tag:blogger.com,1999:blog-4503292949532760618.post856672179921145258..comments2024-03-28T13:39:27.601-07:00Comments on DSHR's Blog: Has Web Advertising Jumped The Shark?David.http://www.blogger.com/profile/14498131502038331594noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-4503292949532760618.post-40101339667104163522018-12-22T15:35:24.901-08:002018-12-22T15:35:24.901-08:00Dan Goodin's How 3ve’s BGP hijackers eluded th...Dan Goodin's <a href="https://arstechnica.com/information-technology/2018/12/how-3ves-bgp-hijackers-eluded-the-internet-and-made-29m/" rel="nofollow"><i>How 3ve’s BGP hijackers eluded the Internet—and made $29M</i></a> describes a highly sophisticated click-fraud scheme:<br /><br />"In one of the most sophisticated uses of BGP hijacking yet, criminals used the technique to generate $29 million in fraudulent ad revenue, in part by taking control of IP addresses belonging to the US Air Force and other reputable organizations.<br /><br />In all, "3ve," as researchers dubbed the ad fraud gang, used BGP attacks to hijack more than 1.5 million IP addresses over a 12-month span beginning in April 2017. The hijacking was notable for the precision and sophistication of the attackers, who clearly had experience with BGP—and a huge amount of patience."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-86695104895764247402018-10-23T19:53:49.704-07:002018-10-23T19:53:49.704-07:00Craig Silverman's Apps Installed On Millions O...Craig Silverman's <a href="https://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to" rel="nofollow"><i>Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme</i></a> is a must-read account of:<br /><br />"a massive, sophisticated digital advertising fraud scheme involving more than 125 Android apps and websites connected to a network of front and shell companies in Cyprus, Malta, British Virgin Islands, Croatia, Bulgaria, and elsewhere. More than a dozen of the affected apps are targeted at kids or teens, and a person involved in the scheme estimates it has stolen hundreds of millions of dollars from brands whose ads were shown to bots instead of actual humans."<br /><br /><a href="https://security.googleblog.com/2018/10/google-tackles-new-ad-fraud-scheme.html" rel="nofollow">Google's response</a> estimates that:<br /><br />"the dollar value of impacted Google advertiser spend across the apps and websites involved in the operation is under $10 million. The majority of impacted advertiser spend was from invalid traffic on inventory from non-Google, third-party ad networks."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-89562925974637790982018-08-28T09:42:05.556-07:002018-08-28T09:42:05.556-07:00"Many advertisers suspect that the bidding is..."Many advertisers suspect that the bidding is rigged and they’re paying more for that ad than they should.<br /><br />They may be right. In a <a href="https://www.gsb.stanford.edu/faculty-research/working-papers/credible-mechanisms" rel="nofollow">new paper</a>, <a href="https://www.gsb.stanford.edu/faculty-research/faculty/mohammad-akbarpour" rel="nofollow">Mohammad Akbarpour</a> at Stanford Graduate School of Business and <a href="http://www.shengwu.li/" rel="nofollow">Shengwu Li</a> at Harvard University confirm that the most common format of auctions for online ads do indeed give auctioneers ample opportunity to cheat. That can undermine the auctions themselves, if bidders become so skeptical that they stay away." from <a href="https://www.gsb.stanford.edu/insights/rigged-auctions-why-top-bidders-dont-always-feel-winners" rel="nofollow"><i>Rigged Auctions? Why Top Bidders Don’t Always Feel Like Winners</i></a> by Edmund L. Andrews:<br /><br />"The controversy turns on what are called “second-price” auctions, which have been hailed as a great way to make the bidding simpler and less risky. In contrast to an old-fashioned “first-price” auction, where the top bidder pays exactly what he or she offered, the winner in a second-price auction only pays as much as the runner-up bidder had offered. ... only the auctioneers know for certain what the second-highest bid was. If the top bid for placing an insurance ad was $60 per click, and the second-highest was $45, the auctioneer could plausibly claim that the second-highest bid was $55 and pocket the difference. If the bids are all sealed, who would know?"David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-24989507001877708802018-01-08T06:26:03.760-08:002018-01-08T06:26:03.760-08:00The advertising industry's solution to Bay Are...The <a href="http://www.siliconbeat.com/2018/01/05/your-car-may-soon-serve-you-ads-how-about-a-pizza/" rel="nofollow">advertising industry's solution to Bay Area traffic</a>:<br /><br />"Here’s what you do in your spanking new, internet-connected car when you approach a red or yellow light: slow down way ahead, creep forward slowly — and make sure you never come to a stop.