Google’s plan to block certain ads in Chrome is making ad executives nervous and fueling conspiracy talk | Business Insider

Google’s plan to block certain ads in Chrome is making ad executives nervous and fueling conspiracy talk; Mike Shields; In Business Insider; 2017-10-27.

tl;dr → Google’s Coalition for Better Ads is non-transparent. Many have FUD.

Mentions

  • Google
  • Parsec
    • runs proscribed ads
    • will have to abandon that practice
  • Interactive Advertising Bureau (IAB)
    honorific: <quote>the leading digital-ad trade group</quote>
  • Venable,
    Venable is a purveyor of legal services to the trades.

Proscribed

The Better Ads Standards
  1. auto-play video with sound
  2. mobile full screen rollover (takeover), statement
  3. ten other types, not enumerated
    (there are twelve proscribed creative types)

Administrator

Venable

Membership

two tiers (three tiers)
  1. Google
  2. Tier 1, dues required.
  3. Tier 2, dues required.

Members

  • “dozens of members”
  • Exemplars
    (dropping some names that you are expected to recognize)

    • Google,
    • IAB,
    • GroupM,
    • Procter & Gamble,
    • Thompson Reuters.

Quoted

For color, background & verisimilitude…

  • Anonymous, spox, Google
  • Marc Guldimann, CEO, Parsec
    is against it.
  • Harry Kargman, CEO, Kargo,
    Kargo is in media arbitrage & agency work,
    is against it.
  • Gefen Lamdan, senior vice president, Celtra.
    Celtra is an agency,
    is against it.
  • Ari Lewine, co-founder, chief strategy officer, Triplelift.
    is against it; was vague, mentioned Facebook, Google.
  • Brendan McCormick, spox, Venable
  • Jim Spanfeller
    • honorific: an industry veteran,
    • ex-GM Forbes.com, attributed as “who once ran”
    • founder The Daily Meal, (a blog)
  • Troy Young, president digital, Hearst Media.
    like it; opines Google’s viewpoint on Google’s media.

Referenced

Previously

In Business Insider

Help Your Users `Save-Data` (an HTTP header for Chrome) | CSS-Tricks

Help Your Users `Save-Data` Jeremy Wagner; In CSS-Tricks; 2017-10-02..

Original Sources

Mentions

  • Apache configuration settings
  • Android Chrome only.
  • Chrome plugins to make it work “on the desktop.”

W3C Payment Request API is Being Implemented in All Major Browsers | ProgrammableWeb

W3C Payment Request API is Being Implemented in All Major Browsers; Janet Wagner; In ProgrammableWeb; 2017-09-20.

Original Sources

Mentions

Participants

  • Chrome,
  • Edge,
  • Firefox,
  • WebKit.
  • Facebook
    • Facebook Messenger Extensions SDK
  • Samsung
    • Samsung Internet for Android 5.

Quoted

For color, background & verisimilitude…

  • Ian Jacobs, Lead, Web Payments Working Group, W3C.
  • Lukasz Olejnik, expert
    • Dr. Lukasz Olejnik
    • site

As Microsoft Joins Coalition for Better Ads, Blocking by Browsers Looks Set to Spread | Advertising Age

As Microsoft Joins Coalition for Better Ads, Blocking by Browsers Looks Set to Spread; ; In Advertising Age; 2017-09-20.

tl;dr → Microsoft has joined the Coalition for Better Ads.

Original Sources

Rik van der Kooi (Microsoft); Microsoft Joins The Coalition For Better Ads; In Their Blog; 2017-09.
Rik van der Kooi is corporate VP for search advertising, Microsoft.

Mentions

  • Microsoft
  • Coalition for Better Ads (CBA)
    • for Chrome
    • of Google
  • Edge
    • a browser
    • of Microsoft
  • <could><eventually>unilaterally block ads that coalition research editorial has deemed annoying.</eventually></could>
  • Google
  • Will call it “ad filtering” going forward
    <quote>The term “blocking” carries a lot of baggage.</quote>
  • <quote>Chrome browser will start “filtering” in “early” 2018.
  • Digital Content Next
    • a trade association
    • for online publishers
    • member, CBA
  • Adblock Plus
    • Eyeo
    • <quote>charges [large] companies fees to participate in its whitelisting program<quote>
    • The business model is extortion, attributed to Randall Rothenberg.
      The spox of Microsoft did not <quote>immediately respond to a request for comment on that point.</quote> [but did she later?]

