Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's part of it.

Normally when you visit contentsite.com which serves ads from adsite.com. Adblocker rules can just block adsite.com and the ads won't be shown. CNAME cloaking would have the main site have a subdomain like adsite.contentsite.com point to adsite.com, now the adblockers have the impossible task of blocking millions of subdomains that seemingly belong to legit sites, this also allows the legit sites to keep changing the subdomain since the adblocker will have no idea which subdomains serve legit content vs ads. As a bonus since the content is being served from the same domain, they can bypass certain cookie browser policies and track users even better.

This update allows you to set rules so that you can filter by resolved ip.



i hope that this results in sites that host malicious ads and use wildcard session-cookies get hacked to all hell by their ads.


I would hope that this results in websites hosting malicious ads which harm users, which then results in a big lawsuit against these websites with a huge payout for the harmed users. After all, if the malware ad is being effectively hosted by the site, then the site should be legally responsible.


The upside is that it would only really impact their interaction with that specific site, not with anything else (unless there's opportunity for lateral moves because of SSO or the site hosts email and so they could hack password resets or something).

My dream scenario would be this happening to an in-company administrative user with the keys to the kingdom. Imagine an ad-ridden site like Fandom.com getting hacked in that way.


this reminds me of domainfronting, who was a super smart way to get around of ads and other sites blockers, not sure if it's all 'fixed' now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: