Congress Says Foreign Intel Services Could Abuse Ad Networks For Spying (vice.com) 30
An anonymous reader quotes a report from Motherboard: A group of bipartisan lawmakers, including the chairman of the intelligence committee, have asked ad networks such as Google and Twitter what foreign companies they provide user data to, over concerns that foreign intelligence agencies could be leveraging them to harvest sensitive information on U.S. users, including their location. "This information would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns," a letter signed by Senators Ron Wyden, Mark Warner, Kirsten Gillibrand, Sherrod Brown, Elizabeth Warren, and Bill Cassidy, reads. The lawmakers sent the letter last week to AT&T, Verizon, Google, Twitter, and a number of other companies that maintain advertisement platforms.
The concerns center around the process of so-called real-time bidding, and the flow of "bidstream" data. Before an advertisement is displayed inside of an app or a browsing session, different companies bid to get their ad into that slot. As part of that process, participating companies obtain sensitive data on the user, even if they don't win the ad placement. "Few Americans realize that some auction participants are siphoning off and storing 'bidstream' data to compile exhaustive dossiers about them. In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments," the letter continued. [...] The letter asked the ad companies to name the foreign-headquartered or foreign-majority owned firms that they have provided bidstream data from users in the U.S. to in the past three years. The other companies the lawmakers sent the letter to were Index Exchange, Magnite, OpenX, and PubMatic. Mark Tallman, assistant professor at the Department of Emergency Management and Homeland Security at the Massachusetts Maritime Academy, told Motherboard in an email that "It's difficult to imagine any policy solution or technical sorcery that can fully 'secure' consumers' private data such that applications and platforms can collect it, and the publishing and advertising industries can access it, while guaranteeing that cybercriminals and foreign intelligence agencies will never get it. Our adversaries already know that they can buy (or steal) data from our marketplace that they could only dream of collecting on such a broad swath of Americans twenty years ago."
The concerns center around the process of so-called real-time bidding, and the flow of "bidstream" data. Before an advertisement is displayed inside of an app or a browsing session, different companies bid to get their ad into that slot. As part of that process, participating companies obtain sensitive data on the user, even if they don't win the ad placement. "Few Americans realize that some auction participants are siphoning off and storing 'bidstream' data to compile exhaustive dossiers about them. In turn, these dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments," the letter continued. [...] The letter asked the ad companies to name the foreign-headquartered or foreign-majority owned firms that they have provided bidstream data from users in the U.S. to in the past three years. The other companies the lawmakers sent the letter to were Index Exchange, Magnite, OpenX, and PubMatic. Mark Tallman, assistant professor at the Department of Emergency Management and Homeland Security at the Massachusetts Maritime Academy, told Motherboard in an email that "It's difficult to imagine any policy solution or technical sorcery that can fully 'secure' consumers' private data such that applications and platforms can collect it, and the publishing and advertising industries can access it, while guaranteeing that cybercriminals and foreign intelligence agencies will never get it. Our adversaries already know that they can buy (or steal) data from our marketplace that they could only dream of collecting on such a broad swath of Americans twenty years ago."
Yet more argument for ad blockers (Score:5, Insightful)
It's already privatized (Score:5, Insightful)
They say that as if the existing megacorps don't already spy on us.
As if they don't already use their knowledge of the social graphs to find the right influencers to manipulate us with.
It doesn't really matter whether it's a foreigner or one of our own countrymen manipulating us, in the end. None of them are up to any good.
Re: It's already privatized (Score:4, Interesting)
Where do you come up with that bad interpretation? Does "None of them are up to any good." sound like approval to you?
I'm disapproving of *all* of it, not just disapproving of this when foreigners do it.
Frankly, I'm surprised they'd advocate something so blatantly xenophobic when there's plenty of blame to pass around domestically.
We need to make the social graph less public. It's putting too much power into the hands of too few people and they don't have our best interests at heart, they're using it to manipulate us. So of course Congress is concerned because they don't want to share that power, but it's not a good thing for anyone to have.
Re: (Score:1)
None of them are up to any good.
Of course we're not, comrade! Still... wouldn't you prefer a nice government safely across an ocean from you spy on you than your own government on your doorstep?
I eagerly await you joining us in the glorious revolution!
(Also, we're running a drive to get comrades signed up for their Soros checks, just fax over your deets.)
Re: (Score:2)
Come on, it's just some shady companies you never heard about inserting code from even shadier third party clients in thousands of websites with barely any checking.
What possibly could go wrong?
Re: (Score:3)
Another reason? This is THE reason, and always has been. If you create these massive troves of data there is no magical force denying access to malicious people. Even if security was one hundred percent there's still the possibility of the people obtaining the data legally to abuse it.
More and more people just take for granted that this is all normal, corporations and governments having detailed records of every citizen's daily life and those records being leaked.
