"If it's free you're the product." Most of us have heard this meme often enough, and have a vague understanding that it relates to online ads. But when most of us think about online ads, we think about the occasional annoyance of having to scroll past or otherwise ignore an ad—doing so is assumed to be the price of free online services, and it seems a small price to pay.
If only it were so simple.
Researchers at the University of Washington published a paper at the ACM Workshop on Privacy in the Electronic Society entitled "Exploring ADINT: Using Ad Targeting for Surveillance on a Budget." The subtitle is "How Alice Can Buy Ads to Track Bob." Yes, it's as bad as it sounds. The authors point out that for as little as $1,000, someone can use targeted ads to track the location of specified individuals. The mobile advertising infrastructure allows any attacker with modest means to to "know where the target goes, where they live, and other sensitive information such as what apps they use". Knowledge of what apps are being used can be considered sensitive for a variety of reasons, including mental health conditions, diabetes trackers, dating apps (which can indicate relationship or sexual preferences), political affiliation apps, and religious and church apps.
As I've pointed out before, most people think it's a reasonable trade-off to allow ads to be shown in order to get apps and services for free. But in order to deliver those ads, the ad networks need to learn as much as possible about all of us, so that advertisers know whether it's worth paying to target an ad to any of us (and when and where it should do so). Advertisers have enabled what we can refer to as a stalker economy. If you think it sounds creepy, you're right. And it's also ubiquitous, part of the background noise of being a mobile-phone using netizen.
This is how Alice can buy ads to track Bob. But what is meant by "ADINT"? The authors invented this term, and I think it's a good one. Whereas the intelligence community refers to human intelligence as "HUMINT" and signals (electronic) intelligence as "SIGINT", the corresponding term for advertising intelligence has been coined by the paper's researchers as "ADINT."
Most of the focus on mobile security has been around malware and network attacks that deliver malware. But malware is rare, whereas the stalker economy, or ADINT, can affect us all. In my previous post, I noted that mobile devices send considerable amounts of data into the cloud, which is to say the data is now in the wild—outside of our ability to track and control it. ADINT represents another threat vector regarding the digital exhaust of our mobile devices. This should worry us.
No comments:
Post a Comment