back to article If Britain is so bothered by China, why do these .gov.uk sites use Chinese ad brokers?

At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers – including an ad-tech biz in China involved in past privacy controversies, a security firm claims. Silent Push, which identified the websites, will today argue in a report provided to The Register that this …

  1. StewartWhite
    Pirate

    An idea

    Here's an idea, how about a body politic that doesn't think that the only thing that matters in the entire world is money?

    Unless of course it's a matter of requiring all UK laws to be inscribed on lamb's vellum at a cost of £80K p.a. which clearly demonstrates a system that isn't ready to move on from the 18th century and where expenditure on frivolous nonsense such as this is considered "vital" purely because of the superciliousness of our parliamentarians. I know it's "only" £80K but this is symptomatic of a political class that believes itself inherently superior to us sans-culottes.

    1. Blazde Silver badge

      Re: An idea

      No surprise it's mainly councils on the list. For them money pretty much is all that matters because they're required by law to do x things with y money where y money plainly isn't enough to do x. They'll soon be selling lampposts to China just to keep them lit at night.

      1. fnusnu

        Re: An idea

        They've sold them to someone: https://www.theregister.com/2024/04/23/leicester_streetlights_ransomware/?td=rt-3a

        1. phuzz Silver badge
          Meh

          Re: An idea

          Bristol City Council stole their own lamposts.

      2. CowHorseFrog Silver badge

        Re: An idea

        Everybody knows councils are filled with hordes of people who do nothing. Like my local library there are literally more people to say hello at the entrance than actual locals visiting the books.

        1. JimC

          Re: my local library there are literally more people to say hello at the entrance

          Wouldn't be surprising if they are volunteers. At least some UK library services recruit volunteers, and saying hello at the entrance is a suitably low skilled task.

          1. CowHorseFrog Silver badge

            Re: my local library there are literally more people to say hello at the entrance

            Really people volunteer to stay in a building and say hello 3 times a day ?

            WHy do you invent total stupidity you would have to be braindead to volunteer for that.

            1. JimC

              Re: braindead

              Gets you out of the house, active and meeting people, plus making a contribution to the community by helping keep the library open. For folk who are not employed its not obviously worse than lying on the sofa watching Netflix reruns.

              1. CowHorseFrog Silver badge

                Re: braindead

                @JimC

                You need to learn to read. I clearly stated in my original post that very few people visit my local library which is why i mocked the need to have MORE staff to say hello to visitors than actual visitors.

                Why would a volunteer want to stay in a place lika a library that gets at best 10 - 20 visitors in an ENTIRE day ? Saying hello once an hour is hardly meeting people, surely there are better things to do, than saying "hello" 3 times a day.

                1. Matthew 25

                  Re: braindead

                  Free heating, free tea or coffee, free loo paper, plenty of books to read and few interruptions.

        2. Toni the terrible

          Re: An idea

          In my local libary there are no greeters / Info persons and almost no libarians even to book out books

    2. Doctor Syntax Silver badge

      Re: An idea

      "requiring all UK laws to be inscribed on lamb's vellum at a cost of £80K p.a."

      You can still read documents written on vellum many centuries ago. You can still, for instance, read the Domesday book. However that discs that the Beeb produced to celebrate the 900th anniversary of Domesday? Good luck finding hardware to read that. In the few years since then it's needed several projects to move it from one platform to another. £80k pa sounds like a bargain.

      1. johnfbw

        Re: An idea

        This one will do it:

        https://www.ebay.de/itm/404853222191?chn=ps&_ul=DE&_trkparms=ispr%3D1&amdata=enc%3A1__nQvjzYRMCzXOVFYsJZ3A32&norover=1&mkevt=1&mkrid=707-134425-41852-0&mkcid=2&mkscid=101&itemid=404853222191&targetid=1716911581359&device=c&mktype=pla&googleloc=9068330&poi=&campaignid=17943303986&mkgroupid=140642150118&rlsatarget=pla-1716911581359&abcId=9301060&merchantid=7364532&gad_source=1&gclid=CjwKCAjw26KxBhBDEiwAu6KXtyrOIKcunFXwl7-0uHU6QQwQXyX3cr0GhhxV38hkpqpVcygoWpvsYBoCLtUQAvD_BwE

        Now to find the discs...

        1. John Brown (no body) Silver badge

          Re: An idea

          "Now to find the discs..."

          ..and pray they haven't delaminated :-)

        2. Kro--nos

          Re: An idea

          I see it's listed as "doesn't post to United Kingdom"

          Wonder why that might be?

