Ads have been known to contain drive-by malware. Even if you don’t mind seeing ads (which personally I don’t mind unless they’re very intrusive), an adblocker is important for online safety.
Drive-by malware tends not to be zero-days though. I’ve stayed safe for decades just by keeping my software up to date.
There’s no mention of anything like zero-days in that article. They only mention that it can target all major OSes, with no mention of cutting edge versions also being vulnerable.
Hilariously, the article directly supports my position as well:
The good news for some, at least: it likely poses a minimal threat to most people, considering the multi-million-dollar price tag and other requirements for developing a surveillance campaign using Sherlock
That’s a big part of my whole point. People who don’t do even a modicum of actual thought about a practical threat model for themselves love pretending that ad blocking isn’t primarily just about not wanting to see ads.
If Israel or some other highly capable attacker is coming after you, then fine, you really do need ad blocking. In that case malware in ads is going to be the least of your concerns.
Attacks that cast such a wide net as to be the concern of all web users are necessarily less dangerous because exploits need to be kept secret to avoid being patched.
There’s nothing wrong with taking extra precautions; I’m certainly not saying blocking ads is a bad idea. It’s the apparent confusion that an informed, tech-savvy person might choose not to block ads that makes me laugh.