Facebook Provides Advertisers More Safety Controls In The News Feed
Meta formerly known as Facebook is enabling brands with more control over the placement of their ads in the NewsFeed. In a blog post, it said,
“We’re introducing a number of controls designed to give people and businesses the ability to tailor their News Feed experience.”
New News Feed Controls Added For Advertisers
As part of its NewsFeed updates, the company unveiled a brand suitability verification tool for advertisers. Additionally, it expanded the topic exclusion controls to a limited number of advertisers that advertise in English.
The controls will be in the “Ads Preferences“ settings tab, which will allow advertisers to select a topic to help define the way ads appear on Facebook, including in News Feed. Advertisers can select three topic categories – News and Politics, Social Issues, and Crime & Tragedy. Advertisers who have selected one or more topics will not see their ads in the News Feed of people with recent engagements on those topics.
Interesting Read: Facebook Changes Counting Policy For Ad Planning And Measurement
In early testing, Meta found that advertisers who excluded the News and Politics categories were able to avoid adjacency 94% of the time. Tragedies and conflicts (99%) and debated social issues (95%) saw similar results. The company said,
“From our conversations with the industry, we know that this solution may not solve the needs of every advertiser and that some advertisers are looking for content-level granularity.”
With this product, Meta intends to bridge the gap between what they offer today and hope to offer in the future – content-based controls. It is exploring and testing a new content-based suitability control that will be designed to address concerns advertisers have about their ads appearing in Facebook and Instagram feeds next to specific topics based on their preferences.
“We aim to design our exploration in line with the Global Alliance for Responsible Media (GARM) Suitability Framework.”
According to the blog post, Meta expects to launch a new control in 2022 and to start updating them in Q1.
Interesting Read: Facebook Plans a Privacy-Focused Approach to Rebuilt Its Ad System
Third-Party Collaboration For Placement Verification
Facebook plans to work with third-party brand safety partners before year-end to “develop a solution to verify whether content adjacent to an ad in News Feed aligns with a brand’s suitability preferences.”
New And Customized News Feed Controls For Users
Meta allows users to have more control over what shows up in NewsFeeds, allowing them to minimize the content that they see from friends, relatives, groups, and pages. Also, using the unfollow, snooze, reconnect and disconnect buttons will be easier. Eventually, Meta plans to test the features globally on a small percentage of users.
Also Read: Facebook Failed To Detect A Bug In Its Conversion Tool For A Year!
Buzzfeed Integrates Yahoo’s Alternative To Third-Party Cookies
The second phase of Yahoo and BuzzFeed’s strategic relationship was unveiled recently. This phase focuses on expanding addressable audience pools, which will provide advertisers with the scale they need as the usage of third-party cookies decreases, resulting in more programmatic advertising revenue.
Advertisers that use Yahoo’s supply-side platform will get priority access to BuzzFeed’s network of sites, which includes BuzzFeed News, Tasty, HuffPost, and others.
According to Iván Markman, Yahoo’s chief business officer, BuzzFeed will integrate Yahoo’s identity tech products, ConnectID, and Next-Gen Solutions, combining its first-party data with Yahoo’s to generate an addressable audience of over 148 million individuals.
Markman added –
“We need to have solutions for publishers with first-party data and those without first-party data. And because we treasure our consumers, in order to do that we need to have a community garden, as opposed to a walled garden, where we partner with like-minded publishers to help all of us grow.”
Interesting Read: End Of Third-Party Cookies, What Is There For Marketers: Takeaway!
The agreement will assist both publishers to expand their advertising and data functionality, as well as boost audience scale, ahead of the looming deprecation of third-party cookies.
According to Ken Blom, SVP of ad strategy and partnerships at BuzzFeed, by giving preferential programmatic access to advertisers leveraging Yahoo’s SSP, BuzzFeed intends to enhance demand for its inventory and create greater ad revenues.
Preferred access allows BuzzFeed to establish arrangements with advertisers that use the platform ahead of time, such as ensuring them access to certain audience groups. This ensures that advertisers achieve their goals at scale, while BuzzFeed has access to the most diverse demand conceivable.
