If the service is free, you are the product, says Gary Newe, director for Field Systems Engineering for the UK, Ireland and sub-Sahara Africa at F5 Networks.
Last week we saw the surprising revelation that Lenovo is installing ad-ware, also known as spyware, on its laptops. This ad-ware is called Superfish, which we can only presume is a play on the word phishing.
Since the breaking of this news, it has become evident that Lenovo is not the only ad-ware offender. The reason that this has caused such outrage and resulted in a vast amount of media attention is not because of the revenue generation that Lenovo will receive from ads, but because this software breaks any security offered by a secure connection and can effectively execute a man-in-the-middle attack on all our browsing. Superfish will insert ads directly into our browsers, make our personal information visible and also make our browsing history, usernames and passwords unsecure.
Since this story broke, the Secure Socket Layer (SSL) certificate used by SuperFish has been broken, allowing anyone to spy on any Lenovo computer infected by this spyware. The only real way to remove this is to perform a fresh install of Windows. I guess the big question is why?
The Internet advertising market was worth $12,4-billion in Q3 2014 and is increasing by about 15% every year. This is a huge market and you don’t have to look too far to see how companies are generating enormous amounts of cash from it. In 2014, Google made $59-billion from advertising, so this is a very attractive way of making money. With margins on commodity technology items like servers and laptops being squeezed and revenues down in some areas, it is not surprising that companies like Lenovo want to target this huge market.
Ads are typically sold on a cost-per-impression/view or cost-per-click basis. This method works very well for search companies such as florists, for example; when a user searches for flowers, a paid-for ad link can be placed in the search results and if a user clicks on it, the advertising company gets a new user and pays for the ad. This is a hugely successful business model and is very easy for the search companies or other websites with large numbers of users to implement.
Facebook and Twitter are great examples of this, in that they have decided to monetise their sites and Facebook’s IPO, based purely on the number of users on the site. Yahoo signed a 10-year deal with Microsoft to use the Bing search engine on Yahoo and Microsoft and receives 12% of Yahoo’s ad revenue for this, which is a substantial sum. Similarly, Yahoo recently signed a deal to become the “default” search engine for Firefox browsers. The financials are yet to be disclosed, but the fee is likely to have been large as Yahoo beat off competition from Google for this prize. Access to the users’ search terms is the goose that lays the golden egg in internet advertising.
This seems like a pretty closed market to get into, hence the rise in the numbers of unintentional malware or ad-ware software downloads and “search bars” – these companies can effectively bypass the ads that would have been placed by the website owners and place their own. If you can insert the ad at the point of origin, you have a captive portal for those users, and typically they never know any better. This is what Lenovo seemed to be trying to do with Superfish, although it is not clear who would benefit here.
Lenovo had a misguided idea that users would actually like this “service”, but it might be more likely that this was either a new revenue stream for Lenovo or that SuperFish paid a flat rate to have their software installed on all Lenovo’s new PCs.
So how much are you worth? This is difficult to say, but it is important to remember the old adage: if the service is free, you are the product. This is true for supermarket rewards programmes, cashback bank accounts, internet advertising and any other service that gives you back something. According to Forbes, you are worth about $128 to Facebook.
The learning to take from this is that it is more of a case of user beware, instead of buyer beware.
