Read the full digest on the AdGuard Blog:Hello, it’s me again, your weekly digest on blocking ads and other means of making your web surfing secure and comfortable.
1. Secret agents use ad blockers too
2. Not everyone agrees that ad blocking is essential
3. A teenage ticktocker accidentally foils a scientific study
4. Data breaches... Data breaches never change
5. VPNs are having hard times
"— I am a decent honest lawful person, why should I care if someone gathers information about me? I have nothing to hide, and I prefer useful targeted ads and personalized services". This is a popular opinion. Why is it completely wrong?
More and more people now start to care about their personal data that is harvested by the state, by big and small businesses, by local, foreign, and international companies. Yet even more people are still nonchalant or careless about who knows what about them and how this information is being used. Quite many think that sharing personal data is even good: it makes ads more relevant and the world more secure overall.
When companies claim that you profit from sharing your data, you should remember that making profit is the first and often the only reason why companies exist. There is just no point to do their job for them.
Who wants your data and for what reasons
Let's put together the reasons why you should be alert and proactive about protecting your personal data. And as you will be able to see very soon, there's no shortage of these reasons — personal information is a hot commodity these days.
Targeting ads. Sometimes it is simple: you have searched online for a bike or a fridge, closed Google not even having clicked any link, so it is obvious to the algorithm that you might still be interested. Sometimes it is more complicated: a company knows that you have a small kid and offers you an investment product that would help fund their college education. But you know who else knows that you have a kid? You. And you most likely already some plans for their future, so no life-saving help here either.
These are only a couple examples of targeting ads, perhaps there are some for when it may actually be of some use. But keep in mind that it's one of the very few such situations, and there are many, many more when giving away your personal data is unquestionably a bad idea. As you will very soon see for yourself.
Marketing research. When it's not about you personally but about understanding consumers as they are. But, as put above, it's not your job and not your problem.
Social studies, all kinds of science, statistics. People must be understood and studied for so many reasons. It is nice to be digitalized for some other reasons than cold-hearted moneymaking for a change. Scientific research needs people's data too, and it can just as easily be mishandled to put you at risk, even if not willingly. In the end, it's your decision: do you put scientific progress above or below your personal interests?
Bank scoring, credit scoring. Banks decide how credible, prosperous, trustworthy, and likely to return a loan you are by using very unobvious criteria along with the obvious ones (purchases, job, salary, home address, traveling, financial history).
Other types of scoring (insurance, medical security, etc). Robots, robots everywhere. Companies are obsessed with Big Data. We take everything we know about a person, feed it to a neural network, then artificial intelligence does its magic, and voila, we have a number that shows your likeness to buy a dog this year.
Commercial profiling and scoring. An HR manager of a company that you're looking to work at clicks a button and receives a valuation of you based on the music you listen to, photos of you on Facebook, and so on. And if those photos happen to be in a bathing suite with a cocktail in hand, it apparently means you are a sociopath inclined to public nudity, and an alcoholic — or at least that's what some kind of a contorted algorithm may decide.
Police profiling. So many stories about false alarms when innocent people become suspects.
Yes, public security is important: we want them to search for criminals, suspects, runaway convicts, dangerous people. But there is a huge gray zone for abuse here. There are countries where smart face-recognizing street cameras are used for searching for the participants of public protests or members of political opposition.
Corporate security. А good thing too, of course. No one should steal and trade commercial secrets and go loose.
Workforce productivity control. This is a very real thing. Are you ready to have your typing patterns analyzed, your eye movements recorded, your brain waves scanned after two minutes of illegal procrastination (as it is already common in China)?
Criminal activity (scam, fraud, etc). As obvious as it sounds. Everything that is known about you can be used against you, starting with the maiden name of your grandmother and including, but not limited to the color of your pants.
What can possibly go wrong?
So we've established it: your data is valuable to numerous different people, organizations, and governments. Is it enough to be worried? Let's see.
What can I do?
- All your data can be leaked or stolen — and it likely will be. It is just doomed to be sold on the darknet. To be used against you. Go change your passwords now and do not write them down on a post-it note on the monitor.
