Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

What’s the Real Cost to Us of an Ad-Funded Web?

Much of today’s Web content—news, search, free email and collaboration tools, video sharing and social media—is paid for by advertising. Ads are an effective “micro-payment” system loosely linked to consumption.

Much of today’s Web content—news, search, free email and collaboration tools, video sharing and social media—is paid for by advertising. Ads are an effective “micro-payment” system loosely linked to consumption.

Although we benefit from these supposedly “free” services it’s important to understand the real cost and downsides of the ad-funded Web for everyone who uses it. Ostensibly the advertiser foots the bill, but tracking invades user privacy, and advertisements undermine security, degrade performance, and shifts much of the real cost of delivery onto users. There are other problems with online ad delivery as we know it, including billions of dollars that are utterly wasted on malicious and fraudulent ads, according to one recent report. But the toll on the user experience and hidden network-related costs is the true untold story.

Successful ad targeting relies on an intimate knowledge of user behavior and activity. Analytics that allow the search giants to track your every click are baked into most sites, and Google will soon allow advertisers to directly target specific users based on their email addresses. The entire premise of targeted advertising demands an ever more intimate knowledge of the user—an invasion of privacy that leaves users increasingly uncomfortable and raises the specter of a dystopian Internet in which every move people make online is tracked.

The privacy concerns bleed into the security issues. Unfortunately, malware writers are keenly aware of the opportunity afforded by well-targeted advertisements. My colleague Rahul Kashyap has explained how targeted attacks increasingly use compromised news and entertainment sites to deliver malicious ads that can compromise your device even without a click. A precisely targeted ad platform allows malware writers to efficiently reach their targets, and despite the best efforts of the ad networks to detect malvertisements, they face the same limits of detection as traditional anti-virus and are relatively easy to bypass.

A typical ad-populated Web page reaches out to scores of different sites to fetch and render content, making it harder to detect anomalous traffic patterns and malicious content. And since the vast majority of enterprise breaches start with a compromised endpoint—often malware delivered to the browser—the ad-funded Web is a direct contributor to the shocking toll of enterprise breaches.

And then there are the hidden end user costs that no one talks about.

You’re probably fed up with the jarring user experience of video ads that auto-play in the middle of a news story you’re reading, but you may not be aware that in addition to the annoyance, you are paying in other ways for much of the real cost of ad delivery as well.

When you visit a site such as, advertisers bid in real time to deliver targeted content to your browser, which generates tons of network traffic and impacts response times, particularly for video-based ads.

Research by the New York Times estimates the monthly data cost for ad delivery to a mobile subscriber in the U.S. to be as high as $9.60 per month. For the roughly 200 million smartphones in the U.S. alone, that totals $23 billion —about 40 percent of annual U.S. online advertising industry revenues. 

And finally, there are additional negative impacts on the user experience that get ignored. Processing all that traffic and rendering complex content slows the Web to a crawl, consumes CPU and memory, and drains your battery. Research by my colleague Dan Allen using the Project VRC framework confirms that the browser is the most resource-intensive application for most users. Eliminating ads from a Web page slashes memory use up to 60 percent and CPU utilization by as much as 90 percent, dramatically reducing battery drain.

We owe the richness of today’s Web to the micro-payment model of online advertising, and it is difficult to imagine an alternative. But there are consequences for anyone who uses the Internet, although they may not realize it.

A Web without ads would respect user privacy, reduce security breaches and make the experience more zippy and responsive. Fortunately it’s entirely within your power to opt out of the status quo. If you want to experience the joys of an ad-free Web, some options include using ad blockers or a modified hosts file, while some security products also block ads.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.