<br /><br />Here’s why you do it: If you stop moving, your car will start serving you ads on the dashboard, maybe for anti-itch cream because it knows you’re going shopping after a hike in poison oak country." reports Ethan Baron at <i>Silicon Beat</i>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-34265172023155139422017-12-31T11:51:11.651-08:002017-12-31T11:51:11.651-08:00Charlie Stross' keynote for the 34th Chaos Com...<a href="http://cdn.media.ccc.de/congress/2017/h264-hd/34c3-9270-eng-Dude_you_broke_the_Future.mp4" rel="nofollow">Charlie Stross' keynote for the 34th Chaos Communications Congress</a> describes corporations as "slow AIs" and traces the current state of the Web back to 1995, when the Internet started using advertising as a business model. Because these "slow AIs" are profit maximizing, Stross argues that their goal is to harvest as much of the available attention as possible, and that regulatory mechanisms have failed to push back on this.<br /><br /><a href="https://boingboing.net/2017/12/29/llcs-are-slow-ais.html" rel="nofollow">Cory Doctorow's commentary on this talk is interesting</a>:<br /><br />"Stross says we should be especially worried about machines designed to command ever-larger slices of our attention, without regard to whether we're made happier through this process (after all, you can make someone pay attention to you by driving them nuts, something that's often easier than pleasing them.<br /><br />He traces the original sin of attention-optimizing autonomous artificial life-forms to the advertising-driven web, which grew up in the dotcom bubble, and suggests that perhaps paid media built on something like microtransactions would have had a better outcome.<br /><br />I think that this is a causality error, though. The dotcom boom was also an economic bubble because the dotcoms came of age at a tipping point in financial deregulation, ... That meant that the tech industry's heady pace of development was the first testbed for treating corporate growth as the greatest virtue, built on the lie of the fiduciary duty to increase profit above all other considerations.<br /><br />...<br /><br />All this to say that if the web had been built on direct transactions through micropayments, the slow AIs of the corporate world would have still figured out how to toxify the web and the discourse that ran over it. If clicks were worth direct money (as opposed to indirect money, paid through ad brokers), the same forces that optimized for attention-grabbing to attract eyeballs would have just optimized for microtransaction grabbing."<br /><br />I agree with Doctorow. We don't know how to build infrastructures that push back against the forces of economics, and in particular the force of increasing returns to scale. And because these forces create huge, market-dominating "slow AIs", the regulatory mechanisms no longer work becasue they are captured by the oligopolists (see Ajit Pai).David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-2060917957601978442017-12-28T06:49:32.168-08:002017-12-28T06:49:32.168-08:00Why you shouldn't let your browser remember yo...Why you shouldn't let your <a href="https://www.bleepingcomputer.com/news/security/web-trackers-exploit-flaw-in-browser-login-managers-to-steal-usernames/" rel="nofollow">browser remember your username and password</a>:<br /><br />"Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain.<br /><br />This type of abusive behavior is possible because of a design flaw in the login managers included with all browsers, login managers that allow browsers to remember a user's username and password for specific sites and auto-insert it in login fields when the user visits that site again.<br /><br />Experts say that web trackers can embed hidden login forms on sites where the tracking scripts are loaded. Because of the way the login managers work, the browser will fill these fields with the user's login information, such as username and passwords."<br /><br />Yet another good post from Catalin Cimpanu.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-45963524947937565442017-12-27T20:25:05.786-08:002017-12-27T20:25:05.786-08:00"Myspace — the iconic social network of the e..."Myspace — the iconic social network of the early 2000s — seemed to be experiencing a resurgence this summer when millions of visitors flocked to its new video page, potentially generating a wave of ad revenue for the site’s troubled parent company, Time Inc.