Attacked by Advertising

Attacked by adware and advertising

Tech bloggers were in an uproar today when it was discovered that extensions to Google Chrome are being hijacked to insert unwanted ads onto web pages. It’s only a symptom of a deeper problem that will plague all of us this year: the hunger to deliver ads to your eyeballs is making advertisers more desperate and more willing to resort to subterfuge and deceit.

The story today concerned two lightly-used extensions to Chrome that unexpectedly began inserting ads on web pages and causing ads to appear in popup windows. There was no easy way to find the source of the ads.

Extensions for Chrome are small programs that add new features to the browser. Many Chrome users use dozens of extensions for a variety of housekeeping tasks – examining source code, translating web pages, posting to social networks, and much more. One of their advantages is that Chrome extensions are updated automatically and silently.

Ars Technica was the first to report that the rights to two extensions had been purchased by advertisers, who then modified them to begin serving up ads. Chrome users were not given any notice of the change of ownership of the extensions, and the ad-serving updates were installed automatically, with no obvious way to learn that they were responsible for the ads – after all, they had already been on the computers for months doing useful things.

Today’s flap was resolved quickly. The Wall Street Journal contacted Google, which promptly removed the offending Chrome extensions.

The advertising problem, though, is only going to get worse, and there are some potentially nasty twists in the road.

The Wall Street Journal learned that other authors of more popular extensions have been approached and offered money to insert ad code or turn over the rights to their extensions. Expect to see more stories in 2014 about hijacked extensions.

It’s not a reason to avoid Chrome or stop using Chrome extensions! Like all free code, extensions come in all flavors – useful or useless, clean and elegant or badly written and buggy. Use the ones that help you. This is just today’s vector for ads. Tomorrow it will be something else.

I have been seeing many more computers brought down by adware recently. The basic techniques have not changed in years. When you install a program you believe you want, a collection of other cruddy programs is installed silently at the same time. All of a sudden you are deluged with popup windows, ads injected on web pages, and solicitations to buy programs you’ve never heard of.

The names change, although a few bad actors have been around for a while. The Ask toolbar, for example, is a lightly customized version of a toolbar distributed by IAC, an Internet media conglomerate controlled by Barry Diller. IAC distributes junk toolbars with a dizzying variety of branding.

Conduit toolbars and programs turn up frequently, usually under a pseudonym. Conduit is a large Israeli company which installs toolbars, hijacks your home page, changes your default search engine, and makes itself difficult to remove.

Adware might cause your computer to slow down or crash and it might report your browsing habits back to companies without your consent – but it’s not malware and it’s not illegal! These are written by people in suits working in billion-dollar companies. You might want to hit them but you can’t put them in jail. Antivirus programs won’t keep adware off your computer.

Advertisers will become ever more insistent. Google is working indefatigably to find new sources of ad revenue, as you’ve noticed if you’ve watched a YouTube video lately. All the companies making apps for mobile devices are frantically trying to find ways to put ads in your face, since that’s frequently the only way the company’s finances make any sense. (Think Facebook, Snapchat, Twitter, Instagram.)

Much of our new ad-driven world will be unavoidable but you can do two things to protect your computer.

—  Don’t install “free” programs, especially not to do something that you know you’re not supposed to do. If you’re trying to watch sports events that are blacked out on your TV, or watch TV shows that aren’t available from legitimate online sources, you’re dealing with bad people who are getting money from worse advertisers. Trying to save a buck by getting a “free” alternative to a program from Adobe or Microsoft is frequently a losing bet.

—  Always do a custom install of any “free” program and be alert for offers that can be declined. Adobe continues to bundle other programs with Adobe Flash and Adobe Reader, for example; if you’re not careful to uncheck the box, you’ll wind up with a (shudder) McAfee security program, or with Google Chrome unexpectedly set as your default browser.

As always, be careful out there!