In A Battle For Web Traffic, Bad Bots Are Going After Grandma
As the Web turns 25, it's becoming a terrific place if you're a bot.
It began as a tool for human communication, but now, over 60 percent of the traffic on the Web is automated applications called bots talking to other bots, according to one study. And experts say about half of those bots are bad.
But first let's talk about the good bots.
For example, Google's bots crawl around the Web to find the best information. There are also bots that help make the Web run smoothly, says Marc Gaffan, co-founder of Incapsula, a website security firm. These bots "check that our websites are up and running all the time and measure how fast they are," he says.
Incapsula released a report that found the percentage of nonhuman Web traffic went from around 50 percent in 2012 to over 61 percent of all traffic last year.
Gaffan says a little over half of those bots are bad. The bad ones are "scanning your website looking for vulnerabilities; they're potentially trying to hack into your website," he says.
Once inside your system, bad bots can get a lot of information, like corporate and government secrets. But Dan Kaminsky, the founder of the security firm White Ops, says his company noticed that bots were going after individual users.
"They're not going after people with secret military documents," he says. "They're going after grandmothers. They're going after everyone they can. And we were genuinely curious, why? Why hack Grandma?"
Kaminsky says the answer is that the bots want Grandma's identity, at least on the Web. He says there are underground companies that promise to bring viewers to websites. But what they are really doing is hijacking Grandma's computer and making it look as if she visits the sites, and that makes the sites more valuable to advertisers.
"They're doing a very little piece of identity theft," Kaminsky says. "They're pretending to be you to advertisers who are willing to pay a little bit of money to get a little bit of your attention."
Kaminsky says the problem with this kind of fraud is that it lowers the quality of what's on the Web.
"You see the Web sometimes and you click a link and you get a page and there's 30 ads on it and five of them are blaring audio at you," Kaminsky says. "And you think, 'Who could possibly ever find any value in this Web page?' And the answer is nobody. Nobody would ever go to a page like this. But nobody is — it's all machines tricking machines."
The big problem is that "bots will click on anything — they have terrible taste," Kaminsky says.
If bad bots were left to their own devices, bad taste would dominate the Web. But, even worse, Kaminsky worries that this kind of advertising fraud is undermining the economics of the Web.
Though people "tend not to like advertisers, advertisers have paid for a network that allows greater interpersonal communication than any other time in history. Who paid for all this free service? They did," he says.
Kaminsky's firm works with advertises to fight this problem. He worries that advertisers will go back to the TV or other outlets, which are better protected against fraud.
A study honoring the Web's 25th anniversary by the Pew Research Center interviewed 1,400 experts. Many shared Kaminsky's concerns.
"That's what these experts worry about: If it becomes too overwhelming, there's too little trust, it's too hard to distinguish between human and machine interventions, that people will just shut down," says Lee Rainie, one of the study's authors.
But, moving forward, many of the experts also said the attempts to secure the Web need to be balanced with keeping it open.
"They will shut down ways in which the Internet can serve up diverse opinions; new things for them to learn; all sorts of extra things that would add to their life," Rainie says.
He says that one thing is certain: There will be more bot traffic online in the future as more devices — from medical monitors to home heating systems — are connected to the Internet.
Rainie says we are likely to see a vast battle between good bots and bad bots.
Copyright 2020 NPR. To see more, visit https://www.npr.org.