some general facts about how browsers and JavaScript work.

I know it is just thursday but have a nice weekend.
Stay safe and responsible on the webz, it is, after all, a place of magic, wonders and lots of strange things :)

P.S. Sorry that all articles are in german. 

[1] http://www.golem.de/news/werbeblockersperre-auf-bild-de-gericht-bestaetigt-verbot-von-umgehungsanleitung-1512-117922.html

[2] http://www.heise.de/newsticker/meldung/Urheberkonferenz-Heilige-Kuh-der-Anonymitaet-gehoert-geschlachtet-3029833.html

Sunday 25 October 2015

The War on Adblocking in Germany - Why adblocker are important!

Hey everyone,

so I am back with a topic that is really dear to me: the freedom of my beloved Internet. So what was the trigger for me? Right now there is a war on adblocker going on in Germany with the Eyeo GMBH (Adblock Plus) and the Axel-Springer publisher as the main actors (http://www.bbc.com/news/technology-32409952). The German publishers claim that the business model of Adblock Plus is damaging their revenues and is therefore illegal. So what is this all about?


Current business model for webservices with free content

The most common technique to generate revenue with a website and still provide the content at no cost for the user is to display advertisements on the website. There are several models how a website operator can be paid through ads. In some cases the advertiser pays every time the ad is displayed and the user can see it (CPM, cost per mile or cost per impression) or the advertiser pays every time a user clicks on the ad (CPC, cost per click). Various other forms of payment exist and often a mix of different techniques is applied.

This is where ad-blocking software comes into play.  As the name suggests, adblocker just block all the content on a website that would be showing advertisement. So it is true. If you rely on either CPM, CPC, or their derivates, you can not generate money from a user that is using an adblocker.

The main argument against adblocker therfor is that they endanger the access to free content on the Internet and thus take part in the dismantling of the free and open web. This is actually a strong argument. Nobody wants to have their favourite newssite, blog or video portal either removed or its content hidden behind a paywall. This is also my opinion. But I am still a strong defender for adblocker and I frequently use them. To be exact I use a combination of [1]uBlockOrigin and [2]Privacy Badger. I will explain why they are cool and what they do later in the blog.

How does an Adblocker work

When a browser loads a website from the server, it is basically just a text document. The browser interprets the used programming language (HTML) and the structure of the textdocument and then renders the website locally so we can see it on our screen. Some of the instructions in the textdocument tell the browser to load cute kitten videos, some tell the browser to display advertisement.

The adblocker is usually a plugin for your web browser and he enforces a special behaviour on the browser. All the advertisement elements on a website can unambiguously identified inside the HTML document the browser loads and interprets. Most of them have the name "advertisement" or "ad" somewhere in the text but most plugins rely more on filter lists of elements that should be blocked. If the plugin detects an element that is classified as an ad by the plugins filter list, it prevents the browser from loading or rendering that element. This can either be a picture, video or simple text. Most of the time it is actually just an instruction to load another script and execute that script. These scripts are mostly written in the JavaScript language. In this case the plugin prevents the script from executing. These script will almost every time load the advertisement from a server that is different from the server of the website you want to look at. So a simple ad blocker would be to just disable the JavaScript execution altogether. At least in Firefox (my sole browser) this is a default feature and so your browser by itself has already ad-blocking capabilities. The drawback to that technique is, that most modern web technologies rely heavily on JavaScript, not just the advertisements and deactivating JavaScript by default might result in completely useless and broken websites. Some plugins like [3] No Script for Firefox let you manually decide what scripts should be blocked and which scripts should not. Simply put, an adblocker is just a no-script plugin with an automatically updated list of scripts to block.

But Jan, why do you want to ruin free content? It is just some stupid ads!

So here is the thing. If it was just for ads, i couldn't care less. I think it is ok to finance your website by the means of advertisement. In the end you are working hard to deliver the content to us, the users, and we do not have to pay a single dime for it. Work should be rewarded and if I can enjoy your content for free by just seeing some ads on your website I am more than fine with that! But the way the advertisement is delivered is the main reason for using adblockers, not the advertisement by itself. I want to give a few examples.

