Menu
Online advertising dangers
The cost of using the services we rely on everyday is exposure to malware via online ads. That's why an ad-blocking extension for your browser is essential equipment.
Ads pay for nearly all the Internet services we use daily, but ad networks track our online activities, and sometimes they deliver malware. When you block ads, you're reducing revenue to the Internet services you use. Is this unfair to the services? Are you essentially getting something for nothing?
CNET relies on ads for its revenue, yet CNET published articles I wrote describing how to use ad blockers. You might say there was a conflict of interest.
Now I'm writing about ad blockers on a site without ads or tracking or the other things that tag along with ads. Now when I recommend that you use an ad-blocking extension for your browser, I'm not speaking against my employer's interests.
I strongly suggest that you block ads, despite the effect this has on the commercial sites you use. (Links to ad-blocker downloads are below.) I propose that sites allow their customers to pay a small amount to use the service without ads or tracking. This site is a quiet attempt to put that principle into practice.
The ad model is profitable for sites of all sizes, but it is especially so for the biggest sites. Internet companies abide the current unregulated Wild Wild West of online ad networks for the same reason they still rely on inherently vulnerable passwords and chipless credit cards: safer alternatives are too expensive, and most of the risk is on their customers.
The Senate identifies the threat, says self-regulation isn't working
The U.S. Senate report on the hazards of ads to consumer security and data privacy describes how criminals use ads to deliver malware without requiring any clicking or other action by the viewer. The report states that "a visit to even a reputable website can now result in thousands of dollars in damage to the consumer and the compromise of private information at the hands of actors most consumers don’t know are present."
What the report refers to as "host websites" often don't know anything about the ads that appear alongside their own content, and they certainly can't predict what type of ad will be delivered by the third-party ad network.
The ad networks are often easy to fool. Criminals will appear to be legitimate when they initially apply to the ad network, and once they are accepted to the network they switch to malware delivery, according to the report.
Web services constantly scan for the presence of malware on their servers, but as the Senate report points out, "the ad networks and exchanges do not control the server that ultimately delivers the advertisement to the host website."
The Federal Trade Commission enforces against "deceptive practices." However, this requires that the company break a promise it made previously not to do something. The FTC has statutory authority to enforce under "unfair" practices, although services claim to have no understanding of which specific practices the FTC considers unfair.
The Senate report notes that the FTC's statutory enforcement of deceptive and unfair practices by online ad networks is narrowly focused. The statutes include the Children’s Online Privacy Protection Act (COPPA),[1] the Fair Credit Reporting Act,[2] the Gramm-Leach-Bliley Act,[3] the Health Insurance Portability and Accountability Act of 1996,[4] the Cable Television Consumer Protection and Competition Act,[5] and the Health Information Technology for Economic and Clinical Health Act.[6]
The report concludes that consumers are out of luck:
"[E]ven the most sophisticated advertisers have difficulty guaranteeing consumer security due in part to numerous structural vulnerabilities in the online advertising model. The current state of law and regulation addressing online advertising is sparse, focusing mainly on criminal actors rather than the responsibilities of intermediaries. While still pursuing criminal actors, the responsibility of industry and private stakeholders to implement precautionary measures should be clarified. The current structure leaves consumers with no recourse when they are victim of a malware attack."
Free browser extensions give ads the boot
So just visiting a legitimate website can deliver malware through an ad on the page. The solution: block the ads and all third-party cookies. Here's how:
Browser security settings you gotta change, June 24, 2014
Three essential security add-ons for Firefox, Chrome, and IE, May 7, 2013
Three free privacy add-ons for Firefox and Chrome, May 20, 2014
Disable third-party cookies in IE, Firefox, and Google Chrome, March 14, 2011
Claim a property interest in your personal information
If you're wondering what personal information the ad networks and other third parties are collecting based on your online activities, don't expect the collectors to be very forthcoming. For one thing, they may not know how the parties they sell the information to will use it. Who knows how many times the information is rehashed and resold?
Even though the services claim to anonymize your personal information, doing so doesn't reduce the value of the raw data to the person from whom it was collected. You could posit that the personal information had no inherent value until it was collected and aggregated, etc. This is the opinion of most courts to date, as I point out in "Reclaim your personal information." Therefore, the person lost nothing of value.
