Advertising – Fundamental Software, LLC

Google has quietly dropped ban on personally identifiable web tracking

Google has reversed an earlier made promise on privacy and will now allow personally identifiable web tracking:

We may combine personal information from one service with information, including personal information, from other Google services — for example to make it easier to share things with people you know. […] Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google’s services and the ads delivered by Google. […]

The fallacy of personalized advertising

When peddlers of on-line advertising talk about their product, they hail ‘personalized advertising’ as a good thing, something you should actively want because, so they claim, “it is relevant content”.
But if you think carefully about it, you soon realize that this framing of the situation starts from an incorrect premise, namely that it is OK to be abused by adverts and that personalization of these ads is a cherry on top of the cake.

We disagree with this for at least the following reasons:

By definition, advertising is manipulative. Its sole purpose is to change your behavior or opinion in favor of the advertised product or service.
Advertising interferes with what you are doing. Think about the last time you said to yourself “I’d love to watch some (on-line) ads now instead of doing what I set out to do”. Take your time…
Almost no-one likes ads or is eagerly anticipating whatever they are trying to do or accomplish, to be interrupted by an ad.
Most people reluctantly accept advertising as a necessary evil, a way to fund things that would otherwise not get funded. This in itself is a huge indemnification of advertising and shows that, fundamentally, it is not something we desire, instead, we endure it… (even though there are ways to pay for these things; just search for the “(digital) subscription” link on, for instance, your favorite on-line news provider)
Personalized advertising, by definition, requires an invasion of your privacy: it only works if and when you tell third parties things about you that you would otherwise never reveal. This is so that the system can get to know you, can learn about you and figure out which impulses you are most vulnerable to.
Personalized advertising works against you: it finds your weaknesses by following you everywhere and then exploits what it finds in order to cajole you into performing actions you would otherwise not perform, namely spending your hard-earned money.
Personalized advertising is not acceptable and is really nothing more than an admission that “we realize everyone hates ads, we’re going to make the pill less bitter by trying to serve you ads that our system thinks you will object to the least“.

A pill less bitter, is still a bitter pill.

IvyDNS protects from abuse by advertisers and other miscreants, whether it is theft, exposing you to malware or an invasion of your privacy.

Advertisers know exactly who you are… the data is NOT anonymized

Advertisers know who you are, where you go, when you go there and how much time you spend where you are: Advertisers will be able to upload email lists to target customers and similar audiences with ads on search, Gmail and YouTube.

This shows, yet again, that the claims about the data being anonymized, are false. This capability enables advertisers and those buying advertising time/space from (in this case) Google, to say “here’s an individual I want to show my ads to”(*).

What was that about “we don’t know who you are, you’re just an anonymous number to us“, you say? When the number is you, uniquely you, then you’re not anonymized, instead, you’ve been given an (additional) alias which makes it easier to be identified, not harder.

IvyDNS prevents you from ever being recorded as one of these (non-) ‘anonymous numbers’ in the first place. And even if you were recorded in the past, it makes your future footprints melt away before anyone gets a chance to see them. IvyDNS’ Artificial Intelligence contains comprehensive information about the purpose of domains used in tracking you, serves malware, serves advertising, invades your privacy.

(*) Interestingly, this also opens up a mechanism for those using advertising networks as delivery mechanisms for malware, to target very specific individuals for infection with their malware.

Advertising networks are delivery mechanisms for malware

The Register published an article on how advertising networks used by major and popular sites are (yet once more) being hijacked by malware peddlers. IvyDNS eliminates this attack vector.

It’s just another reason to no longer treat advertising as ‘harmless’ or ‘a minor nuisance’: allowing content from unknown third parties to be downloaded to and executed on your devices is a major security risk that can lead to compromised devices and can include identity theft.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN.

Readers of those news sites, just a portion of all affected (since it also affected eBay’s UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors.

The news sites are not at direct fault as they displayed the advertising; the ad networks and the underlying structure of high-pace and low-profit margins is what lets malvertising get its huge impact.

Read the full article here.

The guiding principle of the big web-players

The guiding principle of the big web-players, like Facebook, Google, and others, is that the value provided to the users is vastly less than the value of the data that they accumulate on said users.

Online advertising is theft of your security

Advertising networks like Google AdSense, DoubleClick, Bing Ads and many others have a huge reach and that makes them very interesting to anyone trying to spread malware. Many mainstream sites give these networks real estate on their pages. When you visit your favorite site, which serves ads from such a network, in effect this network touches you and your device directly.

Advertising is not the only thing that advertising networks serve to passers-by. Increasingly frequently, those with less-than-honorable intentions are and have been using them to distribute drive-by download malware. All you have to do is visit a website where this ‘advert’ is served and if you have no other protection, you get infected without ever having to do a thing: it downloads automatically, infects you automatically, and you would never have known, all you did was visit a site. It could be a virus, spyware or in a worst case scenario, ransomware.