Also Read: Quick Guide: Top Programmatic Trends To Keep An Eye On In 2021
Facebook Plans a Privacy-Focused Approach to Rebuilt Its Ad System
A remarkable shift by Facebook is underway as it plans a new privacy-focused revamp of its advertising system. It reveals to place more value on user privacy and less reliance on data collection. The social giant business is known for its ability to track users across the internet and utilize the information for its ad targeting processes. Owing to impending regulation and data collection limitations, it is working to create a system that delivers personalized ads without any individual user’s data. Facebook’s VP of product marketing, Graham Mudd explained,
With Apple and Google continuing to make changes via their browsers and operating systems, and with the changing privacy regulatory landscape, it’s important to acknowledge that digital advertising must evolve to become less reliant on individual third-party data. That’s why we’ve been investing in a multi-year effort to build a portfolio of privacy-enhancing technologies and collaborate with the industry on these and other standards that will support this next era.
The privacy-enhancing technology includes cryptography and statistical techniques that will improve ad measurement while relying less on individual data.
We are optimistic that new privacy-enhancing technologies will prove that personalization remains possible and effective as our industry evolves to become less reliant on individual third-party data. These technologies will help us minimize the amount of personal information we process, while still allowing us to show people relevant ads and measure ad effectiveness for advertisers.
Another key area that the social giant is exploring is ‘on-device learning ’. It is a technology that will process data locally on their device rather than sending individual data to a remote server or cloud to determine the best ads for the user. The results are later sent in an anonymous format to the advertisers. However, Graham Mudd explained the challenge in an interview with The Verge,
I think one of the challenges with on-device learning is that the compute resources required to do it are obviously under the control of the operating systems themselves.
The stakes couldn’t be higher for Facebook to get the systems right. Graham Mudd said that,
We definitely see that personalization will evolve very meaningfully over the course of the next five years. And that invest in Privacy-Focused will benefit all of our customers and enable us to help shape that future state of the ads ecosystem.
Facebook’s major changes come amidst government scrutiny and Apple’s App Tracking Transparency (ATT) update. Furthermore, even Google is exploring an advertising system that is more user-privacy-centric.
Apple’s new prompt to ask for permission to track the users for targeted ads is likely to hurt Facebook’s revenue growth. However, the true impact of prompt is still evolving and the report shows that not many iOS users are opting for app tracking. Therefore, this leads to a broad range of data tools that are required to attribute ad responses. Facebook is developing a new range of options on this front.
Providing more insight the social firm is working on privacy-enhancing technologies (PETs) for ads that will minimize data collection, protect personal information while preserving ad measurements.
So, it is working to explore various ways to implement these approaches to new measurement solutions,
Last year we began testing our Private Lift Measurement solution with select partners, which uses a privacy-enhancing technology called secure multi-party computation. This helps advertisers understand how their campaigns are performing while adding extra layers of privacy to limit the information that can be learned by the advertiser or Facebook. This solution will be broadly available to advertisers next year.
To give you a brief, Secure multi-party computation (MPC) allows two or more organizations to work together while limiting the information that either party can learn. Data is encrypted end-to-end: while in transit, in storage, and in use, ensuring neither party can see the other’s data.
The social giant emphasizes that for these technologies to be successful, they will need industry cooperation.
These technologies will only be successful for people and businesses of all sizes if there is industry collaboration and a shared set of standards. That’s why we are calling on platforms, publishers, developers, and other industry participants to work together — on these technologies and other privacy-focused standards and practices.
Relief To Advertisers As Google Postpones The Elimination Of Third-Party Cookies Till 2023.
The news has given some time to the advertisers to look for options. Google has decided to continue using third-party cookies in its browser till 2023. That is an extension of two years.
Earlier, Google did set this deadline for January 2022. It has now extended to late 2023. An announcement was made by Google regarding this today!
There are several reasons why Google decided to do so. Let’s have a look at them in detail:
The United Kingdom was building pressure on Google
For a year, it is chaos, and advertisers were clueless about their operations without the third-party cookies. However, the speculations are that Google decided under building pressure from the UK government.
Google was under continuous monitoring by the European Commission, and it failed to provide any clear perspective on its Privacy Sandbox. Google is facing several antitrust lawsuits, and according to the CMA, the discontinuation of third-party cookies and the creation of the Privacy sandbox will centralize power at Google.