Your personal information still belongs to you after it has been anonymized. If the collector realizes value from the information, you have a right to the fair value of your information, despite the collector's claims that the data has been "depersonalized."
A modest proposal: The Privacy Manifesto
For safety's sake, you have to block ads and prevent other unwanted tracking. This could be construed as shortchanging the sites, which rely on ads -- targeted ads, specifically -- for their revenue.
Or maybe you could frequent sites that require a small payment to remain private, and ad-free. My last CNET post described one such site: the Pinboard bookmark service. Speaking of CNET....
A micropayment alternative to privacy-sucking ads
When I was a CNET contractor, I was paid based on the number of views my posts generated. As of June 1, 2014, I'm no longer paid for the views of the articles I wrote as a CNET contractor. Those pages continue to be viewed, and to generate revenue for CNET. So it goes.
Now I'm providing on this site all my new articles and updates to the most popular articles I wrote for CNET. Everything's offered ad-free and trackless. In exchange, I ask that you pay a little bit. New articles are free. Access to the archive is available for the minimum annual subscription is $1. If you subscribe for at least $10 a year, you get up to 30 minutes of personalized research and a response to whatever questions you ask me. Contact me for a quote on more extensive research, writing, and editing projects.
My goal is to help everyone stay safe online. The only way to do so is on a site that doesn't rely on ads and tracking for its revenue. Instead of ads, I'm hoping I can attract enough subscribers to keep spreading the word about online safety without going broke.
Quixotically,
Dennis O'Reilly
[1] Pub. L. No. 105-277, 112 Stat. 2581-728, codified at 15 U.S.C. § 6501
[2] Pub. L. No. 108-159, 117 Stat. 1953, codified at 15 U.S.C. § 1681
[3] Pub. L. No. 106-102, 113 Stat. 1338, codified at 15 U.S.C. § 6801
[4] Pub. L. No. 104-91, codified at 45 U.S.C. § 1320d
[5] Pub. L. No. 102-385, 106 Stat. 1460, codified at 42 U.S.C. § 551
[6] Pub. L. No. 111-5, 123 Stat 115, codified at 42 U.S.C. § 17921
Ads pay for nearly all the Internet services we use daily, but ad networks track our online activities, and sometimes they deliver malware. When you block ads, you're reducing revenue to the Internet services you use. Is this unfair to the services? Are you essentially getting something for nothing?
CNET relies on ads for its revenue, yet CNET published articles I wrote describing how to use ad blockers. You might say there was a conflict of interest.
Now I'm writing about ad blockers on a site without ads or tracking or the other things that tag along with ads. Now when I recommend that you use an ad-blocking extension for your browser, I'm not speaking against my employer's interests.
I strongly suggest that you block ads, despite the effect this has on the commercial sites you use. (Links to ad-blocker downloads are below.) I propose that sites allow their customers to pay a small amount to use the service without ads or tracking. This site is a quiet attempt to put that principle into practice.
The ad model is profitable for sites of all sizes, but it is especially so for the biggest sites. Internet companies abide the current unregulated Wild Wild West of online ad networks for the same reason they still rely on inherently vulnerable passwords and chipless credit cards: safer alternatives are too expensive, and most of the risk is on their customers.
The Senate identifies the threat, says self-regulation isn't working
The U.S. Senate report on the hazards of ads to consumer security and data privacy describes how criminals use ads to deliver malware without requiring any clicking or other action by the viewer. The report states that "a visit to even a reputable website can now result in thousands of dollars in damage to the consumer and the compromise of private information at the hands of actors most consumers don’t know are present."
What the report refers to as "host websites" often don't know anything about the ads that appear alongside their own content, and they certainly can't predict what type of ad will be delivered by the third-party ad network.
The ad networks are often easy to fool. Criminals will appear to be legitimate when they initially apply to the ad network, and once they are accepted to the network they switch to malware delivery, according to the report.
Web services constantly scan for the presence of malware on their servers, but as the Senate report points out, "the ad networks and exchanges do not control the server that ultimately delivers the advertisement to the host website."
