Sips from the Firehose
A blog that seeks to filter the internet into a refreshing, easily-gulped beverage


Sep 27

Uncovering Ad Fraud at Financial Times: $1.3 Million PER MONTH

Posted: under adsense clickfraud, advertising.

Investigation reveals “organized crime” at one paper – how many more are undiscovered?

I know that I sound like a broken record on this subject, but for God’s sake, it’s been 3 years now since pretty much everybody in the digital ad industry acknowledged that there was a problem with the online ad ecosystem. To whit: advertisers are buying ads that NOBODY IS SEEING. 

via GIPHY

The botnet clickfraud problems are well-known. Here’s how that works:

  1. Online crooks pretend to be honest news sites, but really scrape content.
  2. The crooks then contract with ad exchanges who apparently ask no questions and do no real verification
  3. Crooks get ads placed on their pages.
  4. Crooks unleash swarms of bots on hacked computers around the world to click on these ads. Over and over again.
  5. Free money rolls in
  6. Advertisers wonder why their ad campaigns aren’t performing

The “newest” wrinkle in online clickfraud: pretend to be an honest & respected publisher

According to DigiDay, an internal investigation by the Financial Times, one of the biggest, most high-value publishers in the world, revealed that crooks were impersonating them and stealing about $1.3 million per month. (I actually shouldn’t say that this is a new wrinkle, because the tech nerds have been sounding the alarm over this practice for years, but it’s “new” in that the advertising industry seems to finally be taking it seriously. Ok, Ok. There’s a lot of room in that qualifier “seems.” But still. It’s something.)

On at least 10 different ad exchanges, there were people/organizations claiming to be the Financial Times, selling ads on the FT.com site. The problem is, the sites that these ads were appearing on had nothing to do with the FT.

“The scale of the fraud we found is jaw-dropping,” said Anthony Hitchings, the FT’s digital advertising operations director. “The industry continues to waste marketing budgets on what is essentially organized crime.”

Let’s break this down just a little bit more, to make it explicit.

  1. Crooks don’t even bother building their own fake news site, but instead impersonate a “high value” publisher
  2. Crooks contract with ad-selling sites, pretending to be the New York Times, Wall St. Journal, Sports Illustrated – whatever site you can name that has a lot of respect and that has an audience that advertisers covet 
  3. Advertisers rush to buy ads
  4. Free money rolls in

The tech that is uncovering this clickfraud is part of an effort by the IAB to crack down on the fraud, because duh. (var “duh” = utter destruction of online advertising business model unless addressed) 

It’s called Ads.txt, and it’s basically a “whitelist” of authorized ad sellers. Which is kind of a brilliant move … but also a little troubling, for reasons that I’ll get to in a bit. They’ve got nifty little flowchart-esque graphics on the IAB site, which you can see below, that lay out how they think the flow of ad money should work:

how does ads.txt work for publishers and advertisers

This is simplistic to the point of being somewhat dense, but you get the idea.

This is their description of the problem, which again reads like a doctoral-level thesis on understatement:

The ads.txt project aims to prevent various types of counterfeit inventory across the ecosystem by improving transparency in the digital programmatic supply chain.

When a brand advertiser buys media programmatically, they rely on the fact that the URLs they purchase were legitimately sold by those publishers. The problem is, there is currently no way for a buyer to confirm who is responsible for selling those impressions across exchanges, and there are many different scenarios when the URL passed may not be an accurate representation of what the impression actually is or who is selling it. While every impression already includes publisher information from the OpenRTB protocol, including the page URL and Publisher.ID, there is no record or information confirming who owns each Publisher.ID, nor any way to confirm the validity of the information sent in the RTB bid request, leaving the door open to counterfeit inventory.

Fair enough. And their solution of creating a database where advertisers can check to see that what they are buying is what they are getting is a solid effort. However.

Here’s why I have some concerns: If you are going to flag a publisher as being suspect until such time as they get your “IAB Stamp Of Approval,” where does that leave the startups that we work with, who have not yet progressed to the level of, say, a Financial Times?