      2. PB90210 Bronze badge

        Re: An idea

        There is an episode of the Cautionary Tales podcast called 'Laser versus Parchment' on this very subject.

        A guy spent years decoding the non-standard Doomsday laserdisc and publishing the data online... unfortunately he died, the site expired and the data was (nearly) lost a second time!

      3. Anonymous Coward
        Anonymous Coward

        Re: An idea

        I guess it's a good job Guy Fawkes wasn't successful then isn't it, as I'd imagine a massive repository of Vellum wouldn't have survived being exploderated!

    3. Jan 0 Silver badge

      Re: An idea: inscribed on lamb's vellum

      Would you prefer something more permanent and more expensive, like engraved gold plates? The longevity of ink on vellum surpasses any modern technology. (Consider how the Voyagers are taking information out into the Cosmos.)

      1. Jedit Silver badge
        Joke

        "Consider how the Voyagers are taking information out into the Cosmos."

        I'm not sure we considered how we were taking information out into the cosmos. We sent every alien species out there some unsolicited nude pics and our classical playlist from Spotify.

        1. Richard 12 Silver badge
          Headmaster

          Re: "Consider how the Voyagers are taking information out into the Cosmos."

          Without genitalia, so merely topless, not nude per se.

          1. Geoff Campbell Silver badge
            Boffin

            Re: "Consider how the Voyagers are taking information out into the Cosmos."

            With genitalia, although the woman is not well defined. So we've sent them dick pics, basically.

            GJC

            1. Peter Gathercole Silver badge

              Re: "Consider how the Voyagers are taking information out into the Cosmos."

              There is no reason to think that any entity capable of catching the Voyagers in times to come will have any idea about human prudishness. There will be no embarrassment, and probably some curiosity about the human race, who may very well be extinct at that point. More information, such as the dimorphic nature of life on earth, will help them come to some understanding,

              I mean, there are people alive today who have no concept that nudity is anything to worry about. It's us in the 'developed' countries who should be ashamed!

              There are obvious reasons, such as warmth, protection, menstruation, where body coverings are a good idea. The fact that we have developed this into a shame of our bodies is a feature of society, not self consciousness.

              Mind you, the book of Genesis (and it's representations in other Abrahamic religions) and the serpent and the tree of knowledge have coloured societies for millennia!

    4. Anonymous Coward
      Anonymous Coward

      Re: An idea

      But it was super important that we spent squillions switching back to a dark blue passport.

      1. Martin-73 Silver badge

        Re: An idea

        they're black ;)

        1. David Hicklin Bronze badge

          Re: An idea

          >.. they're black ;)

          In the right light they are a very very dark blue.

          1. captain veg Silver badge

            Re: An idea

            Mine simply looks like its been out in the sun too long and got singed.

            Well, it does once taken out of its "protective" cover which, oddly, is a facsimile of the old Burgundy model.

            -A.

        2. Jedit Silver badge
          Stop

          Re: An idea

          My new UK passport arrived literally an hour ago, and it is in fact a very dark blue - darker than navy. This is definitely a STOP rather than a FAIL, though - I can easily see how the eye could be fooled.

          It's also incredibly shoddy. The cover is already warped and feels like it's ready to fall off. My EU-issue passport is in better shape after nearly 10 years than this one is brand new. But hey, our freedom to have a passport that is the same colour as the ones from Croatia!

          Which is an EU member. Oh.

      2. UnknownUnknown

        Re: An idea

        …. and the Post Brexit passports were contracted to be made in Europe by Franco-Dutch company Gemalto with the

        UK Passport Agency screwing over the existing contractor De La Rue (British despite sounding suspiciously Frenchie).

        The hubris and irony of Brexit has no limit.

        1. Richard 12 Silver badge

          Re: An idea

          One suspects this was entirely due to the name.

          It's the level of thought we've come to expect from this lot. I see Sunak still clings desperately to power while setting timebombs and the odd landmine for the next government.

          1. Toni the terrible

            Re: An idea

            And if Sunak wins, that will be awkward unless the law scrolls faded as they werent on vellum....

        2. John 61
          Pint

          Re: An idea

          De La Rue have been around for donkeys years, and they're very good at printing stuff. During the War (WWII) they printed 5 franc billets which (according to my late father) no Frenchies accepted. They're upstairs somewhere, along with a lot of other De La Rue stuff. They don't like it up 'em.

          1. Roj Blake Silver badge

            Re: An idea

            De La Rue's monopoly on the UK's paper (plastic) currency production is like giving them a license to print money.

