DOCSLIB.ORG

An Empirical Study Into the Absence of Consent to Third-Party Tracking in Android Apps

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Empirical Study Into the Absence of Consent to Third-Party Tracking in Android Apps A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps Konrad Kollnig, Reuben Binns, Pierre Dewitte*, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, Nigel Shadbolt Department of Computer Science, University of Oxford, UK *Centre for IT and IP Law, KU Leuven, Belgium firstname.lastname@(cs.ox.ac.uk | kuleuven.be) Abstract trackers benefits app developers in several ways, notably by Third-party tracking allows companies to collect users’ be- providing analytics to improve user retention, and by enabling havioural data and track their activity across digital devices. the placement of personalised advertising within apps, which This can put deep insights into users’ private lives into the often translates into a vital source of revenue for them [32,62]. hands of strangers, and often happens without users’ aware- However, it also makes app developers dependent on privacy- ness or explicit consent. EU and UK data protection law, invasive data practices that involve the processing of large however, requires consent, both 1) to access and store infor- amounts of personal data [40, 48, 62], with little awareness mation on users’ devices and 2) to legitimate the processing from users and app developers [28,71,74,85]. Data protection of personal data as part of third-party tracking, as we analyse and privacy legislation such as the General Data Protection in this paper. Regulation (GDPR) [38] in the EU and the UK, and the Chil- This paper further investigates whether and to what extent dren’s Online Privacy Protection Act (COPPA) [79] in the US, consent is implemented in mobile apps. First, we analyse a establish clear rules when it comes to the processing of per- representative sample of apps from the Google Play Store. sonal data and provide additional safeguards when it comes We find that most apps engage in third-party tracking, but to information relating to children. As explained in Section3, few obtained consent before doing so, indicating potentially consent is a necessary precondition for third-party tracking. widespread violations of EU and UK privacy law. Second, we The implementation of consent in mobile apps has—since examine the most common third-party tracking libraries in the end of 2020—sparked a fierce public battle between Ap- detail. While most acknowledge that they rely on app develop- ple and Facebook over tracking controls in iOS 14.5 [1,2]. ers to obtain consent on their behalf, they typically fail to put To give users more control over their data, Apple has intro- in place robust measures to ensure this: disclosure of consent duced an opt-in mechanism for the use of the Advertising requirements is limited; default consent implementations are Identifier (AdID)—similar to how apps currently request lo- lacking; and compliance guidance is difficult to find, hard to cation or contacts access. Facebook, like many other mobile read, and poorly maintained. advertising companies, is concerned that most users will not agree to tracking if asked more clearly and explicitly [3]; iOS users could already opt-out from the use of AdID, but were arXiv:2106.09407v2 [cs.CY] 18 Jun 2021 1 Introduction not explicitly asked by every app. By comparison, Google does not currently offer users the option to prevent apps from Third-party tracking, the deliberate collection, processing and accessing the AdID on Android in general, but intends to sharing of users’ behavioural data with third-party compa- change this from ‘late 2021’ [84]. The importance of consent nies, has become widespread across both mobile app ecosys- aside, there exists little empirical evidence as to whether mo- tems [16, 83, 85] and the web [16, 67]. The use of third-party bile apps implement any type of consent mechanisms before engaging in tracking. Despite their crucial role within the software development life cycle, putting the blame of implementing consent incor- rectly on app developers might be misguided. Many lack legal Copyright is held by the author/owner. Permission to make digital or hard expertise, depend on the use of tracking software, and face copies of all or part of this work for personal or classroom use is granted limited negotiation power in the design of tracker software, without fee. USENIX Symposium on Usable Privacy and Security (SOUPS) 2021. which is usually developed by large, multinational compa- August 8–10, 2021, Virtual Conference. nies [12,21,32,49,62]. At the same time, failure to implement (a) This app uses the Consent API devel- (b) This app uses the consent implemen- (c) This app uses a custom consent solu- oped by Google. The popup suggests that tation by Twitter MoPub. By declining, a tion. Consent is not granular. The answer personal data may be shared with 199 com- user rejects a ‘personalized ad experience’, options do not match the question. It is panies before user consent is given (‘con- but