Annoying Ads

Some ads are just plain annoying. A good example are the popover ads we all love. You are browsing your favourite site and suddenly this huge ad for the newest hottest shit pops up, obscuring the exciting article you were reading on the newest insights on mating snails. In some cases you can close it, in some cases you have to endure the whole 20-30 second spot. But even in the cases were you can close the ad you are getting fooled. The button that does look like the closing button in almost every other program does not actually close the ad, but is a link to whatever product was just advertised. So you have to manually find the real closing button. Or the ad is not a popover, but just an annoying video with sound that you cannot turn off. There are also pop-under ads which open another window behind your browser window so you cannot see it at first. Most of the time these are used for a different purpose, because an ad is not worth anything if you don't see or hear it, right? Yes these ads are annoying and we should all get rid of them, but even I have to admit that it is borderline to justify an adblocker just with this argument.

 

Sponsored Posts

Those could also be classified as "annoying" ads, but nonetheless they are a special kind of ads. Sponsored posts are ads that disguise themself as regular website content for the user. Say you are on your favourite geek site reading about the new Intel processor microarchitecture. And at the end of the article is something that looks like a link to another article about processor microarchitecture. Eagerly you click it to receive the magnificent knowledge, but nope, you just get redirected to a webshop that sells old and ancient computer hardware. Indeed this is a harmless example, but especially in social media these posts often lead to scams and dubious offers that the clueless user can not distinguish from serious ads and offers. This is in fact dangerous. Those scams are often detected fast and deleted. But until that happens a lot of people will already be deceived. And because chances of getting these criminals are very low as they are often operating in different countries, hiding behind a wall of proxies etc., these scams will continue to take place.

 

Tracking Ads

On the Internet nobody knows you are a dog, right[4]? Unfortunately this is not true. The identity you always have on the web is your IP address. And although the IP address can change and is in general a very weak tool to identify you, websites will nonetheless try to match your browsing history with your identity. This is often done via cookies. Cookies are small files that a website stores on your device everytime you visit the website. It will contain your IP address, the time you entered the website, from where you were directed to that website and they can also contain your activity on the website. If you load the website again, the website will also load any cookie that it has deployed on your device and will update their information on your browsing history. Now remember that a website will almost every time load content from another website and another server. And if you do not have look at the source code of the website (the text file the browser interprets, remember?), this will happen completely without your knowledge. So even if you are Ok with the website collecting data from you, you might not be aware that they could be dozen other websites collecting information about you that you know nothing about. The Facebook Like button is such an instance. Every time you are on a website with a Like button, Facebook will gather data about you. It does not even matter if you are a facebook member or not. Most of the ads on a website do the same. This is also why you suddenly get ads for sex toys just because you googled "50 shades of grey". Google collects this information, stores it in a cookie. If you happen to come across a website that uses an ad serving system by google, it will have access to that cookie and display personalised ads according to the information gathered about you. Many people do not want that (me included), and your browser can tell the server providing the website "Hey, please do not track me". But the server does not have to abide to that plea. There are also tools to prevent you from being tracked completely and I use them frequently. This is my biggest grievance with ads. I am not asked nor informed that third party applications are gathering information about me while I am surfing. Even while I am writing this blog, Privacy Badger informs me, that it is blocking 5 tracking requests by third party websites. Though I have to admit that all 5 are from Google, which also owns Blogger.

Malware

Ads loaded from a third party server are a sever security thread. Most ads are loaded by executing a script that has nothing to do with the website you are looking at. If you are lucky this script just displays an ad. In some cases the script will use some blackhat-magic to somehow infect your PC (http://arstechnica.com/security/2015/04/spam-blasting-malware-infects-thousands-of-linux-and-freebsd-servers/). In 2013 CISCO reported that it is now way safer to watch porn on the Internet than to load a website full of ads (http://www.pcmag.com/article2/0,2817,2415009,00.asp). To ban ad blocking technology (which is what the German publishers want) would mean letting the door open to various hacks and exploits by default. In my opinion this is an outrageous demand and should never happen.

Other concerns

Especially mobile users often complain that loading all the ads on the site consumes a lot of bandwidth and if you have a data limited contract you might actually pay for the ads if your limit is reached. This is also one aspect of ads that should be adressed by the ad industry as in that case the argument of providing free content through ads is futile.


