sites asking for permissions by giving you popups for site notifications

Well, some of these articles are old, but not so old i did a mass delete. Thing is, I’ve been thinking about some of these topics, and during the Christmas break and in between security box releases and other Mix programming I’m doing, I’l be catching up with stuff and also finding things new.

Don’t worry, the Solar Winds fiasco isn’t going anywhere, looks like I’ve got reading to do on that as well.

First article I’m going to cover from the backlog deals with notifications from websites. You’ve seen the popups asking for permission for location and the like and those may not be so bad. This particular I’ve been thinking about lately has some good reasons why you shouldn’t allow notifications to be used on websites.

First of all, this article comes from our good friend Brian Krebs. I always find very interesting things on this site, and this is one I’ve been thinking about as of late, and want to start sharing what I’ve read and put in my own insite on this.

Brian’s first paragraph of the article is really what got me thinking about this again, even though I read it last month, and its a little over a month old. The paragraph says:

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s
mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts
and then selling that communications pathway to scammers and online hucksters.

So you’re saying that because people are paying for this now that this is bad? I know that I receive a lot of Spam through my web site, and its gotten so bad, that I’ve used an IP lookup tool to determine these IP’s. Most are IP transit IP’s, like they belong to a network that isn’t supposed to be browsing the Internet. There was one that filled out my form 6 times with the same timestamp. I also blocked several IP ranges because clearly its spam riddled. But when combined to this paragraph where it talks about your browser, the browser is the most important thing we have because it is our gateway to the web, just like email clients like Thunderbird and others get you connected to email. Let me repeat this paragraph again. Itt says:

An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts
and then selling that communications pathway to scammers and online hucksters.

I wonder how we can then remove that access if we find that to be the case, and how would one know if this is the case?

This article talks about an internet standard for push notifications. I don’t believe I’ve been to a website for push notifications, only location services like Metro. I Normally don’t allow notifications, especially if I’m there to read an article or something. Now that I know there are suspicious things, I won’t be excepting notifications on any site as it can happen to anyone. Here’s the link to the internet standard from Kreb’s article. Kreb’s article talks about a push company located in Montenegro , which I believe is outside of the United States. This site is among the top 2000 acording to alexa.com not to be confused with the Amazon device Alexa. I’m going to have to take a look at this site one day.

According to Krebs, he writes:

Website publishers who sign up with PushWelcome are asked to include a small script on their page which prompts visitors to approve notifications. In many
cases, the notification approval requests themselves are deceptive — disguised as prompts to click “OK” to view video material, or as “CAPTCHA” requests
designed to distinguish automated bot traffic from real visitors.

If this is the case, I will never accept push notifications on my browser knowing this.

To add insult to injury, the article states:

Approving notifications from a site that uses PushWelcome allows any of the company’s advertising partners to display whatever messages they choose, whenever
they wish to, and in real-time. And almost invariably, those messages include misleading notifications about security risks on the user’s system, prompts
to install other software, ads for dating sites, erectile disfunction medications, and dubious investment opportunities.

So this company has the opportunity to do spam like activity like we continue to get through email through our forms or other contact methods these guys find to spue their wares.

I’ll let you read the complete article which includes links, images of what is taken from this site, and much more. Be Very Sparing in Allowing Site Notifications is the article, and the comment boards await you!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.