At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers – including an ad-tech biz in China involved in past privacy controversies, a security firm claims.

[…]

In the US, .gov websites are not supposed to run ads. In the UK, ads are allowed on .gov.uk websites, subject to some limitations. The .gov and .gov.uk sites flagged by Silent Push each publish an ads.txt file that spells out the businesses allowed to automatically sell that site’s ad space to advertisers as a visitor arrives.

[…] Silent Push found a bunch of UK and US government websites with [the ads.txt] file listing various advertising exchanges and resellers ranging from Google (like what El Reg uses) to one in China.

[…]

One of the ad-tech vendors used by the .gov.uk sites, and highlighted by Silent Push, is Yeahmobi. This Chinese entity reportedly had its mobile ad SDK removed from the Google Play Store in 2018 for alleged ad fraud. Yeahmobi did not respond to requests for comment.

[…]

Silent Push’s report identifies four .gov sites that, in our experience, do not display adverts though do ping web ad platforms, do list various exchanges in their ads.txt files, and may break US government CISA rules. In the UK, it’s a different story, as 18 sites identified by Silent Push use Yeahmobi among others to display ads somewhere on pages.

  • RobotToaster@mander.xyz
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    9 months ago

    These seem to be mostly websites for small city/district councils, who have never had huge budgets, and their budgets have been cut by the current central government.

    My guess is either:

    • Someone thought it was a quick way to add a few quid to the budget
    • They were offered a discount by the contractor who runs their website if they allowed ads
    • Some dodgy contractor inserted the ads without telling the council, because they thought nobody would notice, and they’re owned by a councillor’s nephew.