Hacking

SPOTLIGHT ON SECURITY

BlockIQ Escalates War on Ad Blockers

As consumers turn to ad blockers to avoid advertising on their mobile and computer screens, marketers and content providers who depend on pitches to pay the bills are searching frantically for ways to counter the pesky programs.BlockIQ offers them one.

BlockIQ, owned by AdSupply, which recently merged withAdaptive Medias, has launched BlockBypass. The software can detect users of the popular ad blocker AdBlock and perform a number of countermeasures, including circumventing the ad blocker.

Websites can configure BlockBypass as aggressively as they wish. They can just educate a visitor about the harm of ad blockers to websites that depend on advertising to stay alive. They can refuse to serve content to a visitor until an ad blocker is disabled for the website. They also can choose a nuclear option and bypass the ad blocker altogether.

“The incredible growth of ad blocking has reached the tipping point where sites will no longer be able to operate,” BlockIQ CEO Justin Bunnell said.

In the last 12 months alone, use of ad blockers has risen 41 percent globally, bringing the number of worldwide users to 198 million and costing publishers US$22 billion, according toPageFair’s 2015 global ad-blocking report.

“If ad blocking continues unchecked, it will eliminate the advertising revenue websites need to survive,” Bunnell noted. “It is like expecting a movie theater to stay in business when 30 percent of their audience does not pay for a ticket.”

Online Extortion

Marketers have criticized ad blockers not only for costing publishers revenue, but for squeezing money from advertisers, too.

“Ad blockers are extortion,” said John B. Strong, CEO of Adaptive Medias.

“The big ad-blocking companies will whitelist an advertiser’s ads if they pay a fee. If you don’t pay them, they’ll block your ads,” he told TechNewsWorld.

“We don’t think that’s a fair situation at all, and our technology defeats it,” Strong added.

Asked if it was ethical to bypass an ad blocker without notifying users, he answered: “The ethical question is, why should anyone assume they should be notified before they steal someone’s content?”

Cat-and-Mouse Game

Eyeo, maker of the most widely used ad blocker, Adblock Plus, has been taking payments for years from companies, including Google and Microsoft, to allow some of their ads through its filters, according to the Financial Times.

Since 2011, Adblock Plus has something it calls the “Acceptable Ads” initiative. Advertisers and publishers who participate in the program can get their advertising whitelisted in the ad blocker if they agree to create ads that meet certain user-generated criteria. However, users have the option to block those ads, too, if they so desire.

Ben Williams, operations and communications manager for Eyeo, has never encountered an ad blocker that accepts payments for whitelisting ads regardless of their properties, he said.

“That’s obviously unacceptable,” he told TechNewsWorld. “Our Acceptable Ads initiative clearly states the opposite: upholding our criteria is absolutely mandatory and users can always opt out.”

BlockIQ is joining a list of companies that have chosen to fight against users in a cat-and-mouse game, Williams added.

“It’s an old game, and we’re quite happy that we have always been on the side of users,” he said. “Some of the options they offer publishers are tame — the welcome message, for instance — but others are blatant antiuser tech, like attempting to reinsert ads where users have chosen to block them.”

Better Ads Needed

Products like BlockIQ have their place in a marketer’s toolkit, but they shouldn’t be the focus of a marketer’s anti-ad-blocker efforts, maintained Gavin Mann, global broadcast industry lead for Accenture.

“Trying to slow them down and frustrate them is a good thing to do but shouldn’t be the top focus,” he told TechNewsWorld.

“That’s what the music industry tried to do when it tried to block piracy. In the meantime, it missed the opportunity to more rapidly create its own services that were more appealing to the consumer,” Mann said.

“You’re never going to outcompete with this technology,” he added. “There will always be a next wave of ad blockers. If you put one company out of business, there will be another to take its place.”

Ad blocking could continue to rise because consumers are becoming more and more annoyed with ads, according to a global survey of 28,000 consumers performed by Harris Interactive for Accenture and released last week.

More than eight out of 10 consumers (84 percent) complained to surveyors that ad interruptions were too frequent, and 73 percent groused about ads not meeting their personal interests.

“Audiences are accustomed to a personalized experience in the content they’re watching,” Mann noted. “If the ads aren’t relevant or delivered in a style that doesn’t feel unique, then they become invasive to that personalized experience.”