potentially not all app tracking. unclear if ‘No’ rejects analytics. tinue’). Figure 1: While most apps on the Google Play Store use third-party tracking, only few apps allow users to refuse consent (less than 3:5%). The figure shows three common examples of these 3:5% of apps. Since very few apps give users a genuine choice over tracking, our paper suggests widespread violations of EU and UK privacy law. appropriate consent mechanisms in software impacts individ- cept of consent, app privacy analysis, and existing system- uals’ choice over data collection and their informational self- wide tracking controls for Android. Section3 discusses the determination, and may expose vulnerable groups—such as role of consent for third-party tracking in the EU and UK by children—to disproportionate data collection. This underlines drawing on the guidance issued by national Data Protection the need for robust privacy guarantees in code. Authorities (DPAs). Section4 analyses the presence of con- Driven by these observations, the present contribution aims sent for third-party tracking in 1,297 Android apps randomly to answer the following research questions: sampled from the Google Play Store. Section5 reviews the guidance offered by tracker companies to app developers. Af- 1. Do app developers need to obtain valid user consent ter discussing the limitations of our approach in Section6, before engaging in third-party tracking in the EU and we turn to the discussion of our results in Section7 and our (consent requirements for tracking) UK? conclusions in Section8. 2. To what extent do apps engage in third-party tracking, and obtain valid user consent before doing so? (practices of app developers) 2 Background 3. To what extent do third-party tracking companies en- In this section, we discuss previous relevant literature, cover- courage and support app developers to obtain consent as ing the concept of consent, the empirical analysis of privacy and where required? (practices of tracker companies) in apps, and existing system-wide tracking controls for An- droid. In particular, we highlight the limits of consent, and the Contributions. In answering these questions, this paper dependence of end-users on the privacy options implemented makes three contributions. First, we clarify the role of consent by their apps and smartphone operating system. in the regulatory framework applicable in the EU and the UK when it comes to the processing of personal data for third- party tracking. Second, we provide empirical evidence as to 2.1 Promises and Limits of Consent a widespread absence of consent mechanisms to legitimise third-party tracking in 1,297 apps. Third, we analyse the Consent is a pillar of privacy and data protection law, in guidance provided by 13 commonly used tracker companies the US, EU, and many other jurisdictions and international and assess whether they inform app developers about how to frameworks. As an approach to privacy protection, consent is translate consent in code (see Figure2 and Table2). associated with the regime of notice & choice [74]. For many Structure. The rest of this paper is structured as follows. data-processing activities, companies that want to process Section2 reviews the relevant literature surrounding the con- data from an individual must 1. Adequately inform the individual (Notice), and As for network analysis, Ren et al. instrumented the VPN functionality of Android, iOS, and Windows Phone to expose 2. Obtain consent from the individual (Choice). leaks of personal data over the Internet [70]. Conducting a manual traffic analysis of 100 Google Play and 100 iOS These two fundamental requirements are often implemented apps, they found regular sharing of personal data in plain in software through the provision of a privacy policy, accom- text, including device identifiers (47 iOS, 52 Google Play panied by consent options for the end-user. apps), user location (26 iOS, 14 Google Play apps), and user The limitations of the notice & choice paradigm have been credentials (8 iOS, 7 Google Play apps). Van Kleek et al. used explored in a range of scholarship. Regarding “notice”, it has dynamic analysis to expose unexpected data flows to users and been documented that most people do not read privacy poli- design better privacy indicators for smartphones [80]. Reyes cies, and that when they try to, have difficulties understanding et al. used dynamic analysis to assess the compliance of them [69] and do not have enough time to read every such children’s apps with COPPA [71], a US privacy law to protect policy [61]. children. Having found that 73% of studied children’s apps Regarding “choice”, evidence suggests that many individ- transmit personal data over the Internet, they argued that none uals struggle with privacy decisions in practice [5, 72]. The of these apps had obtained the required “verifiable parental mismatch between stated and observed privacy preferences consent” because their automated testing tool could trigger is known as the “privacy paradox”[64], although this so- these network calls, and a child could likely do so as well.
