Wednesday, October 11, 2006

One solution for combating click fraud

With all recent media coverage on click fraud in pay-per-click online advertising, many people are voicing their skepticism on the possibility of finding a definitive solution for this problem. Some are even willing to accept those losses as normal part of doing business.

The danger is that if those fraudulent clicks are generated automatically, with enough sophistication, they may go undetected, and their effect can snowball, wasting large amounts of advertising budgets.


For some devious techniques for click fraud, hard to detect, you can read my previous posts here and here
.

However I believe there are measures that can be taken to curb this type of fraud. The root problem is the fact that there’s no thorough screening of the affiliate partners done by the most popular providers of ads. Anyone with a blog can get an AdSense account, which they can later abuse.


What’s needed is a way to qualify the web pages showing the ads. Some mechanism similar to PageRank. The advertisers should be given the option to choose a minimum rank for the affiliates that will display their ads. Or the option to place different bids and budgets for each rank. That would give a lot of flexibility to the advertisers, while still allowing new entrants in this industry.


One could ask, what should this new ranking method be ? Some companies perform this ranking manually, by handpicking the publishers that are allowed to display their ads. For instance, you can use the “Advertise on this site” link that appears in AdSense banners and create a campaing targeted for specific sites. However this is not truly a ranking, since it allows only 2 values, either in or out.


A better approach should perform the ranking automatically. A rudimentary heuristic could choose the maximum PageRank for all segments of the URL of the page. For example http://www.boingboing.net/2006/10/17/working_deepfried_pc.html would have the same ranking as
http://www.boingboing.net.


Technorati tags: , , , , , , , ,

Tuesday, October 03, 2006

Leaking intellectual property through web search

For a while now I've been amazed how easy is to leak valuable ideas to your competitors, by doing seemingly harmless web searches when researching the potential of your ideas.

Let's say you have an "awesome idea" on a "topic". So to research that, you type it in your favorite search engine. Most of those engines (Google, Yahoo, MSN) use a web form that handles submissions through an HTTP GET method. So after you submit your search, the URL of the page holding the results will contain your search terms, e.g. "http://www.google.com/search?
hl=en&lr=&q=an+awesome+idea+on+a+topic&btnG=Search".


Now let's assume that the search results on that page point to some of your competitors' web sites, since they too may be doing some research on the same topic. If you're clicking on any of those links you're toast, because the request sent to their web site will have a referrer header like "Referer: http://www.google.com/search?
hl=en&lr=&q=an+awesome+idea+on+a+topic&btnG=Search".


So a simple review of their web logs would show your awesome idea. Pretty cool, huh ?

The solution for this is simple, if the search engines were to use HTTP POST to handle form submissions. In that case the URL of the referring page won't contain any search items.

Technorati tags: , , , , , ,

Monday, October 02, 2006

Click fraud through active web content

Following my previous post on click fraud I realized that there are other ways to create fake clicks on a large scale, without making use of a virus, trojan, or other form of malware that could be detected and stoped by antiviruses or other protection.

One such way is to create an ActiveX control for Internet Explorer and embed it in popular web pages. When people are reading those pages, those embedded controls would run in the browser, and silently simulate page clicks, by sending fake HTTP requests to fetch the ads, imitating the legitimate requests that a browser would send upon click-through actions.

Those requests would be sent in the background, unknowingly to the users of the browser. As a victim of this exploit, you’d be reading a web page, and at the same time contribute to filling someone’s pockets. In fact the page you’re reading may not have any visible ads.


Technorati tags: , , , , , , , , , , ,

Saturday, September 30, 2006

Click fraud through computer viruses and malware

A recent issue of BusinessWeek covers the click fraud in online advertising. Since this is just one facet of cybercrime, which is one of our areas of research at Tartor Software, I thought I added a new perspective to this issue.

Imagine what would happen if someone released a virus, or Internet worm, or other malware, that automatically generates fake clicks. That could potentially take the activity of the “clickbots” to a larger scale, geographically dispersed, possibly harder to detect and prevent.

That could give a blow to the confidence in this advertising medium. It’s possible that Google already senses this threat and that’s why they offer an antivirus included in their free “Google Pack”.

I hope there will be soon some solutions to this problem. In the meantime, an effective way to protect yourself is to choose to not display your ads on any “affiliate sites” (Google calls it "). In that case the crooks won’t have any incentive to click on your ads, because they wouldn’t get paid. Granted, your ads will get far less eyeballs, only from people explicitly searching for keywords, but those people are more likely to be genuine potential customers.


Technorati tags: , , , , , , , , , , ,