15 comments on “Dear NY Times, if you’re going to hack people, at least do it cleanly!

  1. I got curious about the hostname for that STUN server, ph.tagsrvcs.com. The WHOIS information shows it registered to a “White Ops, Inc.” in New York City. A quick search pulls up their home page. Their primary service? Digital advertising fraud mitigation. Seems like an interesting use of WebRTC, to fight ad fraud.

  2. How do I delete WebRTC from my browser? WebRTC sounds very dangerous. I do not want it in my web browser. I use Firefox.

    – Jim

  3. Hi, I’m the security engineer responsible for this code. As co-founder of White Ops (http://whiteops.com) we’re doing something about the massive number of machines getting broken into to commit ad fraud. We ran an enormous study last year (http://whiteops.com/botfraud) and found 2/3rds of the global fraud wasn’t coming from server farms or Amazon; it was coming from home users.

    Basically, they hack people’s machines so they can appear to view large numbers of advertisements. Of course, while they’re there…yeah.

    This particular code found patterns that certain bot deployments had in common, using code that’s in multiple browsers by design, but in response to some concern we shut it down. As a rule we aviod personal information (partially because that’s the right thing to do, partially because it doesn’t help; the bots have all your cookies). We’re looking for various patterns in the bots themself.

    If we can stop people from getting paid for botting, we can make the Internet safer. Apologies if this concerned anyone.

    • Dan,

      While I appreciate your response, I think that it’s disingenuous for you to say that you’re “doing something about the massive number of machines getting broken into” – your motivation is to detect ad fraud and not really end-user security. I’m going on a limb here to assume that you are squarely focused on helping to avoid publishers avoid paying for automated clicks, and that if you framed it a little more truthfully, people would be less inclined to allow the sort of shenanigans you’re doing in their browsers.

      As a decade-long user of AdBlock I simply don’t care about ad fraud, and CERTAINLY not enough to think it’s okay for you to try to enum my network. If you want to actually “do something about the massive number of machines getting broken into”, why not become a security researcher instead of designing code that no end-user really wants in their browser?

  4. Pingback: Dear NY Times, if you’re going to hack people, at least do it cleanly! | vyagers

  5. Pingback: Controlling WebRTC PeerConnections with an extension ✩ Mozilla Hacks – the Web developer blog

  6. Pingback: WebRTC Development Trends in 2016

  7. Pingback: What's the point of being able to change your loopback/localhost 127.0.0.1 address to something else? [closed] - HTML CODE

  8. Pingback: Sonar.js Scan and Hack Internal Hosts With Webpag ❉ ExploitGate

  9. Pingback: Think your VPN hides your IP? Think again. | GlassWire Blog

Leave a Reply

Your email address will not be published. Required fields are marked *