A lot of the responses to Methbot have been along
the lines of
hey, look, a squirrel! So here are
a few of the non-squirrel things to think about.
Methbot does two interesting things. Adtech is fixing one of them.
White Ops published some good info on two Methbot capabilities.
Spoof data center IP addresses as residential
Work around anti-fraud software
Almost all of the news about Methbot is focused on the first one. But look at the original White Ops report (PDF) and skip to page 24.
The White Ops security research team found traces of analysis code where Methbot developers dissected the logic of the most widely adopted fraud detection vendors on the web. It’s apparent that they spent some time reverse-engineering these capabilities, manually running portions of measurement code inside legitimate browsers to learn what its output looks like, and then porting the logic to spoof those values in Methbot execution context.
And page 25.
In addition to code specifically designed to defeat viewability measurements used by specific vendors, White Ops found routines for spoofing industry-standard measurements. In particular, flash VPAID events are expected and handled.
Methbot impressions are more
human impressions. Methbot is a more skillful
Web user than the average CMO. Augustine Fou
To put it bluntly, bad guys don't even care to find out the actual secret sauce of the various fraud detection companies because they have already A/B tested their bots and know for sure they get by various detection platforms. In fact they openly sell "fraud vendor compliant" traffic on a CPM/CPC basis.
When you pay for anti-fraud technology,
you're just paying for the software
testing that fraud hackers are using to build
better bots. White Ops CEO Michael Tiffany told
The ultimate source of truth about where an
advertising opportunity is happening is in the
browser—but if you carefully rig the browser
to lie about that, there is almost no defense.
There is one defense. It has two parts,
flight to quality, and
we'll hear more about it in 2017.
Methbot didn't cost advertisers any money.
Advertisers already know about adfraud in general. Methbot was just one ambitious example. Other fraud rings are still doing what they do. If you got an Internet of Things device for Christmas, it might already be running a bot. Methbot's IP addresses are no more, but the anti-anti-fraud code lives on.
When enough players in a market know about a problem, it's priced in. And adfraud has been priced in to the online ad market for a long time. (This is why the recommendations at Shortin' Adtech are bogus. Advertisers and investors can flee web advertising, but have no incentive to, because publishers pay for fraud. Publishers can't flee, because online is displacing print, but they have every incentive to if they could. An important reason for the "print dollars to digital dimes" problem is that everyone is used to paying the fraud-adjusted price.)
For every dollar that adfraud costs advertisers, they save a dollar or more in lower costs for legit ads. For every dollar that adfraud takes out of the game, publishers lose more. This is pretty basic economics, and explains why advertisers are willing to talk but not take action on the adfraud problem.
Data-driven can turn into bot-driven.
Advertisers do pay for adfraud, but not in money. When you're running a data-driven organization and the data comes from bots, then you're making decisions based on bots, not customers. Some kind of
This is especially true for connecting ad and social data to sales. Attribution models are subject to gaming, but the Criteo/SteelHouse lawsuits were dropped, so instead of waiting for the techniques to come out in discovery we're going to have to dig some more to see how the fraud hackers are doing it. Happy new year.
In the news:
Want to get a little more info on the brand-unsafe ad problem? Two minutes, easy experiment.
Get a fresh browser, not one you normally use. If you're on Safari or Chrome, try this in Firefox, or vice versa. (Don't pick a browser such as Brave that has a built-in ad blocker. This is about the ads.)
Go to your favorite—or least favorite—jihadi, white nationalist, or shitlord site.
Look at the ads.
That's the kind of thing I get based on the above site's ability to get ads based on its content. Crappy ads from advertisers that will settle for any impression, anywhere, whether brand-safe or not.
I don't see any reputable brands showing up when I do this with a fresh browser. How about you? LMK on Twitter which seems to be the place to talk about this stuff.
So why is the Sleeping Giants campaign even a thing? Why are people finding real brand ads on brand-unsafe sites?
The problem is that browsers have old bugs, some left over from the 1990s browser wars, that let information leak from one site to another. "Your ad on a site we know is crap" is pretty much worthless to an ad agency, but they will pay for "your ad to a known user" and pretend the brand safety issues don't exist.
But putting brand safety last, and trying to hack around it when people complain, can't work when the other side just has better hackers.
