Much of today’s Web content—news, search, free email and collaboration tools, video sharing and social media—is paid for by advertising. Ads are an effective “micro-payment” system loosely linked to consumption.
Although we benefit from these supposedly “free” services it’s important to understand the real cost and downsides of the ad-funded Web for everyone who uses it. Ostensibly the advertiser foots the bill, but tracking invades user privacy, and advertisements undermine security, degrade performance, and shifts much of the real cost of delivery onto users. There are other problems with online ad delivery as we know it, including billions of dollars that are utterly wasted on malicious and fraudulent ads, according to one recent report. But the toll on the user experience and hidden network-related costs is the true untold story.
Successful ad targeting relies on an intimate knowledge of user behavior and activity. Analytics that allow the search giants to track your every click are baked into most sites, and Google will soon allow advertisers to directly target specific users based on their email addresses. The entire premise of targeted advertising demands an ever more intimate knowledge of the user—an invasion of privacy that leaves users increasingly uncomfortable and raises the specter of a dystopian Internet in which every move people make online is tracked.
The privacy concerns bleed into the security issues. Unfortunately, malware writers are keenly aware of the opportunity afforded by well-targeted advertisements. My colleague Rahul Kashyap has explained how targeted attacks increasingly use compromised news and entertainment sites to deliver malicious ads that can compromise your device even without a click. A precisely targeted ad platform allows malware writers to efficiently reach their targets, and despite the best efforts of the ad networks to detect malvertisements, they face the same limits of detection as traditional anti-virus and are relatively easy to bypass.
A typical ad-populated Web page reaches out to scores of different sites to fetch and render content, making it harder to detect anomalous traffic patterns and malicious content. And since the vast majority of enterprise breaches start with a compromised endpoint—often malware delivered to the browser—the ad-funded Web is a direct contributor to the shocking toll of enterprise breaches.