Add AdNauseam to Brave’s Manifest V2 Extensions

I’d like to ask Brave to consider hosting AdNauseam under its current Manifest V2 program. Brave already provides a few V2 extensions through its own servers, and AdNauseam would be a natural addition for users who want stronger privacy tools.

The extension is built on uBlock Origin, so it’s efficient and transparent. Its extra feature is that it simulates ad clicks locally, which helps scramble tracking data. It doesn’t share information or run background connections. The code has been public for years and has a clean record.

AdNauseam lines up with what Brave already stands for. Both focus on privacy and keeping people in control of their browsing. It wouldn’t need Brave to endorse or verify it, just make it available like other V2 extensions. Users could install it if they want, same as with uBlock.

Adding it would give people another solid option and show that Brave still supports open tools made for privacy, not ad networks.

Current list of extensions with Manifest V2 support by Brave:
AdGuard, uBO, uMatrix, NoScript

@cryptokey - along with your request for AdNauseam support, there is also a request by @davidmreid for Hover Zoom+

@cryptokey from all the talk I’ve seen on AdNauseam and research done, it doesn’t really do much in terms of privacy. The only thing it serves to do is provide more surface to be fingerprinted.

The activity of clicking everything is easily distinguishable from normal activity, essentially seen as bots. And even when not, the only thing it’s then serving to do is to make them think ads are being clicked which encourages them to continue serving ads.

And the companies providing the ads, such as Google’s AdSense, profit from this. They charge advertisers for each view and click. So they have their choice to determine whether they want to pretend it’s fine or hone in on the very obvious behavior.

It’s been a while since I dived in, but one of the other big things I do remember is that AdNauseam would reveal your IP address and other details to the advertisers as it sends the AJAX. So this gives a good tracking base for your activity. In comparison, uBlock Origin prevents everything from loading and reduces the IP tracking.

• With uBO alone = The browser never connects to the ad server, so your IP address and request headers are never sent to that domain.
• With AdNauseam = Loads ads but hides them. It then sends AJAX “visits” to ad links to simulate clicks. Each AJAX request is a real network request from your browser, so the ad server does see your IP address, User-Agent, and other HTTP headers.

What’s the big deal of them having your ip address? Imagine them seeing you as a bot or something and mark your IP address as irrelevant, that would be wonderfull.

What I mean is people have dynamic ip addresses, so your IP address might get flaged and given to another user meanwhile your new IP address will get flaged again and so on.

That will certainely blow up their statistics or kinda mess with them if there’s enough users using AdNauseam.

The big deal is the argument that OP used by saying this is about privacy. So you’re using something that is going to reveal identifying information to the ad servers. But then you can’t really call that a win for privacy, can you?

AdNauseam is only a form of protest to try to cost the businesses who are advertising money. It’s not really doing anything else. It is in fact helping to make you stand out as unique and highly distinguishable from all other users.

Things like your IP address would be used to help fingerprint you based on server side fingerprinting. They know that the IP address you were on visited all of the sites that it did and they combine it with things like your time zone, OS, user agent, fonts, etc. This is the session information they use for the fingerprinting and tracking.

The bigger thing at hand here is that the extension exists purely to help the ad servers like Google, Meta, and all of the others who are selling ads. Wouldn’t it make sense to hurt their profits rather than boosting it?

They charge advertisers for CPC and CPM. That is “Cost Per Click” and “Cost Per Mille.” In other words, they get paid just for ads loading but then get paid more when someone clicks on them. Again, meaning when it runs Google, Meta, or whoever is running the ads for that website is just earning money and not losing anything.

I should note even AdNauseum kind of touches on that in their FAQ:

Isn’t it safer just to use an adblocker? Why engage with ad-networks at all?

While AdNauseam is far safer than using no blocker at all, it is indeed marginally safer for one to simply use a strong adblocker and protect themselves. But it is also safer to stay at home rather than to attend a protest. Using an adblocker does little to change the status quo (especially for those users without the resources to install/configure one, and so remain at risk). AdNauseam, and the obfuscation strategy in general, instead presents a possible avenue for collective resistance; a means of questioning and perhaps eventually, changing the system. But this is not for everyone. If your goal is primarily self-protection, this tool may not be for you…

Better than nothing, but worse privacy than just using an adblocker. It’s just a way of protest that they hope will be meaningful. But based on what it actually does and how things work, it’s not really doing much. Or at least the efficacy can be argued heavily.

I have to ask for forgiveness, English is not my main language.

I give it to you if they can retrieve or harvest any kind of data that can fingerprint the user via his IP address, otherwise the IP address like I said is dynamic which means that’s not something viable to track someone in the long run.

What I meant by blow up their statistics or kinda mess with them is to disturb or mess up their KPIs and if you say that the advertisers have to pay a fee per CPC and/or CPM it’s something beneficial for the end user or detrimental to the ad company in my opinion, imagine they invest in ads that will not return their investements because like you geused it, it is being viewed or clicked by a bot.

And I would like add something that comes in mind.

Even if they fingerprint the end user, what would be the concequences? Knowing that the ads will never showup anyway.

That is the problem, it’s not. The ad company gets the money for it. They get to choose one or two things.

1. Recognize and acknowledge that it’s a false click because it’s easily identifiable and it’s voided out. This doesn’t really bother them in the slightest.
   -or-
2. They go ahead and say that it was seen and or clicked on and now they get to charge the business money for it.

I’m saying both can work and it’s up to them. But even if it goes through and is the second option, it would be like this scenario below:

Hypothetical Scenario/Example:

If you’re not following this process. Let’s break it down. We’ll pretend you own a restaurant and you want to advertise. You would go to places like Google and say you want to advertise with them. Show your ads to people in certain areas and particular demographics.

