The article you are about to read is about to read you!

Not this particular one. Not on medium. Medium doesn’t use external scripts. Which is a good thing and refreshing to see.

Can’t really say the same about every other website out there.

The web is not what it used to be.

Every site you visit is much more beyond text and images. It’s scripts and plugins.

It is usually Wordpress these days or some other flavor. A CMS platform that sits on a server somewhere and on top of this Wordpress instance, sits anything between 10–100 other services with variable access and power to GET data.

If you install the Chrome extension Ghostery or the iOS Ghostery browser, you will quickly realize from the popup list of services that are mining data about you.

Instead of you reading the article, the website is reading you.

You can set up Ghostery to block everything but at times it renders some websites unusable. In cases such as Online banking, where they need to track where you are logging on from and identify you, Ghostery will get in the way.

However for the rest of the web you don’t need to give away all your personal information and sometimes more than you think.

In the past 2–3 years, the emergence of the Angler Exploit kit has made it ridiculously easy for cyber criminals to hijack an ad on a Wordpress site or any other site that supports JavaScript and get your system infected just like that.

Unfortunately, you can’t disable JavaScript or the web will die.

As I am shifting through network alerts each day, I see people on their lunch break reading news on their favorite blogs and while being blissfully unaware of what is happening in the background, I get flooded with blocked inbound attempts to deliver payloads.

The funny part is that these payload can be just about anything from basic malware to ransomware and anything in between.

This is rather upsetting as the attackers are exploiting much more than just technology.

They use the advertising networks as the medium of delivery and exploit the inherent trust of the website owner who has trusted the ad network enough to embed it to their site and at the same time the reader who could not possibly fathom that someone else other than the website owner is out to get them.

Most successful hacks are not 100% relying on technology but the weakest link between technology, psychology and human behavior.

How do you fix that?

I don’t know.

Probably through combination of things. Blocking social media and everything that web filtering systems announce suspicious and dangerous each and every day is not the way.

  • User education
  • Detection tools
  • Internal Phishing Campaigns

There are definitely other ways of approaching this issue and for the most past evolve White hat tools.

A lot of the tools coming out employ honeypots and AI that creates baseline behaviors by stacking users and their daily activity.

And you actually pay for that. A lot of money.

That’s another story for another day.

So get the Ghostery and browse away.

If you liked this article, please recommend it below and share it.