Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Advertisements. Show all posts

Tech Disparity: Low-Income Students Exposed to More Ads

 

A recent analysis reveals that students from low-income families are disproportionately attending schools lacking proper scrutiny of their educational technology, raising concerns about their data privacy. The study, conducted by Internet Safety Labs, indicates that these schools are more likely to utilize apps containing advertisements, posing additional risks to student privacy.

Even schools with a majority of American Indian/Alaskan Native students faced similar challenges, despite recommending or mandating fewer apps compared to wealthier counterparts. Shockingly, schools catering to the lowest-income students were found to be three times more inclined to endorse apps featuring behavioral ads compared to those serving families earning over $150,000 annually.

Lisa LeVasseur, the executive director of Internet Safety Labs, expressed disappointment at these findings, emphasizing the discrepancy between the recommended technology and its potential risks. Furthermore, schools with majority-Black student populations were identified as having the highest prevalence of ads and trackers on their websites.

This pattern of data collection presents a worrying scenario for minority and low-income families, as emphasized by LeVasseur. While individual ads in educational apps might seem harmless, the cumulative data collection across various tech platforms raises significant privacy concerns, especially considering the involvement of third-party data brokers.

These brokers compile extensive profiles of users, including sensitive information like religion, gender, location, and health details, without users' consent or control over its usage. Despite claims by software developers regarding transparent data collection practices, the ultimate utilization of such data remains unpredictable.

Moreover, children, particularly those under eight, struggle to differentiate between advertisements and content, complicating matters further. Even if apps claim not to sell children's data, analyses suggest they still profit from it indirectly.

Internet Safety Labs conducted a comprehensive audit in 2022, examining education apps recommended or required by a sample of school districts nationwide. The subsequent analysis aimed to uncover disparities based on student demographics, revealing significant differences in app vetting practices among schools.

Notably, lower-income schools, serving families earning between $20,000 and $39,000 annually, lacked systematic vetting of recommended technology, unlike their wealthier counterparts. Conversely, schools serving higher-income families were more likely to scrutinize the technology used by students.

Additionally, the analysis highlighted disparities in data privacy practices, with schools serving low-income and majority-Black student populations facing more significant challenges. Nonetheless, even basic vetting procedures proved effective in mitigating risks associated with ads and behavioral tracking.

LeVasseur recommends that schools with limited resources, at the very least, verify whether apps possess a COPPA Safe Harbor Seal before endorsing them. This seal, part of the Child Online Privacy Protection Act, signifies compliance with privacy guidelines, offering a measure of assurance to users.

There Could a Facebook-Cambridge Analytica Scandal Everyday


Today, the manner by which any personal data is processed by the ad delivery algorithms of advertising platforms of tech giants like Meta and Google leads to a much more severe threat to the integrity of electoral processes than microtargeting. The European Parliament's position on the Regulation on Political Advertising, which was adopted on February 2nd, is a step forward in addressing present and potential threats, pertaining to personal data, democracy, and fundamental rights. 

Digital Civic Space Advisor from European Center for Not-for-Profit Law (ECNL), Karolina Iwańska, along with Fernando Hortal Foronda, a Digital Policy Officer at the European Partnership for Democracy (EPD) comes up with their report on the Facebook-Cambridge Analytica Scandal.

Facebook-Cambridge Analytica Scandal 

In the 2010s, millions of Facebook users' personal information was illicitly obtained by the British consulting company Cambridge Analytica, mostly for the purpose of political advertising. 

Apparently, this data was gathered via an app named “This Is Your Digital Life,” developed by scientist Aleksandr Kogan and his company Global Science Research in 2013. The app gathered the personal information of users' Facebook friends while asking a series of questions to create psychological profiles of users, through Facebook's Open Graph platform. 

The app collected data from nearly 87 million Facebook profiles. Cambridge Analytica utilized this data in order to support Ted Cruz and Donald Trump's presidential campaigns in 2016. Following this, the corporation was widely accused of meddling in the Brexit referendum, although the official investigation acknowledged that Cambridge Analytica was not involved "beyond some initial enquiries" and that "no significant breaches" occurred. 