    5. Anonymous Coward
      Anonymous Coward

      Re: An idea

      Have you just met our Tory government that has shrivelled the finances of every public institution to breaking point if not beyond, solely for the purposes of lining they and their friends pockets at the expense of everyone else?

      Not everything has to make a profit. There is such a thing as a loss leader worth taking. But they don't see it that way.

    6. Vaguely remebers

      Re: An idea

      In 2015 vellum was discontinued for printing UK laws.

      1. Toni the terrible

        Re: An idea

        This is so the Gov can deny recent laws exist, in 10 yrs time as the CD has delaminated etc

    7. midgepad

      Re: An idea

      Vellum. Obsolete of course. What was the more durable replacement again?

  2. Neil Barnes Silver badge
    Flame

    There is absolutely no reason

    that any information about me, from the most innocuous to the most private, should _ever_ be passed on from a government computer to any commercial entity.

    That includes the fact that I have even used the service.

    Nothing.

    I already paid for the service in my taxes, thanks.

    (I note that the parts of gov.uk I use - mostly HMRC and DVLA - are refreshingly free from any third party scrips (and indeed, internal scripts), which is reassuring if not a guarantee of sanity. But it's a start.)

    1. Mike 137 Silver badge

      Re: There is absolutely no reason

      "the parts of gov.uk I use - mostly HMRC and DVLA - are refreshingly free from any third party scrips "

      Take a look at the (NHS templated) web site of your local GP surgery. You'll probably be surprised. See also a 2019 report on how widespread this is on sensitive web sites across Europe.

      1. graeme leggett Silver badge

        Re: There is absolutely no reason

        GP surgeries are private entities contracted to the four nation's departments of health (and social security in case of NI) to provide healthcare and using the NHS branding for those services.

        1. UnknownUnknown

          Re: There is absolutely no reason

          Ooohh ‘stop the Privatisation of the NHS’ by these evil money grubbing profit centres.

        2. midgepad

          Re: There is absolutely no reason

          Up to a point.

      2. Anonymous Coward
        Anonymous Coward

        Re: There is absolutely no reason

        > Take a look at the (NHS templated) web site of your local GP surgery.

        I don't believe that my local GP Practice's website is NHs templated, it's not even HSC NI templated (I'm in Northern Ireland, there is no "NHS" as such here, it is called HSC NI).

        Rather their website is provided by an English company called Neighbourhood Direct Ltd (https://www.practicewebsites.co.uk/), I believe that EMIS (or is it INPS?) may also provide some GP website functionality.

        Indeed on several occasions I've pointed out in writing to my local Practice that the Privacy Notices on their website are incorrect throughout as Neighbourhood Direct appear to be using England & Wales related templates and so the Privacy Notices refer to various laws that do not apply in Northern Ireland (in at least 1 case there is NO equivalent NI law).

        Then again some of these Privacy Notices today *still* have multiple occurences of "The data will be shared with [ insert name of local service providers ]" (for sections such as "Recipient or categories of recipients for the shared data") despite me pointing this out to the Practice's DPO several years ago.

        They just don't give a damn!

        1. Vometia has insomnia. Again. Silver badge

          Re: There is absolutely no reason

          They just don't give a damn!

          They don't have do; have you tried reporting anything to the ICO? They just go "lol, whatevs" if you get a response at all.

          My practice uses EMIS which is kinda shit but more worryingly ties in with Google to force ReCAPTCHA, among other things, and is festooned with ads for private services and other crap. As well as the security problems and the "btw you'll have to pay for this service you thought you could access lol" which takes up much of the site, it's pretty ableist too. Which is kinda relevant to a health provider, you might think, but they're as indifferent to that as they are to security. And as much as GPs are private businesses, they're the only means of accessing non-emergency care and there's often no choice which one you go to, and they in turn have little choice of which software to use. Seems broken as designed, which just about sums up 21st Century Britain. At least 2000AD's future dystopia had flying cars and shit; the non-fiction version is just shit.

          1. Anonymous Coward
            Anonymous Coward

            Re: There is absolutely no reason

            > They don't have do; have you tried reporting anything to the ICO? They just go "lol, whatevs" if you get a response at all.

            Yes I've raised several cases with the ICO in the past. In particular 2 related cases regarding what appeared to be unlawful sharing of health data between many (mainly) "health service" organisations. I opened both cases in early 2021 - for both cases it took 6.5 months for the ICO to initially respond and a *further* 13.5 months for ICO to deliver an outcome (after having 3 different case officers involved over that period).

            However the outcomes "delivered" were a joke - firstly the ICO case officers ignored to 2013 -> 24th May 2018 (pre-GDPR) portions of both my complaints ("the ICO now has no powers to investigate pre-GDPR issues", more on this below). Secondly the case officers went through most of my GDPR-time-period complaint aspects and, one by one, said they wouldn't investigate them (no reasons given). At the end of all that time the ICO actually only investigated a single aspect of both my complaints: that the 2 orgs (one a Controllers, the other a Processor) had failed to delete my personal data from the central "sharing" system (the Controller had told the Processor to delete it, the Processor replied that "there was no defined mechanism to do so") - in the delivered outcomes the ICO found that both orgs had breached GDPR but decided to take no action against either of them - not even to require them to actually delete my personal data that they'd been unable to delete!

            Some time later I noticed on the ICO's own website news of them taking action on a case regarding pre-GDPR issues. So I contacted the ICO to formally complain that they'd previously told me they had no powers to do that....eventually I received an official response that "yes we have powers to do so but it is ICO *policy* to only investigate pre-GDPR matters if there may be potentially criminal offences committed" - at which stage I pointed to aspects of my original cases that indicated potential criminal offences per UK DPA 1998 - ICO eventually came back to "modify" their response to "yes we have powers to do so but it is ICO *policy* to only investigate pre-GDPR matters if there may be potentially criminal offences committed and sufficient people raise complaints" (where obviously just me making a complaint was not "sufficient").

            So, yes, I'm well aware of how the ICO "work"...

        2. midgepad

          Ghastly,

          are they not!

          The first 2000 or so, last century, were individual and interesting, and reflected the somewhat varied approaches and natures of the partners and places.

    2. Rob

      Re: There is absolutely no reason

      The DVLA don't bother with stuff like that because they have already sold their database of our details to 3rd parties. Nothing covert there, they went straight for the juggular.

  3. Jan 0 Silver badge

    ".... reasonable to assume most UK citizens wouldn't ....,"

    It's also reasonable to assume most people in the UK wouldn't want their personal data passed to any entity other than the one they're engaging with. There are, of course, reasonable exceptions that we would agree to if asked.

    We have a government that has consistently ignored the rights of UK subjects with regard to the Internet (amongst other entities), ever since the UK joined the Internet. (<pedant mode> Yes, we are "subjects" of our monarch, not "citizens" of our country.)

    1. Phil O'Sophical Silver badge

      Re: ".... reasonable to assume most UK citizens wouldn't ....,"

      Yes, we are "subjects" of our monarch, not "citizens" of our country.)

      Incorrect. We are subject to the laws of our country (as are almost all people to their respective countries, worldwide), and since the Sovereign is Head of State we're technically subject to them, but they don't have supreme authority. That lies with Parliament, due to a long chain of constitutional events from Magna Carta onwards. We are all, also, citizens of the UK, that status is clearly reflected in the wording of our passports, among other things.

      1. sitta_europea Silver badge

        Re: ".... reasonable to assume most UK citizens wouldn't ....,"

        "What are you doing on my land?"

        [Quoting Prince Charles, some years before he became Charles III of England, speaking to a reporter, who happened to be on a public footpath.]

        1. Anonymous Coward
          Anonymous Coward

          Re: ".... reasonable to assume most UK citizens wouldn't ....,"

          To play the Devils Advocate:

          A photographer, one of those usually called paparazzi,

          The same photographer who later said of the relationship between him and Charles "He's the hardest working person I've ever come across. I've been to every rainforest in the world with him. We've been to the rainforests in Brazil three times, we were in Australia, Cameroon, Brunei, Malaysia and Indonesia. He's passionate about his interests, and when someone impresses you that much, you're lucky to work with him. He calls me Arthur and I call him Sir. And it works very well." (interview in Der Speigel)

        2. Anonymous Coward
          Anonymous Coward

          Re: ".... reasonable to assume most UK citizens wouldn't ....,"

          Public footpaths can cross private land.

          1. Spazturtle Silver badge

            Re: ".... reasonable to assume most UK citizens wouldn't ....,"

            Yes, and public right of way only grants you that, right of way.

            If you are on a public footpath on private land you can't take photos without the landowners permission, nor can you pick berries and a whole rang of other things.

            1. Martin-73 Silver badge

              Re: ".... reasonable to assume most UK citizens wouldn't ....,"

              Now this I did not know, but it makes sense.

            2. the spectacularly refined chap Silver badge

              Re: ".... reasonable to assume most UK citizens wouldn't ....,"

              No that is actually an explicit exemption in the Theft Act and carried forward by various criminal justice bills since. If you are legally on the land in the first place you are entitled to forage for wild growing fruit, berries, nuts etc without any permission needed.

