Have you heard the news? Google’s advertising platform has exploitable flaws! Oh no! But we already knew this, didn’t we? I mean, no system is perfect, right?
Truth is, yes, this is not a new thing: Google’s system has long been gamed by many nefarious players. The activity that Google has decided to highlight this week is a sneaky practice called ad injection. The gist of it is, malicious software devs cook up a compromised browser plugin that makes a broad request for permissions and convinces you to install it. Then, as you surf the web and visit pages that serve up Google ads, the plugin inserts its own advertising in place of the ads that Google is trying to show you, in a way that is so well disguised as to keep you from ever noticing there’s something fishy going on. You view – and possibly click – the interposing ads, instead of the ads that Google’s advertising clients want you to see. That creates potential for the malware to trick Google into charging AdWords advertisers for your click action even though you were actually clicking the ad that the malicious ad injecting plugin served you. Very evil, and really not in the best interests of anyone but the handful of people who are distributing the malware. So, not something we, or Google, wants to encourage by any means.
Just like we don’t want to encourage the spread of cancer. And seeing as ad injection is actively corroding the life source of the Internet, I think it deserves a proper medical name befitting a cancer. Let’s call it adinjectoritis.
Fortunately it is in Google’s better interests to eradicate adinjectoritis, and so eradicating it they have begun to do. Last year over a period of a few months, Google joined forces with awesome folks from University of California’s Berkeley and Santa Barbara campuses, in order to conduct a study that scientifically investigated the nature and extent of adinjectoritis within the body silico of the Internet. What they found is pretty shocking: more than 1 in every 20 unique IPs that hit Google’s ad properties are definitely or potentially compromised by ad injection software. All that lost traffic adds up to many millions of unserved ad impressions, lots of forfeited revenue for Google and lots of potentially wasted ad dollars spent by marketing departments on AdWords campaigns. Google estimates that more than 3,000 AdWords advertisers are being routinely victimized by ad injection, and they cite many major retailers as examples in their report.
If we want the Internet to be accessible and affordable to as much of the world as possible, then it must be a healthy and hospitable place for profitable advertising. Allowing or even encouraging developers of ad injection software is wholly counter-productive to this end – not even to mention how destructive the long-term effects of such activity could be to the financial incentives that motivate so many site owners who feed our digital consumption addiction.
We love our cat pictures, don’t we? Advertising pays for those. Here’s to hoping that Google can wield its influence over the web enough to vaccinate us from this digitally contagious cancer.
Adinjectoritis, you’re on the verge of extinction.