The aftermath of the Scandal 

Microtargeting is still the most frequently used term in the discussion of political ads in the wake of the Facebook-Cambridge Analytica Scandal, and it is seen as the biggest threat that needs to be addressed. 

This was in fact anticipated, considering the eye-catching nature of the scandal in terms of the Brexit referendum, which involves a charismatic whistleblower and shady players. Meanwhile, the threat that Europe faces stems less from political advertisements being targeted by secretive PR firms, political parties, or campaign organizations. 

However, what turns out to be underrated protagonists in the scandal are the automated systems of delivery which are being operated by Facebook or Google, since they precisely determine who and why an individual must engage with specific political ads, instead of anyone manually selecting the targeting criteria. 

Online Political Advertising Markets in Europe 

Ad Targeting 

The online political advertising market in Europe belongs to two companies: Meta and, to a smaller extent, Google. These companies, while promising advertisers to not access the personal data of potential voters, target something of a much greater value, i.e. delivering the ads directly to individuals who are most likely to engage with the advertised message. 

Deciding on who the target audience is, is entirely up to the platform instead of the political party. Although, the political party may contribute to selecting the potential audience, in terms of user interest and demographics. They can also upload information gathered elsewhere so the platform can compare it to individuals already registered and identify "lookalikes"— people who are similar to them. 

Ad Delivery Algorithms 

While ad targeting is a considerably good phase, ad budgets for European political campaigns are comparatively small for the message to reach everyone in the selected audience. This is where the role of the ad delivery algorithm kicks in. 

In this phase, Facebook and Google choose users for whom the advertisement is deemed to be the most "relevant" by the platform. This is decided using forecasts generated by automatic processing of the enormous amounts of personal information that these firms gather about particular users — and those who are similar to them — through pervasive tracking on their platforms and third-party websites. 

As compared to ad targeting, the automated delivery of political ads is deemed to be more impactful and dangerous, the reason being the massive amount of personal data involved in the same. Ad-delivering operations are inherently opaque. Moreover, the platform's machine learning algorithms look for patterns in behavioral data, which occasionally leads to the processing of sensitive data, like the users' health problems. 

What are the Impacts? 

In such aforementioned cases of political advertising, no matter if parties tend to target and reach diverse audiences, platforms are most likely to show ads to users who already agree with the message and support the given party. Therefore, creating a filter bubble for users, consequently fragmenting the public space. 

Political parties may also be impacted, considering that the platforms create push parties’ messages only for their supporters, reaching unconvinced or less politically active users would require a higher price for the party to pay. 

What are the Steps Taken? 

Instead of limiting the involvement of algorithms in political advertising, the European Commission's proposal to regulate political advertisements focused on somewhat reducing the processing of sensitive data and improving the openness of the processing of all personal data. 

The text approved by the European Parliament forbids the use of automated ad delivery methods, as well as inferred and observed personal data, in political advertising. This is the required action to safeguard the EU's democratic processes against improper influence, which could come from malicious activities as well as algorithms that have been tuned to benefit big tech's business objectives.

Rhadamanthys: Malware Hidden in Google Ads


Threat actors are establishing fraudulent websites for popular free and open-source software in order to promote malicious downloads via advertisements present in the Google search result. 

The info-stealing malware Rhadamanthys uses Google advertisements as a means of luring people into downloading malicious software. The malware steals information including email addresses and passwords in addition to focusing on cryptocurrency wallet credentials. 

Rhadamanthys is sold to criminals as malware-as-a-service (MaaS), and its utility has multiplied as infostealers become a popular tactic to attack targets. 

As of yet, at least one prominent user on the cryptocurrency scene has fallen prey following the malware campaign. According to the victims, the hackers had stolen all their digital crypto assets, along with having access to their professional and personal accounts. 

What is Rhadamanthys? 

According to threat researcher Germán Fernández, Rhadamanthys, named after the demigod child of Zeus and Europa in Greek mythology, has been dominating Google advertising for the widely used OBS (Open Broadcasting Tool) platform, a free video recording, and streaming service. 

