Some impressions on Internet advertiser security | Citizen Lab (U. Toronto)

Andrew Hilts (Citizen Lab); Some impressions on Internet advertiser security; In Their Blog; 2015-03-30.
Andrew Hilts, Executive Director of Open Effect and Research Fellow, Citizen Lab.

Promotional Cross-Posts

Conclusion

<quote>We found a significant disparity between the level of HTTPS support in the ad industry referred to on the IAB’s blog and what we measured with our tests. We furthermore found that more than half of the ad trackers found on popular news websites that use cookie-based tracking mechanisms have no security measures in place to stop bad actors from collecting and correlating these unique identifiers with other browsing data. An important area of future work will be to repeat these tests in six months, and again in a year’s time to determine the relative success of the IAB’s call to security.</quote>

Mentioned

  • Cookie-based tracking
  • NSA uses Google cookies to pinpoint targest for hacking ; Ashkan Soltani, Andrea Peterson, Barton Gellman; In The Washington Post; 2013-12-10.
    Mentioned

    • Google’s cookie PREFID
  • How Advertisers Use Internet Cookies To Track You; Christina Tsuei; In Wall Street Journal Video; a tutorial; 2010-07-30; 7:04.
  • Brendan Riordan-Butterworth (IAB); Adopting Encryption: The Need for HTTPS. In Their Blog; 2015-03-25.
    Response

  • TrackerSSL
  • Disconnect
  • HTTPS Everywhere
  • Surveys
    • Alexa 100 News Sites
      • <quote>Overall the results show that news websites are slightly beyond the midway point of getting their third party dependencies secured before they themselves can reliably implement HTTPS.</quote>
    • Digital Advertising Alliance (DAA)
      • <quote> 38% of the 123 advertisers in the Digital Advertising Alliance’s own database support HTTPS, less than half of the 80% figure referred to by [the IAB]</quote>
    • Disconnect Tracker Inventory
      • <quote>[Under] 11% of ad trackers in this list supported HTTPS in practice <snip/> Another 3.8% did support HTTPS but used server configurations to actively redirect users away from a secure to an insecure connection. The remaining 85.7% of advertising trackers did not support HTTPS at all</quote>

Actualities

Alexa 100 News using HTTPS
DAA Ad Choices, use of SSL
Disconnect Census of Trackers' use of HTTPS

Via: backfill

Comments are closed.