Load more

Recommended publications
  • Statement of Defence Counterclaim Same Parties Form 18A
    Court File No. CV-20-00638823-0000 ONTARIO SUPERIOR COURT OF JUSTICE B E T W E E N: COPPERHEAD LIMITED Plaintiff (Defendant to the Counterclaim) and DANIEL MICAY Defendant (Plaintiff by Counterclaim) STATEMENT OF DEFENCE AND COUNTERCLAIM 1. Unless explicitly admitted herein, the defendant, Daniel Micay (“Micay”), denies the allegations contained in each paragraph of the Statement of Claim and puts the plaintiff to the strict proof thereof. Overview 2. “Open source” software development is the process through which source code is released publicly, and the public is encouraged to study, test, improve upon, and modify that code. Open source projects rely on communities of interested contributors, each of whom provides their code under the permissive, open source copyright license used by the project in question. The resulting software is often better and more secure as a result of this transparency and collaborative effort. Open source development is a critical feature of much modern software, especially in the realm of computer security. -2- 3. The plaintiff seeks to misappropriate the copyrights associated with an open source software project started by Micay. The code authored by Micay and the other contributors was created long before the plaintiff was incorporated. On the plaintiff’s own pleadings, no written assignment of any copyrights has ever taken place. 4. The plaintiff’s suit evinces a fundamental misunderstanding of copyright law, the principles of open source software development, and the factual record. Micay respectfully requests that the plaintiff’s suit be dismissed, with costs. Parties and Players 5. Micay is a 28-year-old computer programmer.
    [Show full text]
  • Download Android Os for Phone Open Source Mobile OS Alternatives to Android
    download android os for phone Open Source Mobile OS Alternatives To Android. It’s no exaggeration to say that open source operating systems rule the world of mobile devices. Android is still an open-source project, after all. But, due to the bundle of proprietary software that comes along with Android on consumer devices, many people don’t consider it an open source operating system. So, what are the alternatives to Android? iOS? Maybe, but I am primarily interested in open-source alternatives to Android. I am going to list not one, not two, but several alternatives, Linux-based mobile OSes . Top Open Source alternatives to Android (and iOS) Let’s see what open source mobile operating systems are available. Just to mention, the list is not in any hierarchical or chronological order . 1. Plasma Mobile. A few years back, KDE announced its open source mobile OS, Plasma Mobile. Plasma Mobile is the mobile version of the desktop Plasma user interface, and aims to provide convergence for KDE users. It is being actively developed, and you can even find PinePhone running on Manjaro ARM while using KDE Plasma Mobile UI if you want to get your hands on a smartphone. 2. postmarketOS. PostmarketOS (pmOS for short) is a touch-optimized, pre-configured Alpine Linux with its own packages, which can be installed on smartphones. The idea is to enable a 10-year life cycle for smartphones. You probably already know that, after a few years, Android and iOS stop providing updates for older smartphones. At the same time, you can run Linux on older computers easily.
    [Show full text]
  • Adguard Premium Key Apk
    Adguard premium key apk Continue The more talent involved, the better the result - one of our mottos sounds. So let's grow and develop together! Contribute to AdGuard! There are many things you can do, such as translate AdGuard, test it nightly and beta, improve blocking filters or write articles. Choose something right for you and get started! The call has been accepted! Free Licenses for Developers Do you know about filters, extensions or custom scenarios firsthand? Have you already contributed to their development, for the sake of the Internet community? You do good things then, and we definitely want to show our respect. Find out more about who can get a free AdGuard license. Can I qualify? AdGuard Crack (AKA: Adguard Web Filter) is now the most advanced, cross-platform in the world (Windows, Mac OS X, Android and iOS) Internet filters and ad pop-ups blocking the edge of the tool from Cyprus. It protects you during web surfing, stopping annoying ads, viruses, dangerous websites; Speeds up page loading Doesn't allow anyone to track your online activities. and helps parents prevent content not suitable for children. Get an Adguard Premium Key license crack free activation. AdGuard Premium Features Crack keyProtection and blockingCheck page against our database of phishing and malicious sites. When a web page is processed, it does several things at once: deletes ads and online tracking code directly from the page. It can handle most adblock bypass scripts; Protects your privacy by blocking common third-party tracking systems; Blocks many spyware, advertising software and dial installers; Check the website's reputation and informs you of it if necessary.Comfort and safetyProtects you from malware and phishing.
    [Show full text]
  • Paper, We Note That Work Is with Help from Volunteer OONI Probe Users
    Measuring DoT/DoH Blocking Using OONI Probe: a Preliminary Study Simone Basso Open Observatory of Network Interference [email protected] Abstract—We designed DNSCheck, an active network exper- delivery networks (CDN). This fact raises concerns regarding iment to detect the blocking of DoT/DoH services. We imple- performance [25], competition, and privacy [14]. mented DNSCheck into OONI Probe, the network-interference (While DoH’s centralization and the resulting privacy con- measurement tool we develop since 2012. We compiled a list of popular DoT/DoH services and ran DNSCheck measurements cerns are not the focus of this paper, we note that work is with help from volunteer OONI Probe users. We present pre- underway to mitigate them [38] [24].) liminary results from measurements in Kazakhstan (AS48716), Simultaneously, the rollout of DoT and DoH does not Iran (AS197207), and China (AS45090). We tested 123 DoT/DoH fully solve the surveillance and censorship issues posed by services, corresponding to 461 TCP/QUIC endpoints. We found a cleartext internet. There are at least two remaining fields endpoints to fail or succeed consistently. In AS197207 (Iran), 50% of the DoT endpoints seem blocked. Otherwise, we found that could reveal the precise target of otherwise encrypted that more than 80% of the tested endpoints were always reach- communications. They are the Server Name Indication [19] able. The most frequently blocked services are Cloudflare’s and (SNI) extension inside the TLS ClientHello and the destination Google’s. In most cases, attempting to reach blocked endpoints IP address. However, in a landscape increasingly dominated by failed with a timeout.