The Federal Trade Commission enforces against "deceptive practices." However, this requires that the company break a promise it made previously not to do something. The FTC has statutory authority to enforce under "unfair" practices, although services claim to have no understanding of which specific practices the FTC considers unfair.
The Senate report notes that the FTC's statutory enforcement of deceptive and unfair practices by online ad networks is narrowly focused. The statutes include the Children’s Online Privacy Protection Act (COPPA),[1] the Fair Credit Reporting Act,[2] the Gramm-Leach-Bliley Act,[3] the Health Insurance Portability and Accountability Act of 1996,[4] the Cable Television Consumer Protection and Competition Act,[5] and the Health Information Technology for Economic and Clinical Health Act.[6]
The report concludes that consumers are out of luck:
"[E]ven the most sophisticated advertisers have difficulty guaranteeing consumer security due in part to numerous structural vulnerabilities in the online advertising model. The current state of law and regulation addressing online advertising is sparse, focusing mainly on criminal actors rather than the responsibilities of intermediaries. While still pursuing criminal actors, the responsibility of industry and private stakeholders to implement precautionary measures should be clarified. The current structure leaves consumers with no recourse when they are victim of a malware attack."
Free browser extensions give ads the boot
So just visiting a legitimate website can deliver malware through an ad on the page. The solution: block the ads and all third-party cookies. Here's how:
Browser security settings you gotta change, June 24, 2014
Three essential security add-ons for Firefox, Chrome, and IE, May 7, 2013
Three free privacy add-ons for Firefox and Chrome, May 20, 2014
Disable third-party cookies in IE, Firefox, and Google Chrome, March 14, 2011
Claim a property interest in your personal information
If you're wondering what personal information the ad networks and other third parties are collecting based on your online activities, don't expect the collectors to be very forthcoming. For one thing, they may not know how the parties they sell the information to will use it. Who knows how many times the information is rehashed and resold?
Even though the services claim to anonymize your personal information, doing so doesn't reduce the value of the raw data to the person from whom it was collected. You could posit that the personal information had no inherent value until it was collected and aggregated, etc. This is the opinion of most courts to date, as I point out in "Reclaim your personal information." Therefore, the person lost nothing of value.
Your personal information still belongs to you after it has been anonymized. If the collector realizes value from the information, you have a right to the fair value of your information, despite the collector's claims that the data has been "depersonalized."
A modest proposal: The Privacy Manifesto
For safety's sake, you have to block ads and prevent other unwanted tracking. This could be construed as shortchanging the sites, which rely on ads -- targeted ads, specifically -- for their revenue.
Or maybe you could frequent sites that require a small payment to remain private, and ad-free. My last CNET post described one such site: the Pinboard bookmark service. Speaking of CNET....
A micropayment alternative to privacy-sucking ads
When I was a CNET contractor, I was paid based on the number of views my posts generated. As of June 1, 2014, I'm no longer paid for the views of the articles I wrote as a CNET contractor. Those pages continue to be viewed, and to generate revenue for CNET. So it goes.
Now I'm providing on this site all my new articles and updates to the most popular articles I wrote for CNET. Everything's offered ad-free and trackless. In exchange, I ask that you pay a little bit. New articles are free. Access to the archive is available for the minimum annual subscription is $1. If you subscribe for at least $10 a year, you get up to 30 minutes of personalized research and a response to whatever questions you ask me. Contact me for a quote on more extensive research, writing, and editing projects.
My goal is to help everyone stay safe online. The only way to do so is on a site that doesn't rely on ads and tracking for its revenue. Instead of ads, I'm hoping I can attract enough subscribers to keep spreading the word about online safety without going broke.
Quixotically,
Dennis O'Reilly
[1] Pub. L. No. 105-277, 112 Stat. 2581-728, codified at 15 U.S.C. § 6501
[2] Pub. L. No. 108-159, 117 Stat. 1953, codified at 15 U.S.C. § 1681
[3] Pub. L. No. 106-102, 113 Stat. 1338, codified at 15 U.S.C. § 6801
[4] Pub. L. No. 104-91, codified at 45 U.S.C. § 1320d
[5] Pub. L. No. 102-385, 106 Stat. 1460, codified at 42 U.S.C. § 551
[6] Pub. L. No. 111-5, 123 Stat 115, codified at 42 U.S.C. § 17921