The War on ad-blocking

In the opening I gave a quick review on the origin of the war on ad-blocking. I  will go a bit further on the details and I want to present another argument from the publishers point of view. A large deal of this case has actually not to do with the adblocking per se, but with the business model of Adblock Plus. Adblock Plus has a white list of advertisement services that are not blocked. But to be on the whitelist you have to pay. The German publishers feel blackmailed by this business model and so they added this to the cases against the Eyeo GMBH. Just for the record, uBlock Origin does not have a whitelist and blocks all ad services it knows.
Last week the war escalated with the Bild newspaper putting an anti-adblocker on their website (http://slashdot.org/story/15/10/13/1259244/german-publisher-axel-springer-bans-adblocking-users-from-bild-website). Shortly after the german IT message boards were buzzing with tips how to adapt the adblocker filter to access the website with active adblockers again. But some of these posters were sued by Axel-Springer because with this tips you would infringe their copyright and break existing encryption (http://www.golem.de/news/adblocker-sperre-bild-de-mahnt-youtuber-wegen-erklaervideo-ab-1510-117011.html, sorry only in german :( ). I do not want to be sued, so you have to look for these rules for yourself. Sorry guys. But it is trivial and most adblockers already updated their filter lists to do it automatically. But not only do they sue people giving advice on how to update the filer lists, they also want to sue everybody who visits their website and uses an adblocker (modified or not). This is why I snapped and I decided to write this blog. This is outrageous and CAN NOT BE. The techniques used to cirumvent the anti-adblocker are trivial and are in the arsenal of every modern browser. Essentially you are just blocking another JavaScript element. And this should be elemantal RIGHT of ever USER on the interwebz. It cannot be, that tools that are used to protect me from involuntary tracking and malware are branded as illegal and prohibited to use because they stop multi-billion dollar/euro companies from earning even more money.

Conclusions

As I already said I use two tools right now. I use uBlock origin to to block annoying ads. The Privacy Badger is just to protect me from third party tracking cookies. This has at first NOTHING to do with advertisement. So this is what happened when I tried to stop using uBlock origin on some websites that I care about and I wanted to support better. It did not change a thing. Apparently every piece of advertisement on these sites (golem.de, heise.de, arstechnica.com) was trying to load third party scripts or installing third party tracking cookies. So Privacy Badger blocked all of these attempts. The result was that I still did not see any ads although I did not use a dedicated adblocker.
And if you check the conversations in German IT message boards, this is the opinion of most people using adblockers. They do not care about the ads, but about their privacy and security. And they raise these concerns constantly and they are known. But none of the advertisers were willing to listen to these concerns. It is not that people are eager to stop website operators from getting revenue through ads, but rather they are not willing to give up their right to security and privacy.

Something has to change. So far the only instance, that I know of, that is trying to merge revenue by ads and user security/privacy is Mozilla (https://blog.mozilla.org/futurereleases/2015/05/21/help-test-changes-to-new-tab-in-firefox-beta/). But until the advertisement industry changes, my adblockers will be still activated. I care neither for Axel-Springer nor for Bild. They can block me as long as they want. I even think it is their right to block me from their website if they do not want me there. But if you want to prohibit legit web technology because your own protection systems are just a weak piece of sh... are just weak, then you can expect me, and probably half the Internet fighting back.

This is why ad-blocking software is so important right now. Their whole features are based on effective web technologies developed to use the internet in a safe and protected way. If the publishers win the fight against the adblockers, not only will the adblockers be banned, but also the technologies behind them. This will open the door to unlimited data collection by third parties you do not even know of. It will open the door to serious exploits that you cannot prevent because you do not know immediately what other scripts are executed on any website and what servers are contacted on any websites.

Sorry for the long post, and I don't have any potatoes for those who are still reading :D Sorry guys and gals. But I hope that I at least gave you someting to think about. Have a great day.

Cheers,
Jan     
     





Friday 8 August 2014

Max Log-Map finished

Hi Guys and Gals,

GSoC is coming to an end, and fortunately I have been able to finish my last algorithm I had planned. It's a codebit-to-codebit Max-Log-Map Decoder, that means it gets codebit Log-Likelihood-Ratios (LLR) as an input and outputs updated codebit LLR at his output. It can handle rate 1/n codes and also RSC codes (as opposed to my viterbi implementation).
To handle RSC Codes it's decoder object has an additional shuffle matrix.

Codespeedup has not been as good as the viterbi code. This is due to the MAP decoders structure. First benchmarks provided these results.