    [Show full text]
  • Petchain: a Blockchain-Based Privacy Enhancing Technology
    Received February 5, 2021, accepted February 22, 2021, date of publication March 9, 2021, date of current version March 18, 2021. Digital Object Identifier 10.1109/ACCESS.2021.3064896 PETchain: A Blockchain-Based Privacy Enhancing Technology IBRAHIM TARIQ JAVED 1, FARES ALHARBI 2, TIZIANA MARGARIA 1, NOEL CRESPI 3, AND KASHIF NASEER QURESHI 4 1Lero—Science Foundation Ireland Research Centre for Software, University of Limerick, V94 T9PX Limerick, Ireland 2Computer Science Department, Shaqra University, Riyadh 11961, Saudi Arabia 3Institut Polytechnique de Paris, Telecom SudParis, 91011 Evry, France 4Department of Computer Science, Bahria University, Islamabad 44000, Pakistan Corresponding author: Ibrahim Tariq Javed ([email protected]) This work is partly supported with the financial support of the Science Foundation Ireland grant 13/RC/2094_P2 and partly funded from the European Union's Horizon 2020 research and innovation programme under the Marie Skªodowska-Curie grant agreement No 754489. ABSTRACT With the increasing use of smart devices and sensors, enormous amounts of data are being generated continuously. The data is commonly stored in centralized cloud platforms and consumed by different services. The data is indeed a valuable resource for many service providers who provide advanced features and utilities to their subscribers. However, user data include personal and sensitive information which can be misused in many ways. There is no way for a subscriber to confirm that their service provider is compliant with data privacy regulations. The existing privacy enhancing techniques such as anonymization and differential privacy substantially reduce data usability while ensuring privacy. Therefore, it remains essential to provide a feasible solution that allows service providers to take advantage of user data while guaranteeing their privacy.
    [Show full text]
  • Adguard 251 913 Nightly
    1 / 2 Adguard 2.5.1 (913) Nightly I have the latest nightly installed and it's still saying Adguard won't work correctly. 2. Reply.. 300, MrSzzS Adguard 5.10 crk ... City Of Night ÿÿÿ, ❤. 669, AHCU ... 913, BLiZZARD HD Tune Pro 4.61 crk ... 1759, FFF Noiseware Professional Edition 2.5.1 crk. Adguard Crack Mac can make your online experience safer because, though Macs and Apple laptops are quite safe to use, when it comes to ad blockers.. Mar 27, 2021 — Adguard 2.5.1 (913) Nightly Multilingual macOS | 104.25 MB Adguard can make ... Adguard_2.4.3.718_nightly__TNT_mactorrents.cc.dmg .... Adguard 2.5.1 (913) Nightly. Adguard 2.5.1 (913) Nightly download Adguard 2.5.1 (913) Nightly Multilingual | macOS | 104 mbAdguard&#ff7dcf;. Mac. Adguard 2.5.1 (913) Nightly. License / Price: Shareware. Version: Adguard 2.5.1 (913) Nightly Multilingual | macOS | 104 mb. Date added: October 31st, 2020.. Mar 8, 2021 — AdGuard - 2.5.2 (946) - Ad blocking and filtering for browsers and applications. By Hong ... Download Mac AdGuard v2.5.2 (946) Multilingual Fully Cracked – FREE! ... (99.31 MB) Adguard_2.5.1.913_nightly__TNT (99.22 MB) .... Oct 26, 2020 — Advanced System Repair Pro 1.9.3.6 · EducaNews – Newsletter Template · Adguard 2.5.1 (913) Nightly · Emurasoft EmEditor Professional .... Mar 7, 2021 — Adguard can make your online experience safer because, though Macs and Apple laptops are quite safe to use when it comes to ad blockers, .... Results 1 - 15 — Adguard - Block Ads Without Root v3.5.33ƞ Nightly. Requirements: Android 5.0+ | File ..