Here's the most facepalm-worthy but also totally accurate 2017 web advertising prediction so far:
Ad tech’s big marketing pitch in 2016 was offering “fraud free” guarantees. In 2017, it’s going to be “fake news free” guarantees.— Lara O'Reilly (@larakiara) December 5, 2016
Really? A brand-new service rushed out the door, by companies that never cared about shitlords before, is going to have a chance? When shitlords consistently have better skills, and out-hack the entire Lumascape, without even mussing their "dapper" outfits? Good luck with that.
As Professor Harry G. Frankfurt once wrote,
One of the most salient features of our culture is that there is so much bullshit.
Bob Hoffman points out that this is especially true in keynote speeches about online advertising. But all that bullshit is there for a reason. What would happen if you took the bogus scientification and marketing-speak out of the Thought Leader Insights? You'd get something more like these.
You don't need to make creative advertising because a machine, or some random person on Amazon Mechanical Turk, can generate a bunch of ads until something sticks.
Third-party tracking lets you reach high-value users for less money on low-value sites, because CTOs and minivan buyers regularly visit che3p-viagra.biz and watch the videos all the way through.
Fraud isn't a problem because code monkeys in an open-plan monkey house, reporting to douchebags and working for point squat percent of a company in four years, are smart enough to out-hack a fraud developer who is working on his own time, for 100% of the gain, in 30 days.
If you just educate users about how web ads work, they'll be happy to let sites they've never heard of excrete untested combinations of code onto the computers and devices where they keep stuff they care about.
None of those will fly in their bare form, but load them up with a bunch of "customer journey" and "deep learning" and now you've got a keynote.
So there may be perfectly good reasons why you might want to apply a substantial layer of bullshit to what you're doing. If so, carry on.
But what if you have a real problem?
The web is still a terrible place to build brands.
Web advertising is still low-value enough that it won't sustain high-reputation publications when print revenue goes away.
Third-party crap is still a security risk.
Then you need an alternative to bullshit, so go read more about getting Bob to speak at your event.
Here's a TV commercial from 1971.
But here on the Internet, at least a lot of the time,
people are more like,
I'd like to buy my tribe
a Coke® and the rest of the world can go die in
People have an us-and-them side and a more inclusive side. And advertising has an unwritten rule about which side of the customer you're allowed to talk to. For a long time brands have stuck with a kind of generic globalism, not enough to satisfy a bona fide social justice warrior but never tied up with a specific tribe. Right-wing talk radio in the USA has trouble keeping mainstream advertisers. In one case, a blogger going by "Spocko" made fair use recordings of some radio shows and raised a stink to the advertisers. Despite some legal threats, it basically worked. Most brands are risk-averse enough to stay off talk radio. Even on the web, it's news when a brand shows up sponsoring a beheading video on a jihadi site.
Do things work differently, though, when it's an algorithm placing the ad in a niche that only sympathizers can see?
Timothy B. Lee writes,
The increasing polarization of news through social media allows liberals and conservatives to live in different versions of reality. And that’s making it harder and harder for our democratic system to function.
The rapid growth of these pages combines with BuzzFeed News’ findings to suggest a troubling conclusion: The best way to attract and grow an audience for political content on the world’s biggest social network is to eschew factual reporting and instead play to partisan biases using false or misleading information that simply tells people what they want to hear. This approach has precursors in partisan print and television media, but has gained a new scale of distribution on Facebook.
Filter bubbling has been a thing for political advertising for quite a while, as Zeynep Tufekci pointed out back in 2012. Campaigns can target ethnic groups on Facebook with "voter suppression", or share misleading messages where they're harder for outsiders to track down.
What happens after the election, when tribal rage bubbles keep right on being a thing, but the political ads dry up? Are regular brand ads going to get placed on fake news, scenes of violence or threats of violence, and all the other us-versus-them crap out there? You probably wouldn't put your brand on Stormfront, but will you put your brand on one of the thousands of algorithmically micromanaged mini-Stormfronts of Facebook? Are dark posts the thing now?
This isn't a question about whose politics match with
or whether or not Facebook enables
targeting using data that we would prefer to keep
or whether or not individuals should leave
The question is whether brands are now getting comfortable
with working inside bubbles that would
not have previously been considered
People keep saying that
Google doesn't get
social, but in a way, that's a compliment.
A lot of the time, people's idea of being social
is to split up into tribes and fling Internet poo,
or worse, at each other. Part of
social is developing the ability to exploit
people's other-tribe-hating brain circuitry in the
same way that spammers took advantage of open SMTP
and SilverPush took advantage of
an opportunity to sneakily connect mobile user
(The Peter Thiel
is raising the profile of the social
filter bubble issue by putting a human face
on it. Every time Sanford Wallace's smug face
made the news in the 1990s, it motivated us to
fix up our mail servers and set up the early spam
filters. Now it's Thiel in the news, making money
on both ends of the pipeline—recruiting 4GW
on Facebook, and selling Palantir
contracts to track them down later. Ingenious
at scale. So what to invent now?)