Once again, Google AdSense is being abused to distribute Android spyware. This isn’t the first time that this is happening and it won’t be the last. It’s just too easy for these networks with their huge reach to be exploited this way. The way this works is that someone buys advertising space through the network and submits something that looks and behaves entirely genuine as an ad. Once approved, the benign ad is switched out for the malware which now is served to a very specific set of people, namely those that the advertiser specified as being the target audience. Surprisingly, one can be remarkably specific in who you want to display your adverts to, as specific as saying “here’s a list of e-mail addresses of the people I want to show this specific ad to”. Google calls this particular form of targeting “Google CustomerMatch”.

This is just another reason why it is unwise to just allow any unvetted code coming from the internet to run on your devices. Especially not if it comes from a source that is known to be used as a distribution vector for malware.

IvyDNS protects from these types of attacks. It not only blocks devices from pulling down anything from advertising networks, it also blocks other known malware-related domains, be they exploits, phishing, hijacked domains, scams or other forms of undesirables. IvyDNS specifically hunts these domains down and makes sure you don’t get in contact with them.

More than a traditional ad-blocker

IvyDNS does ad-blocking and while this is not the only thing it does, it is the one that stands out most. With claims, or should we say ‘hopes’, by the IAB (Internet Advertising Board) that usage of ad-blockers is plateauing, they are still trying to get you to absorb as many ads as possible, fortunately IvyDNS is right besides you to protecting against the theft that is on-line advertising.

One of the newest trends that we are observing, and surely you’ve seen this as well, is that certain websites will be passive-aggressive and in most cases just plain aggressive in telling you that you can’t access the site unless you turn off your ad-blocker. How do they even know that you are running an ad-blocker? Well, these websites look for ad-blockers installed as extensions in your browser either by behavior or just by enumerating your extensions and when one is detected, trip the logic that complains to you.

But IvyDNS does not have a detectable footprint on your machine and it is not detectable in the same way ad-blockers are detected. This means that with IvyDNS, you keep flying under the radar, never to be seen by anything that is trying to steal away your attention or your bandwidth.

Traditional ad-blockers run inside your browser and only deal with HTTP/web traffic. Anything outside of that limited space is not something where they are even capable of protecting you. IvyDNS is different from your run-of-the-mill blocker, it works on a much deeper and more comprehensive level than traditional ad-blockers which protects you and your device from ever getting in contact with known advertising networks or domains associated with other undesirable content.

IvyDNS is much more effective in protecting against this undesirable content than regular ad-blockers: it prevents ahead of time instead of dealing with it afterwards!

Online advertising is theft of your attention

Attention is the allocation of limited processing resources, it is a finite resource and once spent, it is forever gone. If you want to think of attention in terms of a commodity, then attention is one of the most valuable ones since it drives & influences our actions, behaviors & thoughts so deeply. We pay attention to something and thus use up a currency. This is something that advertisers know all too well. The battle for your attention is full-on. As the source of this finite pool attention, you are the target and the aim of the game is to steal as much of your attention from you as possible, only to be redirected to the whoever gives the harvester the highest bid!

The reason money is spent on advertising is because it changes your behavior, but only if the cost is lower than what you will bring in through your change in behavior, namely spending your money with the advertised product or service. In order to change your behavior, the first thing that needs to happen is that your attention must be stolen and redirected towards the advert. An effective advert is designed specifically to accomplish this task quickly and effectively. In a blink of an eye, it must steal your attention and then retain it at least long enough so that its message can be conveyed to you.

Every time that your attention is stolen from you, the price you pay is not just limited to this direct attention that was stolen away from you but it is also in the time, effort and energy required to refocus your attention back on your original task. You really do pay the price of losing your attention multiple times.

On-line advertising is portrayed to us, the eye-balls, as being totally unobtrusive and subtle: “On-line advertising is something that you shouldn’t worry about; it won’t interfere with you too much & you’ll never notice it’s there, we won’t steal your attention, promise…!” That is what advertisers are telling us and what they will have us believe.

But these same advertisers then turn around and tell a very different story to their real customer: those buying display time from them to serve their adverts. They sell their advertising locations and present it as the most effective way to capture the attention of a specific audience that will most likely act on the advertising. “Capture the attention of”, indeed. Advertisers know all too well that these adverts steal your attention away from your chosen way of spending it, and many research studies confirm that on-line advertising is superbly effective at stealing our attention.

Similarly, those paying (in money) for on-line advertising also confirm these findings. If advertising didn’t work, the vast amounts of money being spent on on-line advertising would be effect-less. Yet this expenditure on behalf of those advertising isn’t for naught & it is effective because it does indeed steal away your attention in order to refocus it on the advert.

