Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

March 15, 2009

Internet Security: Are we losing to "Malware 2.0"?

Have you noticed an increase in Internet threats and "noise" lately? It seems like there has been a surge of malicious activity on the web in recent months. Since I wrote the post about the AdSense DoubleClick tracking cookie a few days ago, I have come across quite a bit of recent unusual activity related to malware and Internet security - the Google DoubleClick network itself has recently shown malware on multiple publisher sites.

Google responded by blocking the sites - not just the ads - and displaying a blatant "This site contains malware" warning to visitors. This decreases the publisher's reputation and costs the publisher time, money, and customers - but keeps Google looking like the hero that responded quickly to an outside threat...

A Google spokesman said: "Our scanners have found a few instances of these malware ads in the DoubleClick network. As such, we've added these domains to our malware list and are in the process of removing any offending ads from our ad network."
- From The Register - DoubleClick distributes malware (emphasis mine)

It seems to me that many recent hacks and threats exploit the things we all like about Web 2.0:
  • it's connected
  • it's fast
  • it's everywhere
  • it's personal, and
  • it's always on
This is troublesome, because it is practically impossible to continuously monitor all of the data aggregated, repeated, mashed up, linked, regurgitated, and spewed into the massive expanse that is the Internet through new applications and websites by new people and robots every hour.
Here are just a few examples of recent web 2.0 threats and other Internet incidents:
I think the scariest part is this:

"...no new malware variants introduced in the Top 10 for two consecutive months."
- Pro Security Zone, based on Fortinet threatscape report. Super-Worm emerges in Fortinet threatscape report for February

combined with this:

"BitDefender’s list of top threats for February dominated by the drive-by variant of malware activated during website visits"
- Pro Security, based on BitDefender's threat list: Auto-downloads dominate February threat list

Basically, in addition to the usual email, file, download, and popup malware you now must watch out for auto-download attacks and malware that "activates" when you visit a reputable site, look at AdSense or Doubleclick ads, Twitter, Facebook, or simply open your browser.

It might be time to slow down, Internet (especially Web 2.0). We are developing applications too fast. We are neglecting Internet security and online privacy to a point that it is getting difficult to tune out the Internet "background noise" and focus on productivity. We would rather give the users the fully connected always-logged-in remember-me target-my-ads ooh-thats-pretty just-tell-me-where-to-click Internet.

I think we should step back, re-examine user goals, and clean up the junk floating around in the World Wide Web.

How to (hopefully, maybe, sometimes) stop popups, trojans, worms, and other malware while surfing:
  • Get a good virus scanner and spyware blocker
  • Run full scans regularly
  • Keep your operating system, browser, and all other programs up to date
  • Turn your computer off regularly
  • Never allow sites to keep you logged in, remember your password, or log you in to any other site
  • Clean up your temporary files, and remove as many unused programs and links as possible
  • Check your system files and folders, as well as running processes regularly. Know what should be there so you will quickly see when something is wrong
  • Do not assume https is safe
  • Avoid typing your Bank account, Routing, Credit Card, Driver License, Social Security Number, or any other "severly identifying" information into a text box, form, widget, email, chat, or any other application online or even on your computer as much as possible
  • Use safe surfing browser extensions like AdBlock Plus for Firefox
  • Observe symptoms and get help if your computer or browser does something suspicious or unusual
  • Regularly check security sites such as those linked in this post for threats
  • Use Scroogle to search
  • Use Privacy Choice to opt out of all ad networks
  • Clear your cache and cookies when you close your browser, and manually after you see ads
  • Consider disabling cookies altogether, along with JavaScript and all popups.
  • Block ads using your hosts file. Doing this sets the "location" of each ad network in the list to your local computer, so you will only see errors instead of ads from those providers, and never connect to them (note: some malware modifies the hosts file, circumventing this protection). This technique allows you to allow some ads if you choose. Here is a regularly updated ad-blocking hosts file in plain text. Try to avoid the ones that want you to download a .bat file or other executable. Your hosts file is usually in C:\Windows\System32\drivers\etc in Windows XP and has no extension. Back it up before changing or overwriting!
  • In general, never ever ever download files with funny names, lots of special characters, and never run a program from the Internet
  • Similarly, never ever pass things on to your whole contact list, reply to chain letters or forwarded mail, or click anything even slightly suspicious
  • Most importantly, think before you click!