<br /><br />But Myspace shut the page down this week after a BuzzFeed News investigation revealed that the surge in traffic came primarily from suspect sources that racked up fraudulent ad impressions." reports Craig Silverman at <i>BuzzFeed</i> in <a href="https://www.buzzfeed.com/craigsilverman/remember-tom" rel="nofollow"><i>Myspace Looked Like It Was Back. Actually, It Was A Pawn In An Ad Fraud Scheme</i></a>:<br /><br />"The growing awareness of ad fraud among brands and agencies is causing major advertisers to <a href="https://www.wsj.com/articles/p-g-cuts-more-than-100-million-in-largely-ineffective-digital-ads-1501191104" rel="nofollow">pull back budgets</a> and demand more accountability from their partners. <a href="https://www.buzzfeed.com/craigsilverman/ad-industry-insiders-are-connected-to-a-fraud-scheme-that?utm_term=.uyX2Y2NJqQ#.ocGAZAvj9G" rel="nofollow">Industry leaders expect more than $16 billion</a> to be stolen by fraudsters this year alone."<br /><br />Its a must-read, as is his earlier <a href="https://www.buzzfeed.com/craigsilverman/ad-industry-insiders-are-connected-to-a-fraud-scheme-that" rel="nofollow"><i>Attack of the Zombie Websites</i></a>:<br /><br />"the advertising world is in the midst of its own crisis brought on by a multibillion-dollar form of digital deception: ad fraud. This investigation also reveals how seemingly credible players in the ad supply chain can play an active role in — and profit from — fraud."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-82177232359900741092017-12-27T10:13:59.624-08:002017-12-27T10:13:59.624-08:00The arms race between advertisers and ad-blockers ...The arms race between advertisers and ad-blockers continues with <a href="http://homepage.divms.uiowa.edu/~mshafiq/files/adblock-ndss2018.pdf" rel="nofollow"><i>Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis</i></a> by Shitong Zhu <i>et al</i>:<br /><br />"We want to develop a comprehensive understanding of anti-adblockers, with the ultimate aim of enabling adblockers to be resistant against anti-adblockers. To this end, we propose a system based on differential execution analysis to automatically detect anti-adblockers. Our key idea is that when a website is visited with and without adblocker, the difference between the two JavaScript execution traces can be safely attributed to anti-adblockers."<br /><br />Hat tip to <a href="https://boingboing.net/2017/12/27/fuzz-buster-buster-buster.html" rel="nofollow">Cory Doctorow</a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-60183712502399379752017-12-19T20:01:20.079-08:002017-12-19T20:01:20.079-08:00Currency-mining Android malware is so aggressive i...<a href="https://arstechnica.com/information-technology/2017/12/currency-mining-android-malware-is-so-aggressive-it-can-physically-harm-phones/" rel="nofollow"><i>Currency-mining Android malware is so aggressive it can physically harm phones</i></a> by Dan Goodin at <i>Ars Technica</i> starts:<br /><br />"A newly discovered piece of Android malware carries out a litany of malicious activities, including showing an almost unending series of ads, participating in distributed denial-of-service attacks, sending text messages to any number, and silently subscribing to paid services. Its biggest offense: a surreptitious cryptocurrency miner that's so aggressive it can physically damage an infected phone."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-89503579900314381382017-12-13T07:03:34.945-08:002017-12-13T07:03:34.945-08:00"Security experts claim four extremely popula..."Security experts claim four extremely popular video-streaming websites have been secretly loaded with crypto-currency-crafting code." <a href="http://www.theregister.co.uk/2017/12/13/adguard_video_streaming_mining/" rel="nofollow">Shaun Nichols at <i>The Register</i>'s report</a> is based on <a href="https://blog.adguard.com/en/crypto-streaming-strikes-back/" rel="nofollow">Andrey Meshkov's blog post</a>:<br /><br />"we came across several VERY popular websites that secretly use the resources of users' devices for cryptocurrency mining and were avoiding ad blockers so far. According to SimilarWeb, these four sites register 992 million visits monthly. And the total monthly earnings from crypto-jacking, taking into account the current Monero rate, can reach $326,000."David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.comtag:blogger.com,1999:blog-4503292949532760618.post-72970480705784824402017-11-29T20:27:09.545-08:002017-11-29T20:27:09.545-08:00Look under the clock in your Windows toolbar, says...Look under the clock in your Windows toolbar, says <a href="https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/" rel="nofollow">Jerome Segura</a>. You may well find a persistent cryptominer.<br /><br />Hat tip to <a href="http://www.theregister.co.uk/2017/11/30/crypto_mining_persistent" rel="nofollow">Shaun Nichols at <i>The Register</i></a>.David.https://www.blogger.com/profile/14498131502038331594noreply@blogger.com