What's great about this country is that America started the tradition where the richest consumers buy essentially the same things as the poorest. You can be watching TV and see Coca-Cola, and you know that the President drinks Coke, Liz Taylor drinks Coke, and just think, you can drink Coke, too. A Coke is a Coke and no amount of money can get you a better Coke than the one the bum on the corner is drinking. All the Cokes are the same and all the Cokes are good. Liz Taylor knows it, the President knows it, the bum knows it, and you know it.
That was then. But today we're not even drinking the same damn Coke. I'm drinking the version bottled in Mexico. Meanwhile, out in High Fructose Corn Syrup land, they're drinking the other kind.
And that's just Coke. Are economic inequality and social distances between tribes getting big enough that the idea of a brand-safe ad placement is over? Are brands just supposed to take sides now? That's fine for fast food and soda pop, but what happens when an IT brand that benefits from economies of scale has to pick a side?
Facebook is harming our democracy, and Mark Zuckerberg needs to do something about it by Timothy B. Lee (6 Nov 2016)
Dear adfraud whistleblower,
First of all, I respect you a lot for wanting to do the right thing.
Posting the information that you did, where you did, is a dangerous way to do it.
As you pointed out in your posts, you are risking your job and risking physical harm.
But you're also risking a complex legal case, where you as an individual could be accused of all kinds of crimes. Your complaints against the web of companies that you know about would be forgotten, and you would have to carry out a costly legal defense. Most of the companies you mention are in good standing in the adtech industry. You'll be coming in looking like an employee accused of wrongdoing and making up stuff.
And, if half of what you're saying is true, you know how quickly they can delete information or move it to a new "clean" company.
If you're really motivated to bring these guys down—and that's something that only you can decide—there is a better way.
You can send documents to a trustworthy reporter who knows Internet security issues. Look for someone whose writing about complex technology doesn't make you facepalm, and who has either put up a personal PGP key or writes for a company that's on the SecureDrop Directory.
You shouldn't contact me, since it's just one more opportunity for someone to mess up. The best way is to do some reading and see who knows the malware/adtech business and can receive documents securely.
Regulatory action follows "viral" news stories, not the other way around. We all know that regulators are relatively uninterested in adfraud, but you have a story that can change people's minds.
The "tl;dr" of all this is "delete your account" but please don't take it that way. Again, much respect and stay safe.
UPDATE: Twitter thread
Bob Hoffman asks,
Who Stole The Ads From Ad Week? I'm on my third morning at Advertising Week and I've yet to see an ad.
All right, Bob, here's some 21st-century advertising. (You're welcome.)
That's the kind of thing that the sessions at the big conferences are all about. It's a targeted ad.
But even though targeting and the technology behind it are core subjects at Advertising Week, somehow everyone knows that it would be uncouth, unwise, or both to show targeted ads to people there.
Advertising Week participants recognize at some level that actually showing a targeted ad to someone is an act of communication aggression. It treats the recipient as a component of a mechanism, like a flask moving down a bottling line at a distillery.
In the Jeep ad above, I'm targeted as a person who doesn't drive off-road and basically can get by with a minivan. So instead of honestly communicating about the qualities of the Jeep brand, they throw together something that some algorithm says is more my speed.
The only information that ad offers me about Jeep is a little insight into what that algorithm, that Jeep paid for, thinks about me. Some new Jeep has the same kind of electronic doo-dads as every other new car does, and the software predicts that I care.
Brand advertising works differently. Rory Sutherland explains how people with limited information about complex buying decisions can use reputation to help. Reputation is hard to build, brand ads can help if you do them right, and those ads are the kind of thing that you show at a conference.
Brand advertising does have complicated math in it, but it's behavioral economics math, with the calculations done on the "reputation coprocessor" in the user's brain. (For the data nerds out there, reputation-based advertising is like rendering your graphics on the GPU on the client, instead of paying for cycles in the data center. Reputation math is way cooler, and has way more force multipliers hidden in it, than direct response math. But the power to use that math looks "creative" so is out of fashion.)
