Don Marti

Sun 05 Jan 2014 06:22:52 AM PST

Adtech, privacy, fraud control: pick two?

This is based on a couple of questions about adtech fraud that have come up on mailing lists and in private email recently.

You know how half of online ad money is being stolen by con men and swindlers? And, at the same time, people are talking about how to make online advertising work in a more privacy-sensitive way?

It looks as if it's impossible for adtech as we know it to do both. We can't go directly from today's online ad environment to one that protects privacy. Current adtech has kicked out some of the essential supports, so a privacy-sensitive online ad business is going to have to rebuild some important connections.

Just to review, here's the fundamental value proposition of adtech.

The fundamental value proposition of these ad tech companies who are de-anonymizing the Internet is, "Why spend big CPMs on branded sites when I can get them on no-name sites?"

That's from Michael Tiffany, CEO of an adtech security firm called White Ops.

Here's the same explanation from the publisher's point of view. Alexis C. Madrigal:

The ad market, on which we all depend, started going haywire. Advertisers didn't have to buy The Atlantic. They could buy ads on networks that had dropped a cookie on people visiting The Atlantic. They could snatch our audience right out from underneath us.

With me so far? Yes, adtech proponents are going to try to snow you with talk about Big Data and disruption and all that jibber-jabber, but the object of the game from the adtech point of view is to track the users well enough that advertisers don't have to pay for reputable content.

Can't tell the players without a scorecard

Player one is the adtech firms. Their role in the game is relatively simple. First, move ad budgets away from high-value sites to cheaper ones, you know, the sites that run a bunch of crappy, infringing, violent, or otherwise Bad content. And track the same users from reputable to bottom-feeder sites. Adtech firms are all selling essentially the same thing. (Of course, they dress it up with technological-sounding language but the premise is simple. Writers cost money. Everybody needs money. Therefore, take money away from writers.)

Player two is the actual advertisers, the clients. For now, just think of them as the parents who are eventually going to come home and discover the party and the credit card receipts.

Player three: the users. The conventional wisdom is that Given a choice between dancing pigs and security, users will pick dancing pigs every time, and the same goes for privacy. But a Pew Research Center study has found that 86 percent of US Internet users have taken steps online to remove or mask their digital footprints. And People Are Changing Their Internet Habits Now That They Know The NSA Is Watching.

Privacy tools are getting easier. Here's the most promising trend. Google and Microsoft, two companies that both make browsers and do adtech, are looking to replace the cookie with a new identifier.

James Temple: Ad groups prepare for “cookieless” future, develop opt-out tool for alternative tracking
Google, Microsoft Threaten End to Cookie Tracking - WSJ.com
iMedia Connection: All Feed: Google's first steps toward a cookie-free tomorrow

Instead of trying to micromanage cookies, privacy software developers will be able to deal with a single big target. Just scramble or block a single Google identifier and a single Microsoft one. (Facebook will probably do one, too.) Other companies, though, may go with sneaky browser fingerprinting, which requires fixing a bunch of bugs to deal with. But if Google and Microsoft are both staying away from this technique, it will be easier for those fixes to make it through the browser development process.

Now player four. The fraud rings. Remember the bottom-feeder publishers on which adtech depends? Well, as you might expect, many of them are fraudulent. We fill up our site with infringing copies of other people's content, but we play it totally honest with our ad networks, said no one, ever.

Google has everyone else in the game outclassed technically, but some of the ad fraud gangs have been able to score a few points against even Google. And if you can hang with Google, you can clobber the adtech ankle-biters.

More examples in the bonus links below. The deeper you dig, the more fraud you find.

As Jack Marshall points out, Manufacturers of false traffic intimately understand the performance indicators on which agencies are paid and know exactly how to game the system without making it obvious as a result. As Kuntz pointed out, that can lead to agencies tweaking campaigns and reallocating budgets based on completely false information, and they have little idea they’re doing so. Agencies are just following the numbers.

If you're working for an agency, you're pwned. Fraud rings are inside your OODA Loop. When you see the major industry publication, Ad Age, run the subhead Metrics, Fraud and Piracy Remain Concerns in the Marketplace, that basically means HOLY SHIT THEY'RE ROBBING US BLIND.

Wait a minute, though. Adtech firms need to get more data in order to get a handle on fraud. But they need to get less data in order to give users some privacy and make online ads work better. As a matter of fact, the adtech business needs to do three things at the same time.

Take money away from reputable sites and their contributors.
Give users some privacy, because spam carries no signal.
Limit the amount of fraud in the system before the clients lose their patience.

But this might be one of those "pick two" situations. Right now the industry has picked option 1 already, and is trying for 3. That means throw away 2. So the current trend is toward Peak Advertising. The medium will eventually get burned out, like email spam. That would be a shame.

If you agree with me that you can't have effective advertising without user privacy, and with Eaon Pritchard that the great thing about brand advertising is exactly that it is unable to deliver precision targeting and lacks quantifiable ROI., then the choice is whether you want to throw away 1 or 3. If you give up on 3, then the whole system falls apart when the fraud gets too obvious for the clients. After all, if a user has good enough privacy tech, there's no way to tell him or her from any other user, or from a bot.

Which leaves the option that looks to me like the sound one. Keep 2 and 3, and give up on ripping off the writers. Of course, this means abandoning the fundamental value proposition of adtech, so that means giving up on the whole creepy industry and building a new one.