Membership

  • Procter & Gamble
  • Unilever
  • WPP’s GroupM
  • Facebook
  • Thomson, of Reuters
  • The Washington Post
  • Interactive Advertising Bureau (IAB)
  • Association of National Advertisers (4As)
  • Digital Content Next, a trade association for online publishers and a coalition member itself.
  • <ahem>…and more!</ahem>

Quoted

For color, background &&amp verisimilitude…

  • A spox, a ‘droid, presented as a woman, Microsoft.
  • Rik van der Kooi, corporate VP for search advertising, Microsoft.
  • Satya Nadella, CEO, Microsoft.
  • Jason Kint, CEO, Digital Content Next.
  • Randall Rothenberg, CEO, Interactive Advertising Bureau (IAB).

Previously

In Advertising Age

Getting started with Puppeteer and Chrome Headless for Web Scraping

Emad Ehsan; Getting started with Puppeteer and Chrome Headless for Web Scraping; In His Blog, centrally hosted on Medium; 2017-08-25.
Emad Ehsan is Emad Ehsan.

Mentioned

Referenced

A next-generation Firefox would/could/might use WebKit (Blink) engine

The future of Firefox is … ChromeKieren McCarthy; In The Register; 2016-04-11.
Teaser: Start your shouting engines

Original Sources

Mentions

(the componentry)

Previously

Testimonial Experience With [Attempting to Evade] the Great Firewall of China | Marc Bevand

Mark Bevand; My Experience With the Great Firewall of China; In His Blog; 2016-01-14.

tl;dr → Google employee visits CN; trolls the firewall with some consumer-grade tunnel schemes.

Separately noted.

 

The App-ocalypse: Can Web standards make mobile apps obsolete? | Ars Technica

The App-ocalypse: Can Web standards make mobile apps obsolete?; Larry Seltzer ; In Ars Technica; 2015-12-28.
Teaser: Many big tech companies—absent Apple—are throwing weight behind a browser-based world.

tl;dr → Betteridge’s Law; i.e. No.

Mentions

  • Lots of (emerging) standards
  • None of which “really work,” (yet)
    Especially not on Apple-culture.

Separately noted.

Cookies Lack Integrity: Real-World Implications | Zheng, Jiang, Liang, Duan, Chen, Wan, Weaver

Zheng, et al.; Cookies Lack Integrity: Real-World Implications; In Proceedings of the 25th USENIX Security Symposium; 2015-08-13; landing.

Authors

  • Xiaofeng Zheng, Tsinghua University and Tsinghua National Laboratory for Information Science and Technology
  • Jian Jiang, University of California, Berkeley
  • Jinjin Liang, Tsinghua University and Tsinghua National Laboratory for Information Science and Technology
  • Haixin Duan, Tsinghua University, Tsinghua National Laboratory for Information Science and Technology, and International Computer Science Institute
  • Shuo Chen, Microsoft Research Redmond
  • Tao Wan, Huawei Canada
  • Nicholas Weaver, International Computer Science Institute and University of California, Berkeley

Revisions

Abstract

A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-middle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections. Similar attacks can also be launched by a web attacker from a related domain. Although an acknowledged threat, it has not yet been studied thoroughly. This paper aims to fill this gap with an in-depth empirical assessment of cookie injection attacks. We find that cookie-related vulnerabilities are present in important sites (such as Google and Bank of America), and can be made worse by the implementation weaknesses we discovered in major web browsers (such as Chrome, Firefox, and Safari). Our successful attacks have included privacy violation, online victimization, and even financial loss and account hijacking. We also discuss mitigation strategies such as HSTS, possible browser changes, and present a proof-of-concept browser extension to provide better cookie isolation between HTTP and HTTPS, and between related domains.

Promotions

Serious bug causes “quite a few” HTTPS sites to reveal their private keys | Ars Technica

Serious bug causes “quite a few” HTTPS sites to reveal their private keys; ; In Ars Technica; 2015-09-04.

tl;dr → use of Chinese Remainder Theorem (CRT) sometimes causes faults to occur during the computation of an RSA signature.

Original Sources

Mentions

  • Boxen Vendoren
    • Hillstone Networks
    • Alteon/Nortel
    • Viprinet
    • QNO
    • ZyXEL
    • BEJY
    • Fortinet.
  • Libraries
  • Browsers
    • Chrome
    • Firefox
  • CVE-2015-5738
    OpenSSL code library from Cavium.
  • Some of the “we found some problems, but it’s fixed now”