Feeds

Third-party ad servers can undermine Web-site security

And sell stuff you paid for, too

  • alert
  • submit to reddit

Gartner critical capabilities for enterprise endpoint backup

A Web site's privacy policies can be undermined easily and secretly by any third-party ad service provider, thus leaving site operators open to legal action on privacy issues over which they have no control, Realmedia Chief Technology Officer Gil Beyda warned at a London press conference today. An opportunity for "privacy leakage" to occur is created whenever a Web site directs visitors to a third-party ad server such as DoubleClick, Beyda said. Unless contracts between Web sites and ad service providers governing the use of data are very clear, user details may be moved from the Web site -- to which the information was originally entrusted -- to a less secure environment -- namely the ad server's database -- without the visitors' or the Webmasters' knowledge, Beyda said. In addition to creating this invisible privacy liability, which in itself ought to be bad enough, such third-party data mining can prove expensive for high-profile, branded sites which provide the bulk of the information potentially being abused. The third party can easily gather and correlate a user's details across numerous sites which it serves, and then target the user for ads on behalf of any of those sites. The way it works is this: a user registers his details on a high-profile branded site which offers good content, in exchange for which he is willing to fill in a registration form and reveal his details. The ad server collects that demographic data, compiles it, issues a cookie, and targets the user for the sort of ads he is likely to welcome. The cookie-identified user then visits some third-rate chickenshit site also served by the same ad server, where he receives an ad targeted at him according to the information he gave to the previous, branded site which he had trusted. If he clicks on the banner, the third-rate chickenshit site gets the commission which the branded site had earned. In any case it is always lucrative for the ad servers, which earn their cuts regardless of who clicks which banner where. It's no wonder, then, that they collect vast reams of user data on the pretext of returning detailed reports to their clients, when in fact they are re-marketing the data to other sites which contribute little or nothing to the database. A solution to both problems, Beyda, believes, is the use of privacy proxies between the Web site and the ad server, which can make it physically impossible for the ad server to relate demographic information to specific users. By forcing the ad server to fetch ads via a proxy, the site gains control over the amount and type of information the ad servers receive, and so prevents them from exploiting the site's data base for their own purposes. While Realmedia does offer such a proxy service, Beyda mused that the threat of regulatory action mandating it might in itself suffice to inspire the sorts of contracts between sites and ad servers which would prevent misunderstandings between them and the subsequent abuse of data. Whether or not that's ultimately true, it's nice to see someone refraining from the assumption that all business people are universally intent on screwing each other unless physically restrained from doing so. We'd like to think he's got a point. ®

The essential guide to IT transformation

More from The Register

next story
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Premier League wants to PURGE ALL FOOTIE GIFs from social media
Not paying Murdoch? You're gonna get a right LEGALLING - thanks to automated software
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ballmer quits Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Online tat bazaar eBay coughs to YET ANOTHER outage
Web-based flea market struck dumb by size and scale of fail
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
Amazon takes swipe at PayPal, Square with card reader for mobes
Etailer plans to undercut rivals with low transaction fee offer
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.