Marco.org

I’m : a programmer, writer, podcaster, geek, and coffee enthusiast.

Introducing Peace, my privacy-focused iOS 9 ad blocker

Running the Ghostery browser add-on in my Mac browsers has been illuminating:

But that wasn’t possible on mobile, where it’s most needed… until iOS 9.

   

Today, I’m launching my own iOS 9 content blocker, called Peace, to bring peace, quiet, privacy, and — as a nice side benefit — ludicrous speed to iOS web browsing.

There are a lot of content blockers being released today, but Peace strikes the best balance I’ve seen between effectiveness, compatibility, simplicity, and speed, powered by what I’ve found to be the best database in the business after months of testing. And it’s just $2.99.

Download on the App Store

Why block ads?

As I wrote in The ethics of modern web ad-blocking, web advertising and behavioral tracking are out of control. They’re unacceptably creepy, bloated, annoying, and insecure, and they’re getting worse at an alarming pace.

Ad and tracker abuse is much worse on mobile: ads are much larger and harder to dismiss, trackers are harder to detect, their JavaScript slows down page-loads and burns battery power, and their bloat wastes tons of cellular data. And ads are increasingly used as vectors for malware, exploits, and fraud.

Publishers won’t solve this problem: they cannot consistently enforce standards of decency and security on the ad networks that they embed in their sites. Just as browsers added pop-up blockers to protect us from that abusive annoyance, new browser-level countermeasures are needed to protect us from today’s web abuses.

And we shouldn’t feel guilty about this. The “implied contract” theory that we’ve agreed to view ads in exchange for free content is void because we can’t review the terms first — as soon as we follow a link, our browsers load, execute, transfer, and track everything embedded by the publisher. Our data, battery life, time, and privacy are taken by a blank check with no recourse. It’s like ordering from a restaurant menu with no prices, then being forced to pay whatever the restaurant demands at the end of the meal.1

If publishers want to offer free content funded by advertising, the burden is on them to choose ad content and methods that their readers will tolerate and respond to.2

Why choose Peace over any other iOS 9 content blocker?

Apple’s new WebKit Content Blocker API makes iOS ad blockers so trivial to make that there will likely be hundreds, or more, released over the next few months. Even today, on day one, there’s already tons of competition.

Today, Peace has a number of exclusive features and nice implementation details that I haven’t seen in any other iOS content blocker, but I’m sure they won’t be exclusive for long.

Making the app is easy, but creating and maintaining the database of ad and tracker URLs to block is very, very hard to do well.

Most ad blockers use public “hosts” files, advertising thousands of entries in their blocklists. I tested every hosts database I could find over the last few months, but found a number of downsides:

Since the browser must check every resource against the blocklist as a page loads, and modern pages commonly include tens or hundreds of resources, bigger isn’t better. The bigger the list, the more time and memory necessary to enforce its rules as pages load.

Diminishing returns set in quickly: the ideal list has just enough entries to block most ads and trackers that we’ll encounter on most sites we’ll visit, but not so many that we’re burdening Safari with thousands of entries it will probably never use.

Why Ghostery?

Whenever I’d test another blocklist against Ghostery’s, I kept finding the same thing: Ghostery blocked more trackers and had fewer compatibility problems, with a reasonably sized blocklist of about 2,000 entries.

This isn’t surprising: Ghostery is a well-staffed company with much broader reach and much better tracking data than small groups of volunteers can usually achieve, with a business model that’s ethical, sustainable, and aligned with our interests.3

After being dissatisfied with every other option, only a few weeks ago, I contacted Ghostery to see if I could license their database for Peace. I thought it was a long shot, assuming that they’d either say no, or that we’d take forever to work out a deal and miss the iOS 9 launch.

To my surprise, they loved the idea and we worked out the entire deal in about a week: I’ll make and sell the app and give them a percentage of the revenue. That’s it. The app is completely my code, using a copy of Ghostery’s tracker database hosted on my server that the app periodically checks for updates.