    [Show full text]
  • Seamless In-App Ad Blocking on Stock Android
    Seamless In-App Ad Blocking on Stock Android Michael Backes Sven Bugiel, Philipp von Styp-Rekowsky, Marvin Wißfeld CISPA, Saarland University & MPI-SWS CISPA, Saarland University Saarland Informatics Campus Saarland Informatics Campus Abstract—Advertisements in mobile applications have been App virtualization for ad-blocking: With the advent of shown to be a true danger to the users’ privacy and security. app virtualization on Android [4] a new, powerful tool has Unfortunately, all existing solutions for protecting users from this been created that in principle allows effective, highly efficient threat are not simultaneously satisfying in terms of effectiveness or deployability. Leveraging recent advances in app virtualization ad-blocking without adversely affecting the deployability of the on Android, we present in this paper a solution for in-app ad- solution. In this paper, we report on the technical challenges blocking that provides a high level of effectiveness in blocking ads and their solutions in creating an ad-blocker for in-app ads while at the same time being favorable for end-user deployment on Android. While app virtualization inherently provides great by abstaining from OS modifications or any elevated privileges. benefits for deployability of security solutions, the primary We discuss the technical challenges and their solutions for robustly stripping ads from apps while preserving the apps’ challenges for this work were a) effectively identifying the functionality. advertisement code in application packages and b) robustly stripping that code from applications without breaking the I. INTRODUCTION app’s functionality (e.g., breaking control flows that involve advertisement code). In-app advertising is a common monetization strategy for free mobile applications.
    [Show full text]
  • Automatic Detection of Android Device Security Properties
    Freie Universität Berlin Bachelorarbeit am Institut für Informatik der Freien Universität Berlin AG ID-Management Automatic Detection of Android Device Security Properties Janik Besendorf Matrikelnummer: xxx fvornameg.fnachnamegfatg f u − berlin.de Eingereicht bei: Prof. Dr. Marian Margraf Zweitgutachter: Prof. Dr. Jörn Eichler Berlin, May, 3, 2021 This work is licensed under CC BY-NC-SA cbea1 Abstract Smartphones are becoming more and more popular. As a result smartphone security is an increasingly important subject, especially with state actors discussing eIDs on smartphones. However, information about a smartphone’s specific security features is not readily available. There has been research to automatically gather smartphone security features, but the properties collected are not sufficient for evaluation of a smartphone’s compliance to eID regulations such as eIDAS. In our thesis we explore sources of such information and aggregate information from these sources using web scraping, and by gathering information with an Android app. We found that most of the information required for evaluation according to eIDAS is available to the public and suitable for automatic aggregation. However, since information on websites is sparse, usually an app on a smartphone is required to gather all information. Also, information about security certifications is not readily available. We conclude that the stakeholders in the smartphone market should make an effort to improve this situation by providing more information on public websites and by increasing machine-readability of this information. 1https://creativecommons.org/licenses/by-nc-sa/4.0 1 Eidesstattliche Erklärung Ich versichere hiermit an Eides Statt, dass diese Arbeit von niemand anderem als meiner Person verfasst worden ist.
    [Show full text]
  • The ISP Column DNS OARC 34
    The ISP Column A monthly column on things Internet February 2021 Geoff Huston DNS OARC 34 It’s an interesting topic of speculation to think about what form of network architecture would we be using if we were start afresh using today’s world of scalable content and service distribution as the starting point. Like the “clean slate” discussions of over a decade ago, if we were to think about today’s world without inherent assumptions based on unicast models of networks largely derived from the telephony service model, and we were to think about the network architecture in massively replicated service terms that are more like the old school publication or retail worlds, we probably would not have come up with a network architecture based on unicast destination endpoint address-based packet forwarding. Maybe such an Internet would be based on some form of what we’ve come to call name-based networking. We would probably start such a design exercise with the functions that today are found largely in the functions that are currently embedded in the DNS. What are these functions? What’s going on in the DNS these days? One way to understand the current topics of focus in the DNS is to tune in to the regular meetings of the DNS Operations and Research community. OARC 34 was held in the first week of February and here are some items from that meeting that interested me. (https://indico.dns- oarc.net/event/37/timetable/#20210204.detailed) DNS Flag Day 2020 Efforts to coordinate a common action from DNS software vendors has continued with the DNS Flag Day 2020, a program intended to stop the use of fragmented UDP in the DNS.
