A recent report has shed light on concerning practices regarding government websites in both the U.K. and the U.S. Specifically, it reveals that at least 18 government websites across these countries are transmitting visitor information to multiple online advertising brokers, including a Chinese ad-tech firm previously implicated in privacy controversies.
Google’s past actions against Yeahmobi, a Chinese ad-tech company, underscore the seriousness of the situation. The tech giant blacklisted Yeahmobi’s SDK due to findings of ad fraud and attribution abuse, highlighting the risks associated with such practices.
The process of selling ad space involves intermediaries connecting advertisers with website hosts. However, in the U.S., the Cybersecurity Infrastructure and Security Agency (CISA) explicitly prohibits the use of .gov websites for commercial activities like online advertising. Nevertheless, Silent Push’s investigation found several .gov domains potentially in violation of CISA rules, including mcdowellcountywv.gov, fortdeposital.gov, cohassetpolicema.gov, and sports.celina-tx.gov.
The investigation revealed that while the first three domains listed only Google in their ads.txt files, the sports.celina-tx.gov domain listed numerous partners, despite displaying no ads on its public pages.
In contrast, advertising on .gov.uk websites in the U.K. is permitted with restrictions. However, the report identified several .gov and .gov.uk sites utilizing ads.txt files to specify companies authorized to sell ad space automatically upon visitor arrival. Authorities such as Transport for London, the Met Office, and various councils in England and Wales were implicated.
Of particular concern is the involvement of Yeahmobi, the Chinese ad vendor, in collecting visitor data on U.K. public sector websites. This prompted action from the Council Advertising Network (CAN), a U.K.-based organization overseeing digital advertising on council websites. Upon investigation, CAN confirmed the presence of Yeahmobi in their publisher ads.txt files but took swift action to remove them as a precautionary measure.
CAN emphasized its commitment to addressing such matters seriously and stated its intention to seek further insight into the claims raised. These developments underscore the importance of vigilance and regulatory compliance in safeguarding user privacy on government websites.