Google then shows those ads on websites using AdSense or other tools.

If I visit that site using AdNauseum, it will hide the ad from me but would kind of keep it active in the background. It sends a fake text request to make it look like I clicked the ad.

Google sees the ad as being loaded on the website and now being clicked on.

You are now billed for that view and click.

This would mean:

• You, the person placing an ad, are out the money for the ad being viewed and clicked.
• Google just earned money by showing the ad and having it clicked. They lose nothing.
• The website using AdSense that allowed your ad to be displayed on their website gets money for it being shown
• I, the user, get nothing except to say I protested.

You, the person who placed the ad, have no way to know it was a protest. All that happened is you paid money for nothing. Google continues telling people they are successful on showing ads and can even speak about their higher clickthrough rate because people like me are clicking on the ads using this extension.

Now, Google charges more money and makes a bigger profit. They start placing more ads because it’s still profitable for them. In other words, the “protest” is having the opposite effect overall. The only thing they are saying is hoping to make extra noise where they can’t specifically tell what you’re actually interested in. But that also isn’t necessarily true, but I don’t want to spend a lot of time explaining on that. This reply is long enough…

I get what you mean and sorry again what I meant by the advertiser is not google but the restaurant by your example. If enough companies or organizations of any sort that relies on paid online advertisements for their sales, realize that online ads aren’t working they will be forced to abondon this form of advertisements and this in turn should be detrimental for the advertiser which is google in this context.

Just that you’re helping them to recognize you, which then means it’s easier to compile data about you. This is the data they use to determine what ads to show you, but also information they might sell to companies.

In the past much of the user tracking and fingerprinted was handled through cookies. But in recent years the use of cookies is decreasing. There are better ways of tracking activity, many of which are just based on the websites we visit actually collecting and providing our detail.

So like when we visit Facebook, Meta (the owner of Facebook) is logging our visit and the details from our browser. They check for things like which Operating System, Time Zone, Language, Graphics Card, IP address, web browser, and other information is being used.

If you click an ad there to go to a website, even if cross-site tracking is blocked, the website we visit then will also log that same information. So it sees the IP address, device information, etc. It also tracks how active we are on their website and if we click anywhere else. They then have a mutual agreement with Meta where they share these logs with each other.

This is what is called server side tracking. Even though you do everything you can to block things on a browser or device side, they can still identify or estimate enough details to know if it’s you.

Also for the ads, it works similar. When it’s seeing a click it will look at everything that happens after to know if it’s valid.

The way I’m phrasing things isn’t exact and is just an attempt for a quick and simple reply as I’m getting ready for bed. But I’m at least trying my best to give some examples of how things work.

Reducing fingerprinting is just a way of randomizing as much information about our devices and activities so that tracking of any sort is more difficult. But it is a hard battle and anyone sincerely worried about it would have to use things like VPN, be very limited on extensions (what extensions are used on browsers can be seen sometimes), make many modifications to their browser and device (called hardening), etc.

Anyway, the ultimate goal and protest is just giving as little information as possible and not interacting with their ads. Don’t even let them view. Then they can’t get money. Low ad views and results would discourage companies the most. But actual views and clicks are an encouragement to everyone in general.

I gotta say, this is entertaining…

I don’t mean any disrespect to anyone

You’re basically explaining what’s fingerprinting, which I already know.

And for your last paragraph it is something arguable, your POV if I understood correctly is to discourage companies from investing in ads because it’s not something viable and my POV is to make the companies loose money in ads and loose trust in the advertising companies too.

@Ugle you might want to read what @Saoiray has written here, it talks a lot about Fingerprinting, since you asked Need help understanding and preventing fingerprinting (maybe some people do have time )

Since you asked me about it earlier, I was making sure to touch on it. You asked why it would matter if they fingerprinted

But in reality that never happens. This is why a lot of junk mail get sent out, at least here in the United States. You have tons of advertisements on television even though people tend not to watch them.

There is a lot of math and science behind everything that’s done. And they do factor in the idea of people using tools like this. It’s not going to be enough to stop it.

Anyway, at least was trying to do my best to answer you and be fair. With that said, I am going to bed

And I would like to add something that may be relevant.

I think obfuscating or falsifying the data collected on you is better than having little or no data at all on you especially in the case of fingerprinting.

I was not asking what is fingerprinting, I was asking what are the concequences of it which are mainly targeted ads if I got it correctly.

Anyway, it was a pleasure.

Good night

If it will be the last one before this topic automatically closes, so be it, but I still hope the Brave’s team will consider all this.

Brave already has a very good adblocker, but I also think it would be good to optionally add AdNauseam-based options and filters, so that those who know how to do it can use them as they wish, taking into account that there are different levels and approaches to blocking and accepting various ads. Yes, @cryptokey and @Snake-Host, I totally agree with you. AdNauseam should not block Brave Ads because they are natural, private and do not track users. AdNauseam also has applicable filters and whitelists. Google banned it from Chrome Web Store. Looking at the Wikipedia article, it can be said that AdNauseam does its job very well. Why would Google ban an extension eight years ago that was even labeled as malicious if it was going down the hair of advertisers? Moreover, the author mr. Daniel C. Howe recommends Brave as an example of a best private browser that allows this extension to be added manually. Here’s one more reason for the Brave team to reciprocate with the same goodwill.

And as for accepted approved V2 extensions, I think the list can include

DuckDuckGo Privacy Essentials,

Ghostery Tracker & Adblocker,

EFF’s Privacy Badger,

Random User Agent,

DecentralEyes,

fork LocalCDN,

UBlock Origin Scope (UBOScope),

Censor Tracker

and ClearURLs (corresponding to the Brave’s option “Show full URLs”).

All are FLOSS and the last two are also not available in the Chrome Web Store.