And what happens when a smaller publisher, who has been aggressively reporting on, say, the activities of a criminal gang that uses clickfraud as a cheap&easy revenue stream … is the target of a “smear” campaign by said criminals? One that then disqualifies said investigative journalists from participating in ad exchanges?

Comments (0)



Aug 04

Shwedagon Pagoda and Dave by Night

Posted: under Design.
Tags: , , , , , , , , , , , ,

As with so many major cities in Asia, the ancient and the modern exist side-by-side.

The guy on the right is dancing a jig, I think. They are hidden under the eaves, and I only spotted this group because I was looking up in awe as the heavens opened and the rain poured down.

Read More

Comments (0)



Jul 18

Quirks of the Internet in Myanmar

Posted: under Blogging, Blogs, Conspiracy Theories, Politics & New Media.
Tags: , , , ,

No TOR, but Rule 66 instead

I’ve been in Yangon for more than two weeks now, and I’m starting to run into the outer edges of what is allowed here on the internet.

First, Netflix and Apple Music work here. So I’m able to (pretty much) update the apps on my iPhone and download & watch movies. Which is nothing short of amazing, really.

However, connecting to the TOR network seems to be blocked; the login process looks a lot like this:

TOR network connections in Myanmar

It gets about 1/3 of the way to connected, and then it just … stops.

I don’t know if this is a temporary of a permanent condition. However, in talking to the locals, there is a lot of controversy over a Telecommunications Law, that is known as Rule 66. This basically holds that if you “defame” someone on the internet, that is a crime and you go to jail.

The nefarious thing is that not only can the person claiming they were defamed go running and get someone peremptorily locked up…

… but any third party can denounce someone else. So basically, if I see that you’ve said something – anything – online that might be construed as negative, EVEN IF IT’S NOT ABOUT ME, I can go running to the authorities and have you locked up.

From FrontierMyanmar.net:

The previous parliament approved the Telecommunications Law in October 2013 to liberalise the sector and encourage private investment. While the law has certainly achieved that aim – billions of dollars of investment have been pumped into telecoms since licences were awarded to the country’s first two foreign mobile operators in 2014 – its provision on defamation has also been used to stifle comment online, particularly on Facebook.

Section 66(d) of the law forbids anyone from “extorting, coercing, restraining wrongfully, defaming, disturbing, causing undue influence or threatening any person by using any telecommunications network”, and carries a possible prison term of three years.

The section is a stark reminder that the Telecommunications Law is as much a product of the military regime as the Thein Sein era. Reports from as far back as 2008 indicate that the junta wrote the initial draft.

Find the flaw in THAT law. Sheesh.

The good news is that there are a lot of people here that are realizing that the current law, as written, is unwieldy and wide-open to abuse.

The bad news is that rather than junking it, the effort underway seems to be to instead replace it with something that is more narrowly construed to target the press.

Oy.

Comments (0)



Jul 06

Mobile Phone Wizards

Posted: under Digital Migration.


I bought a new Sim card from one of the hundreds of tiny shops that line Insein Road here in Rangoon. The guy on the right here wasn’t absolute magician with my phone. His fingers move so fast I could barely see them as he was setting up my phone to work on the Telenor network. 

Comments (0)



Jun 28

Just What Is a Digital Native Anyway?

Posted: under advertising, Digital Migration.
Tags: , , , , , ,

Not to get all existential on your or anything, but it’s the difference between “Being” and “Doing”

Digital natives are not like other media - cat hiding among meerkats

It’s the difference between a cat … and a meerkat. Between an organization that pays lip service to the idea of engaging with an audience on digital platforms (while secretly wishing everything would go back to The Way Things Were) … and one that lives and breathes comfortably on a variety of platforms, while still maintaining its core ethos.

Recently, while putting the finishing touches on a Great Big Important Research Project For A Huge Client, I got into a discussion with Janine Warner, my partner in all things analog and digital, over nomenclature. What do we call these guys? Are they all digital entrepreneurs? News startups? New media players? Journalists-turned-geeks? Fact-based info-ventures? Digital natives?

It’s not exactly an earth-shattering insight, but what we call things deeply influences how we think about them. “Death tax” instead of “inheritance tax.” “Right-sizing employee headcount” instead of “firing workers to boost profits.” “Undocumented feature” instead of “bug.”  Read More

Comments (0)



Jun 21

Whither Digital Advertising, Mid-2017 Edition: NYTimes Take; Analytics to the Rescue!

