Pixel Envy

Written by Nick Heer.

The Bullshit Web’s Ubiquity

The thing we know for certain about bullshit is that, no matter how hard we try, it is virtually impossible to be countered, eradicated, minimized, or undone. Harry Frankfurt described this phenomenon in “On Bullshit”:

[…] Someone who lies and someone who tells the truth are playing on opposite sides, so to speak, in the same game. Each responds to the facts as he understands them, although the response of the one is guided by the authority of the truth, while the response of the other defies that authority and refuses to meet its demands. The bullshitter ignores these demands altogether. He does not reject the authority of the truth, as the liar does, and oppose himself to it. He pays no attention to it at all. By virtue of this, bullshit is a greater enemy of the truth than lies are.

Alberto Brandolini summarized the problem in 2013:

The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.

This rule remains true for the bullshit web — the marketing cruft, bloated advertising, tracking mechanisms, and Google’s unnecessary and toxic Accelerated Mobile Pages project that have come to dominate the web. Users have tried to fight back by adopting ad blockers and switching to web browsers that are more privacy focused. But bullshit is stronger than that. It cannot be contained by browsers or the mere will of users’ requests. The response by its purveyors illustrates how thoroughly bullshit resists control.

You’re probably familiar with ad blocker blockers like the one from Admiral, which calls itself a “visitor relationship management company” and has a website that contains an SVG animation which uses over 100% of one of my iMac’s CPU cores. Another popular service is Blockthrough. In its 2020 ad blocking report, it claims to be the “most popular dedicated provider of ad recovery” using an “Acceptable Ads” whitelist. Most ad blocker blockers are only a little irritating. They might show a notice guilting you into disable your ad blocker; some will prevent the article from loading until the ad blocker is disabled, though many will offer an option to proceed anyway.

But some go much further, like Instart’s AppShield. They call their product an “Ad Integrity” feature, which works by encrypting most of the media on each page and requiring the company’s scripts to decode the page. If those scripts are blocked, so, too, will be everything from pictures to links. If you visited a CBS Interactive property like CNet or Metacritic at some point over the past few years with an ad or tracking blocker turned on, you may have noticed that many of the pages fail to fully load. Instart went to great lengths in an attempt to avoid detection of AppShield, from obfuscating code to monitoring whether the developer console is open.

It’s not just anti-ad blockers that are pervasive; a user’s attempts to withdraw from all sorts of the web’s bullshit are countered at every turn. Providers of push notification services for website recognized that users could simply opt out of receiving requests to enable notifications on all websites, so they switched to JavaScript-based prompts that cannot be universally dismissed. Analytics providers are promoting tactics for “greater reliability” and creating workarounds for anti-tracking policies.

Violations of users’ intent are nothing new. Ad tech companies like Criteo and AdRoll created workarounds specifically to track Safari users without their explicit consent; Google was penalized by the FTC for ignoring Safari users’ preferences. These techniques are arrogant and unethical. If a user has set their browser preferences to make tracking difficult or impossible, that decision should be respected. Likewise, if a browser has preferences that are not favourable to tracking, it is not the prerogative of ad tech companies to ignore or work around those defaults. Just because browsers have historically been receptive by default to all sorts of privacy hostile technologies, it does not mean that those defaults are more correct.

A lack of user control is a worrisome theme amongst web bullshit purveyors. Think of all of the video files you have inadvertently streamed because they were included on a webpage that prioritized flashiness. Think of all of the times you have been stymied while trying to load some ostensibly simple page over a poor connection because of a wasteful use of resources.

This arrogance reaches its zenith when we test the limits of whether the integrity of a webpage is dependent on the entirety of its components. For instance, is it fair for a webpage to use a visitor’s CPU power to generate cryptocurrency? A recent analysis of the million most popular websites found that around a third of websites which use WebAssembly are running cryptocurrency miners; it was the most popular use of WebAssembly among the websites surveyed. The survey found that WebAssembly was being used in any capacity by only around 1,600 popular websites.

This stuff is like malware — except malware is usually relegated to the confines of software sourced in dubious means. Cryptocurrency miners, on the other hand, can be found on name brand websites. Surely, not all instances of mining scripts were deliberate, instead being included on a webpage through an ad network or similar means.

Still, these scripts are out there. When I started writing JavaScript twenty years ago, I used it to swap button styling or create dropdown menus. Now, it is somehow possible for a news article to have buried in its ad tech package a few-kilobyte obfuscated JavaScript file that will maximize CPU cycles, destroy battery life, and spool up your computer’s fans as it generates cryptocurrency in the background. One could argue that this is just another revenue source for a website, but it isn’t that simple. It’s an insidious and hostile way of usurping power and control.

If it were up to me, cryptocurrency mining would not be a capability offered by any web technology. But there is no way to remove just one CPU-sucking application from a web technology that enables many CPU-sucking applications. If WebAssembly were universally curtailed or dropped entirely, we would no longer face the scourge of cryptocurrency miners in browsers, but we might also lose web applications that require higher performance programming languages. And, notably, the use of those languages has broadened beyond the previous confines of the World Wide Web. It’s not just crappy Electron apps — which is to say all Electron apps. Web technologies are everywhere in otherwise native apps, from Adobe’s Creative Cloud to plenty of Apple’s, and there are plenty of reasons why.

But it also means that any website you visit is brimming with capabilities it almost certainly does not need, but can be used in ways that users have not consented to — and users have little control or knowledge. You can disable JavaScript entirely, but that makes some websites unusable. In some browsers — though not Safari — you can disable JavaScript on a per-website basis, but that’s a big switch to throw that simultaneously stops desktop-class code and also doesn’t allow the site to display a photo in an overlay.1

The bullshit web is not going away — on the contrary, it has leeched into the desktop, threatening native applications, and it is this very growth that is allowing websites to become laden with toxic technical waste. One of the reasons the bullshit web is able to exist at all is because the web is increasingly a universal operating system. We build websites as applications, which encourages standards bodies to add web app features to programming languages, which means even more apps get built with web languages.

It is as much a tasteless exercise as it is progress, and we should not accept its creeping intrusion. You can still separate a great Mac app from a poor one, but there is a new basement and it is found in apps which are partially or exclusively websites. It is foolish to run several instances of Chromium, and it is profoundly disrespectful for everything from our file syncing app to a videoconferencing app to be hundreds of megabytes each when their native-built equivalents are in the tens of megabytes. It is bizarre and poetic that the bullshit web has expanded to such an extent that we now construct it using a website disguised as an app.

All of this is to say that many of the surface-level indicators of the bullshit web may go away. Like popup ads and Flash, the worst qualities today’s web will eventually run their course. I look forward to a time when I no longer open an AMP URL, change it to a real webpage address, then am required to set my cookie preferences, state that I do not wish to receive push notifications, pause an autoplaying video, close a form asking for my email address, and hide a half-page advertisement only to read a single article. A future without all of that trash would undeniably be a very good thing.

Under the hood, though, the bullshit web will be more insidious and all-encompassing. Users will have less control over what is allowed to execute on their computer while unscrupulous practices are normalized. The worst privacy offences may be curtailed by regulation enforcing strong rights, but the worst technical offences will be hard to stop so long as websites are apps and apps are websites.


  1. Yes, I know there are non-JavaScript implementations of photo lightbox scripts; please do not write. ↩︎