Gregory's ServerCISA says you should deploy ad blocking software, for cybersecurity reasons. #cybersecurity #ads https://www.cisa.gov/sites/default/files/publications/Capacity_Enhancement_Guide-Securing_Web_Browsers_and_Defending_Against_Malvertising-Guidance_for_Non-Federal_Organizations.pdf
 21 comments
@ai6yr this is serendipitous - I was just telling a library user, hey website X looks a lot cleaner in my browser (with an adblocker) than in their browser, and they told me they had to remove the adblocker they had been using in order to access the institution's remote access software. (I'm not 100% sure that's true, but if it's the message that users are getting, we should fix that) @justpeachy @ai6yr Sure, but if end users aren't aware of what they need to whitelist (or that they can whitelist some domains), then there's a training need. These are students -- they don't come in knowing everything and they shouldn't have to. @SpaceLifeForm Oh, absolutely. I'm now on an adblocker and also off Windows, and it sure feels a lot more secure. @ai6yr @SpaceLifeForm it also dovetails nicely with @Purism 's https://puri.sm/posts/the-real-speed-of-the-librem-5/ that claims, despite being half as powerful, the librem 5 is more performant partly because it isn't wasting cycles running surveillance code in the background. Ad blocking has similar effects.  @ai6yr @brianbehlendorf Cool, so can they now apply sanctions of some kind to Google for the nonsense they're doing on YouTube? @rochelle @alexr @ai6yr @brianbehlendorf indeed. I wouldn't need to use an ad blocker if they weren't trying to harvest my data or serve malware. I wouldn't mind the occasional Ad but I can't trust the organizations behind or serving those ads I was about to reply with something like this, glad to see it's been covered @ai6yr ACSC has that recommendation too, been in place for some years. I've found it easiest to use a DNS sinkhole to do it, as that's provided the most bang / effort. @ai6yr It's funny how security orgs frequently talk up emails/phishing attacks as a common attack vector - but never talk about the ubiquity of browser-based attacks. Glad to see a shift here in the right direction. https://www.cisa.gov/sites/default/files/publications/Capacity_Enhancement_Guide-Securing_Web_Browsers_and_Defending_Against_Malvertising-Guidance_for_Non-Federal_Organizations.pdf  @ai6yr I thought that paragraph was very interesting. On the one hand it says that ad blocking is good. On the other hand it says that bad ad blockers can themselves hack you. Then it says so you should go out and find one that is safe. ???  @ai6yr the challenge I’ve found is that ad blockers have a low partner-acceptance rate because the goshdarned websites are absolutely broken if the ads don’t show.  |
@ai6yr finally