      2. Jan 0 Silver badge

        Re: ".... reasonable to assume most UK citizens wouldn't ....,"

        My apologies, it seems that I ignored an important legal change that happened in 1949.

        Let's march to the guillotine fellow citizens!

        1. johnfbw

          Re: ".... reasonable to assume most UK citizens wouldn't ....,"

          British subjects ceased to be in 1982 - now we are citizens

          1. John Brown (no body) Silver badge

            Re: ".... reasonable to assume most UK citizens wouldn't ....,"

            Although gov.uk like to muddy the waters a bit where they talk about Subjects and Citizenship amongst other designations :-)

          2. Anonymous Coward
            Anonymous Coward

            Re: ".... reasonable to assume most UK citizens wouldn't ....,"

            Most of us were citizens long before that. The category of "British Subject" applied only to residents of certain overseas territories who didn't have the right to live in the UK.

        2. UnknownUnknown

          Re: ".... reasonable to assume most UK citizens wouldn't ....,"

          The Guillotine - scare bleu no !!!

          “We left the EU, we won get over it!”

    2. Anonymous Coward Silver badge
      Unhappy

      Re: ".... reasonable to assume most UK citizens wouldn't ....,"

      It's reasonable to apply that assumption to non-UK people too. Probably everyone who uses the internet, and those who don't. And yet, targeted advertising is a huge market.

    3. Pascal Monett Silver badge
      Flame

      Re: There are, of course, reasonable exceptions

      And what, pray tell, may be a "reasonable exception" to your government selling your private data to, not only a 3rd party, but a 3rd party that's not even in your own country ?

      No. Just NO.

      When I deal with a government portal, I fully expect that everything that happens in Vegas stays in Vegas.

      I'm paying for that portal. I'm paying for the people managing that portal. I'm paying for the hardware that that portal is working on. That fucking portal does not need more revenue.

      But hey, if you find normal that your own government whores your data out to anyone, well that's your choice . . .

      1. Richard 12 Silver badge

        Re: There are, of course, reasonable exceptions

        One that they're happy to argue in public, and don't mind being splashed across the front pages of every newspaper in the land.

        Though you'd be hard pressed to find it on Reach news sites, buried in the deluge of crapverts.

  4. imanidiot Silver badge

    Once again Ad-block is your friend

    This goes, once again, to prove browsing without an effective ad-blocker and something like no-script is absolutely a silly thing to do and both are definite requirements for the modern internet user.

    1. Alistair Wall

      Re: Once again Ad-block is your friend

      Adblock only stops the ads being displayed on your browser. It will not stop the brokers being notified that someone on your IP address has accessed the STD clinic page.

      1. Autonomous Comrade

        Re: Once again Ad-block is your friend

        They tend to block the request to the advertising network and their scripts that load the ads entirely, so it will actually stop the data from reaching them. Depends on your adblocker of course as some do favours for money (i.e. unblock "responsible advertisers" who pay them money to be excluded) *ahem* *ahem* adblock plus but others like ublock origin are not tainted.

        1. Daniel Gould

          Re: Once again Ad-block is your friend

          The ad bidding is all server-side, so your ad blocker won't stop that info being shared at that level.

        2. Spazturtle Silver badge

          Re: Once again Ad-block is your friend

          It depends on what browser you use, on Chrome adblockers can only work after the fact, so all the requests are sent and then once the page is loaded the adblocker cuts parts out. On Firefox the adblocker has more privileges and can block and edit the requests going to the server.

          1. Graham Cobb Silver badge

            Re: Once again Ad-block is your friend

            But, as the post earlier in the thread says, that only stops the transactions from the browser. It does not stop the website backend telling all the ad agencies "IP address 1.2.3.4 has just downloaded page my_STD_and_how_to_love_it - how much am I bid for the chance to go into battle against their adblocker?". That is why using a proxy which randomises addresses is also vital.

            1. Anonymous Coward
              Anonymous Coward

              Re: Once again Ad-block is your friend

              > how much am I bid for the chance to go into battle against their adblocker?

              Literal tea spitter that one. :D

          2. EricB123 Silver badge

            Re: Once again Ad-block is your friend

            Well, I certainly don't want my personal information security level to be debated by a team of El Reg engineers to be assured if it's safe or not. Almost everybody here is certainly very intelligent, but to me at least a matter of security at this level isn't open for debate, period.

