Advertising

The Internet, and arguably much of society, has been quite damaged by aggressive advertising. Of relevance here is that it can also be a very significant digital security threat ¹.

Advertising is propaganda designed to influence people into consumerism. It may also be used for political persuasion.

Good advertising is relevant information. If the advertiser and audience are aligned it can be really useful to have access to good commercial information and it can save and make money for all parties. What you are reading now is advertising. In an epistemological taxonomy this writing clearly goes further that the purely informational, having intent to influence. Come and buy our stuff…

Three classic texts to study it are [Manufacturing Consent] by Edward S. Herman and Noam Chomsky, [Public Opinion] by Walter Lippmann, and [Propaganda] by Edward Bernays.

Acceptable advertising is not:

• deceptive
• forced on you
• targeted using spying

From an infosec perspective bad advertising involves inserting (injecting) content into another content stream or the invasive control of hardware or application programs for the purpose of influence. Additionally, modern advertising relies on surveillance, exfiltration and deception. This 'insecurity industry' is sometimes called "surveillance capitalism" and the practice of spreading malicious content as "malvertising".

The scourge of modern digital advertising that is; intrusive, distracting, forced, psychologically undermining, dishonest and based on surveillance or trading of your personal data - is to be considered a fundamental security threat.

Steps should be taken to eliminate it in a secure environment.

One way is to make sure any advertising you do accept is on your terms and free from technological risks. Even a banner-ad in a modern browser can activate JavaScript code that might steal personal data or even activate your camera or microphone. This is a complex landscape and we're happy to advise on security measures to make sure ads you see are safe.

However, malvertising is a very persistent nuisance. Culture from the USA has tried to make invasive psychological manipulation acceptable and even protected by law. Advertising technology is even built into the hardware of some devices like "Smart TVs", and now every time you use a "AI Chat Bot" or voice controlled device you risk leaking sensitive personal information and being exposed to subtle forms of advertising that are manipulative in ways many would consider illegal or even very dangerous.

The idea that it's okay to use "free" services like Google where trading your company or personal data in tacit consideration of services is - to put it bluntly - lacking in self respect. Professionally it may even be criminally reckless - because the data you risk exposing will not always be your own unless you are gifted at infosec compartmentalisation.

Invasive advertising should be treated as first class threat.

In order of most effective countermeasures;

• Don't use products or services that facilitate or rely solely on advertising. Products that you pay for may well be safer. It may seem harmless enough that "free" products like Google mail are "funded" through selling your data, but the world has changed and this is catastrophic from a security standpoint. You should not buy devices like "Smart TVs" and never connect them to your network. Generic devices like large panel displays are usually of much higher build quality and using Open Source Free Software is usually a much better choice.
• Avoid web tools such as Google Chrome, Microsoft Edge and Mozilla Firefox browsers that are designed to help advertisers track you and extract your data. Look for much more secure "forks" of Free browsers that disable snooping features.
• Block all invasive advertising sources or spying at the firewall level using tools like ad-blockers or a [PiHole] network appliance. If an application or device fails to work when malicious sources are blocked then it is defective and almost certainly hostile. Return it and get your money back.
• Look for traditional advertising modes that bundle short ads into audio or video streams. You can skip them if they really annoy you. Most of all, they cannot track you via the browser and there is less incentive for them to contain malware.