CMA took this quite seriously, and to please the committee, Google has agreed with a long list of commitments to CMA. According to Google commitments, the company will restrict giving priority to its system. Also, it will not use “sensitive information provided by an ad tech provider or publisher to Chrome in a way that distorts competition.
To prove the point, Google stated that “Subject to our engagement with the United Kingdom’s Competition and Markets Authority (CMA) and in line with the commitments we have offered, Chrome could then phase out third-party cookies over three months, starting in mid-2023 and ending in late 2023.”
Federal Learning Of Cohorts(FLoC)
Google will continue testing FLoC and Privacy Sandbox. The trials for FLoc will continue and concluded by 13th July. Currently, only limited supply-side publishers and ad-management firms related to them will be able to FLoC during the trial phase. Once the tests complete, Google will share the results. These results will help in the improvements and can be applied to the existing system, and other agencies and advertisers can conduct the ability tests for demand-side platforms and ad-targeting.
It is not surprising that Google has paused the FLoC trials. The advocates of privacy are raising their voices about the foul play and violation of privacy due to the enabling of new tracking techniques. However, several browsers declined to enable these techniques of data tracking.
Google received a setback after the eCommerce giant Amazon, which has also declared that they will not be enabling the FLoC tracking techniques.
Demand for higher transparency
The delay in the release of FLoC and the dismissal of third-party cookies is causing frustration in the industry. According to an executive, “I wish they would just do it. Stop justn — excuse me — dicking around the whole industry. Let everybody get to a new normal. It’s hard to strategically plan this way,” said one publishing executive.
However, the delay in the dismissal of third-party cookies can be a step to make things more transparent as Google does not want to bear more criticism and lawsuits from the authority.
Google has already committed to CMA that they will be disclosing the exact time for the proposals for Privacy Sandbox publicly. It will also release the API and inform about the transition period for the discontinuation of third-party cookies.
Google has also promised the CMA that they would assess all alternatives for individuals and the aftermath of the discontinuation of third-party cookies. Google also stated that these steps will be taken before providing a 60-day countdown for the discontinuation of the third-party cookies. During this period if found any discrepancies, CMA can reopen the investigation and can impose additional measures to avoid any harm to the competition.
According to Google promise, they will “engage with the CMA in an open, constructive and continuous dialogue in relation to the development and implementation of the Privacy Sandbox proposals.”
Group Nine Launches First-Party Product In Wake Of Cookie Apocalypse!
In a fitting response to the impending disappearance of third-party cookies, Group Nine Media launched a first-party data solution called – ‘ In-GeNuity’, earlier this month. Group Nine is the publisher of Thrillist, NowThis, Seeker, The Dodo, and PopSugar.
Situated in New York, Group Nine Media is an American digital media holding company, and its latest product – In-GeNuity – is useful in matching brands with users based on content preferences. So, this first-party data solution will bring together a pizza enthusiast and a pizza delivery service.
Ashish Patel, the Chief Insights Officer at Group Nine, said –
We can say, here’s a segment of Papa John’s, here’s everybody that watched 30 seconds of a Thrillist pizza video over the last six months and we think that they’re a better audience to download your app.
Integrated with Group Nine’s G9 direct response, In-GeNuity allows direct-to-consumer brands to utilize the company’s first-party data archive, and then send targeted ads to consumers through Group Nine’s Facebook and Instagram handles. Some of the DTC advertisers that have worked with G9 Direct include Casper, Freshly, Discover Plus, and Fi.
With the In-GeNuity, Group Nine joins the vast club of brands and publishers who are looking to future-proof via their first-party data.
Ashish Patel got into a conversation with AdExchanger and was asked why the company chose to build a first-party data platform. Patel said that all the publishers are making such an effort in response to a “ cookie apocalypse” and the third-party tools going obsolete. He said that Group Nine is in a good position to offer unique audience segments in a way that if a user has read five or more pizza articles on Thrillist, or has watched a video pertaining to pizza for more than 30 seconds – then Group Nine can direct these people to a Pizza company.
Content preference, according to Patel, is the key point in In-GeNuity’s logic.
On being asked how the demise of third-party cookies is changing clientele demand, Patel said –
They’re asking for more retargetable data back. It’s table stakes at this point. We always thought that if you come to us and we hand you an audience segment that you’ll never come back. The sensitivity around that sharing has decreased from the publisher side, and the demand from the advertiser side has increased.
