Ari::web -> Blog -> I built silly ADs for silly people (and you can join as well!)

Hello, World,

Just a couple of days ago, I launched https://ad.ari.lt - a little project called Arivertisements, which serves silly ads by silly people for silly people. It's an open source, security-minded, privacy-focused, and performance-optimized alternative to Johnvertisements from citrons.xyz. Today, I want to share what it's all about and hopefully inspire some of you to join in :)

Image split in half: first half is text in light grey reading "Arivertise today!" on a blue background, the other half is a 3 column list with the bullet points being hearts listing "minimal horses, Cool people, So much rizz" (1/3), "Much nerding, So artistic, Extremely woke" (2/3), "Secure, Fast, Minimal" (3/3). Below the list there text "Join us today: we are waiting" surrounded in 3 purple eyes on each side

"Arivertise today!" by Arija A (CC-BY-NC-SA-4.0). Purpose: To show Arivertisement Arivertisement. Uploaded on Sun, 10 Aug 2025 11:51:52 GMT. (raw media here)

# How Did Arivertisements Come to Be?

I was a Johnvertisements user, but always felt uneasy about how it worked. Johnvertisements embeds unrestricted iframes on every page with no iframe sandboxing, no open source code, questionable performance at times, no security headers, no way to verify if your ad actually got displayed, no alt text, no HSTS, and generally poor protection for user privacy and security on the technical front when embedding a full web-page in your site.

When Johnvertisements went down for like 6(?) hours, I decided it was time to build something better. That's how Arivertisements was born - to address all the issues I felt uneasy with and create a safer, faster, transparent alternative.

# How Was It Built?

I started with my new Flask template (maybe overkill for this project, but hey, why not?). The first version was basic and had bugs, which I promptly fixed. Though, here's what the initial version included:

Checking for DNS A records without filtering out private IPs.
Showing author info with email in plain text.
Basic security and privacy on the embed page.
Basic rate limiting.
No handling of duplicate or frequent hits.
Loose caching.
A leaderboard.
Metadata and image loading for Arivertisements.

It worked fine but needed robustness. Over the next two days, I made many improvements, including but not limited to:

Added private IP range checks to block fake or local domains.
Secured email display: initially simple obfuscation with a slower HTML entity-encoded page, and finally a more sophisticated client-side JS obfuscation using BLAKE2s and RC4.
Toughened security and privacy site-wide, applying strict Content-Security-Policy, Cross-Origin-Resource-Policy, and other protective headers.
Implemented more granular rate limiting to prevent abuse even further.
Started anonymous session-based tracking with a short-lived cookie to avoid counting repeated refreshes as new hits.
Enforced strict caching so the embed can only be requested every 5 minutes if cached, and images get cached for 30 hours without re-validation. This means cached clients see lightning-fast loads.
Improved metadata and crawling rules.

Overall, the app is pretty simple with only about 4000 lines of code, but designed for maximum security and performance without overloading the server.

It's also protected by multiple filtering layers to keep things secure and reduce abuse.

# How Can You Join?

I warmly invite you to join Arivertisements! We already have 7 Arivertisements in rotation and over a thousand Arivertisements served across different sites. Eleven sites are already proudly Arivertising, and now it's your turn!

To join: see https://ad.ari.lt/#yourself
Want to help improve the back-end? See https://git.ari.lt/ari.lt/ad.ari.lt.
To embed an Arivertisement on your website: See https://ad.ari.lt/#embedding.

# Thank You!

Thanks for reading this little Ariblogvertisement for Arivertisements. If this sounds interesting, jump in and be part of the silly nerd squad.

Happy Arivertising!