So many of the proposals for funding Journalism are based on allowing people to buy out of seeing ads. That only makes sense if you assume that ads are all targeted, not worthy of being shown at a conference, and adversarial. But when the web can fix a few old bugs, valuable print-like ads can emerge. One bright spot: Firefox Tracking Protection is now available as a Test Pilot experiment. Give it a try. A lot of the targeted ads will disappear, but you might just find your inner behavioral economist paying some attention to the ads that remain.
Duane Kinsey writes, "For Publishing Companies, The Problem Is Publishing Companies." He suggests,
Publishers can voluntarily choose to leave the current ad tech landscape behind just as quickly as they decided to partner with many of the companies currently running the industry into the ditch.
Good goal. That is where we're going to have to get to in order to save the ad-supported web. Yes, the current web ad system is a dumpster fire. It's no secret that adtech intermediaries can leak user data from high-reputation sites to low-reputation ones. Right now the web is a good match for advertisers that want to do targeting-based, low-reputation strategies, but terrible for signaling-based, high-reputation strategies. Third-party tracking is a bad deal for publishers, too. For example, chumboxes are currently good for quick cash, but can leak user data and motivate users to install ad blockers.
TrustX: a better way, or same broken system with new owners?
(I have contributed several items to the Digital Content Next blog.)
Jack Marshall at the Wall Street Journal reports that Digital Content Next is launching a new ad marketplace called TrustX.
With no outside investors and no profit motives, TrustX will focus on driving long-term benefits to marketers and publishers, DCN said.
Are publishers just getting a piece of a low-value ad system, or really changing things?
Here's how we'll be able to know.
Who is in the tracking-protected audience? Tracking protection is fundamental to web publisher value. From the high-reputation publisher's point of view, DNT is more like "Do not leak data" or "Do not commoditize." But it's hard to measure accurately, because there are many different kinds. What works for detecting AVG Crumble might not work to detect Privacy Badger. Any project to fix web ads depends on getting good numbers on site audiences that are protected from third-party tracking, and so harder to track from high-value to low-value sites. (You can do this with the Aloodo un-tracking pixel and scripts.)
What does the market for competing low-value ads look like? Who else is selling impressions that claim to reach the TrustX audience? Get on one or more DSPs and buy some. Right now, conventional adtech can make a lot of bold claims about quality. (Ever notice that web ad impressions overall are about 30% bots, but every individual adtech company claims 2% bots? Somebody's math is wrong.) Buy the cheapest impressions that claim to be "your audience" that you can, and check them out. Part of that is comparing their tracking protection rates. If you have an early adopter audience that's well-protected, then a competing site that's full of bots will really stand out.
How can publishers refine the data-driven case for Flight to Quality? Real, high-quality sites have branding advantages over generic eyeball-buying, and adfraud is becoming a mainstream concern. The complex adtech that tracking protection protects against is also the place where fraud hides. But conventional adtech has a lead in data collection. Higher-reputation publishers need more and better data to take to numbers-craving CMOs. Much of that data will have to come from the tracking-protected audience.
This thing could really work.
If TrustX can do things right—CNAME support and EFF-flavored DNT would be solid choices—then ad blockers start to be less of a concern. Legit publishers can deal with the ad blocker the same way that MailChimp deals with the spam filter. Accept that it's there, carefully get around it, and comply with user norms. It would be counterproductive for MailChimp to get email newsletter subscribers to turn off the spam filter entirely, but they can get their own newsletters through without paying anybody off.
Facebook showed that you can beat the pattern-matching of Adblock Plus with fairly simple HTML changes. If TrustX can keep the privacy developers on the sidelines by respecting DNT, then that gives high-reputation sites some options. Refuse to pay into the "Acceptable Ads" racket, do some careful adblocker workarounds, advocate responsible tracking protection, and keep the four-currency price of accepting magazine-style ads on the web lower than the four-currency price of blocking them.
Update 7 Nov. 2016: As of today, privacy claims and the "disable tracking" switch have been removed from the Adblock Plus first install page. (Get real tracking protection.)
Consumer Reports has just published "66 Ways to Protect Your Privacy Right Now".
Many of those suggestions look good. But that should probably be more like 65 ways.
One piece of software linked to from the CR story is Adblock Plus, which would be a better fit for CR's "Selling it" feature on sneaky offers, weasel wording, and other examples of gray-hat marketing.
What's so bad about Adblock Plus?
When you first install Adblock Plus, the privacy option looks good. It says "Adblock Plus can do more than block ads." Scroll down to the bottom of the page, and you see
Browse privately by disabling tracking - hiding your tracks from ad companies that would track your every move.
