this post was submitted on 27 Sep 2023
355 points (96.8% liked)

Technology

59086 readers
3617 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
355
Online Ads Can Infect Your Device with Spyware (www.scientificamerican.com)
submitted 1 year ago by Bebo@literature.cafe to c/technology@lemmy.world
77 comments fedilink hide all child comments
 

An investigative report reveals that new spyware can slip in unseen through online ads—and there is currently no defense against it. So not only that online ads are intrusive and can infect devices through malware, they can also be used for spying.

top 50 comments
sorted by: hot top controversial new old
[–] GreenEngineering3475@lemmy.world 136 points 1 year ago (1 children)

An adblocker in this day and time is must for internet usage.

[–] hellequin67@lemm.ee 34 points 1 year ago (3 children)

Or offload them at the DNS so they dont even get to the device in the first instance.

[–] Geek_King@lemmy.world 46 points 1 year ago (1 children)

I do so love my Pihole. I forget how many ads are all over websites until I load up some site on a machine outside of my network.

[–] BolexForSoup@kbin.social 7 points 1 year ago (4 children)

I need to get a new modem/router. My arris that came with my fiber internet screws up my ability to remote connect to Plex and it won't let me set up a pihole.

load more comments (4 replies)
[–] ares35@kbin.social 18 points 1 year ago (1 children)

dns-based solutions don't get them all.

[–] pennomi@lemmy.world 23 points 1 year ago (2 children)

Probably worth having multiple layers of defense

[–] CumBroth@discuss.tchncs.de 7 points 1 year ago* (last edited 1 year ago)

One thing I like about this particular layer of defense is that it gives you more insight into the activities of the software and operating systems you're using. The statistics they provide (I use Adguard Home) have proven very useful to me on several occasions .

[–] hellequin67@lemm.ee 6 points 1 year ago

No solution is perfect but could a DNS based solution with a privacy browser is as good as I can get on mobile devices without not connecting to the internet at all.

[–] GreenEngineering3475@lemmy.world 5 points 1 year ago

I use(and recommend) both for the best user experience.UBlock origin's element zapper feature has changed my life.

[–] teft@startrek.website 88 points 1 year ago* (last edited 1 year ago) (2 children)

and there is currently no defense against it.

Don't load ads. There, problem solved.

[–] Mrduckrocks@lemmy.world 45 points 1 year ago (2 children)

I swear 90% of the world not aware of adblocker.

[–] micka190@lemmy.world 11 points 1 year ago (2 children)

And then 9% out of that remaining 10% just can't be bothered to install them for some insane reason.

[–] TimeSquirrel@kbin.social 7 points 1 year ago

"I don't mind the ads..."

"WHY THE FUCK NOT, ARE YOU EVEN HUMAN?"

load more comments (1 replies)
load more comments (1 replies)
[–] n3cr0@lemmy.world 67 points 1 year ago (1 children)

There is no defense?

Imagine a world without Adblocker, haha!

[–] Th4tGuyII@kbin.social 13 points 1 year ago* (last edited 1 year ago) (1 children)

There is no defence they will tell you about. No ADs for you means less money for them

load more comments (1 replies)
[–] AnonTwo@kbin.social 53 points 1 year ago (21 children)

Are we back in 1995? This should be common knowledge.

Blocking ads to avoid their malware was the #1 reason to have adblocker.

load more comments (20 replies)
[–] charonn0@startrek.website 53 points 1 year ago (2 children)

The FBI recommends using an ad blocker for precisely this reason.

[–] aceshigh@lemmy.world 19 points 1 year ago (2 children)

And then companies like YouTube force you to unblock them.

[–] Buddahriffic@lemmy.world 7 points 1 year ago (1 children)

What? YouTube can't force me to do shit.

[–] HurlingDurling@lemm.ee 6 points 1 year ago (1 children)

They have blocked users in the past from seeing any videos until their adblocker it removed

[–] Buddahriffic@lemmy.world 17 points 1 year ago (1 children)

You still have the option of closing the tab and moving on with life, or digging in to see if there's another way around it.