            1. OhForF' Silver badge

              Re: Once again Ad-block is your friend

              You want us to stop talking about it and allow councils to continue selling your personal information without further discussion?

              1. Filippo Silver badge

                Re: Once again Ad-block is your friend

                He wants data security to be a given, and not something that requires professional-level skills to even figure out whether you have it or not.

            2. MJI Silver badge

              Re: Once again Ad-block is your friend

              Ah period, here are our sanitary towel recommendations.

      2. Anonymous Coward
        Anonymous Coward

        Re: Once again Ad-block is your friend

        > It will not stop the brokers being notified that someone on your IP address has accessed the STD clinic page.

        Several years ago I complained (amongst other related issues) to my GP Practice that their website used Google Analytics (and other 3rd party stuff) and mentioned that this would result in users' IP addresses as well as the URL of particular pages (i.e. on Cancer, STDs, Heart Disease etc) being passed to such 3rd parties and that the combination of these details might be considered special category info.

        Eventually the Practice replied with a response that appeared to have been written by the English company who created and hosted the Practice's website:

        "The question of whether the combination of an IP address and the address of a page that relates to a health condition could be considered 'special category' date is one that we haven't seen raised before in any GDPR guidance or discussion, so we checked this one directly with the ICO. The ICO advisor we discussed this with said that, whilst the logging of the IP address of a website visitor and that they visited a page about a health condition would be enough to identify that the individual visited said page, it would not be enough to show this visit related to a condition that the individual themselves had, so it would be unlikely to class as special category data."

    2. Anonymous Coward
      Anonymous Coward

      Re: Once again Ad-block is your friend

      Ad blocker? Yes.

      No Script? Umm.. I like my web browser to be able to load websites and web apps...

      1. Graham Cobb Silver badge

        Re: Once again Ad-block is your friend

        That's what my separate installation of Brave is for - the few occasions when I do really need to turn on javascript. Brave is fairly privacy aware and I only find the need to use it a couple of times a week.

      2. imanidiot Silver badge

        Re: Once again Ad-block is your friend

        So you only allow the scripts from the main domain and block out all 3rd party domain scripts (the vast majority of ad-scripts aren't running "native" on the main domain of the website so can be blocked this way)

  5. steelpillow Silver badge
    Facepalm

    They were not worried, absent any evidence

    "Quick! The stable door is swinging in the wind!"

    "I'm not worried, absent any evidence the horses have already bolted."

    1. Roland6 Silver badge

      Re: They were not worried, absent any evidence

      Were there horses in the stable?

      1. steelpillow Silver badge
        Joke

        Re: They were not worried, absent any evidence

        Were there horses in the stable?

        Good question. How do Microsoft define "horse"?

        1. John Brown (no body) Silver badge
          Joke

          Re: They were not worried, absent any evidence

          With or without a hump? If with, one hump or two?

    2. John Miles

      Re: They were not worried, absent any evidence

      and in the news today - Four injured after runaway military horses bolted in central London (hope all are recovering)

    3. UnknownUnknown

      Re: They were not worried, absent any evidence

      Any WhatsApp messages related to any alleged Horse Bolting behaviour were on my old phone. I changed my phone and

      - factory reset the old one

      - can’t remember the PIN

      .. or it’s not policy for the Scottish Devolved Administration to carry out official business via WhatsApp. any messages J did do via that were general and just hellos and

      - I deleted them

  6. ScottishYorkshireMan

    Remember, Rishi uses Helicopters, so potholes aren't his problem...

    I know totally irrelevent title but nothing relating to Government ever seems relevent to real life anymore.

    Those supporters of Blue Corruption will likely baulk at this but lets be sure these days, whatever is going on, if there's money changing hands, there's a tory chunt in the cash flow somewhere.

    Just how it is, maybe next year it will be a Labour Chunt, doesn't matter the UK always gets EXACTLY the government it deserves, and for the last 40 or so years, that's been shit ones.

    1. UnknownUnknown

      Re: Remember, Rishi uses Helicopters, so potholes aren't his problem...

      There were many positives to the Last Labour administration. Most of them undermined /destroyed by the Tories.

      A NHS that in the main worked @May2010 and was independently rated as best/best value overall in the world

      SureStart

      to name a couple.

  7. Zibob Silver badge

    Not Intentional...

    "I think it's fair to say a UK or US government website wouldn't intentionally pass its citizens' data to a Chinese entity, so this just speaks to the unbridled nature of ad tech and user data that is mined and monetized through it,"

    I read the situation differently. They may not be intentional but the security side of IT is so drastically underestimated in importance that the possibility of this was not considered. There was no one to flag it as an issue.