Looks good, so flip the "Disable Tracking" switch.
Protected from tracking, right? Wrong.
It looks like you made the responsible choice, and now you're protected.
But start web-surfing with your browser's developer
tools open, and you'll see third-party trackers
from, for example,
What's up with that? How could it be that even
when you deliberately turn on "Disable Tracking"
you still get trackers?
That's the tricky part. The company's "Acceptable Ads" whitelisting program actually overrides the other choices made by the user, including that nifty little "Disable Tracking" switch. Google and other companies pay Adblock Plus for "Acceptable Ads".
Want to make your decision to block trackers actually take effect? You'll find the other option that you need in order to protect yourself in a different dialog, cleverly but not helpfully labeled "Allow some non-intrusive advertising".
To really disable trackers, un-check a box that has a label that says nothing about trackers at all.
It is possible for a user to configure AdBlock Plus to block trackers. And fixing something by changing an option in one obvious place and again in a not-so-obvious place is not really that bad, by the standards of instructions for computer hobbyists.
But this isn't about a story in Puzzles for Computer Nerds Reports, it's about Consumer Reports, and "Consumers" probably expect things to be more a little more straightforward.
Next steps: There are better ways to deal with problem web ads, and sites can help recommend them to users.
Business Insider reports that Google is planning to "rid the web of bad ads" with yet another new industry organization.
On a website announcing the Coalition, the group says it will develop the criteria based on consumer research, which will look into the kind of online ads people love and hate. The first iteration of the scoring system is expected to be released in the fourth quarter of this year...
Really? Big Data and algorithms to analyze why web ads are somehow crappier than print ads?
Web ads did not end up being so annoying because agencies designed them willy-nilly and had no idea of how much they were getting on people's nerves. Ad agencies employ humans who can tell a magazine-style ad apart from a crappy web ad as well as anyone else can. The people who make web ads already know when they're crappy. A lot of crappy ads just get clicks.
Web ads did not end up being so annoying because Data-Driven Marketing masters have failed to do some magickal research that would quantify user irritation. Any web editor who has ever moderated a comment section knows what the problem ads are. Web sites would start refusing those problem ads tomorrow if they had the market power to do it. The annoying ads persist because publishers don't have the market power to enforce quality standards, they way they can in print. If a high-reputation site won't run a marginally too-crappy ad, the ad agency can go buy (what is supposed to be) the same audience on a marginally lower-reputation site.
The publishers of sites with quality level "9" don't want to accept an ad of quality level "8" but they know they'll lose it to a lower-quality site if they don't run the ad and the third-party scripts that come along with it. And by accepting the third-party scripts, the publisher is giving up data and making it easier for the next, even crappier, ad to squeeze them even more.
So even if all the "9" and above sites could get together in some coalition against crappy ads, then the crappy ads—which both get clicks and provoke blocking—just go to non-coalition sites. And the incentives to defect from the coalition are obvious and powerful. The lowest-reputation site remaining in the coalition can always make more money right away by leaving.
The privacy nerd solution doesn't work either
By now the privacy nerds are popping up to propose the classic privacy nerd solution: high-reputation sites should just unilaterally stop running third-party tracking that leaks their audience data to low-reputation sites.
Unfortunately, that doesn't work. In today's web ad environment, where users are trackable from site to site, intermediaries have the power over high-reputation sites that they need to extract cooperation.
What high-reputation publishers need is some kind of "clerk cannot open safe" sign for audience data in the form of client-side tracking protection. The game does work out to winnable by the publisher if the cross-site tracking options are limited. A site has to be able to tell an ad agency, "Even if we did include that data-leakage-perpetrating, battery-sucking, fraud-enabling script you want us to include? Our users are tracking protected. Want to reach our audience? Do it our way. Without the crap."
Covering the "adblock wars" (as Doc Searls calls the situation) is hard.
It's like showing up at a peaceful protest where organized looters show up and mix with the protesters.
If you're reporting on the event and you cover the legit grievances of the protesters without mentioning looting that you know about, then store owners who get hit will say you're full of crap and on the looters' side.
If you cover the looting but not whatever the peaceful protesters are saying, then anyone who turned up to join the peaceful protest will say you're full of crap and putting the stores ahead of their important issue.
The Adblock Plus paid whitelisting program isn't just "controversial". It's actively wrong by any standard but the Silicon Valley "anything for network effects lol" standard. Adblock Plus is talking hippy-dippy community woo-woo while they shake down legit sites.
