The Dubious World of Ad Injection

Ad injection is a largely legal but dubious method of injecting unwanted advertisements in the user’s browser. This is done using browser extensions / plugins which are not malware but exhibit similar behavior. The only difference being the author’s intention [which is not a good thing to base one’s security on]. In fact the extensions control what is displayed to the user and can effectively monitor the user’s online activities.
In May 2015, Google along with researchers from University of California published a paper “Ad Injection at Scale: Assessing Deceptive Advertisement Modifications”. This study names the large players in this field, what comes out is quite educating [for want of a better word]:

  • Most of them are from specific country.
  • Most of them have links to the military / intelligence units known to carry out surveillance activities.

Closer to home, a security researcher from Bengaluru recently published his findings about a telecom provider injecting JavaScript, every time a user accessed the Internet using 3G. The security researcher has since been served a cease and desist legal notice, which surprisingly was not from the telecom vendor but a company offering “Mobile Internet Optimization and Monetization Solutions” which is acceptable jargon for Ad Injection.
As the browser is home to all our online activities it is important to follow some safe browsing habits and be aware of “stuff running in your browser”. As a start configure different browsers for different sets of activities. For example browser 1 for regular browsing, browser 2 for sites which require log on and browser 3 for valuable stuff [online banking etc.].
Be Aware. Be Safe.

Rate this article: 
Average: 1 (2 votes)
Article category: