On Ads & Security & Privacy

Boy did I step in it. But, this time, hopefully in a productive way. A lot of questions about advertising have been raised, and with them… a few common misconceptions.

I’m going to tackle one of them: The security and privacy concerns of viewing ads online. Ever since people learned that a cookie didn’t always mean a tasty treat, people have been scared of what web sites can do in terms of privacy.

But, this is not a primer on cookies. This is an article about how viewing ads, in general, is safe. Or, at the very least, can be made safe without the need to deploy software such as AdBlock.

I will assume that you have a regular internet connection. The vast majority of people do not have to worry about things like Static IPs. Also, I will assume that you are not a conspiracy theorist. The NSA is not cross-referencing Google ad views with ISP logs. And, the main reason, is that doesn’t make sense. The feds can just pull your ISP logs to see what pages you browse, and worse, they don’t need to cross-reference them.

Here’s the deal: Advertisers can follow you from one web site to another, but they don’t know what you’re doing on them. If you want to block most of this, you do so by blocking cookies. Cookies are the common tool advertisers use to follow you from site to site. Even better, there are lots of tools out there that block cookies specifically from advertisers. The publisher still gets paid for you watching the ad, cookie or not.

Even better, some ad companies offer for you to put a cookie on your computer that explicitly opts you out of monitoring. A bit of a pain to do, but again, ethically sound, and again, blocking cookies works just as well.

Now, some of you are raising your hands about to say the G word. Yes, Google has become a bit better at this practice by tracking ads based on IP addresses, thanks to the wonders of JavaScript. But, here’s the rub… Google can’t do much, if anything with that info, except serve you better ads. Now, many of you still won’t accept that’s a good thing, I understand. But keep in mind, the vast majority of ISPs cycle IPs with their users. Meaning, Google can’t go back two months ago and find out what you were digging up on the web.

So, let’s wrap this up. No, security is not a morally-valid excuse to use AdBlock. If you want security and privacy, you are much better off blocking cookies, and power cycling your modem every day or so… so it gets a new IP. In fact, this handles everything AdBlock would protect you from, and it still ensures publishers get paid… and that you aren’t robbing them of their bandwidth, time, and efforts.

In a future article, I will detail the coming storm with people trying to subvert ads, and just how advertisers (and publishers) will strike back… in graphic detail. I’ll give you a quick hint: it taps on a little technology known as AJAX.

2 Responses

  1. Jeff Hicker
    Jeff Hicker September 20, 2007 at 12:35 am |

    You shouldn’t forget also that a simple ad can be a source of a more serious problem – a malware. The information that I collect using reporting functionality of the desktop management solution I use to manage and control security on my desktops shows perfectly clear that the sites that contain the massive advertising are often source of infection by malware. That’s what I love in Scriptlogic’s Desktop Authority http://www.scriptlogic.com/Anti_Spyware.asp – the management tool that I use – it plots bar diagrams showing the density of infection through the domain. Reports are stored in an SQL database what allows to gather statistics to post-process the collected statistics and find the law to reveal how one information correlates with the information that we receive from our firewall. It clearly shows that the users that are most affected to threats are often visit sites that contain much ads on its pages. The only thing that saves us here is the rapid reaction of the anti-spyware protection built-in the Desktop Authority that prevents Trojans and keyloggers from affecting user computers by cleaning them out on the stage of penetration.

  2. Christopher Price
    Christopher Price September 20, 2007 at 2:34 pm |

    No, I didn’t forget that. The problem with that logical argument is that it ignores that any web site can display malicious content… I don’t know why people think that an advertisement is a specific threat gradient.

    There’s nothing stopping someone from creating a site, gaining high media publicity (digg, et al)… and then adding a Flash, Java, or ActiveX exploit to it.

    The solution is simple: Either safeguard your system (by keeping your browser, plugins, OS, and anti-malware up-to-date), or, disable all rich media content.

    It’s just not a moral objection to use AdBlock… if your computer is already protected from such exploits, you have nothing to worry about. If you are still worried, you should have already blocked Java, Flash, and ActiveX.


Leave a Reply