Kernel SSE4.1 Generic
Transition Probabilities [us] 1,466 3.131
Forward Recursion [us] 160 260
Backward Recursion/LLR decoding [us] 890 1028 

The poor speedup of the Backward Recursion kernel is due to the nature of the llr decoding. For every codebit one has to find the maximum out of 2^(number_of_states-1) metrics twice. Available SSE instructions provided no solution, so right now it is implemented with normal C code. Overall a speedup of ~20% is archived, resulting in ~6*10^6 decoded codebits per second.

So right now I am doing examples and documentation. I will see if I can fit in my two decoders into GNU Radios FEC-API. And I'm looking forward to GRCON14, which takes place between 15. Sept-19.-Sept. in Washington D.C. It sure will be a blast.

So long,
Jan
  

Wednesday 16 July 2014

Hey,

Sorry that this new update took so long.
Finally I have a fully working AND faster viterbi decoder.
To do that I had to abandon gr-trellis. After re-evulation of the code and project with my mentor we decided to start on a new OOT module for generic channel decoding.
Let me introduce gr-celec (Communications Engineering Lab Error Correction) and my own volk library volk_fec.

Right now the volk library contains kernels for complex branch metric calculations and Viterbi path metric calculations.

Gr-celec contains a block for branch metric calculations  and a viterbi block (with metric calculations included).  The Viterbi Block takes complex samples as input, along with some information about the encoder (Number of States, Packetlength, Startstate, Endstate and a vector containing all possible Outputs for every state). It works with non-recursive and rate 1/n decoders. These simplifications allowed me to use a Butterfly structure  for the path metric calculations. This resulted in a better loop unrolling and SIMD register management. The SSE4.1 Kernel is now approx. 3x faster than the generic kernel
The complex branch metric calculations are approx. 4x faster than the generic kernels.

Both benchmarks were done with packets of length 3072 samples and averaged over 1000 packets.

Next on my to-do lists are some cosmetic changes for gr-trellis/examples.
After that I can start working on the Log-Map Decoder. This will be done from scratch as well and put into the gr-celec.

C ya,
Jan






Wednesday 25 June 2014

Hey all,

GSoC14 Midterm evaluation is happening right now.
And I have some news regarding the viterbi decoder.
Benchmarks for the Calculation of the branch metrics have yield good results.
I made some quick flowgraph benchmarks for QPSK and BPSK Branch Metrics

I have written a "logarithmic" normalization kernel which normalizes a buffer by subtracting a constant value. This is used to normalize State Metrics. It is quite fast, which is not surprising, performing almost 3x as fast as the generic kernel.
To complete the Viterbi Decoder, i wrote a State Metric Kernel. I used Phil Karns SSE2 implementation of the Voyager (1,2,7)-Code [1] as a starting point. But results are surprisingly disappointing. I wrote a puppet kernel to use the volk profiling tool. That puppet uses some Boilerplate initialization code to get all Matrices right. So I am not sure right now, how much overhead this produces. The SSE4 Kernel is only 17-20% faster than the generic kernel for a 4-state decoder, which is kind of a bummer. I also used gr-benchmark to get results for a whole flowgraph, and the SSE Version of the Viterbi Algorithm is even slower than the Generic one. And that is even more of a bummer.

I will have a closer look on this with my mentor. Also the kernel needs 128bit aligned memory right now, as it is performing a matrix operation and a row length that is not a multiple of 4 (floats) will segfault when trying to perform an aligned store. 

Next on my To-Do List are also the State Metrics and LLR Calculations for the SISO Decoder.

Code is all on www.github.com/spectrejan

Cheerz,
Jan

[1] Phil Karns FEC Library http://www.ka9q.net/code/fec/

Friday 6 June 2014

Hey Guys,

All kernels for calculating euclidean metrics have been finished and are integretated into the metrics blocks. Unfortunately automatic testing is still not available for these kernels the volk configuration has to be modified by hand.

A new kernel for normalization has been written as well. Next kernel will be viterbi metric and SISO output!

Till next week,
Jan

Friday 30 May 2014

Hey guys,

progress has been good this week so far. I was able to write kernels for all calc_metrics implementation but for metric_c. I also started to integrate the kernel into the metrics_x Implementations. Testing is a bit hacky right now, as I did not find the time to write automated tests for volk_profile and testqa_cc. So right now, you have to enter your machine manually.

Next week I hope to finish integration of all kernels and start new kernels for normalization and output calculation so stay tuned!

Cheerz,
Jan