Can we please tell both stories?
Sure, there's a malware story, and an adfraud story, and the long-running paradox of why the most targetable ad media are the least valuable and the most blocked. Web ads need to be fixed.
But we can't lump the looters in with the peaceful protesters, or we start fooling ourselves on paid whitelisting the same way that the IAB keeps fooling themselves on malvertising and fraud.
This stuff matters. When Internet fair use advocates tolerated the Napster racket, our side drove a lot of legit working musicians over to the DRMers and maximalists.
The "adblock wars" will be won or lost based on choices made at legit web sites. The people who work hard to put news and cultural works on the web will have to decide what to do about ad blocking.
Sites will end up choosing different options from a spectrum. At one end is Johnny Ryan's "reinvention not reinsertion" concept, where you privacy-protect ads as part of making them resistant to blocking. At the other end is the hard-core option of using CFAA and DMCA against adblockers (with privacy tools as the by-catch.)
Web publishers are in a double crisis right now.
Adblocking: costs both publishers and intermediaries.
Adfraud: is a wash for adtech, agencies, and advertisers, because costs are passed on to publishers.
The IAB can afford to half-ass the fraud problem. Publishers can't. But publishers can't afford to ignore the paid whitelisting racket, either. If we want to make a reasonable case for next-generation advertising, it has to work for the people who write, shoot, edit, and publish our news and cultural works.
So enough with the "AdBlock Plus is controversial ¯\(ツ)/¯" already.
Next steps: Faster, cleaner ad blocker blocking
The web ad business is full of deception, according to...you thought I was going to say Bob Hoffman, didn't you?
No, I'm going to cite no less an authority than Interactive Advertising Bureau CEO Randall Rothenberg, who advises that any brand that has to deal with companies in his industry had better hire someone with mad hacking skills.
The problem begins with the unwillingness of major marketers to insource significant, senior-level technical expertise.
At Marketing Week, Thomas Hobbs quotes Alessandra Di Lorenzo, chief commercial officer for advertising and partnerships at Lastminute.com.
Anyone who is a non-digital, native brand is probably less skilled in the inner workings of media and should be more on guard about what is really going on.
This is like needing a Chief Power Supply Officer because you buy PCs and you don't trust your vendor not to put in a bad power supply. In any other business, if you have a problem with deceptive sellers, a halfway decent trade organization would be all over that. "Tired of getting ripped off by crooks who sell other people's condos on Craigslist? Next time, call a Realtor® from the National Association of Realtors®." You know the drill. Every trade organization does this.
Except the adtech business. From adtech, brands get roughly the same message that a WordPress user with a security problem would get on a phpBB site tricked out with a black background and rotating ASCII-art skulls. haha pwned n00b! Better learn 2 h@ck nxt t1m3!!!1! The IAB puts an ideological committment to unlimited third-party tracking ahead of the interests of its honest members' customers.
It's not an "advertising" thing—magazine ads really get printed, bus ads really get stuck to the bus, radio stations really transmit. Adfraud is the unavoidable by-product of today's web ad system that allows ads to be targeted across high and low reputation sites. You don't need a fraud expert to buy magazine ads, but the web is another story. And that "senior-level technical expertise" that IAB wants you to get is not cheap. Software companies have enough trouble hiring people with hacking skills—and now any brand that wants to run a web ad is going to need one?
Judy Shapiro writes, "Marketers' trust in the ad-tech world is on the decline for lots of reasons: complexity, lack of transparency or standards."
I suppose that's a nice way of saying that people who are responsible for brands are sick of being told that deception is here to stay and it's up to you to learn to deal or hire a hacker who can.
We are, after all, dealing with hackers who are very advanced in the use of technology AND who don’t play by the normal rules of engagement. The good guys are at a disadvantage before the race even starts. Something other than technology must be applied at the same time – like changing the financial motives or changing the metrics used to calculate ROI. For example, rather than use quantity metrics – such as number of impressions, traffic, and clicks – that are easily faked, if advertisers focused on actual sales or other ‘conversion events’ that only humans would do, they would be far better off, and less prone to fraud stealing their ad dollars.
But unless you have Dr. Fou or some other expert working for you, attribution is no solution. One thing everybody can learn from the Steelhouse/Criteo controversy is that attribution models are subject to gaming, and it's hard to work backward to see where the attribution snatching happened. Fraud can piggyback on a user's activity in order to let a fraudulent ad take credit for a real sale. This is even worse than straight-up bogus impressions, because it encourages you to move marketing money to places where it doesn't reach real users. Most of the people who really understand attribution models are fraud hackers.