- Algorithmic discrimination. It is absolutely everywhere. Even if you think it's only fair that medical insurance is more expensive for smokers, there are other clearly outrageous examples. Feel free to conduct a little experiment: try to order a taxi on a rainy Friday night using an iPhone that's low on battery juice. And then try the same route on a sunny Tuesday afternoon. The difference will be stunningly obvious. Another example: check the price for the same plane tickets from your cell phone and from a freshly installed obscure browser while in incognito mode.
Always keep in mind that any company's price policy is aimed at maximizing its profits, the question is what methods they use. Be very picky about who you trust, and even then, don't share anything that you don't have to.
- Mistakes. False positives. Robots make them all the time, and it may cost people a lot. Do you think that the more they know, the better are the decisions they make? No. Not yet, at least. Big data is not just a technology, it's a fashion, a frenzy, a modern madness. Artificial intelligence now is like a kid with a box of matches, and the ecstatic adults watch in amazement how it sets fire on everything that burns.
A while ago the founder of Xsolla, a big international fintech startup, announced that they fire 150 workers. All of them received this message: "My big data team analyzed your activities in Jira, Confluence, and Gmail, your chats, dashboards, documents, and you were marked as uninvolved and unproductive". Most experts agreed while discussing this case that such quantitative metrics cannot be used for evaluating high-profile workers like software developers or managers. Besides, among the fired people were a company bartender and a hostess — why would they ever need Jira or online dashboards in their work is beyound me.
We are not calling you to become a technophobe and deny the technical progress. There are things you can do to manage the use of your personal data and mitigate the risk.
- Choose whom to trust. It's not the merchant with the lowest prices, it's the merchant with the most spotless reputation.
- Hide whatever is possible. If you're making your social media pages open for all users, do it because you know exactly what you're sharing, not because you are too lazy to tick a box in the settings. If you are not a celebrity, why should everyone see your family photos, home address, music collection?
- Do not fill in non-required fields. Why do people do it anyway?
- Check your company's security policies. Do they read your messengers, record your voice calls? If they do, are you rewarded enough to take on all the risks associated with the surveillance?
- Use security and privacy tools. VPNs, ad blockers, private search engines and so on.
- Be aware of popular scam scenarios. If you receive an email saying "we've recorded you watching porn, send money or everyone will know about it", just delete it and go watch some more porn. The bad thing is, they keep inventing new tricks, so you keep your finger on the pulse.
- If something bad happens, do not hide in the bushes. Sue the company that lost or abused your data. Get press. Complain on social networks — and get a lot of free Internet karma, people love scandal!
- Know that companies under the legislation of EU law are regulated quite strictly. Browse the laws and know what you have the right for. If you live in California, for example, you are protected by California Privacy Rights Act.
Samsung has recently announced that they can now block their smart TV devices. The company has developed the TV Block technology — a remote security solution. It cross-checks the serial number of every connected device with a list of serial numbers of devices that had been stolen or bought in some improper way. This is designed to reduce device theft, as the company claims, so that only the rightful owner would be able to use the TV.
All this seems quite reasonable at first sight: Samsung makes an impression of a company that cares about their users, and they even sell this feature as a competitive advantage. Though we see it as a part of the growing trend: vendors gain more and more control over devices they sell, more options of interfering in how these devices operate.
Besides, it is not clear what happens to a bona fide purchaser of a stolen TV. Will the device they have just bought with their hard earned money simply get disabled? Can they dispute this decision or is everything done automatically and irrevocably? This is one of the many possible ways a user can get hurt. Considering that the vast majority of stores are insured against theft, it's even less clear how actually this TV Block technology actually protects anyone.
"This technology can have a positive impact at this time, and will also be of use to both the industry and customers in the future", Samsung's representative has said to the press. There are several important words in this phrase: "can have" and "in the future". Adjusted for the natural evasiveness of corporate statements, it sounds more like "we are not sure users need it, maybe it will come in handy somehow".
Smart TVs are in the vanguard of the "smart home" technology that is invading our homes right now. Vacuum cleaners, fridges, baby monitors, climate control sets, and even smart Q-tips replace their dumb predecessors. Unfortunately, the high level of market competition and the desire to save money on production and maximize profits stop vendors from equipping smart devices with powerful security protection suits.
On the other hand, there is strong doubt that the remote control features would only be used by the vendor and only for the stated purposes of user protection. Numerous studies have discovered plenty of vulnerabilities in such devices, and a vast variety of malicious actors are potentially able to get access to a device.
