By Kasra Zarei
A University of Iowa researcher has been working to make the internet more secure through developing stealthy ad blockers and identifying fake accounts on social media.
Cookies, computer programs that collect information about which users visit websites, are inserted into a user’s web browser when a site is visited.
This information is aggregated and used to profile every user. Then, by analyzing people’s browser habits, targeted online advertisements can be made.
While it looks relatively benign, Edward Snowden revealed that the NSA has used information traditionally employed by advertisers to profile users worldwide.
Some have concerns that besides showing relevant ads, online advertising and profiling can fall into the wrong hands.
This is one of many internet-security issues being studied by Zubair Shafiq, a UI assistant professor of computer science.
His group, who was recently awarded a Data Transparency Lab grant, has been trying to develop tools that can be used to mitigate tracking and surveillance that happens on the internet.
“A lot of websites have had their ad systems exploited to install malware on users,” Shafiq said. “For instance, Forbes was once surveying malware to users.”
One common tool people use to avoid tracking through online advertisements is an ad blocker.
However, recently, websites have been able to detect ad blockers and essentially force users into disabling them.
The overarching goal of Shafiq’s recent study focused on developing a stealthy ad blocker, one that would not be detectable by websites.
“It’s kind of like an arms race, websites try to detect an ad blocker while you try to develop an ad blocker that websites cannot detect,” Shafiq said.
As part of his study, he and his collaborators had to understand how websites actually detect the blockers.
The team did a measurement study to understand how the top 100,000 websites detect them.
“One of the main findings in our study was that websites often rely on third-party services that provide ad block-detection capabilities, and the use of these third party services is increasing,” Shafiq said.
Unless the advertisement industry tightens its security standards, users need ad blockers for protection against potential threats.
“The way forward is [online] advertising has to be strictly regulated,” Shafiq said. “Ad blockers must be used to force the hands of the higher-up authorities and protect users.”
While his research does not stop at ad blockers, he is developing algorithms to detect fake accounts in social networks, such as Facebook.
“There are a lot of ‘like farms’ that rely on exploitation of Facebook applications,” he said. “Fraudsters have created third-party applications that they can exploit to do fake activity on pages, or worse, put personal information in the hands of unscrupulous marketers and help spread dangerous computer viruses and other forms of malware.”
His team recently did an extensive study in collaboration with Facebook with the goal of taking down these “like farms” that are used for reputation manipulation.
“We identified more than 1 million Facebook users collaborating to exchange fake likes and comments — we call them collusion networks,” said Shehroze Farooqi, a UI graduate student in computer science. “Our analysis aims at providing effective countermeasures for mitigating such networks.”
Although security is still an arms race, it propels researchers to combat the problem.
“This is a cat-and-mouse game [and] makes working in this area exciting and challenging,” Farooqi said.
Alberto Segre, the head of the UI Computer Science Department, praises Shafiq’s work and his effect on the department.
“His expertise in networking and security has noticeably broadened the scope of the department’s growing research program,” Segre said.
For Shafiq and his group, the main motivation of the research is the effect of the problems that are being looked at.
“We hope that our work will shed light on these important problems and help people browse the web in a more secure way,” he said.
