A roundup of links on tracking, advertising and security. These are not complete or even representative, but may be useful to somebody.
Attitudes towards tracking and surveillance
- 91% of adults in the survey “agree” or “strongly agree” that consumers have lost control over how personal information is collected and used by companies (http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/)
- 64% believe the government should do more to regulate advertisers, compared with 34% who think the government should not get more involved (ibid)
- 40% of teen social media users say they are “very” or “somewhat” concerned that some of the information they share on social networking sites might be accessed by third parties like advertisers or businesses without their knowledge (http://www.pewinternet.org/2013/05/21/teens-social-media-and-privacy/)
- 81% of parents report being “very” or “somewhat” concerned about how much information advertisers can learn about their child’s online behavior (ibid)
- 17% of the adults who have heard about the government surveillance programs say they have changed their privacy settings on social media in an effort to hide their information from the government (http://www.pewinternet.org/2015/03/16/how-people-are-changing-their-own-behavior/)
- Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising (https://www.andrew.cmu.edu/user/pgl/soups2012.pdf)
Advertising and fraud
- Malvertising abuses RTB, using fingerprinting and microtargeting to do things like spearphish (https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840)
- Doubleclick used to spread malware (https://blog.malwarebytes.org/malvertising-2/2014/09/googles-doubleclick-ad-network-abused-once-again-in-malvertising-attacks/)
- Doubleclick and Zedo used to spread malware (https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/)
- Too many to count: https://blog.malwarebytes.org/?s=advertising
- Malvertising doubles every year since 2011 (http://money.cnn.com/2014/10/15/technology/security/malvertising/)
- 67% of bot traffic comes from residential IPs. Bot traffickers remotely control home computers to generate ad fraud profits. 19% of retargeted ads are consumed by bots, and even higher in video (http://www.whiteops.com/botfraud, well worth downloading)
- 56% of ad impressions are never seen, not even for a second (http://think.storage.googleapis.com/docs/the-importance-of-being-seen_study.pdf)
Bugs
- Facebook personal information leak from shadow profiles (https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766, http://packetstormsecurity.com/news/view/22713/Facebook-Where-Your-Friends-Are-Your-Worst-Enemies.html)
- Google accidentally collects data from unencrypted WiFi (http://www.pcworld.com/article/2048541/google-loses-appeal-in-street-view-privacy-lawsuit.html, http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html)
- Apple keeps 3G location log (http://blog.chron.com//techblog/2011/04/why-is-apples-ios-logging-location-information-updated/)
Tracking
- NSA uses Google cookies to pinpoint targets for hacking (http://www.washingtonpost.com/blogs/the-switch/wp/2013/12/10/nsa-uses-google-cookies-to-pinpoint-targets-for-hacking/)
- Facebook cookies and EU law, similar to Facebook Beacon complaints (http://www.theguardian.com/technology/2015/mar/31/facebook-tracks-all-visitors-breaching-eu-law-report)
- How Target figured out a teen girl was pregnant before her father did (http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/)
- Acxiom: the company that knows if you own a cat or if you're right-handed (http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/5231752/Acxiom-the-company-that-knows-if-you-own-a-cat-or-if-youre-right-handed.html)
Some privacy litigation
- Google broke Canada’s privacy laws with targeted health ads according to The Office of the Privacy Commissioner of Canada (http://www.theglobeandmail.com/technology/tech-news/google-broke-canadas-privacy-laws-with-targeted-ads-regulator-says/article16343346/)
- Google loses Safari cookie tracking case and also loses on appeal (http://appleinsider.com/articles/15/03/27/google-loses-uk-appeal-in-safari-cookie-tracking-case-could-face-trial)
- Facebook Beacon lets third party sites publish events to people's feeds (http://www.pcworld.com/article/184029/facebook_halts_beacon_gives_9_5_million_to_settle_lawsuit.html)
- Google Buzz privacy lawsuit (http://mashable.com/2010/09/03/google-buzz-lawsuit-settlement/)
- Suit dismissed against Jetblue and Acxiom for using customer data without their knowledge (http://www.aviationpros.com/news/10433407/ny-federal-judge-dismisses-lawsuit-against-jetblue-acxiom)
- Suit against Acxiom for buying driver data from Arkansas DMV (http://ivebeenmugged.typepad.com/my_weblog/2010/01/dppa-class-actions.html)