Re: (Score:2)
Those massive troves of data become big juicy targets for attacks, be it remote, or even "boots on the ground". There have been so many breaches that showed that this is the case, be it OPM, an IRS vendor (not the IRS itself, but a vendor), etc. Many other countries have learned that those data "money bins" are easy fodder for offshore blackhats.
Re: (Score:2)
I see it as one more argument to make ads illegal.
It's Called Projection. (Score:3, Insightful)
As in, we know what crap head shit we have been up to and realise how dangerous and damaging it is and how it can be used to attack and destroy other countries, as we have already done. We don't want them to do it back. So what ads have the three letter agencies been targeting ALL OF YOU WITH, hmm.
Not so much a problem on slashdot, a minority reasoners forum rather than a majority believers forum. One far less likely to be manipulated by ads and far more likely to question them and then fathom the reality behind the false beliefs presented by the ads. Not safe from it though because of course the unreasoning believing mob will quite contently attacked the reasoners if a negative beliefs in the believers can be established, ones that promote the attacking of reasoners who oppose those false beliefs.
Yes, sharp constraints should be placed upon advertising to prevent negative outcomes for society as a whole as a result of those saturation advertisements ie the active and extremely psychopathic promotion of wasteful consumption. Not what the three letter agencies used to be worried about but has become of concern now. As in keep promoting wasteful consumption when it is no longer possible economically and environmentally and they are denied the opportunity to wastefully consume and become frustrated and rebellious not to mention that wasteful consumption waste resources and often generates undesirable import costs.
Laws to restrict advertising are inevitable for most sane nations, those that do not will collapse under the burden of them.
Re: It's Called Projection. (Score:1)
Congress is all talk (Score:2, Insightful)
What teeth has Congress put into the law so the CEO of the next OPM, Equifax or solarwinds type hack does serious jail time and is bankrupted?
Do your own job before telling others what they should be doing
Make it illegal (Score:5, Insightful)
Re: (Score:2)
Yes. Mass surveillance databases; the possession, creation, sale, or distribution of; should be illegal.
Re: (Score:2)
The hard part with that is enforcing it. I'm inclined to agree that it's bad, but I think we can't just trust them not to do this.
We need to look at the "smaller internet" movement and start making it so that this data *isn't available* to them as much as possible.
But that's hard because it requires a lot of changes and people leak info like a sieve...
Re: Make it illegal (Score:2)
Commercial?
You mean ALL.
Giving an exception to the most dangerous and powerful enemy (your "own" government, it seems) is not the best choice.
Re: (Score:3)
Good luck with that.
Several European counties have passed laws that basically say that you own your own data, they are your property.
But that's the end of it. There are no consequences to that, and what little is protected by the GDPR is only the core personal data like your name, address, age, etc. - 99% of companies tracking and collecting data on you are absolutely fine with calling you ID 713123 - they don't care who you are, only that they can uniquely identify you and connect your recent house purchas
Could = Russia obviously did (Score:2)
Re: (Score:2, Interesting)
What congress is worried about is different. Ad networks usually have access to location, directly or indirectly as well as personal profiles to which it associates. One of the first ideas for contact tracking in the early days of COVID was to get the data from the ad guys. That was dropped and one of the reasons why it was dropped was the potential fallout if people understand just how m
He's right (Score:3)
Let's rid ourselves of ad networks
Any car in the world.. (Score:5, Interesting)
https://techlog360.com/surveil... [techlog360.com]
Companies gather so much advertising and behavioral data that they can locate any car in the world, probably any person's likely whereabouts in the world.
The US intelligence agencies think they're the only ones doing this? All of this information has been on sale to any bidder since forever. They'll give you a price. Oh, you can't meet that price? Make an offer. They just want money. You might remember how the US doesn't want tiktok usage in the armed forces, China doesn't want Tesla cars on campus, these companies and _ALL THE OTHERS_ are logging your every everything.
What's more, they all sell it to anyone with a buck.
A company that will sell you the whereabouts of any car in the world, but fifteen companies that will sell you a huge gob of information on most individuals -- put together, huge gobs of information on almost all individuals. Have you heard of Experian? Does anyone think that only US companies and the US government are the only purchasers of US citizens' data? Does anyone dream that there isn't a US-registered company that would turn over, leak, or even "get hagged" and lose the data to Russia or China? Get real.
Ok (Score:1)
Rather spying than ads. Jesus wtf. Spying? Which decade is this?
Re: (Score:2)
With increase in China-US conflict rhetoric is it any surprise that old cold war issues resurface? Its not about people but about THE ENEMY.
Re: Ok (Score:2)
Yeah, NSA totally was shut down right ater the leaks. Onf sct it never exsted. They went back in time and killed its founders.
So you can put your head back in the sand and spread your cheeks widely so it hurts less. :P
But (Score:1)
Said it before (Score:1)
Thank God that no domestic Intel Service â (Score:1)