What danger do these technologies pose?
Ransomware is a type of malware that's been rapidly spreading recently. The best known subtype of it is encryption viruses. A malefactor invades the network or otherwise gains access to a remote device, encrypts its data with the specific software, a user sees on their screen a banner demanding payment for decrypting the information. The exact ransom amount varies greatly depending on the hacker's skills and their opinion on the value of the data.
Another popular type of ransomware simply blocks access to the device. It simply stops working, all it is still capable of doing is showing you the same banner commanding to transfer a certain sum in bitcoin to a certain wallet.
There are also human factor risks, especially since we aren't fully informed on how Samsung remote blocking works, as well as other similar remote control mechanisms of other vendors. It is quite possible (and it actually already happens) that an unprincipled employee gets an idea of making some extra money by selling the data gathered by your smart TV on the darknet. And there are plenty of vulnerabilities allowing to get even more information. All smart TVs are equipped with a microphone for voice control, and high-end models have a webcam. A hacker gains remote access, and here you are, being eavesdropped at best, and becoming a star of a reality show broadcasted somewhere on the darknet at worst.
Is the vendor actually on the user's side?
There is no need to strain your imagination, though, thinking of possible abuse scenarios. Samsung has already been caught spying on its users and harvesting huge amounts of data. The age of smart devices heralds the dark age for privacy. Vendors interfere remotely with devices' functions and declare it as an advantage and user care. Meanwhile, there's no guarantee that the vendor or other actors will not, or do not already exploit these capabilities in their own interest.
It is already almost impossible to buy a TV not stuffed with smart functions, and the gadget you've paid for literally does not belong to you. The only guaranteed solution right now is simply not to connect the device to any network. No data will be transferred, no remote access gained, no hack or abuse possible.
Samsung keeps a solid share of the smart TV market but it's not the only major player. Its competitors haven't yet announced similar remote control features, but technically they have everything ready for it. Besides, they have the same thirst for data and the same, quite flexible understanding of user privacy protection principles. LG, yet another TV market giant, has repeatedly been caught tracking users and has also recently spoken on remote blocking options.
If you listen to what people say on this situation, it's easy to notice that they do not feel the urging need for such technology. Nevertheless, it is they who pay from their own pocket for the ability of their TVs to turn into a pumpkin on Samsung's command.
Remote control and data harvesting potential of modern technologies, the quality and quantity of existing vulnerabilities, the level of corporations' disdain for user privacy, the desire of vendors to have their tentacles in every home through their smart devices — all of it comprises a huge threat to people's and public security.
There is probably no need to stress that we at AdGuard are strongly opposed to stealing devices or any other ways of acquiring them illegally. But we are no less strongly opposed to the idea of remote access and control features added without users' knowledge and consent. Our approach comes down to the simple idea that introducing new technologies, especially sensitive and potentially harmful, can be only done in the interests and at the request of users, not because of corporations' desire for profit.
Read the full digest on the AdGuard Blog:How do you do today? Our digest is hardly good to raise your mood, but we discuss important stuff. A lot has already happened in the first half of October, and probably some more big changes lie ahead.
1. Mark Zuckerberg: criticized but not embarrassed.
2.Apple did something good for privacy and security, but it's up to you to benefit from it.
3. Moar dystopia! Here's some from The Internet Archive.
4. Another new feature of Apple just exposed Chinese apps behaving Chinese.
5. Google voice assistant: hears more than you think, makes more mistakes than you'd like, will listen more and make more mistakes in the future.
6. Mozilla found a new place for an ad, what a joy.
I know it's still early but I wonder which adblocker(s) will be ready for Manifest V3 roll-out? AdGuard must have the biggest team of devs.... Shortly: Manifest V3 is the name for the new upcoming browser extension API. It intends to make extensions more secure by stripping extensions of access rights to web requests and, therefore, of many useful capabilities. So AdGuard’s Chrome extension might lose the ability to block ads as effectively as it does today. This will happen only in 2023, but we are already working on solving the possible problems.
This article was written based on a talk given by Adguard's CTO and co-founder Andrey Meshkov at Ad Blocker Dev Summit 2021.
So you can either watch the video or read this text to learn about content blocking at scale.
