AdMonsters Wrapper: 🌯Chrome Chock Full of Security Issues

AdMonsters Wrapper: The weekly ad tech news wrap up

Welcome to The Wrapper! AdMonsters is sending you this email because you are subscribed to receive AdMonsters’ news products. This is our latest content product, The Wrapper, a weekly ad tech news roundup to simplify your life by curating only the most important industry news you need to hear. And hey, we also aim to point you in the direction of great podcasts and compelling industry voices to follow on social media. So please enjoy our inaugural issue and feel free to reach out with comments and ideas!  We hope you love it! Not into it? You can opt-out at any time via our preference center. 

This Week
February 25, 2020
Chrome Chock Full of Security Issues
Malicious Notifications
Is Your Smart Speaker Listening to You?
Insider Inc.'s First-party Audience Tool
New Chrome Chock Full of Security Issues, Potential Privacy Furor
Google Chrome
The ad tech industry may still be reeling from Chrome’s decision to sunset support for third-party tracking cookies, but a very different Chrome update has caused a fair deal of chaos. On release, Chrome 80 met a lot of bad press due to changes in cookie functionality, but there were also so many reports of security vulnerabilities that the US Cybersecurirty and Infrastructure Security Agency is advising users to keep on updating as the fixes roll in.

However, there may be something even more concerning: Chrome 80 sets live the deep-linking capability ScrollToTextFragment, which has raised a lot of issues about its openness to privacy attacks. One example that’s being frequently cited comes from privacy researcher Peter Snyder:

"Consider a situation where I can view DNS traffic (e.g. company network), and I send a link to the company health portal, with [anchor] #:~:text=cancer. On certain page layouts, I might be able [to] tell if the employee has cancer by looking for lower-on-the-page resources being requested.”
Why This Matters
There is a lot of disagreement in the cybersecurity space about the privacy ramifications of ScrollToTextFragment and deep-linking technology, but even more ire over the fact that Google set the protocol live before there was industry consensus. Will cybersecurity and developer anger translate to a user exodus? Don’t count it out with digital privacy concerns at their highest level; perhaps the third-party cookie will be irrelevant that much sooner.
Malicious Notifications
Push notifications can be great with mobile apps, so why not use them on browsers? You’ve probably noticed a lot of desktop sites asking if you would like to receive notifications, a technique called browser or web push notifications (WPN).

Well, researchers from the University of Georgia and a few other Southern schools were curious if publishers were using these to push advertising as an end-round way to reach users with ad blockers. They discovered something worse. Using home-built technology, the researchers analyzed 21,541 WPN from thousands of websites where they identified 572 WPN ad campaigns and 5,143 WPN-based ads from ad networks… 51% were labeled malicious.
Why This Matters
It’s no secret that publishers and their ad quality partners have to play catchup with malvertiser techniques, though this one seems to be a doozy on an entirely new channel. Rampant malvertising threatens to undermine premium publishers leveraging WPN to build tighter connections with key audiences.
Is That Smart Speaker Actively Listening or What?
We’ve all had that experience—we’re chatting aloud about something random with a friend, something we swear we’ve never read or searched about on the web before, but suddenly an ad pops up related to that random thing. OMG, we think, our devices are listening to everything and using the data to target advertising! The smart speakers, the phones, the laptops... EVEN THE TV!

There’s a lot of debate over whether connected devices are actually spying on users and passing the data on for ad targeting—and questions about whether that’s even possible. A good question here is simply, “How much are these devices actively listening to?” Researchers from Northeastern and Imperial College London sought to answer that question via monitoring inadvertent activations from streaming 125 hours of Netflix shows (to get a variety of voices). They found no evidence that smart speakers are constantly recording conversations or any consistency in activations. But average unintended activations ranged from 1.5 to 19 a day and some devices would remain recording for 20 to 43 seconds.
Why This Matters
You thought privacy discussions and initiatives were already hairy? We haven’t even scratched the surface of how data collected by connected devices can and should be leveraged. As publishers increasingly build content for and monetize smart speakers, they should be asking themselves a lot of questions not just about user privacy. What about data leakage or ownership—does the content producer, distributor, or device maker/operator claim custody over audio data collected? And who is liable for breaches or failing to follow consent guidelines? Brave new world, indeed...
Publisher Forum Santa Monica March 8-11
A Fresh New Data SÁGA From Insider Inc.
Segments of the ad tech world are fully freaking out at the prospect of a world without targeting cookies, but many premium publishers are pumped because they know their first-party data will soon be the choicest data in the ecosystem. Unable to control its excitement anymore, Insider Inc just rolled out its three-piece SÁGA product, named after the Norse goddess of storytelling (hence that accent over the first A—Vikings loved them some diacritical marks). From the press release:

“SÁGA Audience uses first-party data to connect marketers with the consumers they want to reach. SÁGA Inform shapes campaigns based on content that strongly resonates with our audience. And SÁGA Insights provides valuable information about consumer preferences that lead to more robust marketing campaigns.”
Why This Matters
Expect a lot more major publishers unveiling fancy new first-party data products in the coming months as the grim realities of Chrome’s third-party cookie slaughter sink in for advertisers. Insider’s SÁGA stands out because it’s a hot trifecta—audience data blended with contextual targeting and a slice of intent data spread on top. How delicious—and you can learn more about the development of the product at a special PubForum Santa Monica session.
Sweet Tweet
data brokers and ad tech companies continue to paint a picture that the entire “advertising-funded internet” relies on tracking of users and behaviorally targeted advertising. 🤔 the way they weaponize that Harvard/Deighton study is really a misleading embarrassment
Worth a Listen
Recode Decode Hosted by Kara Swisher
Technology journalist and Wired editor-at-large Steven Levy talks with Recode's Kara Swisher about his latest book, Facebook: The Inside Story, for which he obtained years of direct access to CEO Mark Zuckerberg and COO Sheryl Sandberg. Levy discusses how he got that access, how Zuckerberg has changed (or hasn't) over time, and whether he, Sandberg, and the company at large understand the damage that Facebook has caused. Plus: Why Zuckerberg destroyed his old diaries, how he was influenced by Bill Gates, and what will happen to the company next now that it is under more scrutiny than ever.
Upcoming AdMonsters Events
PubForum Santa Monica | March 8-11, 2020
PubForum Santa Monica March 8-11, 2020

Facebook   Twitter   LinkedIn