One day it updated itself and started replacing IAB sized HTML containers with ads. I only noticed because I was doing testing with Safari and the player I expected to be loading was being replaced by an ad.
I guess the new model for adware/malware is to try to integrate so seamlessly that a normal person doesn't even realize they are seeing someone else's ads.
This is a serious question. It's open to others to.
I'd like to see sponsored pages.
"Revenue eXtraction Gateway" (RG)
They tried calling the RG helpdesk, and the RG people hung up.
Encrypting all internet traffic would put a swift end to this problem.
If the app -- suppose it's a toolbar or something -- gives the user valuable (to them) functionality, and it was installed legitimately, I think it's perfectly acceptable to monetize that way.
So the measure of the malware should be based on the app itself, and how it got onto the computer, and not the apps monetization.
While I can sympathize with site owners who could have their reputations tarnished by users seeing ads and assuming they came from the website, I also feel that if I, as a user, want an app and "pay" for it by accepting ads injected into my browsing activity, that strikes me as something I should be allowed to do.
Quite a bit of malware runs with user "consent", and purports to provide some value to the user. However, "malware" does often has the connotation of something that exploited a security vulnerability to end up on the system, hence terms like "adware" to cover software that introduces advertisements and often gets installed along with some other software package the user actually wanted. And given the extensive tracking associated with most advertising, pretty much any adware will also qualify as spyware, though not to the same degree as software like keyloggers and similar.
Some people have also introduced broader terms like "badware" to encompass many different categories (https://stopbadware.org/), but that term hasn't caught on nearly as much as "malware", "spyware", and "adware".
If a user truly did intentionally install a piece of software that explicitly said it would add advertising to arbitrary websites, and the software installed with the full knowledge and consent of the user, then by all means let the user annoy themselves. But for every user somehow simultaneously knowledgeable enough to figure that out and yet not knowledgeable enough to avoid it, there exist several million users with unwanted adware, spyware, and malware on their systems.
(And in many cases, such a "choice" affects more than just that one user; most spam comes from infected systems, for instance, since that has a lot more "value" than just spamming the user of the infected system.)
You're right, but merely injecting ads on a page doesn't malware make. Period.
User consent is typically given to yield some kind of functionality not to inject ads on pages the functionality is just bait.
That's just misdirection, it's not even clever it is simply bad. And whether we're talking about data in transit or stored on the computer is bickering over details.
If I make a toolbar that, I dunno, provides human-edited translations of Wikipedia articles that's active when you're on Wikipedia.com, and I monetize that by putting ads on the page, and a user downloaded and installed the app (as opposed to me paying to bundle it with another app) that is not malware.
Look, to the generally-non-technical audience that the original Wikipedia article had to write for, I think it's fair to cast a wide net and name all offending apps malware.
But here, amongst professionals in this industry, it's absurd to me to not see the nuance.
I agree that in that particular case it wouldn't necessarily qualify as malware, if you've made it clear to the user what you're doing. I would certainly call it adware, though.
And as you suggest, if you snuck it in along with some other application where the user didn't necessarily give clear and well-informed consent to install it, then I would absolutely call that malware.