![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Web insecurity: The advertising social contract vs malvertisements
Wrote this post for Web Insecurity on the weekend and scheduled it for Monday... But on Monday I was busy drinking water and getting ready to donate blood, so I never posted something here. Oops.
The advertising social contract vs malvertisements: how can online advertisers earn your eyes?
It's mostly musing about how ad blocking actually makes you safer while web browsing, and whether advertisers will wind up rising to this challenge by giving us ads that are worth unblocking or ads that go beyond banners. I gave up my TV years ago, and I still have people telling me about great TV advertisements I missed. Very few people tell me about banner ads I missed. And I think the last time was those Evony ads which is an entirely different category of "you've got to see this!"
In other web security related news, or perhaps Terri-in-web-security related news, I found out last night that my W2SP talk has to be 5-10 minutes long rather than the 15-20 I expected. This presents a challenge, but I can rise to it. Just not in time to do a practice run at 3pm today as I'd planned. I actually have under 10 minute slides from my presentation the week before last, but I skipped some stuff in that talk that I need to put in to the final one, so we'll see how that goes.
Anyhow, if you're curious here's the W2SP schedule -- Apparently there's still space in the workshop if you're in the bay area and interested in attending a web security workshop next week.
The advertising social contract vs malvertisements: how can online advertisers earn your eyes?
It's mostly musing about how ad blocking actually makes you safer while web browsing, and whether advertisers will wind up rising to this challenge by giving us ads that are worth unblocking or ads that go beyond banners. I gave up my TV years ago, and I still have people telling me about great TV advertisements I missed. Very few people tell me about banner ads I missed. And I think the last time was those Evony ads which is an entirely different category of "you've got to see this!"
In other web security related news, or perhaps Terri-in-web-security related news, I found out last night that my W2SP talk has to be 5-10 minutes long rather than the 15-20 I expected. This presents a challenge, but I can rise to it. Just not in time to do a practice run at 3pm today as I'd planned. I actually have under 10 minute slides from my presentation the week before last, but I skipped some stuff in that talk that I need to put in to the final one, so we'll see how that goes.
Anyhow, if you're curious here's the W2SP schedule -- Apparently there's still space in the workshop if you're in the bay area and interested in attending a web security workshop next week.
no subject
I'm thinking there are two sides to Javascript blocking: security and adblocking.
I'm running Noscript largely on your recommendation from a few years back, mostly because even though I surf from a sacrificial VM, I still don't like security holes that expose my disk, browser history, other tabs, keystrokes, outbound bandwidth, or whatever someone finds a way of abusing next. If I was using a browser with a solid security model, I'd be a lot more relaxed about running scripts from the next random website I visit.
On the advertising side, not running JavaScript does seem to stop the more egregious forms of CSS abuse: ads that wander around the browser window, spawn pop-ups, or cover the text I'm trying to read until I interact to swat them down. (Granted, an animated GIF doing its thing right next to the text can make it hard to focus on the meaning of the words too.) OTOH, making it obvious right away that the website owner is the sort of individual who puts that kind of thing up helps me close that browser tab sooner. Too many advertisers are mistaking impressions for conversions: what good does it do them if their ad is annoying enough that most of the people tricked into looking at it swear never to buy that product? Maybe we should start boycott campaigns somewhere as visible as Facebook so that the companies involved get a bit more feedback on how their advertising budgets are being misused? Maybe Google could add something so that we can give them a list of websites we don't want to see in our search results again?