Browsed by
Category: Privacy

Why I Block Ads. Everywhere.

Why I Block Ads. Everywhere.

Advertising supports a lot of the content you enjoy on the Internet.  The economics of it should be simple.  An advertiser pays a certain amount to get a commercial message in front of many readers or viewers.  Some percentage of those viewers make a purchase.  When enough revenue comes back to the advertiser, the ad is a good investment: returning more in margin to the business than it cost to produce and place.  In practice it’s a lot more complex than I state here, but the backbone of advertising remains just that simple.

This simple idea has recently started to create problems of the sort that show up in the Safer Computing inbox.  Advertisers realized that a digital advertising message can be a lot more than a picture with words or a short film to watch.  This means you can experience web pages with ads that are mini-games, ads that follow you around a page as you scroll, ads that follow you from page to page as you browse, and more.  

You may also be aware that ads make and store all sorts of inferences about you — inferences they gather from what goes on in your browser and on the rest of your computer.  These inferred personal profiles are scooped up by data brokers and packaged to be resold to other marketers.  That’s supposed to be done in enough volume to make each individual profile impossible to identify.  But recent research has shown that, with so many different data points being collected, working backward from a large “anonymized” data set to reliably identifying individuals is far easier than anyone suspected.  Yet, without enough different data points, the package is not attractive to marketers.  It will not find a buyer.

Another very disturbing trend in advertising is the enormous number of computer virus and Trojan infections that the ad networks now make possible.  Remember that the ads are more than just pictures or films, they have all kinds of sparkly interactive features.  They dance, they sing, they explore the bleeding of edge of being so annoying that you want to throw the computer out the window and go for a walk instead.  And how do they accomplish these things?  

Every one of those ads is a small program that you have half-consciously invited to run on your computer.  Your browser was instructed to bring these programs along with the content you wanted to see.  The intent of these programs appears to be delivery of a commercial message — but other functions are often hidden there.  Viruses delivered within web ads have infected hundreds of millions of computers around the world with everything from botnet spam clients to ransomware.  The websites that deliver these ads don’t often know what they are sending out; they simply allow ad networks to deliver whatever they like within broad guidelines and accept the payments for what is passed along.  The networks that aggregate and place these ads do not have the resources to check out all the ads they deliver, from what may be thousands of sources.  What’s worse, they don’t have the incentive.  With enough layers of middlemen, there’s nowhere for liability to land.

With all that to consider, I decided a while ago that I would block ads everywhere I could.  There are two counter-arguments to blocking ads I did consider.  One is, how will I support the websites whose content I am enjoying?  Simple: I actually become a paid member or supporter of any sites I read frequently enough.  Some sites I visit for the first time, say they won’t serve me content unless I disable my ad-blocker.  Fair enough, I say, and click away to find a similar item elsewhere.  

The other counter-argument is, how will I learn of cool new products or services I might want to try?  Since I was never one to find such things through ads, I consider this a small loss if any.  But the truth is, I check out new things that are any larger than tiny impulse buys at recommendation sites like Wirecutter, Sweet Home or Consumer Reports.  I prefer unbiased comparative reviews to advertising content, for decisions to purchase.

My current ad-blocker of choice is uBlock Origin by Raymond Hill.  It’s a very low-profile browser add-on for Firefox, Chrome or Opera. I say “current” because my choice has changed a few times recently.  Other ad-blocker providers have gradually been seduced by money and become ad networks in themselves, serving what they call “safe” or “white-listed” ads.  Their users have had varying levels of choice about this, from “a little” to “none.”  With uBlock Origin, so far so good.  If things change, I will add an updated recommendation in this space.

This article first appeared in The Empty Closet.

Death and Taxes

Death and Taxes

Death and Taxes. With enough lawyers you can avoid most of the taxes, but as sure as I am typing these words, and you are reading them, every one of us is going to die[*]. While we each have a will to cover our possessions and assets, how many of us include in that document what to do about digital assets? More to the point – if someone dies and leaves no will, the law is reasonably straightforward about what to with their possessions and finances. But our legal system has not yet really begun to address consistently what to do with the dear departed’s Facebook or Twitter accounts, their email, websites, and so on. These are digital assets but there’s not necessarily a physical item that corresponds to any of them. To make sure these are handled according to my wishes after I die, I have made a “data will.” Note: I am not a lawyer and this is not legal advice. If you want your “data will” to be enforceable as part of your actual, legal last will and testament, you must consult a lawyer.

What’s in a data will? This will differ in the details for everyone but I think these major sections are a good starting point. First and foremost, passwords. If you are using some kind of password management tool (as I suggest!), this will be easy. You will only need to tell your survivors where the password data resides, and what is the master password to gain access to it. If there’s no password manager wrangling all your individual passwords, you’ll have to list them all in this document, or an attachment. The password list or manager also provides a map of where you had an online presence and business or personal relationships, which will help in other ways.

If some of your online accounts have two-factor authentication such as an app on your phone that generates a 6-digit code when logging in from a new device, etc., make sure the document details where to find that, and how to use it. Also, include information on how to unlock your phone!

Email is still a fundamental service in the online world, especially when it’s the focal point for most sites’ password-reset processes. So make sure your document includes an abundance of information as to where your email is delivered, how to log into it, and pointers to the password manager entries for the email password (or the email password itself).

You may wish some of your online accounts and services to continue running. For example, you may host a family website, or use a backup service that includes your spouse’s or other family members’ data. Instructions as to what should be kept going vs. what can safely be shut down will be useful here. Also consider that any auto-pay arrangements, such as monthly or annual billing to a certain credit card or via PayPal, might not be obvious to your loved ones. Make these arrangements explicit in this document.

Finally, how to notify online friends & colleagues of your death. Many of us are members of virtual communities that might not have visibility to other more traditional ways our death would be communicated, such as local obituaries or even Facebook pages. If you are a member of professional mailing lists or other such niches of cyberspace, make sure your survivors will know how to send a notification to those communities. You may have been working on a joint project at the time of your death: it’s only polite to let the team know you won’t be at the next meeting.

Once you have completed this awesome document, you have two main things to worry about: How to make sure it has the desired effect once it’s needed, and how to keep it safe, meanwhile. I mentioned above that if you want it to be legally enforceable, then you need to consult with a lawyer as to how to make it part of, or an attachment to, your will. Be sure to confirm whether or not it will become part of the public record – if so, you will want to work with your lawyer to conceal the passwords and other sensitive information in your document.

As for the security of the document while you’re still alive, I refer back to the three most basic concepts of information security: Confidentiality, Integrity and Availability. All three of those apply here, with very high stakes. You need to be sure the document is not disclosed to anyone unauthorized, that it is not altered without your knowledge, and that your survivors can get to it after your death without serious obstacles. There are many ways to accomplish each of these three things, but what I will delve into a future post is document storage “in the Cloud”, and how that can address all three of these concerns.

this article originally appeared in the September 2016 edition of The Empty Closet.


[*] – except maybe Peter Thiel but really… who wants to be a vampire?