Edward Snowden supports ad blocking, sort of

256px-Edward_Snowden-2 Heroic/notorious NSA whistleblower Edward Snowden recently outlined his recommendations for maintaining privacy online, and had this to say about ad blocking.

We’ve seen internet providers like Comcast, AT&T, or whoever it is, insert their own ads into your plaintext http connections. … As long as service providers are serving ads with active content that require the use of Javascript to display, that have some kind of active content like Flash embedded in it, anything that can be a vector for attack in your web browser — you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response.

While Snowden’s praise of ad blocking was only one element of a much larger program for security, it loudly underscores the dangerous interplay between current online advertising with security and privacy. Not surprisingly, Snowden’s entry into the raging debate over ad blocking raised quite a few eyebrows, and emphasizes, once again, how multi-faceted the discussion has become. Ethical, financial and technical questions swirl around ad blocking, of course, but there is also an undeniable security issue that may, for some, trump any other considerations. And the security problem with online advertising has existed for quite some time, both from a tracking perspective and an attack vector perspective.

Snowden’s analysis of ad blocking is idiosyncratic, however, in that he does not focus on either conventional adtech tracking or malvertising by third parties but instead calls out ad injection schemes by internet service providers. Such practices have occurred in recent years, and they could increase as ISPs continue to search for alternative revenue models, but they do not seem overly prevalent just yet. Infiltration by either malicious ad networks or hackers leveraging infected ad networks seem far more likely to cause problems.

In fact, Snowden is making a particular moral argument in favor of ad blocking. He emphasizes the “sanctity of the relationship between reader and publisher,” more than he does the dangerous vulnerability that can exist with Javascript and Flash dependent advertising, regardless of how they spread. If the publisher is the one serving up the advertising, what are the readers’ rights or duty in that case? The odds of infection are likely much higher from a third party ad network than from a major ISP, such as Comcast and AT&T, but should readers accept that risk on behalf of the publishers’ wishes and revenue? Snowden is a bit confusing here, and I have not seen any other readers of his piece in The Intercept remark on this ambiguity, but it does, once again, emphasize the complex interplay between ethics and security that can exist in the ad blocking discussion.

In the comments to the piece, author Micah Lee does lay out a much stronger point of view in support of ad blocking in general, and he, unlike Snowden, does not connect it to publishers at all, just advertisers.

The ad industry needs to figure out how to profitably advertise without violating people’s privacy. It’s a hard problem, because the more intrusive the tracking the more valuable it is to these companies. But people have a right to privacy, to control how they use and what they install on their own computers, and to protect themselves from shady stuff online — and blocking ads does all of these.

It may be that Snowden agrees in Lee on this point, and just expressed himself inarticulately in the interview. But the questions does remain: o we have a moral obligation to view ads on publications we want to support, even if this presents us with serious security issues? The most high profile security activist in the world currently seems to be saying we should.

Leave a Comment

Your email address will not be published. Required fields are marked *