Absolutely everything is connected to the Internet these days, from TV to smart light bulbs, from mobile devices to smart auto. Given that ads and ad trackers are everywhere the Internet is, a browser-based ad blocker seems to be not enough. It provides just a tiny window into the "better Internet" without aggressive and intrusive banners vying for your attention. But what if you want to widen this "window" and have it all?
Then buckle up and get ready for a fascinating journey through the past, present, and future of DNS filtering. Why? Because DNS is the answer!
- Does not require installing additional software.
- Does not depend on the browser or OS vendor.
- No performance cost.
- Running a public DNS server allows you to observe the whole Internet. This is very useful if you maintain a blocklist. You can get rid of unused rules and promptly learn about new threats. DNS has no blind spots since it observes all devices and not just the browsers.
- Centralized solution is better at dealing with some issues.
- Cannot deal with first-party ads. For instance, you can’t block YouTube video ads because they are hosted on the same domain as legitimate videos.
- No cosmetic filtering. With DNS blocking alone you may not have most of the ads, but you have rather ugly web pages with broken frames and ad placeholders.
- Higher chance of breakage. For instance, some apps or websites may be broken due to blocked Google Analytics, and you can do nothing with that.
- Easier to circumvent. An app may simply choose to use a different DNS server.
The major con is that its easily bypassed with DOH which is avaible in almost all browsers today.
If you dont want your kids to go on Facebook or social media and use DNS blocking.
It would be a waste of time in this case if they enable DOH.
Yes, It depends on what you want to use it for. I use a system wide DNS filter to block some M$ services like bing etc.That is not the focus of AdGuard DNS (I know you are talking about the DNS technology in general), it is mainly used to deal with ads and ad trackers, so DOH isnt a issue it is a benefit.
Behold the recent release of our irregular digest!
Andrey Meshkov, CTO and co-founder of AdGuard, has recently spoken at a big industry event: Ad Blocker Dev Summit 2021. We've published a blog post based on his presentation, give it a read. Besides, you can watch it on YouTube, along with the other videos from the conference.
Preparing this digest we've invented ourselves a challenge: not to mention Facebook (or Meta, of course). There's a feeling that everybody is already a little tired from revelations, scandals, and accusations around the world's largest social network.
There are quite controversial native ads appearing in Telegram, but we ended up deciding it requires a full-fledged article about why they are controversial, what is wrong with them and what is right, and of course what we at AdGuard are going to do about them. So you won't find anything about that in the digest.
Last update on that was from September:Too bad there was no news on their plans re: Chrome Manifest V3. Isn't that the big news category for adblockers in '22-'23?
Manifest V3 and AdGuard
First of all, let us tell you about our immediate plans. We're currently overhauling the entire thing in order to move it to a new, better filtering engine. The first beta version is coming very soon, but it's not too late to join the fun: just install our beta Chrome extension. On a sad note, it will be rendered useless for users of Chromium-based browsers after January 2023. All the benefits will remain for other browsers' users to enjoy, though. And if you're a user of an AdGuard desktop or mobile app, why are you even reading this? You're completely fine and have nothing to worry about.
Second of all, in aticipation of Manifest V3 we're already working on a prototype for the new ad blocker extension, and let me tell you — it's hard. Manifest V3 is still raw, some things just don't yet work the way they were designed to. But we'll manage, as we always do, so hopefully you'll be able to compare the quality of the old and the new extensions soon. Will it become worse? Almost undeniably, but not by too much. The real victims in this transition are filter developers — most filter lists are maintained by single developers, who more often than not work on filters for free in their spare time. It will be not feasible for many of them to single-handedly rework the entire list to match the Manifest V3 requirements. We already discussed this threat in one of our previous articles.
What'll happen after 2023? Our bet is that Firefox will keep extensions made with Manifest V2 in their store, for a while at least. There probably is a point somewhere in the future when Mozilla will move to something else, whatever it will turn out to be. And the rest of the Chromium-based browsers will start migrating to Manifest V3. Even the ones that express their readiness to stick to MV2 and support backwards compatibility won't be able to do that forever.
There is a small ray of hope represented by the W3C workgroup, where browser and browser extension developers discuss all kinds of possible improvements. At the very least it provides a feeling of being listened to and heard, but such things rarely work fast. It's unclear when we'll see any real positive changes. Meanwhile, our advice is to go and block some ads — you never know when you'll get deprived of this opportunity.