Patel also threw some light on how In-GeNuity will fit into the larger strategy with G9 Direct. He said that Group Nine Media want to start to incorporate and implement segments from In-GeNuity across all their activities, like top-funnel branded content work. The aim is to get that to a more targeted consumer at the top of the funnel, which should work for them and their partners.
In-GeNuity seems like a good response to prevailing times of the collapse of third-party cookies and will re-energize consumer experience.
Verizon Media Rolls Out Connect ID To Replace Third Party Cookies
Verizon Media this week rolled out a new unified identity solution Connect ID in an industry-wide effort to help advertisers and marketers to transition from using third-party data as the center of online ad targeting.
The third-party cookies will soon be redundant as Google and Apple take steps to limit audience tracking owing to consumer data privacy concerns. Though the advertising industry has seen numerous innovations by many growing companies such as Lotame introduced Panorama ID, Verizon claims Connect ID is powered by direct relationships with 900 million global consumers.
The company has valuable first-party data about the activities of millions of customers based on its 30+ owned and operated consumer brands including Yahoo (content, search, and mail), AOL, and TechCrunch. Verizon Media will generate 200 billion data signals based on deterministic first-party data to create an identity graph that can help advertisers target and track audiences across devices. With Connect Id, the company aims to provide audience targeting on a large scale.
The company is promoting Connect ID to more advertisers and publishers to use its programmatic platform to buy and sell digital ad placements in an ongoing effort to capture the market share of the industry’s biggest players. The company has a full-stack advertising technology solution with a demand-side platform (DSP) for buyers and a sell-side platform (SSP) for content providers like Newsweek that are looking to unlock the full value of their advertising inventories. Dev Pragad, CEO of Newsweek, said,
We want to deliver the best experience possible for our audiences as well as maximize revenue for the premium content we produce. To ensure we can maximize our clients’ user experience while maximizing our revenues, we need partners like Verizon Media who can connect our audiences with quality advertisers and experiences, maximize yield and ensure our audiences’ privacy choices are respected. That’s why we’ve signed up for Verizon Media ConnectID.
As a part of the launch of Connect Id, the company also announced several partnerships with leading data providers like Acxiom, Adstra, Equifax IXI, Experian, Neustar, TransUnion, and Throttle. Concurrently, Verizon Media Connect Id is also working with IAB Tech Lab programs to develop industry-wide pro-privacy solutions for addressability with accountability. Jordan Mitchell, SVP, Head of Consumer Privacy, Identity, and Data, IAB Tech Lab, said,
IAB Tech Lab is proud to have Verizon Media involved in the development of new privacy-preserving addressability standards and industry accountability programs through Project Rearc, and we look forward to their support of these standards and programs once they are released.
The unified ID helps advertisers buy, measure, and optimize ads while enabling publishers to manage, monetize, and navigate audiences–all without third-party cookies. The company says adoption of the unified solution delivered a 33% lift in performance compared to third-party cookies. Iván Markman, Chief Business Officer at Verizon Media told AdWeek,
Most of the identity solutions out there are largely dependent on third-party integrations. Most of the companies don’t really own the customer relationships, and more important they won’t have the assets [such as a news website or email services] to provide a value exchange.
Presently, Verizon Media ConnectID is available in North America, APAC and select LATAM markets at launch and will soon roll out to more markets.
Privacy Sandbox By Google Shows Backdoor To The Third-Party Cookies.
For the last two years, Google has been working to remove third-party cookies from it’s Google Chrome browser. Moving forward with this aspiration Google recently announced testing some of its “Privacy Sandbox” proposals. Google wants to test the algorithm with other exchanges and demand-side platforms. It seeks to examine the process of implementation and ways to deliver a better-guarded program to its users. Google will also make sure that this solution works inside the policies of advertising auctions.
It was in late April when Google made its big announcement. Google revealed its intentions on the “Bit Request Signal Experiment.” The announcement was made by a post on GitHub, which is a collaboration stage for software developers. Google invited advertising tech firms to take part in the testing so that they can receive some real-time algorithm test results. They affirmed the uncertainty of dates for live testing of Privacy Sandbox. They still wanted ad firms to respond to them, affirming if they are enthusiastic to help.
