This is Why You Need a Hacker for Blocking the Ad-blocker
Idan Cohen has been in the cyber security field for over 12 years, long before the term cyber became a buzz word. His career started with 5 years in the IDF, where he had multiple hacking positions and was mainly busy with penetration testing and security consulting. After his release from the army he joined Bugsec, Israel's largest hacking security agency, where he designed and infiltrate security architectures and managed cyber operations. As CTO, he acquired vast experience in offensive and defensive security mechanisms, fishing and DDOS simulations. Last year he joined forces with hacker Ysrael Gurt, who was one of the best hackers in his team on Bugsec; Together they started "ad-venture", which is an anti-ad-blocking company with a strong connection to security. In this article, he lays out the challenges of advertisers from the security perspective, and reveals the problematic nature of ad-blockers. Share
According to your website, Ad-venture ads have been found unblockable when tested with dozens of ad-blocking tools. Please describe how that is done.
Today, ad-blockers are the biggest threat to online advertising, cutting about 20-30% of the revenue of publishers. Our solution bypasses ad-blockers by rebuilding the website and removing all ad indicators. This way, the ad-blocker cannot distinguish between ads and real content, therefore it cannot block anything.
We designed a roadmap to always stay one step ahead of ad-blockers. Since ad-blockers run on the client side, beating them means you always do things on the server side.
It is also stated on your website that your technology identifies and blocks possible insecure content (malvertising), protecting the end-user and publisher. How do these two features coincide?
I'll start by saying its very easy to insert malware into an online advertisement. When you see an ad, you're not just seeing a picture; its a javascript code that renders something onto your computer or mobile device. This code was not written by the site you are viewing, but by an advertiser who wanted to promote something. Since the advertising market is huge, most publishers don’t even know who's displaying their ads.
If I'm an advertiser, I can extract data from your browser or download malware to your device. When one of the largest websites in the world, was hacked like that, all of their readers got infected with malware. Remember this is a legitimate site we're talking about. There is of course a solution to that, with various companies who detect or block malware.
As a server side solution, Ad-Venture rebuilds the page to make sure adblockers remain inactive, and we overview the site before the user sees it, so obviously, if we find any malvertisements we remove them before they can reach the user's browser. If a good ad gets about 1-2 million views per hour, think about how many people can be affected if malware is present in the ad. That's a major concern that our customers will never have to deal with.
What other concerns do you meet regarding the security of advertising online?
Many advertisers are concerned about fraud, like when a Proxy server stands between the user and the advertiser and performs bot clicks for false results. Since we are in middle we cause a certain delay to the site, and that also concerns customers, who need 100% uptime on their sites.
Many publishers are suspicious about placing ads, because they fear it can bring malware to their website, and they should be, because they really have no way to know about it until its too late. This is why our company has taken a security approach that makes our solution unbeatable. If there are tools that are trying to manipulate the page, we will detect and bypass them before they go live. The same goes is someone tries to send us false results. As far as our ad-tech solution is concerned, we make sure that all of your ads are 100% secure.
As an anti-ad-block mechanism you must be getting a lot of criticism from end users. How do you address that?
In the beginning when I told my friends about what I do, they said I was one of the bad guys, but life's a bit more complicated than that. Ad-blocking started as a good thing, nobody wanted to see ads and they answered the need of the hour. But nowadays, Ad-blockers give publishers the ability to disable their tool, and are in fact blackmailing them by saying: give me 30% of your advertising revenue, and we'll unblock your ads. Someone is making a lot of money out of it.
Take adblocker plus as an example; instead of blocking ads, they are now selling them; so let's say a website is producing good articles, offering true value to their readers, and then someone comes and says, pay me, and I will let you make money from your website.
The internet is free. We can use any website we want and get data, but operating a website takes a lot of hard work and the only thing allowing it to happen is the advertising. If we take away their ability to advertise, eventually we will need to pay money for each site we view. No ads means no free internet. Balance can be achieved by smart and secure advertising that is based on user preferences and behavior, but under no circumstances can we allow third parties to block everything and blackmail the internet.
The ongoing battle between adversaries, unbeknownst to most users, is currently causing tremors in the very core of the internet. If ad-blockers manage to seize 30% of ad revenue, it sets a dangerous precedent for the entire online realm. After all, do you genuinely wish to dig into your wallet each time you navigate the web?
Google and other corporations are collecting data from their users to show them ads. What's your personal perspective on that?
People say they care about privacy, but they upload practically all of their data to Facebook and likewise, it’s a contradiction. Google knows all about us because we give them our photos, we tag ourselves and the places we go to. People should decide if they want their data secure and if they do, it's a matter of setting up your priorities- there is always a way around it.
Earlier on we talked about balanced ads that are secure and are actually relevant to the end user. The only way to do it is to know something about you beforehand. It's reasonable that the payment for all of google's free tools would be to collect some data about us.
Recently facebook declared a war on ad-blockers. They promised not spam their users and created a mechanism where people can decide which ads they want to see. They now gain 20% more revenue and so far no one has been complaining, because their ads are relevant to the user who's viewing them.
Google and FB are both the advertiser and the publisher, so they have power and they know no one will leave them because of some ads. Other websites need us to do it for them. If everyone adopts this method of smart adverting, everyone will be satisfied.
To conclude, what kind of precautions would you recommend for users who seek to place ads online, and for the common user browsing the web?
Publishers should only use known marketplaces for ads, where they can validate their ads are secure and tested, using tools like ad-venture. Also, don’t exaggerate with ads, as that can seriously damage your reputation and make you look suspicious to end users.
My tip for end users is to always look for the little green lock at the top of your browser, to verify the site is secure; if you don’t see it, get out of the website immediately. Malvertising is a big problem to fix and of course there are ad-blockers, antivirus and protection mechanisms; at the end of the day, it all comes down to your browsing habits: do not browse unknown websites, as they may be owned or operated by an attacker, and never enter your data to an unsecure site. It's very easy to manipulate the user, so if you make sure you are where you wanted to be and not just where they took you, you'll be ok.
Please, comment on how to improve this article. Your feedback matters!