The long-term counter to ad blockers is not finding ways to circumvent them, but to produce better ads, he continued.

“There’s an opportunity for marketers to provide a more personalized advertising experience that’s less intrusive,” Mann said. “If the intrusion is about a product I care about, then I’m more likely to accept the intrusion as appropriate.”

Breach Diary

  • April 17. GoLocal Providence reports WLNE-TV has fired four members of its news organization, including its evening news anchor, and suspended three others after they accessed a file containing personal information of past and present employees of the Rhode Island ABC affiliate.
  • April 17. Newark Police Department announces a number of its computers were infected with a virus during the week of April 10, but there is no indication that any information on the systems was lost or compromised. Other police departments have discovered similar attacks, it notes.
  • April 18. YJFX, a foreign exchange market broker that’s a subsidiary of Yahoo Japan, releases results of investigation of theft of data by an employee in February in which more than 180,000 pieces of information were removed from the company.
  • April 18. Payroll records of the town of Essex’s employees are at risk after they were emailed to a fraudster posing as a town staffer, Burlington (Vermont) Free Press reports.
  • April 18. A lawsuit seeking class action certification has been filed in federal district court in Colorado on behalf of employees of Sprouts Farmers Market related to a payroll records phishing scam, The Denver Post reports.
  • April 18. Arlington Public Schools in Virginia alerts employees that payroll information for 28 of them was discovered on a third-party server that has been hacked. Alert says payroll information appears to be have been generated with compromised credentials through a self-service feature offered by the schools.
  • April 18. An electronic file containing the names of 285 families receiving services from a children’s aid society in Canada was posted to Facebook without authorization, a possible violation of Canadian law carrying fines up to CA$10,000 and three years in jail.
  • April 19. The Archdiocese of Denver announces it has sent a letter to all employees alerting them that a data breach in October of the third-party payroll software system used by the diocese may affect more people than 80 or so initially identified. Now it believes as many as 18,000 people are at risk.
  • April 19. Payroll information of employees at trucking company Landstar System is at risk from phishing scam, the Jacksonville Business Journal reports.
  • April 19. U.S. attorney in Michigan charges Bernard Ogie Oretekor, 45, with identity theft in connection with a 2014 tax refund scam involving employees at the University of Northern Iowa.
  • April 20. Raleigh Orthopaedic Clinic of North Carolina agrees to pay $750,000 to settle a case with U.S. Office of Civil Rights for alleged HIPAA violations arising when the clinic disclosed protected health information of 17,300 patients to a potential business partner before executing a business associate agreement with the partner.
  • April 20. Sony is preparing to offer two-factor authentication to users of its PlayStation Network, Polygon reports. Five years ago, the network was shut down for 23 days and the personal data of 77 million users was at risk after a data breach at the site.
  • April 20. Wyoming Medical Center in Casper, Wyoming, sends letters to 3,184 patients alerting them that some information about them is at risk after two employees had their email accounts compromised in a phishing scam.
  • April 21. FBI Director James Comey suggests his agency paid a third party at least $1.3 million to crack the iPhone of San Bernardino, California, gunman Syed Farook, The New York Times reports.
  • April 21. Kent Police in the UK is fined Pounds 80,000 for giving the phone containing personal information of a domestic abuse victim to the attorney of her alleged abuser.
  • April 21. Students at London South Collegiate Institute in Alberta are sent home with letter informing parents of data breach that occurred when a student inappropriately accessed LSCI student data.
  • April 22. Security researcher Chris Vickery announces he’s found a database on Amazon Web Services containing the registration records of 93.4 million voters in Mexico. He writes that no authentication is needed to access the database, and it’s configured purely for public access.
  • April 22. New York Presbyterian Hospital agrees to pay $2.2 million to the U.S. Department of Health and Human Services to settle case involving the disclosure of the health information of two patients during the filming of an episode of ABC’s TV reality show NY Med.
  • April 22. The U.S. Justice Department announces Anthony Alika, 42, and his wife, Sonia Alika, 27, have pleaded guilty to charges connected to their involvement in a stolen identity income tax refund fraud scheme.

