Security/Advertising

Lecture looking at how we assess approaches like tools, policies, practices, and regulations from the perspective of security.

Slides

• Security and Advertising

Required Reading

• Adblocking: How About Nah? by Cory Doctorow
• Interactive Advertising Bureau CEO: AdBlock Plus is an extortion-based business by Frederic Lardinois

News Links

• China-based SMS Phishing Triad Pivots to Banks
• META: Unauthorized Experiment on CMV Involving AI-generated Comments
  • Sara Gilbert commentary

Learning Outcomes

Topics

• CIAAA
• Threat models
• How websites are built
• Man-in-the-middle - brief intro

Understand

• Security requires specification to reason about
• How websites are dynamically built
• Advertising from a security perspective
• A single web connection has many groups involved

Apply

• Block third party content activity
• What does “secure advertising” mean to you?
• What are key actors in your threat model regarding advertising?

Referenced in lecture

• Z. Pooranian, M. Conti, H. Haddadi and R. Tafazolli, “Online Advertising Security: Issues, Taxonomy, and Future Directions,” in IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2494-2524, Fourthquarter 2021, doi: 10.1109/COMST.2021.3118271.

Additional Resources

• Helen Nissenbaum on Ad Nauseum, resistance through obfuscation, and weapons of the weak

• Nouwens, Midas, et al. “A Cross-Country Analysis of GDPR Cookie Banners and Flexible Methods for Scraping Them.” arXiv preprint arXiv:2503.19655 (2025).

• Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users by Rick Wash and Emilee Rader

• Uncover Security Design Flaws Using The STRIDE Approach

Recent News

• Google’s anti-privacy bill push sparks outrage among advertisers