Mozilla representatives report that a recent decision by Germany’s Federal Court of Justice (BGH) revives an old legal dispute over whether browser-based ad blockers infringe copyright. The organization fears that this could potentially lead to such tools being banned in the country.
The aforementioned lawsuit, which has been ongoing for many years, began with a suit filed by the German media conglomerate Axel Springer against Eyeo — the developer of the popular ad-blocking extension Adblock Plus.
Axel Springer’s portfolio includes many well-known newspapers and online projects, including Bild, Die Welt, Business Insider, Politico, Morning Brew, Idealo, and so on. Most of them operate as news media, classifieds, and marketing services. As a result, advertising is the core of Axel Springer’s business.
According to Axel Springer representatives, the very existence of ad blockers threatens their revenue model. The holding company maintains that the execution of websites in browsers may itself constitute a copyright violation. This claim is based on the idea that a site’s HTML and CSS code are a kind of protected computer program, and that ad blockers interfere with the site’s display by acting on in-memory execution structures (DOM, CSSOM, render tree). Therefore, such activity falls under the definition of unauthorized reproduction and modification without the author’s permission.
Previously, the Hamburg court of first instance and the court of appeal ruled that changing how websites are displayed is not interference with code, but merely a user choice. Moreover, in 2018 the Federal Court of Justice of Germany confirmed this decision, holding that the use of an ad blocker and even a whitelist model is permissible because users install such extensions themselves, and media platforms can always restrict access to such clients.
However, recently (July 31, 2025) the BGH reconsidered its position. It overturned the appellate court’s ruling and remanded the case for a new hearing. As a result, the court must examine more precisely what exactly is changed in the code, whether copyright protection extends to that code, and under what circumstances interference by an ad blocker can be considered justified.
The court will have to determine whether the DOM, CSS, and bytecode are considered a computer program protected by copyright, and whether the modifications an ad blocker makes to the code are lawful.
“It cannot be ruled out that bytecode, or code generated from it, is protected by copyright as a computer program, and that an ad blocker infringes the exclusive rights by means of modification or modified reproduction,” the BGH statement says.
As Daniel Nazer, Mozilla’s Senior Counsel for Intellectual Property and Products, writes, due to the technical underpinnings of this lawsuit, the outcome of the proceedings and any potential ban could also affect other browser extensions in Germany, ultimately narrowing user choice.
“There are many reasons, beyond ad blocking, why users might want their browser or a browser extension to modify a web page,” Nazer says, explaining that this could be driven by the need to “improve or assess accessibility or protect privacy.”
Mozilla believes that this time the case could take a different turn, and ad blockers may end up being illegal in Germany. Although it’s noted that the new proceedings could take several years, there is a risk that, in the future, developers of browser extensions will be held liable for causing companies financial harm.
In addition, this could lead to a restriction of browser users’ rights, causing browser developers to make their applications even more closed, while extension developers limit the functionality of their tools to avoid potential legal issues.
2025.02.06 — Let's Encrypt to stop sending expiration notification emails
The nonprofit organization announced that, starting June 4, 2025, it will stop sending expiration notification emails to subscribers. The primary reason behind this decision…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.03.12 — Mass exploitation of PHP-CGI vulnerability in attacks targeting Japanese companies
GreyNoise and Cisco Talos experts warn that hackers are actively exploiting CVE-2024-4577, a critical PHP-CGI vulnerability that was discovered and fixed in early June 2024. CVE-2024-457…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →