I am extremely insulated from ads online and have been for about a decade. Once in a while I have to browse on a device that does not have an ad blocker or most of the times does not even let you install one. Seeing a website that is SEoptimised and heavily ad supported feels like walking into a crack den. That this is the normal experience for the vast majority of users is sad.
> No adblocker detected. Consider using an extension like uBlock Origin to save time and bandwidth.
And attention and privacy.
This notice is a great idea.
I might remove the "like" from the notice, since "uBlock Origin" is good, but some others are questionable or even outright malware.
BTW, note that the `ublockorigin.com` Web site that is linked to isn't by Raymond Hill, leader of uBlock Origin. It looks well-intended, and is nicely polished UX, but good practice would be to be careful (since it doesn't appear to be under Hill's control, and is an additional point of potential compromise in what would be very valuable malware). Hill seems to operate from <https://github.com/gorhill/uBlock>. One link that isn't too bad to view <https://github.com/gorhill/uBlock/blob/master/README.md>. Another that isn't great but OK is <https://github.com/gorhill/uBlock/wiki>.
I'm torn. I'm not a huge fan of ads and I don't have a lot of respect for the modern ad networks. However this culture of expecting websites to host the data then freeloading off it by blocking the tracking and ads is also a bit ugly.
There is an unwritten social contract here. Websites are willing to host and organise a vast number of content because that'll attract an audience for ads. If there are too may freeloaders resisting the ads then services won't host the content, and on the path to that the freeloaders are really just leeching off a system in an entitled way (unless their goal is to destroy the services they use in which case good on them for consistency and for picking a worthy target).
If people aren't going to be polite and accept that contract then fine, enforcement was always by an honour system. But strategically if a service's social contract doesn't work for someone then they shouldn't use that service - they'd just be feeding the beast. They should go make their own service work or investigate the long list of alternative platforms.
Big tech has slowly convinced us that it is their right to violate us. Because they give us so much for free. But they also take things away from us, without our knowledge and consent, they manipulate us, they make barriers between us en the information we need. They change the human condition for the worse.
We do not have to feel guilty to act against them.
Btw, yesterday Chromium told me Ublock Origin is no longer supported. Well, thank you, now I know why I wasn't using Chromium for anything other than MS365 stuff. It's working just fine on Firefox.
> Unfortunately, I have no way to detect DNS based blocking short of loading an actual ad.
Before that point I'd already spotted that limitation, but there might be an easy solution: get a domain added to a common block list used by DNS based blockers. If you get the right content from a resource on a host with that name (or the other test passes, so we test for both forms of blocker) show the message.
Of course there will be false positives if the page goes down or if they're is some other network issue, but no test like this will be perfect.
Anyone want to save me the research to find out the easiest way to get a domain on the lists? I have no objection to sacrificing a few £ per year on a name to use and I've got spare resource to serve the pile of tiny requests that'll go through because people aren't running a blocker.
EDIT: as a secondary note, I wouldn't just flip between “display:none” and “display:block” on one element upon detection result. That might cause visual disturbance in many page layouts as things load. I would leave a block of the same positioning and size properties in the flow in either case, either blank or with a message like “You'll be pleased to know that your ad blocker seems to be working.”, perhaps leaving the space blank (but still in the flow with the same dimensions) initially so an incorrect message isn't displayed if something (scripting being disabled client-side for instance) stops the tests running at all.
Even CERN would advice everyone to use ad-blocker [1] for a safer internet experience. I am sure ads as it is today wasn't part of the web plan when it started.
> If you want to support your favorite authors: send then money. A dollar helps more then viewing ads ever would.
This isn't really true. I ran an ad-supported site at one point with my content, just a small banner at the top of each page. The ads paid for a significant portion of my monthly rent. Getting a few dollars from the occasional viewer would not, since 99.99+% of people are not going to do that.
I don't like viewing ads, but let's not pretend like they don't make money for content creators. They absolutely do.
I love it. But in the spirit of today's Internet, you should make this message an obnoxious pop-up that requires dismissal with a tiny "X" button that is dark-grey-on-black and placed tactically so as to be the least accessible. The touch target on touch devices should be tiny and slightly off. The pop-up should also fail completely on iPads, covering all the content with a dark overlay but giving the user no way to proceed.
I found it amusing that my proxy detected the "/ads/" in the URL and killed the connection automatically.
Of course highlighting this fact that the presence of an adblocker is detectable, unfortunately only results in escalating the cat-and-mouse game further.
I have also considered popularising a script that replaces the whole page's content with "JavaScript detected, please disable it to view this content and improve your security".
Bug report: There's a typo in the actual popup as shown to me, it says "extention". Consistently enough, the typo is present in the code snippet in the article:
if (!document.cookie.includes("notice-shown")) {
document.getElementById("ad-note-hidden").id = 'ad-note';
document.getElementById("ad-note-content-wrapper").innerHTML = "No adblocker detected. " +
"Consider using an extention like <a href=https://ublockorigin.com/>uBlock Origin</a> to save time and bandwidth." +
" <u onclick=hide()>Click here to close.</u>";
}
I wonder what the overlap between visitors to a site that would display this and visitors not already using an adblocker is. Then again I've seen developers with ads plastered all over their screens before, I'd like to believe it's a conscious decision on their part.
Some services claim to turn "anonymous" visitors into actual email addresses (and some other basic info), likely via identity graphs (IP/device/hashed IDs).
I've heard of cases where people are getting outreached (via email) after just visiting a product website, even with an ad blocker on, using a private browser (Brave or similar).
Opensend is one example. They're pretty open about it in their FAQ [1].