Upcoming Security Events

  • April 27. Chilling Effects: Insights on How Laws and Surveillance Impact People Online. Noon ET. Berkman Center for Internet & Society, Harvard University, 23 Everett St., Second Floor, Cambridge, Massachusetts. Lecture by Jon Penney, Oxford Internet Institute. Free with RVSP.
  • April 28-29. B-Sides Calgary. SAIT Polytechnic (Orpheus Theater), 1301 16 Ave. NW, Calgary, Alberta. Tickets: students, CA$20; professional, CA$50; VIP, CA$150.
  • April 28. Securing ICS/SCADA Networks. 5 a.m. ET. Webinar by Fortinet. Free.
  • April 28. Ransomware Resurgence: Locky and Other New Cryptolockers. 2 p.m. ET. Webinar by Cyphort. Free with registration.
  • May 3. Dallas Cyber Security Summit. Omni Dallas Hotel, 555 S. Lamar, Dallas. Registration: $250.
  • May 4. SecureWorld Kansas City. Overland Park Convention Center, 6000 College Blvd., Overland Park, Kansas. Registration: conference pass, $195; SecureWorld Plus, $625; exhibits and open sessions, $30.
  • May 7. B-Sides Chicago. Concord Music Hall, 2047 N. Milwaukee Ave., Chicago. Free.
  • May 11. SecureWorld Houston. Norris Conference Centre, 816 Town and Country Blvd., Houston. Registration: conference pass, $195; SecureWorld Plus, $625; exhibits and open sessions, $30.
  • May 18-19. DCOI|INSS USA-Israel Cyber Security Summit. The Marvin Center, 800 21st St. NW, Washington, D.C. Hosted by George Washington University. Free.
  • May 20-21. B-Sides Boston. Microsoft NERD, 1 Memorial Drive, Cambridge, Massachusetts. Tickets: $20.
  • May 21. B-Sides Cincinnati. University of Cincinnati, Tangeman University Center, Cincinnati. Tickets: $10.
  • May 21. B-Sides San Antonio. St. Mary’s University, One Camino Santa Maria, San Antonio. Tickets: $10.
  • May 24. PCI DSS: Preventing Costly Cases of Non Compliance. 1 p.m. ET. Webinar by VigiTrust, HPE Data Security, Aberdeen Group and Coalfire. Free with registration.
  • June 1-2. SecureWorld Atlanta. Cobb Galleria Centre (Ballroom), Atlanta. Registration: conference pass, $325; SecureWorld plus $725; exhibits and open sessions, $30.
  • June 8. B-Sides London. ILEC Conference Center, 47 Lillie Rd., London SW6 1UD, UK. Free.
  • June 9. SecureWorld Portland. Oregon Convention Center. Registration: conference pass, $325; SecureWorld plus $725; exhibits and open sessions, $30.
  • June 10. B-Sides Pittsburgh. Spirit Pittsburgh, 242 51st St., Pittsburgh. Free.
  • June 11-12. B-Sides Latin America. PUC-SP (Consolao), So Paulo. Free.
  • June 15. Federal Trade Commission’s Start with Security — Chicago. Northwestern Pritzker School of Law, 375 E. Chicago Ave. (corner of Lake Shore Drive), Chicago. Free.
  • June 13-16. Gartner Security & Risk Management Summit. Gaylord National Resort & Convention Center, 201 Waterfront St., National Harbor, Maryland. Registration: until April 15, $2,950; after April 15, $3,150; public sector, $2,595.
  • June 20. Center for New American Security Annual Conference. 9:30 a.m.-5:30 p.m. J.W. Marriott, 1331 Pennsylvania Ave., Washington, D.C. Free with registration.
  • June 22. Combatting Targeted Attacks to Protect Payment Data and Identify Threats. 1 p.m. ET. Webinar by TBC. Free.
  • June 29. UK Cyber View Summit 2016 — SS7 & Rogue Tower Communications Attack: The Impact on National Security. The Shard, 32 London Bridge St., London. Registration: private sector, Pounds 320; public sector, Pounds 280; voluntary sector, Pounds 160.
  • June 30. DC/Metro Cyber Security Summit. The Ritz-Carlton Tysons Corner, 1700 Tysons Blvd., McLean, Virginia. Registration: $250.
  • August 25. Chicago Cyber Security Summit. Hyatt Regency Chicago, 151 E. Wacker Drive, Chicago. Registration: $250.

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Hacking

Technewsworld Channels