Since November 2022, Rhadamanthys’ popularity has been growing rapidly. It has now advanced to a point where, if an online user searches for an OBS, they will eventually encounter five malicious ads at the apex of their Google searches, before seeing legitimate results below. 

A user may download malware, alongside legitimate software after he clicks on these advertisement links. 

In one such instance, 'Alex', a crypto influencer, better known by his online persona NFT God, was hacked following the download of a fraudulent executable for the OBS video recording and streaming program, through Google’s search results. His life was permanently altered when he mistakenly clicked on the fraudulently sponsored advertisement rather than the genuine one. 

“Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing amount of my net worth,” he tweeted. 

How does Rhadamanthys work? 

According to a report by the security firm Cyble, Rhadamanthys is offered for sale on the dark web and is distributed via spam emails along with Google advertisements. 

Rhadamanthys will start by obtaining relevant device data after a successful intrusion. The data often includes the device's name, model, operating system, OS architecture, hardware details, installed software, IP addresses, and user credentials 

“The Rhadamanthys program is capable of executing certain PowerShell commands[...]It also targets document files, the theft of which (depending on the sensitivity of their data) can cause severe issues for victims,” reads a blog post by cybersecurity firm PCrisk. 

In addition to this, the MaaS targets cryptocurrency wallet credentials by attempting to extract crytowallets’ passwords in order to acquire control of them and their funds. 

“In summary, the presence of stealer-type malware like Rhadamanthys on devices can result in serious privacy issues, significant financial losses, and even identity theft,” PCrisk concluded. 

How Can You Protect Yourself? 

In order to delay the victim’s response, users are advised to evade the malware activity by checking the URL, since the malicious links may seem identical to the official OBS site. The fraudulent URL may contain subtle spelling mistakes, a malicious tactic used to create fake URLs, called Typosquatting.   

Google Announces Privacy Sandbox on Android to Restrict Sharing of User Data

 

Google announced on Wednesday that it will extend its Privacy Sandbox activities to Android in an effort to broaden its privacy-focused, but less disruptive, advertising technologies beyond the desktop web. To that aim, Google stated it will work on solutions that prohibit cross-app tracking, similar to Apple's App Tracking Transparency (ATT) framework, essentially restricting the exchange of user data with third parties as well as removing identifiers like advertising IDs from mobile devices. 

Anthony Chavez, vice president of product management for Android security and privacy, stated, "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk." 

Google's Privacy Sandbox, which was announced in 2019, is a collection of technologies that will phase out third-party cookies and limit covert monitoring, such as fingerprinting, by reducing the number of information sites that can access to keep track of users online behavior. 

The Alphabet Inc. company, which makes the majority of its revenue from advertising, says it can safeguard phone users' data while still providing marketers and app developers with new technology to deliver targeted promotions and measure outcomes. According to Anthony Chavez, vice president of product management for Android Security & Privacy, the proposed tools for the Android mobile operating system would limit the app makers' ability to share a person's information with third parties and prohibit data monitoring across several apps. Google stated the tools would be available in beta by the end of 2022, followed by "scaled testing" in 2023. Chavez said in an interview that the best path forward is an approach “that improves user privacy and a healthy mobile app ecosystem. We need to build new technologies that provide user privacy by default while supporting these key advertising capabilities." 

Google is aiming to strike a balance between the financial needs of developers and marketers and the expanding demands of privacy-conscious consumers and regulators. The company is gathering feedback on the proposal, similar to how its Privacy Sandbox effort is gradually building a new online browsing privacy standard. Google's initial idea was met with derision from UK authorities and lawmakers, but the corporation has subsequently proposed serving adverts based on themes a web user is interested in that are erased and replaced every three weeks. 

Meta Platforms Inc., the parent company of Facebook, has been at odds with Apple over the company's App Monitoring Transparency tool, which allows iPhone users to turn off tracking across all of their apps. According to executives, Google's YouTube has taken a minor financial hit as a result of the technology. In other words, it makes it more difficult for marketers to verify whether their iPhone advertising was effective. 

According to Chavez, the Android Privacy Sandbox would enable tailored advertising based on recent "topics" of interest, and enable attribution reporting, which will tell marketers if their ad was effective.