Improving privacy and security while browsing has been a major objective for Comodo in recent product releases and enhancements, and a Senate subcommittee report yesterday highlights the need. The report warns of the dangers of malicious advertising, so called malvertising, and threats to privacy and security posed by online advertising in general.
Entitled “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy”, the report by a subcommittee of the Committee on Homeland Security and Governmental Affairs is timely and informative,
In 2013, spending on online advertising exceeded television advertising for the first time. Online advertising is an important part of the Internet ecosystem, providing the revenue for quality and popular free content that would otherwise only be provided for a subscription charge or not provided at all.
While we are all aware of online advertising and to some extent the data collection involved, advertising networks are more complex than most people realize. According to the Senate report “A visit to an online news site may trigger interactions with hundreds of other parties that may be collecting information on the consumer as he travels the web.” The report cites the example of one popular web site where a site visit triggered interactions with 352 other web servers.
While this raises privacy and security concerns, most of such interactions are benign, or at least not intentionally malicious. However, the report also warns of the growing threat of hackers using the online advertising system for malicious and criminal purposes. The report states that “mainstream websites are becoming frequent avenues for cybercriminals seeking to infect a consumer’s computer with advertisement-based malware, or “malvertising.”
The report also cites estimates that “malvertising has increased over 200% in 2013 to over 209,000 incidents generating over 12.4 billion malicious ad impressions.”
Online advertising differs from other forms of advertising because the ad is usually delivered by a third party, from a different server than the web page the user is viewing. The complexity of the delivery and data collection process makes it difficult to hold parties accountable for bad or criminal behavior.
The report concluded:
- Consumers risk exposure to malware through everyday activity.
- The complexity of current online advertising practices impedes industry accountability for malware attacks
- Self-regulatory bodies alone have not been adequate to ensure website consumer security online.
- Visits to mainstream websites can expose consumers to hundreds of unknown, or potentially dangerous, third parties.
- Consumer safeguards are currently inadequate to protect against online advertising abuses, including malware, invasive cookies, and inappropriate data collection.
- Current systems may not create sufficient incentives for online advertising participants to prevent consumer abuses.
The subcommittee recommends a variety of measures to improve accountability, industry and regulatory practices and consumer awareness. While the recommendations have merit, they do not offer a definitive solution to the issues raised, certainly no magic bullet.
This is why Comodo’s Dragon and IceDragon browsers come with the PrivDog privacy and security extension. PrivDog was specifically developed to address the malvertising and privacy issues raised in the report. PrivDog uses patent-pending technology to prevent users from viewing malvertising, as well as privacy protection that protects users from cookies and spyware.