(P&G is an interesting example for all the behavioral economists out there. This company is mostly selling products that you buy because Society expects you, as a sanitary human being, to use them. If you don't know that Society is seeing the same ad, why take the risk of overspending on making life less stinky for others when you don't have to?)
The answer to Bob's question is: no, this story won't have much impact all by itself. But it does make people think: how can we transform web advertising from a hacking game that brands can't win into a reputation game where brands have the advantage? Some more on behavioral economics and possible next steps.
If you read that, it looks like the future will be...basically, copied from a white paper about retargeting.
Yawn slash eeew.
You can't just predict that the future is like today but more so. That would have gotten us "interactive TV" instead of the Web.
I'm not going to predict the future of Marketing in general, but since there's a lot of attention to one corner of it, here goes.
Consolidation. I don’t know if we’ll get all the way down to a two-logo Lumascape, but single digits, maybe. Two-sided markets tend to consolidate, because buyers go where the sellers are and vice versa. This isn’t happening in web advertising, because agencies have an interest in artificially complicating the online ad business, and venture capitalists have funded a lot of competing, minimally different, startups that will take time to settle out. But with more scrutiny on agencies because of the rebates problem, and less incoming VC money to adtech, it will be easier to see the consolidation happening.
More and harder math. As complicated as the math in online ads is now, it’s about to get more interesting and potentially way more important. Right now, online advertisers are playing a relatively simple level zero game of maximizing response rate given the available ability to target users in each medium. The next step is the level one game where brands and publishers re-shape the medium (and the ability of users to control it) in order to adjust how well the medium’s users can be targeted by a brand and its competitors.
An ad medium that facilitates collection of information from the user also limits transfer of information to the user, which is necessary for brand building (There’s no free lunch). Brands and publishers will need to adjust the balance of targetability and signal-carrying ability. That means that over the next several years, advertisers will have to solve level one problems in the areas of Behavioral Economics and Signaling.
More memorable ads. As a user, right now you’re seeing a lot of crappy ads, because the problem of measuring immediate response to a terrible ad is easier than the problem of measuring Brand Equity changes as the result of a signal-carrying ad. The terrible ad problem is temporary. Advertising is not a zero-sum struggle with math and technology on one side, and creative on the other. Better math will have the side effect of informing and justifying better creative.
Ad blockers fade to the background. Right now, the ad blocker is a threat to legit ads because new blocking development is sustained by the paid whitelisting model and because high-value and low-value ads are delivered the same way. High-value ads will beat ad blocking, possibly with a combination of
legal and regulatory attacks on paid whitelisting
front-ending the CMS with a proxy server that stitches ads into place and obfuscates IDs and classes
limiting third-party tracking that facilitates low-value and fraudulent ads
Ad blockers (and other privacy tools, as a side effect) will still catch the crap ads. And advertisers will still have to consider ad blocking, but in the background, much as email newsletter senders have to consider the spam filter. Go watch that Johnny Ryan video that I linked to last time.
(This post started as an answer on Quora so go upvote there if you do the Quora thing.)
In this week's ad blocking news, the Adblock Plus people are all butthurt that Facebook is reinserting ads by editing HTML instead of paying for whitelisting. I'm not sure who's winning right now, but by the time I put this up the current state of the "cat and mouse game" (when have you ever seen a mouse buy stuff from a cat?) will be different. So go follow Lara O'Reilly and Jack Marshall in your news recommendation tool of choice if you really want to keep up.
Anyway, the web advertising debate is about Adblock Plus the way that the online music debate was about Napster. Can we turn down the long-playing drama and pay attention to the important stuff here, for 23 minutes and 36 seconds at least? What will web advertising look like when the ad blocker fades into the background, the way that spam filters are a background concern for email newsletter senders?
Dr. Johnny Ryan, speaking at the Advertising Research Foundation (watch the whole thing) has a good part of the answer.
There is a big question over whether it is a good idea to restore all of the tracking functionality that might infringe on the user's personal rights, and that actually might take away from the value of the ad.
It's not just the user's rights. When an ad medium makes it harder to target individual users, it gets better at signaling. Context matters. There's no free lunch. Everything we know about how ads work in context tells us that the average web user is a pretty good applied behavioral economist.
