Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

US Lawmakers Press Online Ad Auctioneers Over User Data

A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends.

A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends.

In the real-time bidding process to decide which personalized ads a user sees when a web page loads, hundreds of businesses receive a user’s personal information, including search history, IP address, age and gender.

Questions about the sale of data gathered during the auction process were also sent to AT&T, Index Exchange, Magnite, OpenX, PubMatic and Verizon, according to the office of Senator Ron Wyden, a Democrat representing Oregon.

“Few Americans realize that some auction participants are siphoning off and storing ‘bidstream’ data to compile exhaustive dossiers about them,” Wyden and other senators wrote in letters to the companies.

“This information would be a goldmine for foreign intelligence services that could exploit it to inform and supercharge hacking, blackmail, and influence campaigns.”

While online ad exchanges use automated bidding systems to determine which ads to show people using internet services, data such as user locations, devices, and web activity can be gathered, according to the senators.

“These dossiers are being openly sold to anyone with a credit card, including to hedge funds, political campaigns, and even to governments,” the senators wrote.

Questions sent to the companies included what information is gathered about people in the course of serving up ads and which foreign firms have bought such data from them, according to the release.

Advertisement. Scroll to continue reading.

The companies were given until May 4 to provide answers.

Twitter told AFP it had received the letter and intended to respond. The other companies did not immediately respond to queries for comment.

Google has pledged to steer clear of tracking individual online activity when it begins implementing a new system for targeting ads without the use of so-called “cookies.”

The internet giant’s widely used Chrome browser recently began testing an alternative to the tracking practice that it believes could improve online privacy while still enabling advertisers to serve up relevant messages.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.