At least 18 public-sector websites in the UK and US send visitor data in some form to various web advertising brokers – including an ad-tech biz in China involved in past privacy controversies, a security firm claims.

[…]

In the US, .gov websites are not supposed to run ads. In the UK, ads are allowed on .gov.uk websites, subject to some limitations. The .gov and .gov.uk sites flagged by Silent Push each publish an ads.txt file that spells out the businesses allowed to automatically sell that site’s ad space to advertisers as a visitor arrives.

[…] Silent Push found a bunch of UK and US government websites with [the ads.txt] file listing various advertising exchanges and resellers ranging from Google (like what El Reg uses) to one in China.

[…]

One of the ad-tech vendors used by the .gov.uk sites, and highlighted by Silent Push, is Yeahmobi. This Chinese entity reportedly had its mobile ad SDK removed from the Google Play Store in 2018 for alleged ad fraud. Yeahmobi did not respond to requests for comment.

[…]

Silent Push’s report identifies four .gov sites that, in our experience, do not display adverts though do ping web ad platforms, do list various exchanges in their ads.txt files, and may break US government CISA rules. In the UK, it’s a different story, as 18 sites identified by Silent Push use Yeahmobi among others to display ads somewhere on pages.