Feeds

Third-party ad servers can undermine Web-site security

And sell stuff you paid for, too

  • alert
  • submit to reddit

High performance access to file storage

A Web site's privacy policies can be undermined easily and secretly by any third-party ad service provider, thus leaving site operators open to legal action on privacy issues over which they have no control, Realmedia Chief Technology Officer Gil Beyda warned at a London press conference today. An opportunity for "privacy leakage" to occur is created whenever a Web site directs visitors to a third-party ad server such as DoubleClick, Beyda said. Unless contracts between Web sites and ad service providers governing the use of data are very clear, user details may be moved from the Web site -- to which the information was originally entrusted -- to a less secure environment -- namely the ad server's database -- without the visitors' or the Webmasters' knowledge, Beyda said. In addition to creating this invisible privacy liability, which in itself ought to be bad enough, such third-party data mining can prove expensive for high-profile, branded sites which provide the bulk of the information potentially being abused. The third party can easily gather and correlate a user's details across numerous sites which it serves, and then target the user for ads on behalf of any of those sites. The way it works is this: a user registers his details on a high-profile branded site which offers good content, in exchange for which he is willing to fill in a registration form and reveal his details. The ad server collects that demographic data, compiles it, issues a cookie, and targets the user for the sort of ads he is likely to welcome. The cookie-identified user then visits some third-rate chickenshit site also served by the same ad server, where he receives an ad targeted at him according to the information he gave to the previous, branded site which he had trusted. If he clicks on the banner, the third-rate chickenshit site gets the commission which the branded site had earned. In any case it is always lucrative for the ad servers, which earn their cuts regardless of who clicks which banner where. It's no wonder, then, that they collect vast reams of user data on the pretext of returning detailed reports to their clients, when in fact they are re-marketing the data to other sites which contribute little or nothing to the database. A solution to both problems, Beyda, believes, is the use of privacy proxies between the Web site and the ad server, which can make it physically impossible for the ad server to relate demographic information to specific users. By forcing the ad server to fetch ads via a proxy, the site gains control over the amount and type of information the ad servers receive, and so prevents them from exploiting the site's data base for their own purposes. While Realmedia does offer such a proxy service, Beyda mused that the threat of regulatory action mandating it might in itself suffice to inspire the sorts of contracts between sites and ad servers which would prevent misunderstandings between them and the subsequent abuse of data. Whether or not that's ultimately true, it's nice to see someone refraining from the assumption that all business people are universally intent on screwing each other unless physically restrained from doing so. We'd like to think he's got a point. ®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Nokia offers 'voluntary retirement' to 6,000+ Indian employees
India's 'predictability and stability' cited as mobe-maker's tax payment deadline nears
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Analysts: Bright future for smartphones, tablets, wearables
There's plenty of good money to be made if you stay out of the PC market
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.