During the 2016 election, fake news, bots and foreign meddling drew out problems in the digital ecosystem which the Big Five (Facebook, Google, etc.) have rushed to address. But in spite of significant progress, the fundamental issue remains untouched: the Web is specifically designed to deliver information to users using personalization features.
With 80-95% of all media code written by third parties, content recommendation algorithms across the web are easily exploited by foreign powers and national interest groups to skew the news. Only the Big Five have the collective power to stop this problem before it is once again used in 2020.
- Problem: Widespread propagation of bad third-party code.
- Solution: Scan, block, and alert readers.
- Google’s current approach to blocking targets malware/redirects specifically. Instead, it should target bad third-parties maintained by a frequently updated DVRM list.
- When malware IS detected, the source should be removed from the media stack, and reported to upstream partners.
- Safari browser already blocks tracking cookies; that’s good, but readers should also know that a website is trying to track them.
- Solution: Maintain list of trusted third-parties.
- New marketplace can enforce industry regulations by certifying code, allowing publishers/web-designers to stay one step ahead.
- Browser warnings similar to SSL certification alert readers to presence of untrusted vendors.
- Problem: Lack of awareness among readers and publishers.
- Solution: Tag content so readers know why they are seeing it.
- Facebook already provides readers with their advertiser categories, but very few avail themselves of this feature.
- Instead, include targeting criteria under recommended content. Example: “You are seeing this because…[you looked at Breitbart News]”
- Solution: Educate publisher and ad-partners about the dangers of third party code (3PC).
- Amazon: via Web Services.
- Google: via Analytics and AdSense platform.
- Facebook: to Pixel users.
- Problem: Lack of transparency between ads and buyers.
- Solution: Public database of buyers and their history.
- Facebook has set an example with its intra-platform, searchable ad database.
- An ideal public list will be maintained by a strong web authority, aggregating demand side and supply side platforms.
by CORY SCHNURR
Digital Third-party Code FAQs
Digital3PC.com is an independent platform that brings together the best minds from tech, government, research, and academia to shape the future of cybersecurity policy and offer best practice solutions when responding to cyber threats. The most common access point for malware spread, data breaches, IP theft, election meddling, disinformation campaigns, and cyberwarfare is malicious third-party code (3PC) that makes its way into our websites, apps, and IoT devices. The compromise of the digital ecosystem erodes user trust and the credibility of media organizations, and undermines the integrity of our democracy, economy, and public safety.