    [Show full text]
  • Mobile In-App Tracking and Advertising
    Mobile In-App Tracking and Advertising Carnegie Mellon University Data Privacy Day 2017 How do I manage app permissions? How does in-app In recent versions of iOS and in Android Marshmallow (6.x), tracking work? applications must ask the user for permission before using sensitive resources. These permissions can also be managed after the app has • • • been installed. However, in Android Lollipop (5.x), all permissions Similar to online tracking, are automatically granted once you install the app. mobile applications are able to record information about you, which is typically used to serve targeted ads. To learn more about you, mobile applications often use resources from your phone’s operating system, such as your location, photos, and contacts list. Android and iOS operating systems also have built-in advertising platforms used by apps to provide you with targeted ads. Each device is iOS (6+) By app: Settings → App name associated with an By resource: Settings → Privacy advertising ID, which is used to place you in a Android By app: Settings → Apps → App name targeting group. These Marshmallow (6.x) → App permissions advertising IDs are By resource: Settings → Apps → Tap associated with information the gear icon in the upper-right corner → App permissions such as your Apple or Google account profile Android Lollipop To view app permission in the Google (including your age and (5.x) Play store, search for the app and look gender), downloads to your for the “Permissions” section in the device, and activities in app description apps. To
    [Show full text]
  • Internet Privacy Implications Research and Draft
    Internet Privacy Implications A Major Qualifying Project Worcester Polytechnic Institute Submitted to the Faculty of the Worcester Polytechnic Institute in partial fulfillment of the requirements for the Degree of Bachelor of Science. Submitted By: Goncharova, Masha Harnois, Jeffrey Advisors: Wills, Craig PhD Doyle, James PhD May 6, 2021 Abstract Our research focused on understanding the effectiveness of browsers, extensions, mobile applications, and search engines and their protection of user privacy. We ran test cases on the top 100 Alexa sites, using a Fiddler proxy to capture traffic, with certain configurations of tools mentioned to see which ones were efficient in blocking user tracking technologies. We found that Brave and Firefox in Strict mode are the best browsers in terms of tradeoff between percent of websites with degradation versus percent trackers remaining. uBlock Origin, Ghostery and Privacy Badger are the best browser extensions in terms of the same tradeoff. Based on our results, we created a recommendation system using a survey approach. We suggest a combination of tools that are personalized to users based on their reported privacy preferences and desire to switch their current browsing setup. In order to better understand users’ views on privacy, we additionally showed participants their own data Google has synthesized about them to evaluate if that would change their responses. A ceiling effect appeared in our responses, indicating that no matter the condition, all our participants indicated a willingness to switch to the tools that we were recommending. 1 Table of Contents Abstract 1 Table of Contents 2 List of Tables 6 List of Figures 7 Double Major Note 9 1.
    [Show full text]
  • The Legal Fate of Internet Ad-Blocking
    Washington and Lee University School of Law Washington & Lee University School of Law Scholarly Commons Scholarly Articles Faculty Scholarship 2018 The Legal Fate of Internet Ad-Blocking Russell A. Miller Washington and Lee University School of Law, [email protected] Follow this and additional works at: https://scholarlycommons.law.wlu.edu/wlufac Part of the Comparative and Foreign Law Commons, Computer Law Commons, and the Litigation Commons Recommended Citation Russell A. Miller, The Legal Fate of Internet Ad-Blocking, 24 B.U. J. Sci. & Tech. L. 299 (2018). This Article is brought to you for free and open access by the Faculty Scholarship at Washington & Lee University School of Law Scholarly Commons. It has been accepted for inclusion in Scholarly Articles by an authorized administrator of Washington & Lee University School of Law Scholarly Commons. For more information, please contact [email protected]. ARTICLE THE LEGAL FATE OF INTERNET AD-BLOCKING RUSSELL A. MILLER* ABSTRACT Ad-blocking services allow individual users to avoid the obtrusive advertising that both clutters and finances most Internet publishing. Ad-blocking's im- mense-and growing-popularity suggests the depth of Internet users'frustra- tion with Internetadvertising. But its potential to disruptpublishers' traditional Internet revenue model makes ad-blocking one of the most significant recent Internetphenomena. Unsurprisingly,publishers are not inclined to accept ad- blocking without a legal fight. While publishers are threatening suits in the United States, the issues presented by ad-blocking have been extensively liti- gated in German courts where ad-blocking consistently has triumphed over claims that it represents a form of unfair competition.
    [Show full text]