Please add your thoughts, ideas, questions, or comments below.
"Internet Security: Are we losing to "Malware 2.0"?" continued here...
at 00:13 2 comments
Labels: , , , , , , , , , , , , ,

March 14, 2009

AdSense Privacy 2 - Google PopUp?

Related to AdSense Privacy? - Need New Ad Provider. I dug a bit more, and found the FAQ page for DoubleClick - the provider responsible for the new Google AdSense tracking cookies, and apparently also for 1 x 1 pixel image "tracking beacons". But are they really saying, essentially that Google AdSense may include popups?

This is from the DoubleClick FAQ (emphasis mine throughout):

"DoubleClick provides its ad-serving clients with a means of choosing and reporting on ads. It is the website owners or the advertisers with whom they contract that make the decisions about the format of the ads. The advertisers choose whether they want to have banner ads or pop ups delivered, and they use our technology to make it happen. The website owners and advertisers choose the size and frequency of pop-up ads. DoubleClick has no control over which ad format website publishers or their advertisers choose.

Generally, there are a couple of different ways that you might receive pop up advertising:
  • 1. The site you are currently visiting has sold an advertising opportunity to a marketer and that marketer has chosen to create an advertisement that opens a new browser window. This is a form of “traditional” Internet advertising.

  • 2. You have some kind of ad-delivery software installed (intentionally or unintentionally, knowingly or unknowingly) on your computer. This type of software often comes bundled with freeware such as P2P (Peer-to-Peer) music sharing applications. It may track the sites you visit and scan their contents looking for triggers that match criteria identified by advertisers that purchased space from the software manufacturer. The software program will then display advertisements on your monitor."

...Ok, so AdSense will be: tracking users across all sites using a 'perma-cookie'; targeting ads based on what the user saw before your site, not what is on your site; requires you as the publisher to maintain a compliant privacy policy; and there could be popups in there too;

Where do I sign? Check is in the mail (for $1.73), right?

Fortunately, many others have realized the necessity to act. People have created ad-free search and a universal ad tracking opt-out tool that make the web feel just a little cleaner.
"AdSense Privacy 2 - Google PopUp?" continued here...
at 00:36 1 comments
Labels: , , , , , , ,

March 12, 2009

AdSense Privacy? - Need New Ad Provider

I got an interesting email from AdSense. They are introducing "interest-based advertising". Seems harmless, right? Well, maybe. But if it is, why does this "enhancement" have anything to do with a publisher's privacy policy?

"We're writing to let you know about the upcoming launch of interest-based advertising, which will require you to review and make any necessary changes to your site's privacy policies. ...make any necessary changes by April 8, 2009."

Ok, sure. Like the sitemaps... where do I get the template/code/widget/whatever? How do I comply?

"...we're unfortunately unable to suggest specific privacy policy language."

Hmm... Ok, the link in the email for "AdSense Help" (link below) was a little more helpful:

Your posted privacy policy should include the following information about Google and the DoubleClick DART cookie:

  • Google, as a third party vendor, uses cookies to serve ads on your site.

  • Google's use of the DART cookie enables it to serve ads to your users based on their visit to your sites and other sites on the Internet.

  • Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy. (link below)


EDIT: These guys have more info on the cookie technology:
SEO Book - Google Phorm Behavioral Ad Targeting

I found an AdSense privacy policy generator(link below).

...but I'm pretty sure I am going to remove the AdSense. I have until April 8th to decide. What would you like to see? Leave a comment if you know of an ad network, advertisers, or some other (preferably monetized) widget, gadget, network, group, exchange, etc. that would provide good technology-related content, and would actually add to the site, leave a comment, Twitter, email, smoke signal...
"AdSense Privacy? - Need New Ad Provider" continued here...
at 23:27 6 comments
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)