New pre-print online:
‘The EU Digital Services Act: what does it mean for online advertising and adtech?’
By Pieter Wolters and me.
We explore the question: what does the Digital Services Act mean for online advertising?
We show that some types of ad tech companies, such as ad networks, should be considered platforms.
Comments are welcome! It's a pre-print, so we can still improve it.
We should spam big tech platforms with garbage content that makes these adware software systems unusable...
Google Maps - Nothing but absurd and horny furry comments on every business, landmark and government building.
Facebook - Think about your favourite toys growing up and then make a Facebook page for each one! Upload pictures of dirty feet to the timeline.
LinkedIn - Rate shellfish pics by sexual appeal.
X - Do not go there. Never go on X.
The #Meta / #Mozilla in-browser advertising features are already a discrimination+fraud risk, but will get worse if not shut down soon.
Google 2019: we're doing "Privacy Sandbox" ads in the browser so we don't have to do fingerprinting
Google 2025: fingerprinting is back on the menu
The time to call out and deal with #boundaryTesting is _when you notice it_.
Updated: why "privacy-enhancing" ad features don't belong in browsers https://blog.zgp.org/stop-doing-privacy-enhancing-technologies/ #Firefox #adtech #surveillanceCapitalism
How Google tracks #Android device users before they've even opened an app - https://www.theregister.com/2025/03/04/google_android/ "No warning, no opt-out, and critic claims ... no consent" #adtech #surveillance #privacy
Supercharge your campaigns with AdCreative AI, the ai ad creative generator that delivers high-performing ad creatives fast. Elevate your ad game today: https://go.thenerdynoob.com/adcreative
@freny @mttaggart that could be.
But on this page https://www.mozilla.org/en-US/privacy/firefox/#bookmark-how-we-use-data Mozilla is claiming "legitimate interest" (LI) as the basis for processing "To serve relevant content and advertising" ...and LI is not a valid basis for processing for ad personalization. (Yes, #privacy laws are hard to keep up with but the conventional #adtech firms have already picked up on that one)
@Bit_form @AlexaFontanilla2024 It's not just about AI, also a bunch of ad tracking stuff can qualify as a "sale" by the definition in #California law. The most typical reason for a company to remove a "we do not sell" claim is that they use some kind of #adtech / #martech https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20240229-california-ag-announces-second-ccpa-enforcement-action
#Disenshittify, NOW!! We have a chance: #IP!!
"…thanks to internal memos published during last year's #monopoly trial against #Google, we know what they did. They made #search worse. They reduced the system's accuracy it so you had to search twice or more to get to the answer, thus doubling the number of queries, and doubling the number of #ads.
Meanwhile, Google entered into a secret, illegal collusive arrangement with #Facebook, codenamed #JediBlue, to rig the ad market, fixing prices so advertisers paid more and publishers got less." @pluralistic
#adtech
https://pluralistic.net/2025/02/26/ursula-franklin/
Another day, another attempt by Microsoft to extract as much revenue as possible from Office users:
"Microsoft has quietly launched a new version of Microsoft Office for Windows that can be used to edit documents for free, no Microsoft 365 subscription or Office license key required. This free version of Office is based on the full desktop apps, but has most features locked behind the Microsoft 365 subscription.
First spotted by Beebom, the free version of Office for Windows includes ads that are permanently on screen when within a document in Word, PowerPoint, and Excel. Additionally, this new free version of Office also only allows you to save files to OneDrive, meaning no support for editing local files.
To access the free version of Office, just skip the prompt to sign-in when you first run an Office app. From there, you will be given the choice to continue to use Office for free in exchange for ads and limited features. In this mode, you can open, view, and even edit documents, just like you can with the web version of Office."
"Tracking and profiling for advertising purposes present significant risks to consumers and society. This is demonstrated by a report commissioned by the Federation of German Consumer Organisations (vzbv). The advertising industry’s practice of categorising and influencing individuals based on their preferences, behaviours and vulnerabilities leads to manipulation, discrimination and a loss of trust. vzbv calls on the European Commission to ban tracking and profiling for advertising purposes and ensure the protection of digital fundamental rights.
“Every click on the internet is tracked because it supposedly reveals something about us: our preferences, desires and interests. The uncontrolled data collection by the advertising industry poses great risks to consumers and society,” says Michaela Schröder, Head of Consumer Policy at vzbv. “Consumers are powerless against the practices of the advertising industry. Existing laws are not sufficient. A ban on tracking and profiling is the only way to ensure meaningful consumer protection,” Schröder states."
https://www.vzbv.de/en/personalised-advertising-overdue-regulation
"For 37 years, Congress has completely failed to pass another consumer privacy law. Which is how we got here – to this moment where you can target ads to suicidal teens, gambling addicted soldiers in Minuteman silos, grannies with Alzheimer's, and every Congressional staffer on the Hill.
