Posted by Erica George
Mon, 07 Apr 2008 18:39:00 GMT
The New York Times this weekend featured an editorial by Adam Cohen on erosions of user privacy caused by commercial behavioral tracking. While behavioral tracking (primarily through the use of cookies attached to web pages or to display ads) is not inherently bad, it’s important that companies employing tracking properly disclose what they’re doing in their privacy policies and user agreements.
Cohen notes that the scope of information a company can now learn about its users is larger than many users realize:
Web sites can charge a premium if they are able to tell the maker of an expensive sports car that its ads will appear on Web pages clicked on by upper-income, middle-aged men.
The information, however, gets a lot more specific than age and gender — and more sensitive. Tech companies can keep track of when a particular Internet user looks up Alcoholics Anonymous meetings, visits adult Web sites, buys cancer drugs online or participates in anti-government discussion groups.
Cohen also points out that in many cases, users don’t have enough information about how their personal tracking records will be used:
The bigger issue is the digital dossiers that tech companies can compile. Some companies have promised to keep data confidential, or to obscure it so it cannot be traced back to individuals. But it’s hard to know what a particular company’s policy is, and there are too many to keep track of. And privacy policies can be changed at any time.
Companies can help by making sure their privacy policies are easy to find and understand, and that these policies fully disclose what data is being tracked and how it is being handled after it is collected. StopBadware’s guidelines are a great place to start for pointers on best practices for disclosure.
For more information about cookies and their role in behavioral tracking and privacy, check out the videos from our Cookie Crumbles Contest last fall.
Tags ads, cookies, privacy, tracking
Posted by Erica George
Thu, 10 Jan 2008 20:03:00 GMT
The folks at MacHouse have posted a nicely detailed analysis of the steps they went through to track down the origins of a malicious banner ad they found on their own website. MacHouse traced a malicious flash ad through a chain of advertising resellers, and to a company that hadn’t known its own ad had been stolen and co-opted.
The detective work involved is illuminating reading, particularly for any website owners concerned about potentially malicious ads.
Thanks to Sandi at Spyware Sucks for the link!
Posted in all | Tags adnetworks, ads, thirdpartycontent
Posted by Erica George
Mon, 17 Dec 2007 16:38:00 GMT
A Danish member of the StopBadware discussion group has highlighted a disturbing outbreak of ad-driven malware on the websites of Danish media companies over the past several days. Cometcom1 posted that within several days, the affected websites were cleaned up, but that the owners of the affected sites seem unwilling to admit their share of responsibility, laying all blame squarely on the ad networks themselves. A lively debate on the ethics of using advertising online ensued.
Cometcom1 reports that there has now been a second round of infection hitting different Danish media sites, leading some users to avoid all media sites and some companies to block media sites preemptively from their networks.
At StopBadware, we feel that both website owners and advertising networks have a shared responsibility to ensure the safety of internet users. While ads are generally hosted remotely, an ad shown on a site is as much a part of that site as its other content. As with any third-party content, we caution website owners to choose carefully what they allow onto their sites.
Posted in all | Tags adnetworks, ads, discussiongroup, thirdpartycontent
Posted by Erica George
Fri, 07 Dec 2007 19:53:00 GMT
The FTC this week reached a settlement with the owners of AdultFriendFinder.com over misuse of pornographic pop-up ads. The ads covered users’ full screens and showed pornographic content to users of search engines, including many who had never requested an explicit site. According to the FTC’s statement, some of the ads were distributed through badware.
As part of the settlement, the company behind AdultFriendFinder.com has committed to require consent before showing ads or sexual content. The company must also weed out any of its affiliates who don’t do the same, making it harder for them to pass the buck if there is future abuse.
The FTC’s statement says the practice of displaying explicit ads without consent is a violation of the FTC Act, but does not specify whether the core violation is of consent to being shown ads, consent to being shown sexually explicit imagery, or both.
Posted in all | Tags ads, adware, enforcement, ftc, pornography
Posted by Erica George
Thu, 06 Sep 2007 21:56:00 GMT
If you’re a regular reader of this blog, by now you’re probably familiar with the idea of hackers who inject code – often invisible iframes or javascript – onto otherwise innocent but poorly secured sites.
Another way that sites can be compromised is equally important but often harder to recognize: third party content. When we think about third party content, we often think about ad networks, which place outside links, text, and often graphics on participating websites. Ads aren’t the only way third party content is used on today’s websites, however. Many sites use hit counters that are hosted independently, as well as website “toys” and decorations such as remotely hosted images.
In many cases, third party content is perfectly fine. There are safe ads, safe counters, and safe remote image hosts. If you’re a webmaster, choosing to use third party content on your site means taking responsibility to be sure that content is safe, and remains safe. Carefully screen the ad networks you choose to partner with, and ask how they prevent badware from compromising their network. Do a quick internet search and see what other users are saying about the security of that new counter you’re thinking about installing. And once you’re using third party content on your site, regularly check to be sure that it’s still safe.
Choosing to use third party content means inviting someone else to have control over part of your website. Choose carefully, and stay vigilant, to help keep your website’s visitors safe and your site secure.
Posted in all | Tags ads, counters, hacking, security, thirdpartycontent
|
