For an internet advertising company to make money, it can only happen because of the internet user. Yet sometimes it seems almost as if the advertising technology industry is at war with internet users.
With more than 50% of savvy internet users in US on ad blockers, and ad blockers being among the most downloaded browser extension in history, there is no better (and more important) time than right now to consider the arguments to why internet users may be better off by using an ad blocking technology.
So what are the three reasons that internet users should consider in terms of ad blocker use?
BECAUSE ADVERTISING NETWORKS ARE USED FOR SPYING
In 2014 Edward Snowden gave a talk  on the topic of surveillance to Council of Europe, where he gave special mention to internet advertising. I will highlight the interesting part below:
The first reason why this makes sense is because the data that is collected by the internet advertising industry is gigantic. Making it very interesting. In the AT&T example that has been discussed to the death, there was the number “60 billion events per day” associated with the practice in that case. The programmatic advertising market is at least 200 billion events per day.
When you can witness up to 100 ad or tracking tags on a given page, you can guess there is a very high level of reduncacy within that eco-system in respect to user data. Which means that there are trillions of potential meta-data events to exploit each and every day, some of which may have hundreds of individual variables attached to them. Connecting cookies to identities is trivial in most cases. Some of the most powerful, yet trivial reverse lookups include:
- cookie to email
- social id to email
- email to social ids
It is not only trivial, but there are companies that are specifically focused on providing reverse lookup services for marketing service, fraud detection and other purpose.
The second point on why it makes sense that ad networks are used for espionage and surveillance, is that US government agencies is actually making appeals to adtech companies for not using end-to-end encrypted connections:
FBI declared War against Encryption. Encryption is defeating government intelligence agencies to detect terrorist…thehackernews.com
These comments leave us with the impression that an ad platform would have to be hacked, so that an authority or other agent would be able to leverage such data. That is not at all the case.
Actually, in the same way as you can spread malware as a customer of an ad network, you can conduct espionage as a customer of an ad network. While the way data is accessed is different, the outcome will be more or less the same.
BECAUSE MALVERTISING IS SPREAD THROUGH AD PLATFORMS
Due to the fact that neither the government, or almost nobody else for that matter understand advertising technology comprehensively , both Snowden’s comments and the recent coverage on FBI Director’s request for keeping ad eco-system poorly encrypted, leave us with a wrong impression of how hard it is at the moment to use ad platforms for spreading spyware or other malicious codes through ad platforms.
It is far easier than almost anyone can think, to use ad platforms for spreading malicious codes
To do this, is as simple as to start a campaign that targets specific groups or individuals. The Million Browser Botnet video shows how easy it is to do this in practice. Basically, it shows exactly how to spread malware using ad platforms.
To understand how bad the problem is, in my view the video just scratches the surface of what is possible technically and how easy it is to execute something like that with almost any ad platform. We also have to consider that between the major ad platforms, especially DSPs, there is massive overlap in terms of available inventory. Just by delivering your malicious payload in one major DSP will give you over 50% coverage of everything everyone else has. That’s more or less 50% of the internet.
Today in 2016 the problem highlighted in the video is only worse.
Once you become the customer of an ad platform, you can start distributing your malicious codes. You can do it either with 1-to-1 targeting, or at massive scale reaching 2 billion internet users in a given day. Targeting is widely supported against things like:
- IP address
- company name
- cookie ID
- an alternate fingerprinting ID
- times of day
- version of OS
- browser version
- device information
Targeting capabilities would make a very long list actually. A single ad platform could have 100 or more of such meta-data variables available to be used as targeting criteria. Data Management Platform’s boast with their ability to connect cookies to user accounts, and some promise personally identifiable information (PII) too.
In short summary, to create either ultra-targeted or massive scale spray-and-pray campaigns to spread your malware, the only thing you have to do, is to sign up with one of the thousands of ad platforms. Using this method, cost of spreading malware can be as low as $0.01 per thousand ad impressions (malicious payload exposures). Infection rates per ad exposure will vary on the overall methodology used. Because things like browser versions can be targeted, infection rates could be very high.
Cyphort reports that malvertising attacks are up 325% from previous year.