Link

How to Debug Your Content Blocker for Privacy Protection

Via the EFF:

Millions of users are trying to protect their privacy from commercial tracking online, be it through their choice of browser, installation of ad and tracker blocking extensions, or use of a Virtual Private Network (VPN). This guide focuses on how to correctly configure the blocking extension in your browser to ensure that it’s giving you the privacy you expect. We believe that tools work best when you don’t have to go under the hood. While there is software which meets that criteria (and several are listed in the final section of the guide), the most popular ad blockers do not protect privacy by default and must be reconfigured. We’ll show you how.

Definitely a helpful guide to help you get the most out of your Ad/Tracker Blocker.

As a note: you don’t just want to block ads and trackers for privacy reasons (linked to being surveilled as you travel around the Internet) but also for security reasons: online ads are a vector for dropping malicious payloads and even the biggest networks are periodically affected.

Link

Exploited for Advertising

As part of a long-feature for The Guardian:

The techniques these companies use are not always generic: they can be algorithmically tailored to each person. An internal Facebook report leaked this year, for example, revealed that the company can identify when teens feel “insecure”, “worthless” and “need a confidence boost”. Such granular information, Harris adds, is “a perfect model of what buttons you can push in a particular person”.

Tech companies can exploit such vulnerabilities to keep people hooked; manipulating, for example, when people receive “likes” for their posts, ensuring they arrive when an individual is likely to feel vulnerable, or in need of approval, or maybe just bored. And the very same techniques can be sold to the highest bidder. “There’s no ethics,” he says. A company paying Facebook to use its levers of persuasion could be a car business targeting tailored advertisements to different types of users who want a new vehicle. Or it could be a Moscow-based troll farm seeking to turn voters in a swing county in Wisconsin.

Harris believes that tech companies never deliberately set out to make their products addictive. They were responding to the incentives of an advertising economy, experimenting with techniques that might capture people’s attention, even stumbling across highly effective design by accident.

The problems facing many Internet users today are predicated on how companies’ services are paid: by companies doing everything they can to capture and hold your attention regardless of your own interests. If there were alternate models of financing social media companies, such as paying small monthly or yearly fees, imagine how different online communications would be: communities would likely be smaller, yes, but the developers would be motivated to do whatever they could to support the communities instead of advertisers targeting those communities. Silicon Valley has absorbed many of the best minds for the past decade and a half in order to make advertisements better. Imagine what would be different if all that excitement had been channeled towards less socially destructive outputs.

Link

Millions exposed to malvertising that hid attack code in banner pixels

From Ars Technica:

Despite targeting only people using IE and unpatched versions of Flash, Stegano is noteworthy for its concealment of exploit code in the pixels of the banner ads. There’s no reason future campaigns—or possibly ongoing ones that have yet to be discovered—couldn’t exploit zero-day vulnerabilities that infected a much larger base of people. Until ad networks get much better at detecting malvertising campaigns, the scourge is likely to continue.

The lesson, again, is that the advertising that is scattered throughout the web should be generally regarded as hostile and that ad blockers aren’t just a privacy tool but a security tool as well.