Characterizing and Measuring Misleading and Harmful Online Ad Content at Scale

Like it or not, online advertising is a core part of the internet, sustaining many free websites and services. However, it is also a potent vector for abuse; malicious actors can use the infrastructure of ad networks to serve scams, malware, and other misleading content to millions of users. Research on online advertising in the computer security and privacy community tends to focus on privacy and web security issues. However, in this talk I argue that additional research and transparency is needed for the content of online ads, where social engineering techniques and dark patterns are regularly used to mislead users, direct them to scams, and achieve other harmful ends.

To illustrate the importance of studying ad content for protecting users, I will present three case studies of problematic ad content that uncover deeper security, privacy and safety issues in the online advertising ecosystem. First, I will present a user study of people’s perceptions of display advertising on the web, characterizing the types of ad content that people like and dislike, and why. Second, I will present a large-scale study of advertising on news and media websites, showing how some news outlets rely on revenue from clickbait and deceptive advertising via native ad networks. Lastly, I will present a longitudinal study of deceptive political advertising during the 2020 U.S. Elections, such as misleading polls and petitions and political clickbait, and how these ads are targeted at partisan news sources.