Feeds

Third-party ad servers can undermine Web-site security

And sell stuff you paid for, too

  • alert
  • submit to reddit

Bridging the IT gap between rising business demands and ageing tools

A Web site's privacy policies can be undermined easily and secretly by any third-party ad service provider, thus leaving site operators open to legal action on privacy issues over which they have no control, Realmedia Chief Technology Officer Gil Beyda warned at a London press conference today. An opportunity for "privacy leakage" to occur is created whenever a Web site directs visitors to a third-party ad server such as DoubleClick, Beyda said. Unless contracts between Web sites and ad service providers governing the use of data are very clear, user details may be moved from the Web site -- to which the information was originally entrusted -- to a less secure environment -- namely the ad server's database -- without the visitors' or the Webmasters' knowledge, Beyda said. In addition to creating this invisible privacy liability, which in itself ought to be bad enough, such third-party data mining can prove expensive for high-profile, branded sites which provide the bulk of the information potentially being abused. The third party can easily gather and correlate a user's details across numerous sites which it serves, and then target the user for ads on behalf of any of those sites. The way it works is this: a user registers his details on a high-profile branded site which offers good content, in exchange for which he is willing to fill in a registration form and reveal his details. The ad server collects that demographic data, compiles it, issues a cookie, and targets the user for the sort of ads he is likely to welcome. The cookie-identified user then visits some third-rate chickenshit site also served by the same ad server, where he receives an ad targeted at him according to the information he gave to the previous, branded site which he had trusted. If he clicks on the banner, the third-rate chickenshit site gets the commission which the branded site had earned. In any case it is always lucrative for the ad servers, which earn their cuts regardless of who clicks which banner where. It's no wonder, then, that they collect vast reams of user data on the pretext of returning detailed reports to their clients, when in fact they are re-marketing the data to other sites which contribute little or nothing to the database. A solution to both problems, Beyda, believes, is the use of privacy proxies between the Web site and the ad server, which can make it physically impossible for the ad server to relate demographic information to specific users. By forcing the ad server to fetch ads via a proxy, the site gains control over the amount and type of information the ad servers receive, and so prevents them from exploiting the site's data base for their own purposes. While Realmedia does offer such a proxy service, Beyda mused that the threat of regulatory action mandating it might in itself suffice to inspire the sorts of contracts between sites and ad servers which would prevent misunderstandings between them and the subsequent abuse of data. Whether or not that's ultimately true, it's nice to see someone refraining from the assumption that all business people are universally intent on screwing each other unless physically restrained from doing so. We'd like to think he's got a point. ®

Build a business case: developing custom apps

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.