As you can see in Peace’s privacy policy, we not only don’t collect any user data, but we can’t collect anything of much use — iOS content blockers aren’t privy to any of the user’s browsing activity. All we can do is provide a list of conditions to block. That’s it.

With Ghostery’s database, Peace is ridiculously good. This isn’t a time for me to be modest — just go try it and you’ll see for yourself.

You’ll reclaim a good deal of privacy, cellular data, and battery power, and you won’t believe how fast iOS web browsing can be.


  1. I could stretch this analogy indefinitely. The menu only has brief and vague descriptions of the entrees, you’re forced to eat two pounds of bland mashed potatoes before you can enjoy your steak, the “steak” turns out to be reheated meatloaf, the waiter stops you between every few bites by shoving a different entree from a completely different restaurant in front of you and asking if you’d like to buy it as well, and glancing at these offerings automatically adds them to your bill, which turns out to be $1300 before the required 50% gratuity, and nobody told you that there were hidden cameras recording your every move for detailed analysis by fifteen creepy guys from the moment you pulled into the parking lot, even when you were picking your nose in the bathroom. ↩︎

  2. Many publishers have already struck a great balance with non-abusive methods such as (clearly labeled) native in-stream ads, which don’t require cross-site tracking or abusive practices and make good money. (The saddest part about the abusive trackers and ads is that they don’t even make much money anymore. They’re abusing us for almost nothing.) ↩︎

  3. Ghostery’s business model is often misunderstood. The gist of it: their browser plugin has an opt-in feature, off by default, to send Ghostery anonymous data about which third-party scripts get loaded on the pages people visit. This helps them find new trackers to block, and they offer a business version of Ghostery that big sites use to figure out which trackers people see on their sites. Third-party ad networks and analytics are so common, and their standards for embedded ads are so unenforceable (since they’re letting third parties execute arbitrary code), that web publishers need someone else — Ghostery — to tell them what’s being served on their own sites and what problems it might be causing for their visitors or potential customers. ↩︎

Why Peace 1.0 blocks The Deck ads

One of the most common questions I’m getting about Peace is whether and why it blocks ads from The Deck, my own site’s ad publisher. Most notably, my friend and colleague John Gruber tweeted:

I think if your Safari Content Blocker blocks The Deck by default, it’s wrong. I dare you to defend it.

The Deck is unusually well-behaved for an ad provider: its ads are small, unintrusive, non-animated, and classy, and while it’s loaded by a third-party JavaScript include, it doesn’t set cookies or perform any tracking. That’s why I publish Deck ads on this site, and why many of my friends and colleagues do as well.

But Peace uses the Ghostery database, and Ghostery includes The Deck. It’s classified as “Advertising”, and even though it’s far nicer than most other entries in the category, it’s fair to call it advertising.1

I was therefore faced with a decision about The Deck. I had to either:

And once I looked at it like that, it wasn’t a difficult decision. It’s uncomfortable, but I’d rather be consistent and fair.

In Ghostery’s desktop-browser plugins, users can selectively disable individual rules, so you could, for example, whitelist The Deck if you find their ads acceptable. Peace 1.0 doesn’t offer this level of granularity — you can whitelist individual publisher sites, like Marco.org, but not ad rules across all sites. That wasn’t an opinionated decision — it was simply cut for 1.0 to ship in time, and I’ll likely add it in the first update.

Whether such “good” ads should be unblocked by default is worth considering. In the past, ad-blockers’ attempts to classify “acceptable” ads have been problematic, to say the least. I don’t know if that can be done well, but I’d consider it if it could.


  1. Some people have requested that I distinguish between “ads” and “trackers” in the options. But this distinction isn’t very useful: most ads are also cross-site trackers, so if you want to block most tracking, you’ll need to block most ads.

