Announcement

Collapse
No announcement yet.

Qt Launches Digital Advertising Platform To Integrate Ads Into App UIs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    Originally posted by Smurphy View Post

    Would be nice. But the web-page will define the DNS over HTTP to go to for target FQDN etc..
    So no, you cannot intercept it as you do currently with regular DNS or DoS. You will need to have a transparent proxy in between that is able to identify the DoH requests and reroute these. I have yet to find such thing!
    Sounds like you just proposed a new plugin for PiHole.

    Comment


    • #42
      Originally posted by WonkoTheSaneUK View Post

      Sounds like you just proposed a new plugin for PiHole.
      That's the point. I know exactly how PiHole works, as I used in the beginning SOA Hijacking technique, later on moved over to RPZ.
      Both these methods are using a DNS server you can control.
      DoH works differently, especially to bypass the DNS blacklists (as implemented with PiHole using RPZ or SOA Hijacking).
      It goes to a website to gather the information for the Address resolution. You cannot block 443 anymore or no one will be able to browse the web from your LAN!
      What you need is a real application level proxy that terminates the HTTPS, looks into the request - if it is a DNS request, blocks or hijacks it - and re-opens a new https connection as a client to let the clean traffic pass.

      So far I haven't thought/seen of a better way of doing this. I just hope we can disable it (In Firefox we can. Didn't check the other browsers.
      But it is only a matter of time Google, Microsoft and Apple make this the default way of getting name resolution for IP's.
      Last edited by Smurphy; 19 January 2022, 05:58 AM.
      Linuxer since the early beginnings...

      Comment


      • #43
        It's either this or a half-assed, out-of-place, performance-degrading, and duct-tape hacky add-ons. And no, developers don't just add ads because it's easy. Unless the application is shovelware, the amount of effort on adding ads to an application is relatively a small fraction compared to overall application, yet it could be the only thing a developer gets pay checks from.
        Don't like ads on a principle in the first place? Don't use any software that include them. People who don't want to pay for someone else's cake but eat it too can STFU.

        Comment


        • #44
          Originally posted by abu_shawarib View Post
          And no, developers don't just add ads because it's easy. Unless the application is shovelware, the amount of effort on adding ads to an application is relatively a small fraction compared to overall application, yet it could be the only thing a developer gets pay checks from.
          That seams strange, everywere else you make somethig easy to use and it gets used more. Why does it not apply here?
          And if it is so easy to integrate ads with user identification and tracking (which is the requirement for modern ad-networks) why does every single website use a framework instead of writing those few javascript lines themselves?

          People who don't want to pay for someone else's cake but eat it too can STFU.
          So how many websites did you visit today and how many ads did you click on them? Because if you don't click them, you eat the cake without paying.

          Comment


          • #45
            People who say "STFU" are clearly showing they, on some level, understand their argument is flawed or can be argued against, and rather than attempting to reason with whoever they're arguing with, simply hopes that they stop talking so they get the last word in.

            Comment


            • #46
              Some strange (over)reactions.

              You all do realize that Qt is popular with proprietary software vendors who buy licenses instead of using the GPL Qt, many of whom don't even distribute their software on Linux?
              You do realize that none of your FOSS software is likely to adopt in-app ads?
              You do realize that showing ads in Qt apps, GTK apps or pretty much any app was already possible?
              You do realize that Qt apps can already reach out to the internet for any purpose their developers desire?

              You all should be glad that Qt and KDE exist. The alternative is Gnome, which is full of crazy ideas and gets worse everyday, or the other DEs that are firmly stuck in the 90s.

              Comment


              • #47
                The issue here as others have stated isn't really what QT does, its what app authors do. That said, I favor making it as hard as possible to write or distribute ad supported shovelware. If QT's module makes blocking ads as easy as installing a dummy QT module, that might reduce the DoH attack surface for bypassing systemwide ad and tracker blocking.

                This sort of thing though really requires a multi-level response. First of all, the computers and phones that you store anything sensitive on (all the way down to your vacation photos) should not be permitted to run any application that is supported by ads. On linux desktops this is easy: don't install closed source programs or anything that admits to using ads, and run firefox (never chrome) with a complete set of ad and tracker blocking extensions with no whitelists at all. Android phones need to have Google Play Services disabled, Gapps (especially Google Maps) removed, not be tied to a Google Account, and never using location and a network connection at the same time. Use Privacy Browser in phones, never Chrome. Use only these systems for anything you cannot shout on a megaphone on a public square located between Google's headquarters and a police station.

                If you don't block ads, you get malware, fullscreen games that start with no action on your part, and who knows what else. I think of ads the way China, New Zealand, and Australia think of covid virus. I quarantine any programs supported by ads into whole separate device because by definition using them puts you in a hacking war against their developers, their ad networks, and malware authors exploiting the ad networks. Sometimes you win, sometimes they win. Don't let them win your contacts, your banking information, the scraped content of your encrypted text messages etc. The quarantine box cannot see your contacts, cannot see your phone number, cannot steal from or write to your main file system etc. The quarantine phone may well "get sick," but your real phone and your computers all stay healthy.


