INT2016 - Paul Barford (comScore) - Invalid Traffic & Viewability: what is the cost of an unseen ad?

INT2016 - Paul Barford (comScore) - Invalid Traffic & Viewability: what is the cost of an unseen ad?

• 1.
  For info aboutthe proprietary technology used in comScore products, refer to http://comscore.com/About_comScore/Patents Invalid Traffic & Viewability: What is the cost of an unseen ad? Paul Barford Chief Scientist May 2016
• 2.
  Overview •  Objectives •  Viewability – What & how •  Invalid traffic (IVT) –  What are attackers doing? •  Ad blockers •  Counter measures –  Detection, filtration and mitigation •  Recent measurements –  Views, IVT, ad blockers 1comScore Inc. Proprietary
• 3.
  Measuring viewability comScore Inc.Proprietary 2 Browser Viewport Ad X,Y coords of browser X,Y coords of viewport X,Y coords of ad ABOVE THE FOLD BELOW THE FOLD Screen Size 1280 x 1024 Browser Size 1048 x 944 Viewport Size 1025 x 875 Ad Size 160 x 600 Page Size 1025 x 1325 1 2 3 4 5 6 7 8 9 10 11 12 –  Ad viewability: ads that appear within viewable space in a browser on a user’s screen •  MRC standards –  Considerations •  Screen size •  Location of the browser •  Location of the ad relative to the page •  User actions including tab, scroll, minimize
• 4.
  A hybrid approach • Both static and dynamic characteristics must be considered to produce accurate viewability measurements •  Geometry: consider X,Y coordinates of ad to determine it’s exact location in the viewport •  Timing: use clues associated with content to determine if creative is in-view •  Hybrid method enables broad coverage (97%) plus adaptability to browsing dynamics comScore Inc. Proprietary 3
• 5.
  The threat landscape • What motivates ad fraud? –  “Because that’s where the money is.” W. Sutton •  Fraudster’s advantages –  Anonymity, vulnerabilities, complexity, scale –  Humans in the loop •  Key requirement – a way to put $$ in the bank –  Ad exchanges and DSPs are obvious opportunities 4comScore Inc. Proprietary
• 6.
  Who is harmed? comScoreInc. Proprietary 5 Brands Agencies Trading Desks DSPs Exchanges SSPs Networks Publishers Everyone
• 7.
  Attack vectors •  Invalidtraffic falls into four general categories –  Traffic generators – human & automated –  Unwanted ads – plugins & injectors –  Unseen ads – including popunders & PPV –  Misrepresented placements – placement laundering •  Grey areas abound! Invalid traffic includes both clicks and impressions that Google suspects to not be the result of genuine user interest 6comScore Inc. Proprietary
• 8.
  Traffic generation •  Validtraffic generation offerings –  Adwords, Outbrain, BingAds, Facebook ads, etc. •  Type “purchase web traffic” in Google –  MANY traffic generation offerings •  Simple threats: script-based page retrieval –  Ubiquitous - $12/10K impressions –  Not very human-like •  More complex threats: botnets* –  Objective – look more “human” –  As much as $100/10K impressions 7comScore Inc. Proprietary
• 9.
  Plugins and injectors • Software that generates ads that are not part of publisher placements –  Most do not try to hide •  Plugins enhance native browser functionality –  PageRage, BuzzDock, Sambreel, etc. •  Injectors impose ads other than or in addition to those intended –  Trick users by promising extended functionality –  Google: say 5% of their users have an ad injector –  Superfish, JollyWallet, etc. 8comScore Inc. Proprietary
• 10.
  What about bots? • Bots have been around for a long time –  Originally developed in 90’s to manage host –  Compromised hosts under the control of remote entity •  Bots are characterized by key capabilities –  Impressions and injection •  Example: Athena botnet –  Various ad viewing capabilities •  But, why bother with a botnet? –  Clouds are better… K. Springborn “Inside a Botnet: Athena and Ad Fraud”, comScore blog, 2014. 9comScore Inc. Proprietary
• 11.
  Unseen ads andPPV nets •  Ads that appear in invisible frames –  Simple additions to web pages that can be “viewable” –  Many not be 0-size, but still invisible –  Often appear as pupup’s/popunders •  PPV network: groups of sites that run tags from a single TG service –  Some TG services offer a JS tag that when included on a site pays attractive CPM –  “…will not block any of your site content…” –  Tag will “display” camouflaged 3rd party websites 10comScore Inc. Proprietary K. Springborn and P. Barford, “Impression Fraud in On-line Advertising via Pay-Per-View Networks”, In the USENIX Security Symposium, 2013
• 12.
