Web ad networks are malware authors' best friends, October 18, 2016

Web ad networks are malware authors' best friends

If you use the free version of the Spotify streaming music service, you better check your PC or phone for viruses. Earlier this month, Spotify users started reporting typical signs of a malware infection: their browsers were redirected to sites filled with malicious software waiting to be downloaded, as CSO’s Ian Paul reports in an October 6, 2016, article. The cause was malware delivered by Spotify ads. Paul recommends that those affected by the attack use the free Malwarebytes program to scan your machine for viruses.

Paul claims there isn’t much you can do to prevent such infections from Spotify and other popular, trusted sites. I disagree. In fact, I’ll go so far as to say that if you’re not using an ad-blocking browser extension such as AdBlock Plus, you’re asking for trouble. I’m not the only one who thinks so. Back in December 2014, an author who goes by the name “T.Rob” went so far as to call online advertising the “new digital cancer.”

As T.Rob explains it, the adtech industry has become “the Research & Development arm of organized cybercrime.” Malware purveyors now use ad networks to target their malicious payloads to specific “audiences.” Their audience of choice is anyone who isn’t using an ad blocker, but they can narrow their targets using the same demographic parameters of other ad-network customers: age, location, income, political beliefs, health, and special interests.

Ad networks lack incentives to keep malware out

The adtech industry claims to be just as victimized by malware on their networks as the people whose systems become infected after viewing their ads. T.Rob points out that it’s a thin line between allowing nefarious lotteries to target the elderly and other gullible populations via targeted ads, and “promoting” sites that serve up malicious downloads. Ad networks want their claims of being victims to be plausible while they continue to collect massive revenue from the bad guys.

People have no reason to trust online ads until the ad networks disclose what personal information they’re collecting, how they’re using it, and who they’re sharing it with. That’s not going to happen voluntarily because doing so would be tantamount to the ad purveyors reducing the value of their prize asset: our private information.

(If you’re curious, T.Rob offers accounts of dozens of damaging ad-borne malware attacks.)

Malvertising now a prime reason people block ads

The adtech industry has benefited from the growth in online ad revenues in recent years; they increased 20 percent in 2015 to $59.6 billion in the U.S., according to Interactive Advertising Bureau figures cited by Marketing Land. To date the ad networks haven’t felt the need to respond to people’s complaints about web ads, and this puts digital publishers in a tight spot, as ad-industry executive Aaron Doades writes in an October 17, 2016, op-ed in Publishers Daily.

Doades points to a recent survey conducted by Teads that found 66 percent of people who use ad blockers do so to prevent pages from loading so slowly, while anti-ad-blocking group Pagefair reports that half of ad-blocking consumers use the programs to prevent their personal information from being misused. In a separate survey by the IAB, the number one reason people block ads is to avoid a malware infection. Doades envisions a new online-ad ecosystem in which users are provided with “the ad experience they’ve asked for without caving to the use of ad blockers.”

Bringing targeted advertising to a billboard near you

I don’t share Doades’ confidence that the adtech industry will ever be able to police itself sufficiently. Exhibit A is the recent announcement by Yahoo – that paragon of data security – that it is developing an outdoor version of targeting advertising designed to identify people as they travel past. Ars Technica’s David Kravets writes in an October 13, 2016, article that Yahoo has applied for a patent on a technology it calls “grouplization.”

As Yahoo envisions it, smart billboards would be located along freeways and in bars, airports, airplanes, buses, and other public places. The billboards will use various techniques to collect and analyze information about its surroundings – including the people who are currently nearby – and serve up ads based on that analysis. That’s grouplization in a nutshell.

A key component of the plan is data picked up automatically from people’s phones and other mobile devices. Throw in license plate readers and you’ve got a comprehensive picture of who, when, and where. Show of hands: Who believes such a valuable commodity will be used only to serve up ads? Not many hands!

Of course the collector and analyzer of the private information scooped up by such a system will do whatever they can to maximize the data’s value. And what do we get in exchange for these detailed personal dossiers that we’re not even privy to read ourselves? Targeted ads. Well, thank you very much!

----------------------------------------------------------

Facebook’s latest effort to creep us the heck out

Just in time for Halloween, that scariest of social networks – Facebook – is taking the wraps off a bot that is designed to get people talking. Conversation Topics suddenly appeared on some people’s Facebook Messenger phone app, as described in an October 18, 2016, article on the Guardian. They were prompted to “ask your friend so-and-so about their garden,” for example. The Guardian imagines the resulting conversation, which I reimagine thusly:

“How did you know I was working in my garden?”

“Facebook told me.”

“How did Facebook know?”

“Well, the app can access the personal information on your phone, so it must have deduced you were doing some gardening this weekend.”

“So my Facebook friends will know all these things about what I’m doing even if I don’t post it to my timeline?”

“They might if they open Facebook Messenger, yes.”

“Why is Facebook suggesting topics that my friends and I might want to chat about, anyway?”

“They say they want to increase user engagement.”

“I say they want to increase ad revenue.”

“Sounds like the topic for a rousing conversation.”

“Give it up, Facebook!”

(Don’t say I didn’t warn you.)

-------------------------------------------------------------

Just for the heck of it: There’s this site called Brand New Congress that was founded by former Bernie Sanders supporters and staffers with the intention of, well, electing a brand new Congress in 2018. But not just any new Congress, not one with new politicians replacing the old ones in name only. Uh-uh. This new Congress will be comprised of everyday folk: teachers, healthcare workers, VCR repair people (I understand they have a lot of time on their hands lately), even the occasional lawyer.

You can read about the BNC’s plan to promote a slate of citizen candidates who support the group’s progressive agenda: Medicare for all, decarceration, money out of politics, no “wars of choice,” speak for marginalized populations, and commit to 100 percent renewable energy by 2024. If it sounds good to you, use the form provided to nominate a candidate.

Personally, I wouldn’t wish a two-year term in Congress on anybody I cared about. The Christians had better odds against the lions than this group would have against the combined forces of the insurance, finance, energy, military, pharmaceuticals, technology, health, and agriculture industries – not to mention the unions, the NRA, and all those other deep-pocket special interests.

Apart from that, I’m behind the BNC 100 percent.