On top of all of this, advertisers behave as if attention is an “unrealized resource” which is used to indicate that “it is ours but we just haven’t taken it yet and preventing us from taking it is stealing”; their position is that it unquestioningly belongs to them, even before it is willingly given to them. By guarding your own property, you are somehow depriving them of something that they consider already theirs, protecting something that is & was yours all along, is contorted into being theft. But a thief claiming that all your belongings are just his ‘unrealized assets’ & that securing your home deprives the thief thereof, wouldn’t be able to count on much public support, and neither should advertisers.

Attention theft is not without consequences. Long term effects of it fall under Attention Control Erosion. Attentional control refers to the ability to consciously determine what to pay attention to and what to ignore. On-line advertising conditions us into an artificial new-normal where it is normal for your attention to jump from one thing to another by constantly bombarding us with new things, each screaming for what it considers its fair share of your attention. In the long run, you build up an attention deficit because it becomes normal to pay only cursory attention to everything instead of paying close attention to anything. In effect, through information pollution, your future attention is being stolen from you as well as your present attention.

We know that all of these things are true. For instance, we have strict spam-filters in place already because spam distracts us from what we’re trying to accomplish. Yet when it comes to the Internet, we don’t have a solid defense against this yet. IvyDNS prevents advertising from interfering and restores the power in determination of what to pay attention to. It blocks advertising from being downloaded by your device(s) and it gives you your control over your attention back!

Online advertising is theft of your bandwidth

This is a silly car-analogy and while it may not make sense at first, it’ll soon become clear why advertising is theft of your bandwidth.

Here’s the scenario:

You haven’t seen your grandma in a while so you jump in your car to go visit her. She lives in a very nice community just minutes away. As you make your turn onto the road, your car gets a mind of its own and it takes you all over town. It drives up and down large boulevards and streets, none of which are on any reasonable route from your home to your grandma. Actually, didn’t your car take you through this road already just a couple of minutes ago? You notice that everywhere the car takes you, there are billboards, always and everywhere billboards & adverts… It feels like your car is deliberately driving you through places where you are bound to see advertising, no matter where you look.
When you finally arrive at your grandma’s, you notice that your car spent half a tank of gas, and you are responsible for filling it again. You just wanted to visit your grandma who lives only a couple of minutes away, but you got driven around town for an hour first and had your gas-tank half emptied. You’ll never get that hour back and nor will you ever get back that gas money!

No reasonable person would accept this behavior from their car, nor should anyone accept this behavior.
Yet somehow, when it comes to the internet, we are told that this behavior is normal. In fact, staying with the analogy, we are told that without your car deciding where you should and shouldn’t go, you would never get to see your grandma.

When you visit a website, you expect that your device will talk to the server of that website and only to that server: you tell it to fetch the stick and it fetches the stick for you; just the stick, nothing more & nothing less. When it starts returning a stick, and a ball, and mud and some other animal, you stop playing with it.

With the way on-line advertising is done today, the decision of what comes back to you when you request a certain set of data is stolen from you. Someone else has made the decision for you as to what you will download, how much of it you will download, where you will download from, how frequently you will download it, etc.

When you visit a site infected with advertising, you ask your browser to get data from (for instance) www.example.org who put instructions there from advertisers that tell your device to download a huge slew of advertising: first from www.ad-network-1.com and then some from www.ad-network-2.com and some more from a third place… A typical website contains at least 10 different levels of these kind of cascading downloads. In effect, your single and simple request for a little stick caused a truckload of logs to return.

Similarly, when you use an app on your mobile device that is infected with advertising, you effectively have opened a faucet that will just keep drip-drip-dripping for however long that app is active. Many of these apps use images as the adverts they present and images take up even more bandwidth. This can be a very big problem indeed, especially on mobile devices where the available bandwidth is already lower.

Essentially, advertising costs you money without any means for you to either prevent this cost or recoup it. All of this data being consumed adds up and while your internet-pipe may be large, it is still finite. When it gets saturated or the well ran dry, that’s the end of it!

Allowing advertising networks to control what you should download steals your bandwidth! Your internet-pipe is something you paid for, it is actually something that belongs to you. Anyone forcing you into a way of how to spend this currency is committing theft! You wouldn’t like it or allow it when it is money and you shouldn’t like it when it is bandwidth!

Advertising is theft

When the subject of advertising blocking comes up, there’s always the argument that by ad-blocking you deprive those running a site from revenue. Frequently, it is phrased as “running an ad-blocker is theft”. This argument hinges upon the assumption that by not giving the advertiser full, unfettered and unregulated access to your device, your time, your eyes, your privacy, etc., you somehow deprive them of something that is already theirs… that you’re taking something that they already possessed.

We, at Fundamental Software, think that these arguments against blocking advertising are false and disingenuous. We take a more aggressive stance: if there is any theft going on, it is theft from you, the one being advertised to. Stay tuned for a series of posts on how advertising is actually theft from you.