Even the NSA Agrees: Targeted Ads Are Terrifying – Gizmodo

Photo: Samuel Corum (Getty Images)

Ad blockers. Maybe you love them, maybe you dont think about them at all, but chances are, you know someone thats using them. And it turns out a growing number of those people are in the federal ranks.

Motherboard was first to report on a new letter Oregon Sen. Ron Wyden sent to the Office of Management and Budget (OMB) on Wednesday that describes some of the federal agencies deploying ad-blocking tech alongside a pretty reasonable request for those agencies not currently on board: Use a damn ad blocker. Please.

I have pushed successive administrations to respond more appropriately to surveillance threats, including from foreign governments and criminals exploiting online advertising to hack federal systems, Wyden wrote the letter. And indeed, thanks to massive scandals like Cambridge Analytica and the smaller privacy scandals that just keep on coming in its wake, it looks like some agencies finally agree that targeted ads are terrifying. In 2018, the National Security Agency (NSA) issued public guidance urging its ranks to block unnecessary advertising web content. In January of this year, the Cybersecurity and Infrastructure Security Agency (CISA) put out similar guidance for all federal agencies, urging officials to use ad blockers to protect against malware-laden ads, in particular.

Adversaries can use carefully crafted and tailored malicious ads as part of a targeted campaign against a specific victim, not just as broad-spectrum attacks, CISAs guide reads.

This letter might be new, but the threat certainly isnt. Weve seen malvertising campaigns target military bases in 2014, swing-state voters in 2018, and, well, a bunch of the rest of us since then. When ads start to creep into every digital avenue where we spend time online, its only natural that ads housing malicious software or other shady stuff will also be on the rise, too.

As Wydens letter lays out, this includes seemingly innocuous online advertisements that carry software designed to steal, modify or wipe sensitive government data, or record conversations by remotely enabling a computers built-in microphone.

G/O Media may get a commission

price drop

Galaxy Tab S7 12.4"

Over 50% off from the original list price!"Best Android Tablet Around" - Gizmodo

Trade-in and get $350 instant credit

And then theres the many, many other privacy issues. Every ad loaded into a browser means more data going back to the companies on the other side, even if that ad is for something ridiculous that youd never click on in a billion years. There are no hard and fast rules for whats being sent in the so-called bidstream on the other side of that ad, but it generally includes details like your location, IP address, and device type. Ad blockers are far from perfect, and can collect that kind of data on you, toobut at least you know what company is on the other side. The digital ad ecosystem is an opaque and under-regulated mess, which makes it hard to pin down some shady ad company thats squirreling away your data. When an ad blocking company does the same (or worse), at least you have a company to be mad at, and a browser extension you can delete.

Its likely that the NSAs known all of this, and known it for a while, which is why they were first to hop onto the ad-blocking train. After all, this is the same agency that brought us Edward Snowden, and Snowdens revelations about the NSAs entire phone-tracking empire. In the years since, that empires continued to grow, even after the passage of the 2015 Freedom Act that gutted the way federal agencies tap into telecom data. But that law applied to telcos, not marketing firms or adtech companies that mine the same data by designand which made a business out of selling data to federal agencies in the years since Snowdens revelations, and that business appears to be going gangbusters. Hell, Wyden asked the NSA about this specific loophole less than a year ago, and they responded by... well, not responding.

Will adblockers hamper any of this? Who knows! What we do know is tech privacy legislation in the U.S. is becoming an increasingly fractured, ineffective messand the longer were stuck with that bleeding wound in tech policy, the more a browser extension feels like a pretty wimpy bandaid.

More here:
Even the NSA Agrees: Targeted Ads Are Terrifying - Gizmodo