As I’ve mentioned in a previous post I [use Pi-hole to block ads]({% post_url 2021-05-23-tailscale-pi-hole %}), but every now and then I run into a website that has “Anti-Adblocker technology”, usually this means that as soon as I load the site, I get a modal window asking me to disable my ad-blocker, or pay a small fee to view the content. In this case, the site was businessinsider.com.
Fig. 1 - CTA asking me to disable my adblocker or pay
This is annoying/frustrating because I wasn’t even given a chance to read a few articles before being asked to pay up, their are sites that give you X free articles per month or lifetime, before asking you to pay. Normally I just leave the site and don’t bother, but it’s a Friday night and I was feeling a little froggy..so I decided to do a little digging. Turns out with this site, getting around the anti adblocker is very easy.
I scanned the source of the website, and found some javascript that was setting a cookie from a domain, and a few milliseconds later checking to see if the cookie was set or not. If no cookie was found, throw the modal window.
The code starts on line 265 and ends on line 319 (comments added by me)
(function () {
window._PIANO = window._PIANO || {};
(function() {
var script;
_PIANO.setAdblockerCookie;
_PIANO.setAdblockerCookie = function(adblocker) {
var d = new Date();
var event;
d.setTime(d.getTime() + 60 * 60 * 24 * 30 * 1000);
document.cookie = '__adblocker=' + (adblocker ? 'true' : 'false') + '; expires=' + d.toUTCString() + '; path=/';
// set a cookie for 30 days
....
// check for cookie
if (document.cookie.indexOf('scroll0') > -1 || (document.location && document.location.search.indexOf('vrt-db77174aa') > -1)) {
_PIANO.setAdblockerCookie(false)
} else {
script = document.createElement('script');
script.setAttribute('async', true);
script.setAttribute('src', '//www.npttech.com/advertising.js'); // script that sets/checks
script.setAttribute('onerror', '_PIANO.setAdblockerCookie(true);'); // if we don't get a cookie set,
script.setAttribute('onload', '_PIANO.setAdblockerCookie(false);');
document.getElementsByTagName('head')[0].appendChild(script);
}
})();
So, now that we know the domain that’s running the check, we can add it to the whitelist in Pi-hole.
Fig.1 - Add [www.npttech.com] to Whitelist (wildcard)
Wait a few seconds, and reload the businessinsider page. The page loads, you can read your article and but you’re still not bombarded by ads throughout the site.