Posted: under adsense clickfraud, advertising, newspaper crisis, Newspaper Deathwatch, Newspapers.
Tags: , , , , , , ,

Are we about to see advertisers “flee to quality”?

And would a complete overhaul of digital advertising be good for journalists and netizens who produce honest, high-quality content (and more importantly, bad for Fake News)? Mark Thompson, the CEO of the New York Times (a publication that now is the poster child for abandoning advertising in favor of subscription revenue), unloaded on the complex ad-delivery technology that’s arisen in the past 10 years, pointing out all the flaws that have been glaringly evident to anyone who has paid attention to the space. Do a quick search for “clickfraud” and count backwards to when the articles started appearing – hell, I’ve been yammering about it on this blog for at least 5 years myself.

ad clickfraud search results june 2017 digital advertising

Not just the sheer number of results – check out the related searches as well. Right out there in the open: tools for you to launch your very own online fraud business.

Read More

Comments (0)



Jun 18

DDoS Attacks for $2/day: Researching the DarkNet

Posted: under Blogging, Sip With Caution.
Tags: , , , , , ,

Hackers hire out their botnets for DDoS attacks for as little as $2/day

I’ve been working on a series of articles on the threats to activists, independent journalists and innocent bystanders targeted by trolls that lurk on the web. This has led me to some of the shadier corners of the internet: the fabled DarkNet. The research phase of looking into DDoS attacks has already made me tape over the camera on my laptop and run repeated anti-virus scans on my computer, every damn device attached to my home network, and my external hard drives.

Paranoia is just the entry fee for this fun game. Read More

Comments (0)



May 01

Internet Security for Creative Professionals – The Basics

Posted: under Conspiracy Theories, Digital Migration, Sip With Caution.
Tags: , , , , , , , ,

Hackers want in. Don’t make it easy for them.

With all the controversies swirling around hacked emails and cyber-threats, I was asked to come in to USC-Annenberg, and speak to the students about what they need to know about security. Basically, I had to come in do a digital “Scared Straight” to try to get them to recognize how they will be targeted, and the steps they need to take to avoid having their emails, texts, private photos and snarky internal comments leaked out for maximum damage.

norse attack map shows cyber attacks in real time

I start out with the “attack map” from Norsecorp. And if you’ve never seen it, it’s a real show-stopper. It looks like the climactic scenes from Wargames – only it’s taking place right now. Every second of every day, cyber-attacks zoom back and forth, testing the intrusion counter-measures on Google, Facebook, Microsoft, the US government, NORAD, the international banking infrastructure, etc. etc. Check it out – it’s hypnotic. And then very chilling.

Particularly when you realize that a lot of the attacks are aimed at getting into America’s command-and-control infrastructure, to either lock us out from controlling our nuclear arsenal … or maybe to launch the damn things. Who knows the motives of a bunch of nihilistic haxx0rz?

Read More

Comments (0)



Mar 03

Experimental VR Art Project at Google’s Venice HQ

Posted: under Design, Friday Noon Videos, UX/UI, Video.
Tags: , , ,

Depending upon your tolerance for the sight of people wearing virtual reality helmets all craning their necks and looking about themselves, this video is either really charming or really alarming.

Thanks to Kluge interactive for the invite to this special event.

UPDATE: I had to upload this video to YouTube to get it to embed correctly. 

​​

Comments (0)



Feb 20

The UX of Decent Online Discussions: Twitter’s New Troll-Killing Algo

Posted: under Blogging, Sip With Caution.
Tags: , , , , ,

Twitter declares open season on trolls

“I think the new moderators are striking *just* the right tone for dealing with the 4chan infestations…” (/lame attempt at New Yorker-style caption)

Twitter is rolling out three new tools to crack down on trolls, spam & abuse

Meanwhile, there’s also “Project Coral” – backed by NY Times, Washington Post and Mozilla – rolling out Talk and Ask, aimed at making comment threads a way to connect with an audience – rather than to alienate & depress them. Read More

Comments (0)