    Not to excuse anyone for not seeing it, quite opposite, I'm outraged that they care so little that things like this are at best a "oh that's not right" and at worst, "hey though, this is mak8ng us money".

    Both points should result in whoever decided such things to be immediately fired and never allowed work in government in future.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not Intentional...

      As pointed out above, cash starved and debt laden institutions obligated to still "do stuff" have to raise funds somehow. The redevelopment of Gateshead was paid for out of National Lottery and EU Development Grants; not out of council tax bills.

      There is the ludicrous situation that said Council finds itself in concerning the Angel of the North. Despite the council being the primary organiser of funding of the project, the council is explicitly NOT allowed to use it's imagery in e.g. logos and letterheads. Neighbouring Newcastle council is more than happy to use the imagery, of course... Even if they didn't do jot to enable the thing.

      At least they dropped the blood-and-custard colour scheme that used to daub their vans.

      I have said it before and I will say it again. Why do all councils have to independently develop and deploy services? Local government in Devon needs to provide the same basic services as Northumberland does. Yet there are hundreds of ERP systems (and gawd knows what else) duplicated from org to org at hideous total cost of ownership.

      1. PB90210 Bronze badge

        Re: Not Intentional...

        Combining IT services had been tried but generally fails within a few years as they tend to end up costing more... if they work at all (cough, Crapita!)

        (Private Eye, ad nauseum)

      2. Toni the terrible

        Re: Not Intentional...

        Because, Horizon

  8. Grogan Silver badge

    Who wouldn't want to have their cake and eat it too? People want to benefit from China, but don't look at the big picture. Short term gain is everything, it's what gets praise, votes, appointments, promotions etc.

    China plays a long game. Mis-anticipate your next moves carefully. (I really don't like this technology embargo horseshit... there will be wider consequences to that, just not in the short term)

  9. cantankerous swineherd

    I tried the met office app and deleted it when I saw the 200+ "partners"

  10. IGotOut Silver badge

    Why woulythe goveruuse ads?

    Because they are a bunch of racist, inhumane, money grabbing cunts by any chance?

    1. MachDiamond Silver badge

      Re: Why would the government host ads?

      Finally, the question is raised. This was my first thought. The Government shouldn't be running ads at all and the cost of the websites should (in a real world) be balanced by the lower cost of publishing information that they are bound by law to make public. It's not like they can buy space in a newspaper anymore as the few rags that are left are a bit .... seedy. Government is also an end-user of PII so should not be "sharing" it with their "partners" at all, ever, forever. That information is also not something that people are giving freely. They are compelled by law to provide it under penalty if they don't.

  11. david 12 Silver badge

    Google Endpoints

    My first thought was, since the ad brokers only get information from web pages that include google endpoints, this probably just indicated misconfiguration of the Web Host -- as for the American site.

    But no, I see that for the UK councils, this indicates configuration by an advertising agency targeting councils: the "Council Advertising Network".

    Unless these councils are government-owned businesses, organized to provide council services on a commercial basis (Hey, anything is possible: I've seen worse), that advertising is in breach of the "rules" for .gov.uk, and the "Domain Team" of the "Central Digital and Data Office" of the "Cabinet Office" may suspend name lookup of the sub-domain name. Start holding your breath now.

  12. EricB123 Silver badge

    Are You Going to Complain About Everything?

    Well, before I could enter the Transport for London ads.txt file, I had to check a Cloudflare checkbox that I was a human. That's more than enough security for me!

    1. Toni the terrible

      Re: Are You Going to Complain About Everything?

      Well, Cloudfare more often than not doesnt think I'm human, do they know something I do nit?

  13. Dunstan Vavasour
    Thumb Down

    The "China" smokescreen

    Once again, the problem is stated as being data going to a Chinese company, when the real problem is the data going to *any* company.

    I'd love to see this article rewritten without the "China" angle, stating the real concern: user data is being scraped from UK government websites and shared with commercial third parties.

  14. CowHorseFrog Silver badge

    The real q... is why does anybody advertise.... surely with the sheer volume of ads everywhere the return can only be basically zero.

    If everybody is blasted with 1000 ads a week, theres simply no way anyone is buying more than a few non essentials they would have bought anyway, which means those ads achieve nothing.

    Take car ads, how many ads do we see each week and how many cars can a person buy in a week or year ?

    1. MachDiamond Silver badge

      "surely with the sheer volume of ads everywhere the return can only be basically zero."