Read the full story here:We've long known that social networks can impact our choice of a car, a movie to watch, or a trip to plan. There are ads that tell us what to buy, there are recommendations and suggestions, there is posts priority in the newsfeeds that imperceptibly dictate our behavior.
But can algorithms make us vote for one presidential candidate over another? Yes, they actually can, as we will illustrate below.
And the worst part is — nobody knows how exactly. And why, and what for, and what'll happen next. Bad news for conspiracy theories' lovers: there's most probably no World Government, there are just a bunch of algorithms that are not yet good enough for their own developers to be sure about how they work.
What do we users should do with all that? How exactly do social media impact our choices, both in private and in social life?
Of course it's not only Facebook that has an impact, but we are emphasising Facebook here because of the obvious reasons: the largest social network of the world with the most diverse coverage of users worldwide; the most critisized social network of the world (although some will claim that the Chinese social networks ones can compete); the most scrutinized social network of the world. But before we start tackling Facebook, let's browse some Twitter.
You may have wondered who the AdGuard team consists of and what kind of people create it. We are developers and QA engineers, designers and content creators, managers, and a support team, just to name a few. But our team is actually much broader than that, because we get a lot of support from the AdGuard community. Who are they? These are the people who like AdGuard and contribute to its development — translate the apps, extensions and websites into various languages, test beta versions, track down bugs and suggest new features, create filters and even write code.
We have a good tradition at our company. Every year we choose the most active members of our community, write an extensive blog post like this one, and reward the winners. And every year, when it's time to look back and sum up the results, we are surprised and excited by this inexhaustible source of energy, the people who help us.
So, are you ready? Let's unveil the list of the best AdGuard Contributors in 2021! Drumroll...
AdGuard provides great, ever evolving products for unwanted content filtering and the new VPN service is a good addition to that. I enjoy translating and I'm happy to support AdGuard by participating. Hopefully this helps make the software and services more accessible to Finnish users. Keep up the good work, everyone!
You know those episodes in TV shows that are made up of bits and pieces of the previous series. Most often, this format is used at the end of the season, to recall with the audience the brightest moments of the show and dive into nostalgia, to the accompaniment of a very touching tune. So, make yourselves comfortable, put the new Adele album in the background, and let's take a retrospective look at the past year together.
This year was a tough one, but overall calmer than the previous one. It has brought us many great accomplishments and just as many challenges. And we're thankful for the experience, and thankful to you for being there for us all these 365 days. We'd like to express our gratitude to you, to the users of our apps and extensions, and to all the volunteers who make invaluable contributions to AdGuard products.
Stay happy and healthy in 2022, take care of yourself and your loved ones, and we at AdGuard will take care of your online safety. See you next year!
Merry Christmas and Happy New Year, folks! Better late than never. We hope that the year that has come is going to be less challenging than the previous few ones. Cheers.
But we already know that these hopes are in vain. The web is becoming more complicated and dangerous, advertising and tracking become more sophisticated, data leaks become large-scale. It's not all doom and gloom, there are a number of positive trends too — for example, cybersecurity experts say that there is no need to pay for an antivirus anymore. Software vendors generally have good built-in protection suits, and what's more important, the evil guys now do not quite need viruses to abuse you.
An advice of the year and of all the years: use complicated passwords, change them every now and then, and turn two-factor authentication on. You can stay safe for years taking no measures, but then it happens just once, and you'd be sorry for a long time (not so much because of losing money, but rather because of knowing that you could have easily avoided it by not being lazy and stu… well, mistaken). By the way, check out this article if you want to know how exactly passwords are stolen.
Manifest v3 may be delayed
Good news everyone — Google's campaign against ad blocking extensions that we'd already warned you about met strong resistance again. Well, okay, to be clear, Google are not actually fighting ad blockers but rather limiting the capabilites of browser extentions, which sounds like a reasonable move from the security point of view, but would also maim or kill oh so many existing extentions. The Electronic Frontier Foundation, well known for advocating online privacy and security, has called Google to review their plans on the notorious Manifest v3. If Google still wants not to be viewed as "evil" by the public, they will at least take some time before introducing Manifest v3.
Surprise: people do need ad blockers
We are secure and scared of government
Big boss is watching you — your boss, actually
Bad boys punished themselves
People are just human
Well, that's it. Stay safe.