dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1233
share rss forum feed

NOCMan
MadMacHatter
Premium
join:2004-09-30
Colorado Springs, CO

1 recommendation

Theft of service and legitimate revenues for site operators

This is stealing revenue from legitimate website operators. Why are they allowed to overwrite ad's displayed from a site such as CNN or bloggers who display AdSense ad's to maintain some stream of revenue from their sites.

It is also a security issue. If they overwrite ad's that my bank displays through the SSL connection they could degrade the security of my bank connection or at least introduce SSL errors that will confuse normal people as to what's going on. Not to mention how do I know that these 3rd party companies are doing adequate monitoring of ad's inserted into webpages. I've seen plenty of companies who go home on the weekend and then people start injecting viruses and porn ad's into the ad streams and we could not get it fixed until Monday. We eventually dropped the company, but it's still an issue that website operators have to deal with.

Also there is no such thing as "anonymous" user data. If you look at it there's a time date stamp and a ip address. So now law enforcement will have more ways to track people down or worse homeland security will use it to monitor people.

If this becomes widespread some big website will notice their money drying up and will take these guys to court. It would be no different than putting up a billboard that blocked another billboard completely off from view.
--
Mac Chatter
»www.macchatter.net

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

1 edit

1 recommendation

Re: Theft of service and legitimate revenues for site operators

said by NOCMan:

Why are they allowed to overwrite ad's displayed from a site such as CNN or bloggers who display AdSense ad's to maintain some stream of revenue from their sites.
They're not. If they have not purchased ad space on a particular page, you won't see an ad from them. However, they will have gathered intelligence about you for the next time that you visit a page with their ads on it.

said by NOCMan:

If they overwrite ad's that my bank displays through the SSL connection they could degrade the security of my bank connection or at least introduce SSL errors that will confuse normal people as to what's going on.
They don't overwrite ads, ever. But they do appear to change unencrypted web pages. From what I read, it does not appear that their technology breaks SSL in order to monitor the content of encrypted pages nor to insert their own cookies or other invisible instruments.

It's that monitoring and forging of TCP packets in order to add their own instruments (scripts and transparent images) that violates the Internet's design principles. This technology makes web pages larger, uses more connections, uses more of everyone's processor time, and inserts delay and complexity. From a technical standpoint -- this is "the big deal." But to the end user, this will only seem like the Internet getting slower.

In return, the ads that are presented to you might be more relevant to you. Just as likely, they might be less relevant to other users of your Internet service -- such as your wife or children.

Also there is no such thing as "anonymous" user data. If you look at it there's a time date stamp and a ip address. So now law enforcement will have more ways to track people down or worse homeland security will use it to monitor people.
This is the biggest policy problem. It's all discoverable.
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
openbox9
Premium
join:2004-01-26
Germany
kudos:2

Re: Theft of service and legitimate revenues for site operators

said by funchords:

From what I read, it does not appear that their technology breaks SSL in order to monitor the content of encrypted pages
Hmm, do I sense an explosion of self-signed certificates coming to numerous websites soon? I can only imagine the amount of hardware required to look inside an exponentially increasing number SSL tunnels.

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

1 edit

Re: Theft of service and legitimate revenues for site operators

said by openbox9:

Hmm, do I sense an explosion of self-signed certificates coming to numerous websites soon? I can only imagine the amount of hardware required to look inside an exponentially increasing number SSL tunnels.
Security protocols aren't really my forte, I think the answer is "I hope the solution isn't one that would just protect the web but all end-to-end communications." But you're probably right -- I know that Lauren Weinstein is advocating for self-signed certificates and he is more versed than I on the subject.

In the mean time, I think that javascript could probably protect a page by knowing its checksum and then only displaying the page if the page that arrives at a browser matches the one the script expected. If they don't match, replace the entire window with the warning:

"Due to evidence of mid-stream tampering with the underlying code of this page, all links have been disabled to protect your privacy and security. Click here to view the page, or click here to learn more about this message."
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...
openbox9
Premium
join:2004-01-26
Germany
kudos:2

1 recommendation

Re: Theft of service and legitimate revenues for site operators

said by funchords:

But you're probably right -- I know that Lauren Weinstein is advocating for self-signed certificates and he is more versed than I on the subject.
The problem with self-signed certificates is that they're only as trustworthy as the CA that generates them. Great if you're only looking to encrypt data and/or you trust the CA. Not so great if you actually want to use certificates to validate identity. Self-signed certificates will dilute the importance of one of the main purposes of PKI...not that most basic users care or understand. It might however begin frustrating basic users when they have to continually click ok to trust non-trusted certificates.
said by funchords:

In the mean time, I think that javascript could probably protect a page by knowing its checksum and then only displaying the page if the page that arrives at a browser matches the one the script expected.
Great, more javascript. While that's a cool trick, I most certainly don't want to see anymore javascript than I already do. I also think that the presentation of any sort of message like you mentioned will only serve to irritate basic users in a manner similar to clicking ok to trust certificates.

NOCMan
MadMacHatter
Premium
join:2004-09-30
Colorado Springs, CO
Okay so I reboot my router and now I have a new ip which was being used by some sicko watching german scat porn.

So who protects my kids from "Unwanted" content being displayed in the ad's.

Yeah it's a extreme example and southparkish, but it is a valid concern.

It could also violate HIPAA laws where someone searched for soutions about a health issue or you visited your doctors website and next thing you know a dozen ad's pop up for alternative medicines for your condition.

Not to mention lawsuits from confusing consumers on medications etc.

This is why I avoid investing in telecommunications firms. They're going to land themselves a huge liability eventually by messing with people's traffic one way or another.
--
Mac Chatter
»www.macchatter.net

funchords
Hello
Premium,MVM
join:2001-03-11
Yarmouth Port, MA
kudos:6

Re: Theft of service and legitimate revenues for site operators

I hope you know that I'm 100% against NebuAd's products as I am anything that depends on Deep Packet Inspection or packet forgery.

I just wanted to keep the facts straight.

-- Robb

PS: And quit watching that stuff. Tomorrow I might have your IP address and I certainly don't want it!
--
Robb Topolski -= funchords.com =- Hillsboro, Oregon
HTTP is the new Bandwidth Hog...