Some people think the problem with mass surveillance is a kind of machine-driven, automated mind-control ray. They believe the self-aggrandizing claims of tech bros to have finally perfected the elusive mind-control ray, using big data and machine learning.
But you don't need to accept these outlandish claims – which come from Big Tech's sales literature, wherein they boast to potential advertisers that surveillance ads are devastatingly effective – to understand how and why this is harmful. If you're struggling with opioid addiction and I target an ad to you for a fake cure or rehab center, I haven't brainwashed you – I've just tricked you. We don't have to believe in mind-control to believe that targeted lies can cause unlimited harms.
And those harms are indeed grave."
https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising
#Google #AdTech Users Can Target National Security ‘Decision Makers’ and People With Chronic Diseases
https://www.wired.com/story/google-dv360-banned-audience-segments-national-security/
#Google Ad-Tech Users Can #Target #NationalSecurity ‘Decision Makers’ and People With Chronic Diseases
Google enables #marketers to target people with serious illnesses and crushing debt—against its policies—as well as the makers of #classified defense technology, a WIRED investigation has found.
#privacy #adtech #advertising #tracking
https://www.wired.com/story/google-dv360-banned-audience-segments-national-security/
#Google: New creative updates to help advertisers generate lifestyle imagery - https://blog.google/products/ads-commerce/new-creative-updates-advertisers-generate-lifestyle/ "Generative AI capabilities that let you generate images of adult people" #adtech #genAI
"What happens when humans stop relying on their village, or even their family, for advice on having a kid and instead go online, where there’s a constant onslaught of information? How do we make sense of the contradictions of the internet—the tension between what’s inherently artificial and the “natural” methods its denizens are so eager to promote? In her new book, Second Life: Having a Child in the Digital Age (Doubleday, 2025), Hess explores these questions while delving into her firsthand experiences with apps, products, algorithms, online forums, advertisers, and more—each promising an easier, healthier, better path to parenthood. After welcoming her son, who is now healthy, in 2020 and another in 2022, Hess is the perfect person to ask: Is that really what they’re delivering?"
"Privacy campaigners have called Google's new rules on tracking people online "a blatant disregard for user privacy."
Changes which come in on Sunday permit so-called "fingerprinting", which allows online advertisers to collect more data about users including their IP addresses and information about their devices.
Google says this data is already widely used by other companies, and it continues to encourage responsible data use.
However the company had previously come out strongly against this kind of data collection, saying in a 2019 blog that fingerprinting "subverts user choice and is wrong."
But in a post announcing the new rule changes, Google said the way people used the internet - such as devices like smart TVs and consoles - meant it was harder to target ads to users using conventional data collection, which users control with cookie consent."
"Many privacy laws, including the EU’s GDPR and California’s CCPA, require user consent for tracking. However, because fingerprinting works without explicit storage of user data on a device, companies may argue that existing laws do not apply which creates a legal gray area that benefits advertisers over consumers."
Hanna, #Tuta (@Tutanota), 2025
https://tuta.com/blog/digital-fingerprinting-worse-than-cookies
Evil, but smart. Time for a broad brush ban on surveillance advertising?
The hack that turned the US government website of the Center for Disease Control into a porn site turns out to be more interesting than I originally thought. And that's not just because the CDC has not done anything to fix the problem 24 hours later...
Yesterday we found that a number of universities, enterprises and other government sites have been hacked by the same actor. Visiting the specific URLs takes you into a malicious adtech traffic distribution system (TDS). Depending on your device and location, you might get the pornography. bud, you also might get other scams like scareware. From my sacrificial phone, I was able to trigger a bunch of push notification requests.
Bottom Line: malicious adtech pays, their TDS allow actors to hide, and hackers are quite happy to compromise well known websites to get that money. But it's not just about scams, these types of techniques are frequently used for delivering information stealers, which lead to breaches.
Here's a few notes about the attack:
* The site is modified to add pages which attempt to load a specific image name. If that isn't there, then it redirects to the actor controlled malicious domain which funnels into the TDS
* The actor seems to be using blogspot for this now, but previously used a tiny URL. From here they will go to adtech TDS.
* There were what seemed possible to be dangling CNAME records in many cases, but in some of them didn't appear to be any issues with the DNS records. I suspect combo of accesses.
* In cases where there's no apparent DNS record issue, the legit site seems to be hosting in GitHub. Perhaps they have a credential compromised.
* I saw at least two adtech companies used, Adsterra and Roller Ads. these are checking for VPN and anonymous proxies before serving the final landing page.
* This image redirect actor seems to be riding off of a different actor who originally hacked the site, uses SEO poisoning techniques, and hacked universities to host porn content.
I put a bunch of images in imgur.
Thanks Krebs for the lead.
#dns #cybercrime #cybersecurity #infosec #adtech #malware #scam #threatintel #tds #InfobloxThreatIntel
https://imgur.com/a/cdc-website-hijack-leads-to-malicious-adtech-XfguIcN
