[notheguyouthink]

What about a sort of metrics protocol? Ie, the ad network puts up it's own JS, the advertisers don't get to put up any code. The Networks JS will be configured to optionally call a custom metrics endpoint with some data - ie, the advertisers own servers.

Very little trust is needed, and customers don't get crazy JS on their pages. Is something wrong with this model?

[vertex-four]

The issue is that large-scale advertisers don't actually trust the ad networks - the network could make up data, and has less reason to track fraudulent clicks/etc.

[rpastuszak]

Yesss, and with video ads, where VAST is involved, once the ad script starts loading, it has no knowledge about the actual media file, as it has to follow a chain of XML files leading to different middlemen (for tracking purposes), ad exchanges, etc... Bidders in ad exchanges can be exchanges as well.

Dealing with bots, fraudulent clicks and malware is one of the things that sets some ad platforms from the really nasty ones.

[ReverseCold]

> The Networks JS will be configured to optionally call a custom metrics endpoint with some data - ie, the advertisers own servers.

So no more trust required for the advertisers?

[ddebernardy]

> Is something wrong with this model?

Detecting fraudulent ad views and clicks.

[walterbell]

Which parties perform fraud / bot detection today?

[ddebernardy]

There was a dozen plus last I worked in the field. There are scores of horror stories related to ad fraud. In particular:

- PPV ads that get stacked. That, several ads laid out on top of each other so that only one (if any at all) is visible.

- PPV ads that get served to bots. Sometimes purposely so, other times as a result of phantom users who replay sessions to build fake profiles for PPC purposes.

- Ad injection that replace legit ads or include new ones via browser toolbars or compromised devices.

- PPC fraud, of course, including some combined with all of the above.

- PPA fraud through cookie stuffing, meaning flooding browsers with cookies to make it look like the traffic originate from where it doesn't.

- PPA fraud through ad injection. Nothing converts better than a popover served via ad injection for the very site you're shopping on.

I'm sure I'm forgetting quite a few, but at a high level those are the main ones to be aware of. As an advertiser you generally cannot rely on the stats you're provided with.

[walterbell]

Is it safe to assume that all of these go away within a closed network like Facebook? If so, the numbers that advertisers see on Facebook (vs elsewhere) could help quantify fraud.

[ddebernardy]

Only partially, unfortunately. One of the things sophisticated fraudsters do is replay actual user sessions to build fake profiles. That is, they record scrolls and clicks on compromised devices, and have other users build similar profiles by following similar sessions on other compromised devices. This includes browsing FB and interacting with AdWords of course, and screws up PPV, PPC, and PPI metrics all over.

On top of building more valuable fake user profiles for the latter two purposes, doing this allows to bypass click-density based ad fraud detection. See this article for an example of what you see when you can sometimes observe using the latter when detecting the less sophisticated fraudsters:

http://adage.com/article/digital/inside-google-s-secret-war-...

As the latter article implies, Google's team is pretty sophisticated at detecting fraud. But even then, seeing things like this suggests there are edge cases they'd like to see go away or that are hard to detect:

https://news.ycombinator.com/item?id=13327228

[geocar]

The advertiser may choose a partner and run it with the ad, or they may choose a partner and require the publishers produce reports from that partner. Some advertisers will simply require some notable anti-fraud vendor, and the publisher is free to choose the cheapest/least effective.