In less than a generation, the Internet has become a transformative influence on the lives of billions of people. Originally designed for communication between scientists, engineers and universities, the Internet is, by design, inherently trusting. As in the real world, some people take advantage of the trust built into the system and corrupt it to match their agendas. That’s why constant vigilance is needed and should be required to maximize overall safety in the advertising and digital media industry.
Early online compliance efforts focused on traffic patterns related to IP, Referring URL and User Agent characteristics to root out fraudulent activity. Crazy pop-up schemes, forced clicks/impressions, and other tricks were the primary concerns. Online advertising matured and learned to better deal with those issues, which spawned a never-ending game of escalation. Systems relying on whitelists and blacklists were effective to a certain extent, but the really smart/motivated bad guys evolved past that. Advanced tactics, including firing a pixel and breaking through iFrames to determine if a site is ‘brand safe’ have been incredibly valuable.
Today, the industry is asking new questions. What if the site looks professional, has ‘safe’ content and a high traffic-measurement rating? What if the site is really a ‘Trojan’ where brand-name advertisements are ‘seen’ by millions of bot-infected computers, but not people? The game is not only just about brand-safe sites anymore, but also brand-safe traffic.
Current generation bot-nets are a threat unlike anything the Internet and online advertising industry have ever experienced. comScore estimates as much as 36% of online traffic is automated bot activity (Battling Bots: comScore’s Ongoing Efforts to Detect and Remove Non-Human Traffic), although there are certain bots that don’t inflate ad impressions. Many people have difficulty understanding the incredible sophistication of bots. Most media coverage describes bot-nets simply as hacked or ‘infected’ computers that click on ads, but they are so much more. Running in the background on infected computers, these programs have full administrative access of that computer. They will load webpages and click on links, pausing long enough for analytics software to register it as a legitimate page view. Bots will visit specific sites to build a user-profile that will trigger higher payout scenarios. The most sophisticated bots will repeat this process, creating several different profiles, intelligently triggering them in response to ads running on sites the Bot-Master controls. As icing on the cake, the traffic will be laundered by rotating through IP proxies, with spoofed Referrer and User Agent data. Bot-Masters can also earn additional revenue through ‘traffic acquisition’ services, selling anything from bot-driven views to likes and followers at extremely reasonable prices.
Despite the corruptive force of Bots and their Masters, the future of online advertising is extremely bright. If comScore’s 36% estimate is accurate, it represents a lot of data where interesting patterns can emerge. While the bots may complete their tasks with the precision of software, they were made by fallible humans, and they can be beaten. Traditional methodologies (IP, Referrer, User Agent) may not be suited to prevent this individually, but when they are viewed in context with each other, and paired with new technologies, they provide powerful insight. The explosion of touch-based mobile devices, however, presents additional challenges to the keyboard-mouse model of some user-interaction metrics. As always, the game of cat-and-mouse continues.
The Internet is too important for all of us to be an unwitting cog in the Bot-Masters fraud machine. Protecting a partner’s trust should be a priority for all companies in this industry. Your partners deserve nothing less.