How to Minimise Web Tracking and Malvertising Risks | CORPORATE ETHOS

How to Minimise Web Tracking and Malvertising Risks

By: | June 11, 2018
malvertising

There cannot be two opinions on the fact that the Net has opened up the world for each and every one of us. But don’t get that much excited. This is not a free lunch. This exposure is not just a one-way traffic. Just as the Net opened up the world in front of us, it has also opened up each and every one of us to the world.

Most of the websites (especially the news sites) push third-party content to its readers without their consent. In most cases, readers are not even aware of it. A website in itself consists of several elements and they are always not from the same place. The first party content would be the information/content from the website- this piece you read in ‘CorporateEthos’comes directly from its web server and can be termed as the first-party content.

muralicolThird-party content is all those little extras: the ads that show up on websites; social media plug-ins – ‘like’ buttons, post to twitter messages and the like. In other words, the third-party content can be anything else not hosted on the site’s server.

In order to generate money for the company hosting the website, generally, it publishes ads. However, mostly, a website doesn’t deliver the ads directly from its server. Instead, the site enters an agreement with an ad service network, which will deliver the ads. Based on the numbers of hits on these ads, the site earns money and it helps them continue its business. This means if you block ads from websites, those sites will not be earning revenue. It costs money to host website and generate content. Yes, we do agree. But most sites don’t audit the content from their advertisers.

Ads from ad networks are a privacy violation because they track where you go and what you do so they can deliver customised ads.  In a typical workday, you will find that tens of hundreds of websites are tracking your personal information. This is why when you buy (or try to buy) something from an e-commerce site and go to another website you will see ads that show things you recently bought on the e-commerce site (or looked on at it). Another issue with third-party content is malvertising or injecting malicious software (malware) through online advertisements.

As mentioned earlier, the trouble with third-party content is that as the content comes from other web servers, the web admin of the site does not have any control over what gets delivered. Web developers cannot be trusted with the security of their websites and often times even they don’t know how much they expose and help others grab your private data (in the regard even big sites Google and Facebook are no exceptions).

If you wish to see the watchers that watch you, browse after installing the Firefox extension Light Beam.  When you visit a web page with ‘Light Beam’ enabled, the add-on will create a real-time visualisation of all the third-party links that are active on that page (screenshot below). When you view this visualisation while visiting some online news sites you will be horrified to see how you are being stalked across the Web.

murcol1

Of course, this does not mean that we are completely helpless. Different tools that can identify the culprits and minimise (if not completely eliminate) their impact are in place. One such a tool worth a look is the free open source browser extension ‘uBlock Origin’, which blocks unwanted elements from entering your machine.

The extension conducts blocking in two ways: by static filtering and dynamic filtering. Static filtering is when uBlock Origin takes third-party filters to decide what it should block behind the scene without the user interaction. Dynamic filtering is where the user takes initiative and can override static filtering. Here the user can decide what to block or allow by taking static filter control. By default, uBlock Origin does not enable you to engage in dynamic filtering. When you first install the extension, its user interface is very simplistic- you mostly have the big blue power button (screenshot below), which allows you to disable or enable blocking unwanted content on the current site.

murcol2

For users who want more control of what to block, there is an advanced user mode, which gives a lot of granularity. To invoke this mode, access the Dashboard (screenshot above) and enable the option ‘I am an advanced user’ (under the menu, ‘Settings’ in the dashboard). You can now see that the extension has enabled an advanced table to finely control what to block. This mode allows you to filter the content dynamically, unlike the default mode (called static filtering). In the interface, you will find a set of rows with two main columns. With each of these big columns, you will find three clickable columns too (screenshot below).

murcol3

The main column on the left applies every change globally (means the changes you make here will affect all websites). On the other hand, the main column on the right applies locally to the current website only. Each one of the three small columns has a different colour: green, grey and red (screenshot above). Here, green means allow this type of content always, regardless of filter lists. Grey means don’t do any dynamic filtering but apply static filter lists. This would be the same result as not using the dynamic filtering at all. And red means block this type of content completely.

As can be seen from the above figure, each row has a different type of content to filter: All requests (+all) applies to all the listed types of requests below. The ‘Images’ option will filter all the images; 3rd-party option filters all requests from third-party websites. We will not elaborate on other options as their functions are obvious. Apart from the specific filter parameters listed by default, the extension will also list all the top level domains whose content present on the current web page (like doubleclick.net). This lets you filter content from specific domains.

The ‘+’ and ‘-‘ icons next to the domain names are indicators for content already being allowed or blocked. Both in the same row mean some content was allowed and some blocked. If you alter the parameters you need to load the page again for it to take effect. When you alter a parameter, you will also see two icons (screenshot below): an eraser and a lock.

murcol4

To make your changes permanent, click on the ‘lock’ icon and to go back to the old state, click on the ‘eraser’ icon.