Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on October 9, 2015

    People are so desperate to block ads that they’re opening themselves to attack

    People are so desperate to block ads that they’re opening themselves to attack
    Owen Williams
    Story by

    Owen Williams

    Former TNW employee

    Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

    Apple delivered an official way to block ads in Safari with the release of iOS 9 in September, but there’s a growing trend of people attempting to block every ad in iOS, and doing dangerous things to get there.

    Been, which received a large amount of press coverage, is one of these bad ideas.

    The app installed a root certificate on your phone, along with a VPN profile in order to block advertising within apps, like Facebook, Yahoo and Google by proxying all traffic through a service — tempting, but dangerous.

    The problem is that Been needed to capture all your internet traffic, decrypt it, remove the ads, then send it back to you, which is somewhat horrifying. That means, if Been wanted to it could technically view your passwords or access tokens in plain text.

    Of course, Been promises it’ll never do that, saying that it only inspects the headers of your decrypted traffic to determine if it’s an advertisement, but the fact that it’s decrypted at all in transit is a huge problem.

    To block advertising — you know, the thing that pays for many services you use — people are willing to hand over the keys to literally everything but I’m not sure they understand the true impact of what that means.

    A common type of attack used to steal data like logins and access keys is called a Man In The Middle, or MITM, and by using one of these apps you’re basically doing it to yourself willingly… just to avoid seeing a few annoying ads.

    Apple, which initially approved Been, decided to remove it citing that it requires “end to end encryption” — hopefully that means similar mechanisms won’t be approved in the future.

    Services like this exist for both Android and desktop computers too, and come with the same warning: why would you trust these people with your most private data?

    The reason iOS 9’s Content Blockers are so compelling is that they never receive data about what you’re actually doing, and can’t read your internet traffic.

    If an app promises you an ad-free phone, but requires you to hand over all your internet traffic to perform it, back away slowly. It’s not worth it.

    Image credit: Shutterstock