  Placement laundering •  Howdo we know who is requesting an ad or where it’s placed? –  We typically rely on trust and Javascript •  “Domain laundering” coined by comScore’s Jeff Kline in ’14 –  Recent press release with Google on vulnerability in Safeframe •  Key issue: Low quality ad: $0.01 CPM, High quality ad: $10 CPM Placement laundering is the act of sending false information to an ad provider about an ad placement J. Kline and P. Barford, “Placement Laundering and the Complexities of Attribution in Online Advertising”, Under submission, 2015. 11comScore Inc. Proprietary
• 13.
  Ad blockers onthe rise •  Ad blockers (browser extensions) have received significant attention over the past year –  Blockers have been available for over a decade –  “…ad blocking is robbery, plain and simple” R. Rothenberg, AdAge •  Blockers are here to stay, what can we do? –  Measure and assess their prevalence and impact –  Develop technical counter-measures –  Take control of the narrative on responsible advertising comScore Inc. Proprietary 12
• 14.
  Addressing the threats • Basic issues are similar to IT security –  Need to understand (evolving) threats –  Detection vs. mitigation –  Tools and processes for decision support and remediation •  Core components for addressing ad fraud –  Diverse measurement capability –  Filters to identify/mitigate threats –  Tools for visualization and forensics 13comScore Inc. Proprietary
• 15.
  Start with telemetry • Objective: breadth and depth –  Any specific measurement method has limits! •  Challenges: scale, diversity and dynamics •  Census/Ad tags: for a wide variety of threats –  Careful attention to errors/failures •  Panel: for plugins, injectors, traffic generators and publisher side threats •  Crawler: for publisher side threats •  Honeypots: for traffic generation threats 14comScore Inc. Proprietary
• 16.
  From telemetry tofilters •  Objective: accurate, efficient threat identification •  Approach: mine diverse telemetry for signals –  Hypothesis-based, iterative process •  Write code (i.e., filter) that isolates signals in telemetry associated with fraud –  General vs. sophisticated –  Detection vs. active mitigation •  comScore has over 25 different IVT filters 15comScore Inc. Proprietary M. Molloy, S. Alfeld and P. Barford, “Contamination Estimation via Convex Relaxations”, In Proceedings of IEEE International Symposium on Information Theory, 2015
• 17.
  Raw Q1 ’16:impressions/IVT comScore Inc. Proprietary 16 0% 1% 2% 3% 4% 5% - 10,000,000,000 20,000,000,000 30,000,000,000 40,000,000,000 50,000,000,000 60,000,000,000 70,000,000,000 80,000,000,000 Jan Feb Mar Gross Impressions Percent IVT
• 18.
  Raw Q1 ’16:regional imprsn/IVT comScore Inc. Proprietary 17 0% 1% 2% 3% 4% 5% - 10,000,000,000 20,000,000,000 30,000,000,000 40,000,000,000 50,000,000,000 60,000,000,000 Jan Feb Mar North America 0% 1% 2% 3% 4% 5% - 2,000,000,000 4,000,000,000 6,000,000,000 8,000,000,000 10,000,000,000 12,000,000,000 14,000,000,000 16,000,000,000 Jan Feb Mar Europe Gross Impressions Percent IVT
• 19.
  Norms Q1 ‘16:IVT 18comScore Inc. Proprietary 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% January February March US, desktop Display Video
• 20.
  Norms Q1 ‘16:in-view 19comScore Inc. Proprietary 0% 10% 20% 30% 40% 50% 60% January February March US, desktop Display Video
• 21.
  [email protected] 20 Norms Q1‘16: direct/indirect 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 10% 0% 10% 20% 30% 40% 50% 60% 70% Direct Indirect Direct Indirect Display Video Viewability IVT
• 22.
  Conclusion •  Summary –  Yourads may not be seen •  Viewability has a fixed objective •  IVT detection and mitigation is a moving target •  Ad blockers are having an impact –  Diverse telemetry + data science can address threats •  Q: What is the cost? A: Depends on where you advertise •  Future –  Broad deployment of active mitigation –  Anti-ad blocking –  Cross media 22comScore Inc. Proprietary
• 23.
  Thank you 23comScore Inc.Proprietary