Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

What’s the Real Cost to Us of an Ad-Funded Web?

Much of today’s Web content—news, search, free email and collaboration tools, video sharing and social media—is paid for by advertising. Ads are an effective “micro-payment” system loosely linked to consumption.

Much of today’s Web content—news, search, free email and collaboration tools, video sharing and social media—is paid for by advertising. Ads are an effective “micro-payment” system loosely linked to consumption.

Although we benefit from these supposedly “free” services it’s important to understand the real cost and downsides of the ad-funded Web for everyone who uses it. Ostensibly the advertiser foots the bill, but tracking invades user privacy, and advertisements undermine security, degrade performance, and shifts much of the real cost of delivery onto users. There are other problems with online ad delivery as we know it, including billions of dollars that are utterly wasted on malicious and fraudulent ads, according to one recent report. But the toll on the user experience and hidden network-related costs is the true untold story.

Successful ad targeting relies on an intimate knowledge of user behavior and activity. Analytics that allow the search giants to track your every click are baked into most sites, and Google will soon allow advertisers to directly target specific users based on their email addresses. The entire premise of targeted advertising demands an ever more intimate knowledge of the user—an invasion of privacy that leaves users increasingly uncomfortable and raises the specter of a dystopian Internet in which every move people make online is tracked.

The privacy concerns bleed into the security issues. Unfortunately, malware writers are keenly aware of the opportunity afforded by well-targeted advertisements. My colleague Rahul Kashyap has explained how targeted attacks increasingly use compromised news and entertainment sites to deliver malicious ads that can compromise your device even without a click. A precisely targeted ad platform allows malware writers to efficiently reach their targets, and despite the best efforts of the ad networks to detect malvertisements, they face the same limits of detection as traditional anti-virus and are relatively easy to bypass.

A typical ad-populated Web page reaches out to scores of different sites to fetch and render content, making it harder to detect anomalous traffic patterns and malicious content. And since the vast majority of enterprise breaches start with a compromised endpoint—often malware delivered to the browser—the ad-funded Web is a direct contributor to the shocking toll of enterprise breaches.

And then there are the hidden end user costs that no one talks about.

You’re probably fed up with the jarring user experience of video ads that auto-play in the middle of a news story you’re reading, but you may not be aware that in addition to the annoyance, you are paying in other ways for much of the real cost of ad delivery as well.

When you visit a site such as cnbc.com, advertisers bid in real time to deliver targeted content to your browser, which generates tons of network traffic and impacts response times, particularly for video-based ads.

Research by the New York Times estimates the monthly data cost for ad delivery to a mobile subscriber in the U.S. to be as high as $9.60 per month. For the roughly 200 million smartphones in the U.S. alone, that totals $23 billion —about 40 percent of annual U.S. online advertising industry revenues. 

And finally, there are additional negative impacts on the user experience that get ignored. Processing all that traffic and rendering complex content slows the Web to a crawl, consumes CPU and memory, and drains your battery. Research by my colleague Dan Allen using the Project VRC framework confirms that the browser is the most resource-intensive application for most users. Eliminating ads from a Web page slashes memory use up to 60 percent and CPU utilization by as much as 90 percent, dramatically reducing battery drain.

We owe the richness of today’s Web to the micro-payment model of online advertising, and it is difficult to imagine an alternative. But there are consequences for anyone who uses the Internet, although they may not realize it.

A Web without ads would respect user privacy, reduce security breaches and make the experience more zippy and responsive. Fortunately it’s entirely within your power to opt out of the status quo. If you want to experience the joys of an ad-free Web, some options include using ad blockers or a modified hosts file, while some security products also block ads.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.