                Note that as online shopping sites don't work on hardened systems and shopping records are extremely sensitive, if you must shop online, you need a 3ed device used for nothing else whatsoever. Safest of all is a separate quarantine system for every closed app plus shopping but that gets expensive fast unless you can run VMs in phones. Think of one ad supported program as covid and another as ebola, they don't use the same isolation ward.


                The most useful quarantine box these days is a cheap unactivated phone If an app hits you with a demand for SMS verification, toss a "bring your own phone" SIM into the quarantine phone, activate that SIM, deal with the problem, then remove the SIM. You buy airtime only once for about $35 but get a lifetime of privacy. You can use primary phones as wifi hotspots if you reject carrier-provided phones and boycott or defeat any provider you catch trying to block tethering on systems they do not control. The secondary device that you exiled the ad supported stuff to can still run Tracker Control (a fork of Netguard) to block ads systemwide. If ad supported apps hardcode DoH or otherwise start bypassing this, at first it will be a few. If they all do, Netguard and Tracker Control (which use the VPN functionality of Android) will no doubt get further development to block the new ad portals this opens. If they are QT apps, time for that noop dummy module.

                If a FOSS program that does the same job comes along, STOP USING the commercial program and start using the FOSS version, even if its not as good. OSMAND can do enough of what Google Maps can do to replace it for basic navigation for instance-and unlike Google Maps it can even work offline. It uses openstreetmap.org as its backend instead of Google. The more people use it, the better it gets. It will get you where you need to go, but lets now look at the corner cases where it may not yet be enough.

                Here's an example: Suppose you need Waze to ferret out CBP checkpoints or the so-called "drunk driver checkpoints" that also check drivers licenses. OSMAND has not yet so far as I know matured to the point of flagging these, and may not yet have enough users to reliably detect them. Due to the existance of Google's Waze, you can no longer rely on the CB radio to find these dangerous highway ambushes. Until OSMAND matures, you may be forced to use Waze to stay out of jail if you are undocumented-or just don't want the cops seizing your cash, calling it "drug money" and daring you to sue to get it back. Same if your country has military, militia, or cartel checkpoints. This is an example of being forced to use an ad supported or data collection supported program.

                For this scenario. put Waze on the quarantine phone and OSMAND on the real phone. Pre-inspect the map for the area you are going where checkpoints are a danger using Waze, then turn it off. Use Osmand to find your real route once you know where the checkpoints are set up. You can download the APK and install it without the Google Play store, thus without a Google Account. That way, Google has no account to connect the data they steal from you to. By using it to look for checkpoints only, Google learns that someone is scanning for checkpoints, but does NOT learn the route you use to go around them and cannot pass that on to anyone else. Yes, it works as "guest" without an account, at least for a while after installation. It it stops working, you may have to uninstall, change the Google Advertising ID in Google Play Services, and reinstall. Of course, if enough people started reporting checkpoints to an appropriate item on OSMAND instead, Waze could then be dumped by millions. If OSMAND became the go-to program for this, cops, CBP, and ICE would never be able to ask Google to stop showing checkpoints or show them motorists going around checkpoints. One case of cops doing this would turbocharge the migration to OSMAND. This is how FOSS software grows and ad supported shovelware shrinks.

                BTW, making the kinds of demands by police agencies Google and Facebook gets all the time of open source servers has a reputation of failing, and it would take very little to cause this stuff to go decentralized or offshore. Remember the Napster->Bitorrent transition? Internet user won, government and corporations lost.


                Comment


                • #48
                  The issue here as others have stated isn't really what QT does, its what app authors do. That said, I favor making it as hard as possible to write or distribute ad supported shovelware. If QT's module makes blocking ads as easy as installing a dummy QT module, that might reduce the DoH attack surface for bypassing systemwide ad and tracker blocking. This sort of thing though really requires a multi-level response. Exile closed stuff to separate systems so it can't see your filesystem, contacts, photos etc. Tether it to your real system for an internet connection so you don't pay two phone bills. Use tracker control on BOTH phones to block ads systemwide, and when they go to DoH, all those QT apps that have ads get the dummy module

                  Comment


                  • #49
                    Originally posted by Anux View Post
                    That seams strange, everywere else you make somethig easy to use and it gets used more. Why does it not apply here?
                    Easier first party tool being used more =/= ads would not have been integrated without it.

                    So how many websites did you visit today and how many ads did you click on them? Because if you don't click them, you eat the cake without paying.
                    Even assuming I don't click on anything, some ads will pay for impressions. Look it up.

                    Comment


                    • #50
                      Originally posted by abu_shawarib View Post
                      Easier first party tool being used more =/= ads would not have been integrated without it.
                      Yes, I didn't say it would never happen.
                      Even assuming I don't click on anything, some ads will pay for impressions. Look it up.
                      So your'e only okay with not paying on sites that depend on click ads?

                      Comment

                      Working...
                      X