Soon speculations and news started flooding the tech industry!
“This is an early-stage concept and we don’t have more details to share right now, We plan to publish updates and progres s in GitHub as part of the process.”, quoted a Google spokesperson on GitHub.
Google team declared discontinuing support for the third-party cookies in January. Providing an explanation stating that they want to encourage publishers, advertising companies, and other providers of browsers to come up with a new set of rules which are user-privacy centric and follow open measures for the web.
Privacy Sandbox was launched in August, the idea was to innovate the ad recurrence and behavioral advertising. Aimed to help them work on the web without using third-party cookies. In a mega event with, 163 giant tech organizations like Apple, Facebook, Axel Springer, The Washington Post, Criteo, The Trade Desk, and even Google. All are requested to share their views via. World Wide Web Consortium or GitHub to help the project succeed.
A member from the “RTB group,” from Google posted on GitHub. Sharing insights on the bigger picture and a bit clear version of the cookieless browsing. Explaining the process, he talked about how user targeting will be done. He introduced the machine-learning algorithm known as “Federated Learning of Cohorts” which will be used in the working of cookieless browsing. Further, he explained that the algorithm will group people into different segments of the audience by understanding their behavior, likely by their browsing history.
He stated that this will improve the privacy of the users. This algorithm isn’t designed to target any user in particular. Instead, it will target a group of audiences. This group is also be known as “FloCs”. The algorithm is designed to group people on the basis of their similar interests.
Google posted on GitHub stating:
“Exchanges could offer a uniform RTB interface for aggregated audience targeting to bidders regardless of the data source,”
Another post that surfaced on GitHub from Google stated the following:
“Exchanges can explore the separation between contextual and user interest components in the RTB data flow, along with hosting the ad selection logic that needs access to both components (for instance, brand safety checks for a product retargeting ad) in a sandbox.”
Google provides an exchange with options to set a “Privacy budget.” According to the budget, an exchange can request a particular unit of data. If the data limit will surpass the budget, it will lead to an error, or as a consequence the data will be preserved in greater privacy. Presenting an option for user privacy, it can easily be determined that how much data needs to be revealed?
Google is beseeching bidders and exchanges to run real-world small scale “RTB” experiments. This will help them to test the algorithm real-time bases and with live scenarios.
Tom Kershaw, chief technology officer of Rubicon Project and a member of the World Wide Web Consortium’s Improving Web Advertising Business Group, said that they welcome the proposals. But the project is in the exceptionally fundamental stage.
Another statement came from Kershaw, chairman of the Prebid.org ad tech industry organization stating that “These are experiments with a capital E, We support these initiatives but there is not a single proposal on the table close to being adoptable right now. A ton of work needs to be done.”
Another member of the Improving Web Advertising Business Group states that the project is in its evolution pipeline and it’s going to take a long time to develop a technical standard.
He also added “It’s great, given the implications of what’s at stake, that the advertising arm of Google is attempting to implement what the browser arm is doing. It’s a really important step in the process.”
YouTube Reorganizes Its Measurement Program With Five New Partners
Google made notable changes to the line up of partners of its YouTube Measurement Program(YTMP) that debuted in 2017 to give advertisers access to trusted and independent solutions for driving and tracking the marketing performance of the video site.
Google made some tweaks to how it classifies partners in the YouTube Measurement Program and welcomed new partners to the program or specific categories. YouTube has made it easier for advertisers to search for the right service provider for their needs.
YouTube added five new partners – Channel Factory, Integral Ad Science, DoubleVerify, Sightly, and VuePlanner to the program. Existing partners include Pixability, Zefr, Tubular Labs, and Wizdeo -though it has dropped one of its founding partners who is no longer on the list ‘Open Slate’. Apparently, the brand safety company is at a contractual standoff with Google.
AdAge reports that Openslate refused to sign the new agreement with Google. It believed that the contract would limit what it can report to the clients when ads ran next to videos with sensitive or harmful content on YouTube like hate speeches, illegal substances, or violence.
Under new terms, without Google’s approval, OpenSlate would not be able to inform the client that includes Nestle, GroupM, and Procter & Gamble – if their ads run next to YouTube channel that has historically shared violent or inappropriate content.