      It's not zero so it all comes down to price. Coke and Pepsi plaster their logos everywhere and beyond with no way to track the ROI at too fine of a level. They have done tests where they pull those logos from an area and then look at the sales numbers over time and it goes down. They then get a fresh batch of posters and a bucket of glue and sales go back up. They know to the penny how much they can spend for a certain type of advertisement and see a positive return. It's the same in sport stadiums, if they don't display ads, people don't consume as much. It's almost Pavlovian.

    2. Filippo Silver badge

      I agree, and then some. You can get consumers to buy more, but, ultimately, there are only so many possible sales, and further advertising won't push past that.

      However, sellers are competing for those sales. This competition happens through price and quality, but also, and to a much larger degree than we'd like to admit, through advertising. After some point, you are no longer advertising to convince someone to buy a gizmo; you are advertising to convince someone who has already decided to buy a gizmo to buy your gizmo instead of their gizmo.

      And so, everyone needs to advertise more, and more, and more, just to stay in the same place. The real winner is, of course, the advertisement industry, and especially Google who not only provides the ads but also owns the algorithm that implements that competition (what conflict of interest?).

      A corollary of this is that the ad industry's typical claim that hard anti-advertising laws would depress commerce is, in fact, false. I would argue that ultra-hard enforcement of GDPR, for example, would actually benefit manufacturers of actual goods, because they would still reach the same sets of eyeballs, but they wouldn't have to outspend every competitor in a rigged auction every millisecond in order to do that.

  15. JulieM Silver badge

    Obvious question

    Why isn't it a matter of law for all government web sites to be completely advert-free?

    1. Anonymous Coward
      Anonymous Coward

      Re: Obvious question

      Most are ad-free

      The problem is the sites are allowing ad-slingers to mine your data supposedly anonymously, but given the sheer amount of data they routinely collect, how long before they figure out just who is suffering from from that social disease!

  16. Anonymous Coward
    Anonymous Coward

    facebook pixel

    I tried to sue Facebook after i discovered (quite by accident) that the factory installed Facebook app wasn't the official app found on the Play Store and that it had been custom made for my device to allow the phone manufacturer to have low-level access to my social media data a year before it had become public knowledge when the New York Times did d an expose' on Facebook's "trusted" Partner Program.phone calls with my phones manufacturer

    The problem was when I went to find a lawyer from the government website I found it contained the invisible 1X1 Facebook Pixel that would have alerted Facebook of my intended lawsuit before i had ever found a lawyer.

    I had also found the Facebook Pixel hidden in the "pay rent" portion of my apartment's official website. The pixel wasn't on the main page where you would expect it to be for prospective tenants but only present in the tenant portal where we logged in to pay rent sending our name. address and rent amount and date and any late fees and IP address to Facebook.

    The apartment management stopped accepting personal check or money orders to force all tenants to use the website to pay rent. This website was used by thousands of apartments nationwide.

    I have several email threads where i spoke to the owners of the rent website as well as the person in charge of the governments "find a lawyer" site as well as some damning emails and recorded phone calls with my phone manufacturer and regional manager that was selling them that I might post publicly on a blog some day before I pass on.

  17. Anonymous Coward
    Anonymous Coward

    image warning!

    uMatrix alerted me that the ads.txt from the Met Office tried to load an image in the background which i assume is a tracking pixel that was blocked.

    (I haven't tried the others)

    I was using it to add to my PiHole list

  18. StrangerHereMyself Silver badge

    Because

    Because the government is clueless and its IT personnel incompetent!

  19. heyrick Silver badge

    Netizens may not expect this when visiting a public-sector portal

    I don't see why they would expect that. This government has proven over and over and over again that they are corrupt beyond the telling of it, and they give exactly zero fucks about any of us little people.

  20. JohnSheeran

    "If Britain is so bothered by China, why do these .gov.uk sites use Chinese ad brokers?"

    Because they have no idea how any of this stuff actually works and therefore had no idea they were even using said ad brokers.

  21. sketharaman

    Kudos!

    Great piece! Just when I thought it's fool's errand to expect investigative journalism from mainstream / digital media and have been shilling the Hunterbrook model as future of journalism!!

    https://twitter.com/GTM360/status/1775484568428019811

    One little-known fact about Real Time Bidding as described in the article: Even the losing RTB bidders get to keep the data received from publisher websites that solicit their bids.

  22. Alan Brown Silver badge

    Selling data to who?

    "It's also reasonable to assume most UK citizens wouldn't want their personal data passed to a Chinese entity,"

    I have bigger quibbles with it being passed to American ones given their ethics and business practices

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like