February digest: all the most important industry news
The ancient proverb about a mountain that gave birth to a mouse fits perfectly to describe the events of this February in ad blocking. Google started blocking ads in Chrome! We've been waiting for it for about half a year!
Chrome actually does block ads now.
Ads of several most annoying types (4 types for desktop and 8 for mobile web. Not much, really. Autoplay video ads, for example, are not annoying enough to join the list).
Chrome hides all ads on the website until the moment the bad ad is removed (obviously, replaced by a little less annoying ad).
To cut a long story short, no revolution happened, and we did not wake up in a different world. Google says, only about 1% of websites have been affected by Chrome’s "ad blocking". Eyeo’s experts estimate that Chrome blocks 16,4% of ads that they in eyeo consider unacceptable.
Russians love their children too
Yandex that may be considered the "Google of Russia" also added this model of "ad blocking" to its browser. There are even less unacceptable ad formats (4 for desktop and only three for mobile web)
Paid content slowly making its way into people’s lives
What a funny headline it was: "Millennials are happy to pay for content". WebIndex conducted a poll among ad blocking millennials. Just 13% of the poll’s participants have paid for news during the last month. Almost a third of them have paid for music, movies, shows; 18% and 17% respectively bought e-books and educational materials.
According to another poll, paid media subscribers consider their money well spent: 82% of Americans who pay for news consider the media very valuable or valuable enough for themselves.
HTML5 seems to have been created specifically for ad tracking ...
Princeton professor Arvind Narayanan is worried about the features of HTML5 that can be used for fingerprinting (creating a set of unique identification features for a device or a browser in order to track its user in the Web).
For example, the processing of audio in HTML5 is done in such a way that, in combination with other data about software and hardware, uniquely identifies the user. Narayanan worries about privacy, which he calls "a lubricant for social adaptability," and encourages browsers to prevent fingerprinting. AdGuard is already able to prevent fingerprinting.
... And smartphones seem to be created for all kinds of tracking
Meanwhile, other Princeton professors demonstrated a technology for tracking the location of a phone without the use of GPS and Wi-Fi. All you need is to combine the data from maps, train and plains schedules, from some other open source databases, with the phone’s sensor readings. The data generated by the gyroscope, magnetometer, accelerometer, are not considered sensitive and are not being well protected.
This technology, however, is not something new. Security experts have many times demonstrated what could be learned about a phone and its owner by combining data from sensors, technical information like network signal strength, time zone or battery discharge speed, and other information available on the Web. The gyroscope can even be used as a microphone to eavesdrop on conversations.
Involuntarily spies
Mobile app developers who used Mixpanel’s (mobile analytics service) SDK, were in for an unpleasant surprise. Mixpanel’s team discovered that one of the modules had been collecting and sending back values of hidden and password form fields. This behavior was the result of the React JavaScript library update. And that update had been released back in March 2017 (!). Since then Mixpanel’s clients were unwittingly collecting people’s passwords.
Further investigation by — again! — Princeton professors shows, that it is quite a challenge for developers of analytic services to prevent them from collecting sensitive data. They are actually made to collect data, and it is not easy to separate what should be collected from what should not.
That is why we always advise you to install only well-known apps from well-known and reputed developers. Respectable companies have all the reasons to avoid abusing sensitive data.
My smart home is not my castle
Yet another research on the security of the "Internet of things". No news: IoT it still leaks private data. As they say, the letter "S" in the abbreviation IoT stands for "secure". Users are worried, businesses that profit from big data are excited.
Connected device manufacturers now spend only about 11% of their budgets on security. Users are more and more concerned about the risks of device hijacking and data abuse. People doubt that benefits of connected devices are worth the risks.
It’s the elderly who are inspired by smart home expansion. Especially the lonely ones. For them, it is a real opportunity to make their lives better.
Feel free to block advertising, this is for safety reasons
Bad news has a bright side: for example, it is unpleasant to read about the growth of malicious advertising, but it removes ethical objections to the use of ad blockers. They are no longer for comfort only, but for safety as well.
For example, the team of Confiant investigated a consortium of fake advertising agencies that generated a billion views of malicious ads in 2017. Malvertising is mostly represented by banners, that after being clicked initialize the download of malicious software, the latter stealing money and personal data like passwords.