OpenSlate told in an e-mail statement to AdAge,
“Advertisers rely on OpenSlate’s independent, third-party measurement to ensure they are running in suitable environments.”
It further says,
“Google is a valued partner and we endeavor to resolve our differences,”
A Google spokesperson told AdAge,
“We’re excited to expand the YouTube Measurement Program and look forward to working with the nine partners who have already signed on. We also remain open to any other third parties who help meet our clients’ needs joining the program in the future.”
After the reorganization, advertisers can search by services under the newly created categories: brand suitability and contextual targeting, content insights, and brand safety reporting. Partners will be classified and sorted based on these categories.
As outlined on the YTMP website, Channel Factory, Integral Ad Science, Pixability, Sightly, VuePlanner, and Zefr were added in the Brand Suitability and Contextual Targeting category while DoubleVerify and IAS were added to the Brand Safety Reporting category. Meanwhile, Pixability, Tubular Labs, and Wizdeo were added to the Content Insights category.
Also Read: Everything You NEED TO KNOW About Advertising On YouTube In 2020
As quoted in Adexchanger, David George, CEO of Pixability, one of the first companies to join in 2016 said, the time was ripe for a revamp.
“Simply put, there’s demand in the market from brands and agencies that want to work with third parties,”
YouTube is growing exponentially in terms of engagement and ad revenue. Although due to coronavirus led volatility, YouTube is facing a significant decline in CPM’s in some cases, however, YouTube drove $15 billion ad revenue for Alphabet in 2019.
Tony Marlow, CMO at Integral Ad Science said,
“For a platform that generates over 500 hours of new content every minute, it makes sense that they are constantly evaluating the efficiency of their programs.”
IAS has been providing brand safety verification since 2018 but it wasn’t under the measurement partner program until now. The measurement program also offers access to the participating partners to alpha and beta programs and additional resources.
Theresa Go, Pixability’s VP of platform partnerships said,
“There is an undercurrent of technical support we get through the program. We’re able to leverage Google to make sure we’re providing the best products we can in the market.”
Google rolls back Chrome’s cookie security measure due to COVID-19
Google is temporarily rolling back a recent privacy feature ‘SamSite Cookie’ it launched with Chrome 80, to ensure stability to websites amidst the coronavirus pandemic.
Justin Schuh, Director of Chrome Engineering said in the blog,
“In light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today.”
The SameSite policy was the change in how Chrome treated cookies. Before this policy, Chrome allowed more cookies including third-party by default. SameSite, however, has turned that default. With the release of Chrome 80 in February, Chrome began to enforce secure-by default handling of third-party cookies to improve privacy and limit tracking.
Google was planning to roll out this change slowly for all the users during the rest of the year and closely monitor the impact on the web. The SameSite cookies primary role would be to prevent third party domains from using browser cookie files to track users as they browsed on different sites across the internet. At a higher level, it meant a website owner should set a third-party cookie as being okay or else Chrome would block it.
Online advertisers and web analytics firms were most impacted by the changes that migrated to other tracking practices after the announcement of Google’s SameSite cookies. However, many government sites, banking, intranets, and others are using third-party cookies in other contexts.
The disabling of third-party cookies can cause some sites to break – even if SameSite cookies roughly shipped to 1% of the Chrome users. Therefore, temporary rollback will ensure that these small numbers of users are not much impacted. Many major sites were prepared for this change but Google said it wants
“to ensure stability for websites providing essential services including banking, online groceries, government services, and healthcare that facilitate our daily life during this time.”
Schuh further added that as they roll back enforcement, organizations, users or sites should see no disruption. As social distancing measures have been followed worldwide, reliance on online services has increased and any kind of disruptions can cause big issues especially if it is concerned with healthcare resources.
Google also said that they plan to resume the enforcement in the future and will give advance notice on their blog. This isn’t the only announcement that is affected by the outbreak. Google has also paused temporarily adding new features to Chrome and Chrome OS and focus on security and stability owing to adjustments in their work schedules.
IAS Issues Threat Alert Regarding The Latest Digital Ad fraud Scheme
The industry’s key weapon against ad fraud has been compromised, allowing fraudsters to pilfer media spend. Ad. txt files were ideally launched three years ago by the IAB’s Tech Lab to help the ad industry combat ad fraud but instead has become a conduit for it.
It is an initiative to improve transparency in programmatic advertising. The tool was introduced by IAB for publishers and distributors to list all companies that are authorized to sell ads. Essentially, it will also show when an advertiser buys ads directly from the publishers or authorized ad tech vendors and also highlight those sites that do not use an ads.txt file.
However, in reality, since the ad.txt tool launched, fraudsters have exploited the opportunity where the buyers do not check the lists with bots that generate fake browser data and create fabricated URLs in order to steal advertiser’s media spend. 404bot is the perfect example of this type of fraud.
This botnet involves a practice called domain spoofing, where the fraudster impersonates the publisher’s webpage. However, the 404bot holds no inventory. Domain spoofing allows slipping nonexisting URL into approved domain lists. To avoid any detection, the fake URL is a combination of two existing URLs.
Now spoof domains are receiving ad calls, the challenge is to deceive the audience to ‘ watch’ the video ads. For this, 404 takes advantage of a Bunitu Trojan. The Trojan infects internet users with malware that allows fraudsters to connect to their devices. Once connected, the fraudster can use the infected ID to generate ad calls that appear from legitimate sources. The whole process of buying ads from the seller and inventory appears to be legitimate while there is nothing in reality.
Integral Ad Science(IAS) has uncovered the bot scheme that has affected many high and low publishers which have one thing in common: large ads txt list and has stolen at least US$15 million of advertiser’s money- a number that continues to grow.
The fraud scheme is similar to 3ve and Hyphbot, the main signature of the 404bot is extensive domain-spoofing, where URL is fabricated at browser level which means the data from the browsers is fake. 404bot has been building networks gradually over the years ensuring that they are not easily detectable to the human eye.
Botnet’s Origin:
The IAS Threat Lab first spotted a rise in domain spoofing activity in 2018. Evgeny Shmelkov, head of the IAS Threat Lab said,
“We detect bots and protect our customers from their effects every day. The 404bot has been active since 2018 and its unchecked growth now warrants industry action.”
In September 2018, the botnet activity increased and remained high till the start of November 2018, when it abruptly dropped. However, around the same time another botnet, 3ve was taken down by cybersecurity and ad verification firm White Ops. IAS assumed both events were related, but the timing of 3ve takedown didn’t match with the drop in activity of the botnet it was monitoring. After 5 months of low activity, 404bot traffic increased again in mid-April, 2019 and then dropped in September 2019.
In its white paper, IAS explains,
“We can only hypothesise the true reason for this subsequent drop in activity of the botnet, but based on/ previous observation, we know that 404bot activity could spike again at any time.”
Conservative estimates suggest that 404bot’s activity between April 2019 to September 2019 affected over 600 million ads. It has affected over 1.5 billion video ads across the U.K, the U.S.A, Canada, and Australia. Assuming video ads price in a single-digit dollar, an average individual fraudster makes at least $15 million a year.
Drawbacks of Ads.Text files
The 404bot capitalizes on unaudited ads.text files and its vulnerabilities. Meanwhile, ads.txt files continue to be longer and become an easier place for fraudsters to hide. The longer the ads.txt list, the harder to audit for unauthorized sellers. According to IAS, the only link between all publishers that were impersonated by the bot was that they all had long lists of ad tech vendors in their ad.txts files. Evgeny Shmelkov said,
“This discovery left us wondering if publishers were not properly vetting resellers, or if they were simply using Ads.txt on their websites as a formality. The former, if true, defeats the core purpose of Ads.txt’s existence.”
“We are learning from this bot that it is crucial to continuously audit and update Ads.txt files.”
The IAS threat lab detects bots regularly and to reduce unnecessary panic, it refrains to divulge details from every discovery. However, due to no sign of 404bot shutting down, IAS is sharing details to help other players in the ad-tech ecosystem to clean up the inventory. They are closely working with publishers and IAB Tech Lab to improve the ads.txt model to limit frauds like 404bot.
Meanwhile, Dan Larden, managing partner of product and partnerships at programmatic agency Infectious Media said, companies buying and selling media aren’t set up properly to audit any trade. He further added,
“Programmatic advertisers need to be pushing ad tech vendors for more log-level data so that they can see where the wastage is on the media that’s being bought.”