[–] MrFlamey@lemmy.world 5 points 1 year ago

Closing the tab and moving on with life is what I do when a Twitter login prompt or paywall appears. I've often thought it would be better for me to unblock ads, at least on timewasting sites like Youtube, just so that I get pissed off by the ads and close the tab, making it easier to stop wasting time.

load more comments (1 replies)
[–] plz1@lemmy.world 27 points 1 year ago

Defense against it

  • uBlock Origin
  • NextDNS (I highly recommend this to everyone because you can easily get it for mobile devices and block ads served over mobile networks)
  • PiHole
  • Plenty of other options

But if corporate media reported on ways to block ads, it'd eat into their own bottom line, so I can understand their choice to skirt the whole "ads are blockable with some level of effort" conversation.

I've been blocking online ads for nearly the entirety of my multi-decade usage of the internet, to the point where seeing them now is actually quite jarring. The fact that they're now a prime vector for malware and spyware/capitalist surveillance just one-ups the decision to block them just for the annoyance factor.

[–] FluffyPotato@lemm.ee 21 points 1 year ago (1 children)

Yea, that's not new. Malware in ads has been around for like a decade. None of the major ad providers have given zero fucks about it so an ad blocker is mandatory and with Google trying to make ad blocking harder to impossible it's only a matter of time until some major issues with this malware happens.

load more comments (1 replies)
[–] Alkatane@lemmy.world 12 points 1 year ago (1 children)

AdGuard DNS for android :)

[–] Bebo@literature.cafe 5 points 1 year ago (8 children)

Yes! And ublock origin on Firefox. And I use newpipe with sponsor block for youtube. Not seen an ad in ages. Ads are a cybersecurity threat no doubt.

load more comments (8 replies)
[–] bjoern_tantau@swg-empire.de 10 points 1 year ago* (last edited 1 year ago) (3 children)

~~This is using some vulnerability in iOS. I'm an Android and Linux guy, but let's hope Apple quickly finds the bug and fixes it.~~ And fuck that agency for not alerting Apple and instead profiting from it. And fuck the Israeli government for enabling them.

Edit: I misread, supposedly this is miraculously able to target every device.

[–] Semi-Hemi-Demigod@kbin.social 10 points 1 year ago (1 children)

Even better: Thanks to ad tracking you can show specific malware to a specific cohort of people. Want to get spyware on every computer in DC? Just sign up for our ad program!

[–] fubo@lemmy.world 8 points 1 year ago

This sort of creepitude isn't even specific to online ads.

You know postal junk mail? The "direct marketing" companies that enable it will cheerfully sell you a list of the home addresses of people meeting any demographic characteristics you want.

Do you have reason to want a list of 18-25-year-old gay men in the Boston area, widowed Asians in San Francisco, or military veterans in Oklahoma City? With their names, ages, and their home addresses?

They can sell you one, perfectly legally, and it's not even that expensive.

[–] madsen@lemmy.world 6 points 1 year ago* (last edited 1 year ago)

From the article:

What sets Insanet’s Sherlock apart from Pegasus is its exploitation of ad networks rather than vulnerabilities in phones. A Sherlock user creates an ad campaign that narrowly focuses on the target’s demographic and location, and places a spyware-laden ad with an ad exchange. Once the ad is served to a web page that the target views, the spyware is secretly installed on the target’s phone or computer.

If they're using ads on a web page to install spyware, then they're most definitely exploiting vulnerabilities—unless they're showing the user a 'do you want to install XYZ?', in which case this isn't newsworthy at all. Ads aren't some magical thing that can just go around installing shit silently, so I don't know wtf the article is going on about, but it doesn't make sense.

Edit: The Register seems to have a more sensible take on it: https://www.theregister.com/2023/09/16/insanet_spyware/

load more comments (1 replies)
[–] Treczoks@lemmy.world 5 points 1 year ago (1 children)

And still websites are pissed that I block ads. Websites, the adblocker is not there to annoy you, it is there to protect me from your foolishness and lazyness when it comes to weed out bad actors.

load more comments (1 replies)
load more comments
view more: next ›