Thursday, August 29, 2013

Creepy Facebook Ads: How Do They Work?

First, it's been a long time since I've been over here!  The LEDgoes Kickstarter has been keeping me quite busy, and I've been focusing most of my attention on that the past several weeks.  We raised our funding goal in about 9 hours, and currently stand at almost 800% funded.  However, it takes me at least a couple hours just to write these blog posts, and usually by the time I sit down on Thursdays to start writing them, I'd really rather be doing something else.  (I don't know how influencers balance their time doing vs. their time writing... maybe they have staff?)

And just another brief aside: today, my samples from Texas Instruments arrived!  I ordered a CC3000 WiFi chip and several USB transceivers including the TUSB1105.  Clearly I thought it'd be fun to build my very own mobile device from the ground up. :-P  As much as these chips cost me nothing, they're also ridiculously small and hard to solder since they're in a QFN package -- tiny chips with *no* leads hanging off the edges.  You'd basically need to reflow solder these suckers onto a board, but I'm going to try to come up with a pressure mount for them.  Plus, yesterday I received my actual order of a sub-1GHz RF spectrum analyzer, meaning I'm about to turn my garage door opener into an RFID tag.  Let the tinkering continue!




A couple weeks ago, shortly after my Kickstarter launched, I got really creeped out by something I saw on Facebook.  No, it wasn't someone's boobs on their profile picture or one of my best friends coming out of the closet (I'd actually be OK with both of those things :-P), but it was an ad.  I'd been looking up documentation on the GridConnect Firefly Bluetooth module, since that's what I have at home and have used to develop various Bluetooth applications on occasion.  Well I don't remember exactly how this thing works off the top of my head, so I go to their website to look up documentation.  Then, I started seeing ads for that product appearing toward the right side of my Facebook "Home" screen, plus ads for other products I'd recently viewed.  How did they know I was looking at that?  What evil miscreants, trying to tempt me into buying a product... that I already have!  Hah, the last laugh is on you, Mr. Ad Man!

AdRoll is an ad retargeting platform that allows merchants and product manufacturers to show ads for their products on other people's sites.  This isn't really new, since you see ads for third-party products on Web sites every day, but theirs is a little different.  When you go to a retailer's site, partners with AdRoll will leave a cookie on your computer through JavaScript that tracks when you looked at a particular item.  Other partners with AdRoll, including ad vendors like Facebook, will dig up these cookies and immediately commence a "live auction" that will sell ad space to the highest bidders.  This determines exactly what you see, if you've looked at a lot of things.  It's easy to find out about this when you click the tiny "About This Ad" button in the corner of each ad.  There, you can find out exactly who's behind this and how to turn it off in the context of Facebook only.  It's not going to stop the snooping, nor ads presented on other affiliate pages.

So, here's how it goes down from the manufacturer's or retailer's page:


<!-- AdRoll code below -->
<script type="text/javascript">
adroll_adv_id = <alphanumeric key>;
adroll_pix_id = <alphanumeric key>;
(function () {
    var old_onLoad = window.onload;
    window.onload = function() {
        adrollLoaded = true;
        js = document.createElement("script");
        host = ((document.location.protocol == "https:") ? "https://s.adroll.com" : "http://a.adroll.com");
        js.setAttribute('async', 'true');
        js.type = "text/javascript";
        js.src = host + adrollSourceJS;
        ((document.getElementsByTagName('head') || [null])[0] ||
document.getElementsByTagName('script')[0].parentNode).appendChild(js);
        if (old_onLoad) { old_onLoad() } 
    };
}());
</script>

<!-- end AdRoll code -->

First, the advertisement text & picture ID is set.  Then, the function that runs Javascript as soon as the page has finished loading is stored off in another variable, then reset to run the AdRoll code.  This other variable is then included so the original onLoad code still gets run.

I used to have the code that Facebook generated in order to show the ads, but alas I've since blocked this service & can no longer see the code.  It looked not static but generated on the server side, so it probably wouldn't be relevant to show.  It did actually reference some sort of PHP page to generate the image, IIRC, and when I wrote "wget <that PHP url>" on my Linux machine, I sure enough was able to download the ad's graphic for myself.

There are a few ways to stop this:

  • Click on the Facebook link that'll allow you to shut off ads from retargeters.
  • Edit your /etc/hosts or C:\Windows\System32\drivers\etc\hosts file so that anything from *.adroll.com is redirected to localhost, thus any HTTP request will simply fail.  This becomes problematic in Windows because the Windows hosts file doesn't support the wildcard character (*).  There are alternate programs & firewalls you can download to support this functionality, but why even bother?  That's more than most care to go through.
  • Download a browser toolbar such as AdBlock for Chrome or Quero for IE.
...Quero?  At first, I thought it was Guero, like Beck's Que Onda Guero.  Not quite, but close. :-P

Lots of people have success using these anti-advertising toolbars, but it takes some patience  & time to set them up properly.  Some have reported with AdBlock that it seems like they see more ads.  Users of Quero have noted many pages simply won't even work or load properly because it stops so much stuff from coming up.  Nevertheless, using such a browser toolbar will provide you a more private, less creepy experience when surfing the Web.

Oh, and another thing these browser plugins will probably stop: all that FUD you get when clicking on a Google search result.  How many layers of tracking must I go through before I actually get to the page I want to see?  In providing you this result for Que Onda Guero, I noticed the original search result URL, indicated in green, is:

www.youtube.com/watch?v=-RxpvZTVIOs

This is what you think you're clicking on.  But if you hover your mouse over the link to see what you're really clicking on, it's more like this:

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCwQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D-RxpvZTVIOs&ei=PQIgUoK9F6Ti2gW5s4GADw&usg=AFQjCNFod9tSlhL8jIc7FSmaugtNs2tAbQ&sig2=H4UTKrPjUWtPYWpnefnWww&bvm=bv.51495398,d.b2I

That's more reminiscent of some kind of evil phishing attempt than a legitimate link to a site I want to visit.

No comments:

Post a Comment