A recent report from Google covered “a detailed investigation into the negative impact of ad injection and the ecosystem that supports it. We found that ad injection has entrenched itself as a crossbrowser monetization platform impacting more than 5% of unique daily IP addresses accessing Google—tens of millions of users around the globe.
Injected ads arrive on a client’s machine through multiple unwanted and malicious vectors, with our measurements identifying 50,870 Chrome extensions and 34,407 Windows binaries, 38% and 17% of which are explicitly malicious.
As part of our analysis, we alerted the Chrome Web Store of 192 deceptive ad injection extensions with 14 million user; the Chrome Web Store has since disabled the extensions.
Finally, we determined that ad injectors ultimately derive a profit by delivering deceptively sourced traffic to over 3,000 brands. This traffic enters the ad ecosystem through a small bottleneck of e-commerce networks. We have since reached out and alerted the advertisers and intermediaries impacted by ad injectors”.
While Google suggested no solution was a simple and easy one, they did recommend a number of strategies;
1. developers can measure their own ad injection levels by executing our client-side measurement, or go one step further and prevent or revert DOM modifications produced by ad injectors.
2. switch to HSTS if possible and it would prevent network providers and HTTP-only binary proxies from intercepting and tampering with client traffic.
3. browser developers must harden their environments against side-loading extensions or modifying the browser environment without user consent.
Combined, these strategies represent a breadth of technical and financial countermeasures to combat deceptive ad injection.
Should you have any enquiries, questions or need further information on this subject, you can email us at firstname.lastname@example.org
Mind Carnival provides transparent and best practices in media buying and analysis, website development, tracking and optimisation.