    Simply blocking third-party cookies isn’t enough to prevent tracking, either: there are many ways to uniquely identify you without using cookies. ↩︎

Just doesn’t feel good

I’ve pulled Peace from the App Store. I’m sorry to all of my fans and customers who bought this on my name, expecting it to be supported for longer than two days. It’ll keep working for a long time if you already have it, but with no updates.

If you want a refund, here’s how you do that.

Update: Apple is refunding all purchases automatically.

As I write this, Peace has been the number one paid app in the U.S. App Store for about 36 hours. It’s a massive achievement that should be the highlight of my professional career. If Overcast even broke the top 100, I’d be over the moon.

Achieving this much success with Peace just doesn’t feel good, which I didn’t anticipate, but probably should have. Ad blockers come with an important asterisk: while they do benefit a ton of people in major ways, they also hurt some, including many who don’t deserve the hit.

Peace required that all ads be treated the same — all-or-nothing enforcement for decisions that aren’t black and white. This approach is too blunt, and Ghostery and I have both decided that it doesn’t serve our goals or beliefs well enough. If we’re going to effect positive change overall, a more nuanced, complex approach is required than what I can bring in a simple iOS app.

I still believe that ad blockers are necessary today, and I still think Ghostery is the best one, but I’ve learned over the last few crazy days that I don’t feel good making one and being the arbiter of what’s blocked.

Ad-blocking is a kind of war — a first-world, low-stakes, both-sides-are-fortunate-to-have-this-kind-of-problem war, but a war nonetheless, with damage hitting both sides. I see war in the Tao Te Ching sense: it should be avoided when possible; when that isn’t possible, war should be entered solemnly, not celebrated.

Even though I’m “winning”, I’ve enjoyed none of it. That’s why I’m withdrawing from the market.

It’s simply not worth it. I’m incredibly fortunate to be able to turn away an opportunity like this, and I don’t begrudge anyone else who wants to try it. I’m just not built for this business.

I suggest you use Ghostery on the desktop and one of these competitors on iOS instead, both of which are good apps that were probably about to surpass Peace anyway:

And again, if you want a refund on Peace, here’s how to get it.

I know pulling Peace from the store after just two days is going to be an immensely unpopular move, and subject me to a torrent of unpleasantness. But that’ll end soon enough, and that’s better than how I’d feel if I kept going.

Last night, in an effort to improve my morale, I did some low-level technical work on Overcast, which I greatly enjoy. It was a breath of fresh air: rather than a tricky business of messy distinctions and low technical challenge, I got to engage the technical part of my brain and make something great that doesn’t hurt anyone, with no asterisks or qualifications.

That’s my peace.

Apple refunding all purchases of Peace

Apple notified me this afternoon that they’ll be proactively refunding all purchases of Peace. It will probably take a few days to process.

As far as I know, this effectively never happens. When I decided to pull the app, I asked some Apple friends if this was even possible, and we all thought the same thing: iTunes billing works the way it works, period, and no special cases can be made.

One of the ways it works, which most customers don’t know, is that developers have no ability to issue refunds. I had to tell people to individually request refunds from Apple, which is not only a clunky process but also left me with the question of whether it was right to keep the remaining money from it, or what to do with it if not — a question that I don’t think has a widely agreeable “right” answer.1 (Like ad-blocking.)

Over 13,000 people were granted refunds through the regular system over the last few days, leading to some interesting AppFigures reports. But that could never cover all buyers of the app.

Today, Apple made the decision for me, in a way that I didn’t even think was possible, and I’m actually happy — or at least, as happy as someone can be who just made a lot of money on a roller coaster of surprise, guilt, and stress, then lost it all suddenly in a giant, unexpected reset that actually resolves things pretty well.


  1. Even the simple answer of “Give it to charity!”, which a few hundred people told me to do on Twitter (between the couple thousand calling me an asshole), poses an infinitely arguable problem: which charity? ↩︎