That's where reinvention, not reinsertion, comes in. What does web advertising look like when it works with the user's mental "reputation coprocessor" and not against it? When advertising turns into a game that you can win with a sustained signal of quality, not with targeting tricks that have to change every time the users figure them out?
I'm still working on figuring out the best way to block browsers that have certain ad blockers running, without pushing costs onto users.
Paid whitelisting and other practices make conventional ad blockers bad for web sites. But I'm running into a couple of problems.
Ad blocker developers can easily see blocker-blocker scripts and work around them.
Blocker-blocker scripts waste bandwidth and energy for users who are doing things right.
Some blocker-blocker scripts also block the users of legit privacy tools.
What I really want to be able to do is run the blocker-blocker script only for users who I can confirm are part of the problem—blocking ads but allowing third-party tracking, as seen in the paid whitelisting racket. Paid whitelisting is a dark pattern.
So what I'm going to do is first, run a third-party tracking test, then if that shows the browser is vulnerable to third-party tracking, add the ad blocker detector script to the page.
Privacy software users will pass the third-party tracking test, so get no ad blocker detector.
Unprotected users will get the ad blocker detector, but it won't detect anything. They'll see the page (to which the tracking detection script can add a warning about vulnerability to third-party tracking).
Users participating in paid whitelisting will get blocked until they either fix their configuration or install a privacy tool on top of their ad blocker.
The whole thing depends on detecting third-party tracking accurately. There are potential false positives here.
Untrained Privacy Badger
Cookie cleaners such as Self-Destructing Cookies
In all of those cases the tracking protection detection script will load, but the user has still made the choice to get protected.
I want to encourage, not discourage, tracking protection experimentation by users (It's better for sites.) So I can't just check if Google Analytics can load on the page. Accurately determining if a user is trackable is what makes the Aloodo Project interesting.
Anyway, script. Reduce bandwidth consumption and battery suckage, get a more accurate result. Ideas welcome. (Yes, I'll stick a real license on it if anybody needs one.)
Enough with the "we" stuff about fixing web advertising.
This is not a "we" problem. "We" can't promise to replace "ads that provoke blocking" with "better-performing ads", because ads that provoke blocking are the high-performing ads. As a web user, you're not seeing crap ads because the advertisers want to waste money and annoy you. You're seeing them because they test well.
Crappy, annoying, deceptive ads get clicks.
The terrible stuff on the web is there because it works.
Everyone agrees that "we" need to get rid of "bad" ads. Naturally, "we" is defined as "you" and "bad" is "not the ads that work for me." But because the same qualities that get response also provoke blocking, there's no equilibrium strategy here.
Imagine that all the right-thinking people agreed to L.E.A.N. or some other set of self-regulation terms. No auto-playing videos, no NSFW animations, no fake error dialogs.
The more that self-regulation limits crappy/click-getting practices, the more incentive for any advertiser who is willing to bend the rules and offer a little more money to run an ad that's a little bit creepier, a little more attention-getting or finger-fumble-attracting.
Incentives for bad practices are there because users can be tracked from site to site. That marginally extra-annoying advertiser will be able to find a publisher with marginal reputation, who claims to be able to reach the desired users and is willing to accept the ad. And self-regulation breaks down, or never really gets going in the first place. Cross-site tracking gives everyone an incentive to do advertising that gets clicks today and provokes ad blocking tomorrow.
So there's no "we" solution. The fixes for the web advertising problem will have to happen one user at a time. Every user who becomes harder to track from site to site helps give high-reputation sites a little more market power to enforce ad standards.
Publishers and brands need action from users
High-reputation publishers and brands win when users get less trackable, but users have to be the ones to take the action.
So instead of putting everything in terms of "we", it's time to think about reciprocity and measuring the benefit from each additional tracking-protected user. Instead of hippy-dippy "we" stuff, relying on everyone to cooperate, let's talk exchange of value. Big Data is not just a tool to help with low-reputation strategies. Data-driven projects can help with high-reputation strategies, too.
Questions might include:
Which customers gain the most value to me when they're protected from tracking by low-reputation competitors? (For an HMO, what's the net present value of protecting a customer from quack diet ads? For a car insurer, how much is it worth to keep the most profitable customers from being picked off based on their social media usage?)
Which categories of readers are most valuable to the best advertisers on my site? How much does it cost me when adtech intermediaries can follow them elsewhere? What's a cost-effective tracking protection solution that I can offer them, to keep them from being reachable on low-value sites?
I'm not against "we need to work together" messages in situations where a cooperative solution is really workable or necessary. But for fixing web ads? Time to give it up.