Of course, ads with exploits and malware that inject into your computer can be invisible and hard to detect as "intrusive", which this doesn't seem to recognize or handle. I'll stick with ad-block.
This justification always reminds me of the advice to run SSH on a non-standard port.
Sure, I guess that makes you less of a target for bad actors, but if your browser can be compromised by simply visiting a website, that's a serious problem that's going to bite you whether you block ads or not.
It's much closer to the advice to run antivirus, use a firewall, and apply updates. Exploits are discovered, but there are often mitigations available before fixes come around. By applying the mitigations (AV, firewall, adblock) you can prevent at least some of the exploits until fixes (browser updates) are released.
You're saying that theoretically, because there may be worse exploits from advanced actors that can target you for visiting a website, you shouldn't worry about basic security and whitelisting?
Do you not lock your door at night, either, just because someone could smash through your windows?
The SSH on a nonstandard port thing... I do it so I know if I see a failed login attempt, it's someone who is trying a lot harder than the average attacker and something I should investigate more fully.
Are there stats on how malware spreads? I suspect hacked websites & spam email are a more common source of infection than ad networks. It's not theoretical nor does it imply an advanced actor.
