Previous month:
February 2013
Next month:
April 2013

March 2013

Ad Industry Attacks Against Mozilla Reveal Poor Choice of Campaign Role Models

The Interactive Advertising Bureau (IAB) and Association of National Advertisers (ANA) have launched a coordinated campaign against Mozilla in retaliation for the browser developer's Firefox patch that block cookies from any site that a user has not visited by default ("third party cookies"). But rather than mounting a campaign that attacks Mozilla directly, IAB/ANA strategy is focused on scaring users by threatening more advertisements. 

The rhetoric flowing from IAB and ANA is reminiscent of the 2012 presidential campaign - or the blather we now expect to hear following any  given session of either branch of the US Congress; in fact, the sound bites from Computerworld's quotes from ANA's Dan Jaffe and IAB's Randall Rothenberg are all too familiar:

"This is damaging to consumer interest and will undermine the Internet" - ANA

"It will cost jobs, and it will destabilize the ad-supported internet economy" -  IAB

"thousands of small businesses that make up the diversity of content and services online will be forced to close their doors" - IAB

"All users, no matter the browser they’re using, will lose access to independent websites produced by small businesses" - IAB

"Without third-party cookies, they [users] will see an increase in the irrelevant spam advertising served to them" - IAB

Let's look at what the fear facts don't reveal. 

Debunking scare tactics and reversing spin

Third party cookies do afford users what Rothenberg describes as "robust, personalized experiences" but hardly with the "uncompromised sense of trust" he assures is present. Advertisers do not share information about how they are tracked with users or what parties are obtaining their behavior data, so there is hardly a basis for a user to assert trust or feel uncompromised.

Rothenberg claims that users "enjoy" personalized experiences. Mozilla claims that "users frequently express concerns about web tracking".  In Suicide by Cookies, it's "stealing user data that can be monetized directly to ad buyers, or even resold in bulk data transactions via various exchanges." Curiously, Rothenberg quotes a gamer site operator who claims that "30-45% of our readers use an ad blocker". This statistic is surely sufficent to at least suggest that users do not unilaterally trust third parties. 

Mozilla's Firefox patch will require that the user "must directly interact with a site or company for a cookie to be installed on their machine". IAB/ANA claim users will see more advertising "spam" as a consequence. IAB/ANA really don't mean "spam" but "advertisements that are not based on prior user web behavior". This seems to be an admission that, like the MPAA and RIAA, online advertisers are more willing to defend a legacy business model than innovate.


Jaffe claims that Mozilla's patch will damage consumer interests. I'll generously assume he means that Mozilla is infringing on a user's right to choose what ads are displayed, but generosity aside, please go read the post or look at the privacy tab, Dan. Mozilla is changing the default and not preventing the user from choosing to see ads for all eternity. Yours is another case where opt-in triumphs over opt-out, with the predictable cry of foul from those whose businesses are based on intrusive rather than invited opportunity. 

Evolve or Perish

John Boehner would be hard pressed to produce more dire - or less credible -predictions than the IAB/ANA. Mozilla cookie policies - or browser cookie policies, generally - are hardly all that separates small businesses from bankruptcy. People do and will search for small businesses online. And they will not cease to consider advertising. 

Thousands of people in the soon-to-be destabilized ad-supported Internet economy won't lose jobs unless online advertisers choose to follow the course MPAA/RIAA have set. But even a long-time defender of cookie-setting and tracking like George Simpson observes,  "I appreciate the economics of this industry, and know that it is imperative to wring every last CPM out of every impression -- but after a while, folks not in our business simply don't care anymore, and will move to kill any kind of tracking that users don't explicitly opt in to."

A visual aid for raising social engineering awareness... and a homework assignment

Veracode has a great track record for producing compelling infographics. And they have a great attitude about sharing. The Hacking the Mind infographic I've inserted here explains the art and threat of social engineering quite thoroughly:

Hacking the Mind with Social Engineering

Infographic by Veracode Application Security eBook download

Playing on Emotion

Quiz time: identify what emotion or motivation attackers use in the following scams. Choose from {fear, greed, empathy, curiosity, anger, interest...}.

  1. Stranded traveller scams are emails from a colleague, relative or friend who claims to have lost wallet, passport, etc. and is desperate for you to wire money so they can recover from the loss. The scam emails often come from your personal contacts list that the scammer has accessed by having infected your PC with malware that locates and uploads email contacts to the attacker.
  2. Advanced Fee Fraud scams (a.k.a., Nigerian or 419 scams) claim that you are a beneficiary of a compensation payment or offer you a fee or assisting in a money transfer. The scammer typically contrives a situation where you must provide a small sum of money to execute the transaction, to complete official paperwork, or to bribe an official.
  3. Lottery or Sweepstake scams try to entice you to disclose personal data or bank account information to "facilitate" the deposit of winnings. If you disclose this information the scammer withdraws rather than depoists funds from your account.
  4. Diploma mills claim you can earn a high school diploma or advanced degree based on your life or work experience. The attacker then steals the personal and credit card information you submit for payment.
  5. Tax or IRS scams phish for identity information, using either a refund or notice of audit.  
  6. Online pharmacy spam advertises sites that sell "life-style" pharmaceuticals or scheduled drugs (controlled substances) without prescription.
  7. Disaster spam campaigns solicit contributions for survivors of a natural disaster (hurricanes, sunamis, earthquakes), a shocking crime (Newton Elementary, Virgina Tech), ethnic cleansing, hunger victims, etc.
  8. Online credentials phishing message may warn you of suspicious activity observed in your account, or they may contain a notice of a credict or loan account past due, an overdraft or an account discrepancy. 
  9. Employment (money transfer) spams offer opportunities to earn a lucrative salary working part time. The job often involves participating in fraudulent transfers of goods or money.
  10. Fake IT support spam messages impersonate your organization's IT or ISP customer support and request that you change your password, confirm your personal contact information, etc. Fake HR spam is similar: one HR spam asks to log in or confirm more personal data such as social security numbers or bank routing information (for direct deposit of your paycheck).

Next time you check your email, keep your emotions in check! 

 tseretni (01) deerg (9)  ytisoiruc ro raef ro regna (8) yhtapme (7) ytisoiruc (6)
raef ,ytisoiruc (5) ytisoiruc (4) deerg (3) deerg (2) yhtapme (1) :srewsnA