Ironically a content blocker on iOS Safari blocks this page from loading at all, I’m guessing because of the /ads/ in the URL rather than the domain. I didn’t see the notice on iOS after disabling the content blockers, but that’s probably because of the not enough space/off to the side constraint?
> but if you use external CSS, it’s quite common for the request to fail resulting in an unstyled page
That’s a pretty crazy statement. How often do you see loading a CSS stylesheet fail to load? Most sites are completely unusable without their stylesheets and I don’t recall the last time I saw a stylesheet fail to load.
It's bad enough we got extra work for those who use adblockers.
Wasting peoples' time and attention for not using one (out of personal choice or necessity) feels like overreach.
It's also deeply paternalistic: Even if it is meant well - and I assume that's the case here - it implies the site operator knows better than the user what is good for them.
Finally, this will also lower the guards of less technical users for installing random plug-ins on website demand.
From a subjective gut feeling: Please do not do this. Let people decide what they need, and what they don't need.
Instead of document.cookie consider document.localStorage since there’s verbiage around showing a notice on your site if you use cookies, etc, for tracking purposes. At least with local storage, you aren’t using cookies :P
No adblocker detected
(maurycyz.com)612 points by LorenDB 9 September 2025 | 377 comments
Comments
And attention and privacy.
This notice is a great idea.
I might remove the "like" from the notice, since "uBlock Origin" is good, but some others are questionable or even outright malware.
BTW, note that the `ublockorigin.com` Web site that is linked to isn't by Raymond Hill, leader of uBlock Origin. It looks well-intended, and is nicely polished UX, but good practice would be to be careful (since it doesn't appear to be under Hill's control, and is an additional point of potential compromise in what would be very valuable malware). Hill seems to operate from <https://github.com/gorhill/uBlock>. One link that isn't too bad to view <https://github.com/gorhill/uBlock/blob/master/README.md>. Another that isn't great but OK is <https://github.com/gorhill/uBlock/wiki>.
https://techcrunch.com/2022/12/22/fbi-ad-blocker/
https://web.archive.org/web/20230219020056/https://www.ic3.g...
There is an unwritten social contract here. Websites are willing to host and organise a vast number of content because that'll attract an audience for ads. If there are too may freeloaders resisting the ads then services won't host the content, and on the path to that the freeloaders are really just leeching off a system in an entitled way (unless their goal is to destroy the services they use in which case good on them for consistency and for picking a worthy target).
If people aren't going to be polite and accept that contract then fine, enforcement was always by an honour system. But strategically if a service's social contract doesn't work for someone then they shouldn't use that service - they'd just be feeding the beast. They should go make their own service work or investigate the long list of alternative platforms.
We do not have to feel guilty to act against them.
Btw, yesterday Chromium told me Ublock Origin is no longer supported. Well, thank you, now I know why I wasn't using Chromium for anything other than MS365 stuff. It's working just fine on Firefox.
Before that point I'd already spotted that limitation, but there might be an easy solution: get a domain added to a common block list used by DNS based blockers. If you get the right content from a resource on a host with that name (or the other test passes, so we test for both forms of blocker) show the message.
Of course there will be false positives if the page goes down or if they're is some other network issue, but no test like this will be perfect.
Anyone want to save me the research to find out the easiest way to get a domain on the lists? I have no objection to sacrificing a few £ per year on a name to use and I've got spare resource to serve the pile of tiny requests that'll go through because people aren't running a blocker.
EDIT: as a secondary note, I wouldn't just flip between “display:none” and “display:block” on one element upon detection result. That might cause visual disturbance in many page layouts as things load. I would leave a block of the same positioning and size properties in the flow in either case, either blank or with a message like “You'll be pleased to know that your ad blocker seems to be working.”, perhaps leaving the space blank (but still in the flow with the same dimensions) initially so an incorrect message isn't displayed if something (scripting being disabled client-side for instance) stops the tests running at all.
[1] https://home.cern/news/news/computing/computer-security-bloc...
Perhaps only enables js when user clicks something.
This isn't really true. I ran an ad-supported site at one point with my content, just a small banner at the top of each page. The ads paid for a significant portion of my monthly rent. Getting a few dollars from the occasional viewer would not, since 99.99+% of people are not going to do that.
I don't like viewing ads, but let's not pretend like they don't make money for content creators. They absolutely do.
Of course highlighting this fact that the presence of an adblocker is detectable, unfortunately only results in escalating the cat-and-mouse game further.
I have also considered popularising a script that replaces the whole page's content with "JavaScript detected, please disable it to view this content and improve your security".
It's like a leech, and they want you to think it's a symbiotic relationship.
Bug report: There's a typo in the actual popup as shown to me, it says "extention". Consistently enough, the typo is present in the code snippet in the article:
Some services claim to turn "anonymous" visitors into actual email addresses (and some other basic info), likely via identity graphs (IP/device/hashed IDs).
I've heard of cases where people are getting outreached (via email) after just visiting a product website, even with an ad blocker on, using a private browser (Brave or similar).
Opensend is one example. They're pretty open about it in their FAQ [1].
[1] https://www.opensend.com/faq
That’s a pretty crazy statement. How often do you see loading a CSS stylesheet fail to load? Most sites are completely unusable without their stylesheets and I don’t recall the last time I saw a stylesheet fail to load.
It's also deeply paternalistic: Even if it is meant well - and I assume that's the case here - it implies the site operator knows better than the user what is good for them.
Finally, this will also lower the guards of less technical users for installing random plug-ins on website demand.
From a subjective gut feeling: Please do not do this. Let people decide what they need, and what they don't need.