Save up to $400 on InfoSec Training at SANS Baltimore Fall 2018. Ends Tomorrow!

SANS Security Trend Line

If You Don't Let Advertisers Track Your Every Click, the Terrorist Win

Gregg Keiser has a piece in Computerworld on the CEO of the Interactive Advertising Bureau CEO lambasting Firefox for making third party cookie blocking a default setting in Firefox. What caught my eye in the IAB post was:

"Like the piracy of music and movies online, ad blocking appears to be a victimless endeavor, but in fact is a possibly illegal activity that deprives a cascading chain of legitimate enterprises of income. In some markets, Adblock Plus is responsible for stopping as much as 50 percent of mainstream publishers' ads, significantly harming their revenue stream. For small publishers, the effect is devastating. Niero Gonzalez, the proprietor of the gamer site and a member of the IAB's Long Tail Alliance, says that half his users are blocking ads. "This means we're working twice as hard as ever to sustain our company," he has written."

Which appears to be saying "online advertisers get 50% of their revenue by forcing people who don't want to see advertising to have to see it." Which, I think was the same argument from FAX spammers a decade or so ago, when Congress passed the Junk Fax Prevention Act in 2005: "50% of our fax paper sales come from people who need more fax paper because of all the fax spam they had to print..."

There are a lot of fun arguments around this issue, especially whether the Internet would be more or less valuable with much less of the "free" content that advertising enables. But the major security issue is the vast amount of malware, "water cooler" and "drive-by" attacks that users are subjected to via much of online advertising gone bad.

From the Critical Security Controls point of view, it is easy to argue that Malware Defense is a whole lot easier when the Internet does not enable such a rich "cascading chain" of revenue streams, since cybercrime revenue is one of the big beneficiaries.It is sort of like that "cascading chain" of revenue from the crapware that gets pre-installed on many PCs, or even worse, that Adobe, Mcafee and Oracle try to trick you into installing when you patch Java or Flash or Reader each morning...

The hobgoblin has been interfering with the user, impacting productivity, etc. However, the huge adoption of the Apple App Store and Google Play show that users find that some restrictions are acceptable if they reduce bad things from happening while still allowing enough choice. After all, if those bad things actually happen, users see the impact the most - and those bad things have been happening.


Post a Comment


* Indicates a required field.