> And like so many things on the internet, the technique and even some of the traffic used to execute this burgeoning method of ad fraud, traces some of its origins to porn.

Sex: the true driver of most human innovation since forever.

> [T]he VP of content and marketing for DingIt, told BuzzFeed News that the site uses "4 independent traffic verification tools that monitor each view on our video player"...

I wonder how much that cost to develop and deploy.

Details at Slideshare, sadly... https://www.slideshare.net/augustinefou/traffic-origination-...

The fact that this is the foundation of the tech economy does not augur well.

>Adam Simmons, the VP of content and marketing for DingIt, told BuzzFeed News that the site uses “4 independent traffic verification tools that monitor each view on our video player” and prevents any fraudulent traffic from viewing content or ads on the site.

I wonder what the hell a "traffic verification tool" is.

Vendors like WhiteOps, Integral Ad Science, Moat, Forensiq, DoubleVerify, etc. that are used to see if visitors to a website viewing the ads are actually people during normal browsing or whether they are bots or other fraudulent behavior.

None of them work well.

What do they do to decide if a user if real or fake? I am not remotely surprised that none of them work well

That's their trade secret but distills down to measuring all the various factors that a person actually reading a page would do: time, scroll speed/depth, click rate/location, previous history, mouse movements, http, ip, network traffic, browser profiles, etc.

Although these days with headless chrome and how easy it is to just record and replay someone's session, it becomes incredibly hard to detect with accuracy, especially while trying to not affect browsing behavior beyond the typical ad load experience.

There is lots of overlap with this and other security-focused companies that work with financial and government companies to protect their own websites and apps, although it's easier when you own and control the site, proxies and backend.

Jesus Christ, that is creepy and perverted.

Welcome to marketing! Get out while you are still sane.

What is exactly? It's an industry with lots of money (100s of billions USD) flowing through with little oversight and cheap startup costs thanks to cloud vendors and commodity tech.

If there are criminals willing to invest intense effort committing physical crimes, it's expected that there would be a just as much put into something like this. Similar to a lot of the bitcoin/crypto dealings where there is plenty of organized crime involved.

Pages viewed/clicked per second. Some sites contain tiny little links that no human should every click, but a bot might. Others get more advanced by comparing visors. If a group of visitors all display the same pattern (think near identical behavior) then they are bots.

There are lots of other ways used as well. Client-side JavaScript that tracks mouse movement, for example. A combination of all of these combined with ML models give surprisingly accurate results.

Probably something like IAS's video viewability tools[1]. There are some big players in the traffic verification space as advertisers like myself don't want to pay for garbage traffic.

[1] https://integralads.com/capabilities/video/

I love the subtle dig, using "porn or illegal downloading site" as a stand-in for "unscrupulous site". The two sets are not equal, and just saying "unscrupulous" would have served better.

Those are the two main types of site that Google ads won't touch, though. So if they monetize using ads, they need to use an unscrupulous ad network.

I think this sort of stuff resolves on its own in time. Eventually the marketers actually paying for bogus ad impressions look at a spreadsheet and notice that the despite strong numbers, these ads aren't translating into sales or new user signups or increased brand awareness. And then they pull the plug and put their ad dollars elsewhere.

That already happens. Right now, net marketing spend of $1 still returns > $1 in sales or whatever value metric the marketer wants - so in effect all the fraud is already priced in.

The problem is that the price is inflated and passed down to consumers so there is still strong motivation to actively combat ad fraud, at least until the cost of the combating is more than the savings, but that's a long way off.

Presumably a competing ad network with less fraud will provide even better returns and dollars will migrate there.

Most ad network campaigns are bought through politics and relationships, especially all the branding objectives which are a majority of the market, so it's not that simple.

Performance marketers are definitely more sensitive but they're happily served by Google and Facebook for now.

“It’s unclear what Haim’s current role is with DingIt, as he opened but did not reply to two emails from BuzzFeed News. Visser opened but did not reply to an email.”

I find it odd that they would report on “opens”. Particularly in an article about how tracking / verification technology is so easily duped.

There is a big difference between a tracking pixel image in an email that's only delivered to a single inbox vs the vast environment of the open web with all the various websites and ads that run.

Same, I thought that sounded kind of hypocritical.

This is hard to believe that it really works:

a) For all these tracking scripts acompanying each ad it should be trivial to detect that the window is invisible and really nothing is even hovered

b) For everyone it should be easy to detect that a page that was loaded in the background redirects after a short time. It should be so easy to find these pages manually and ban them.

Why does such an obvious and primitive technique like popunders with auto-redirecting "webrings" even work at all???

One of the sites he lists as fraudulent rargb.to is actually a torrent site as large as thepiratebay

What is the technical explanation of the invisible window mentioned? Do all browsers allow it? Will an ad blocker stop it?

"A user often has no idea this is happening in the background, and in some cases porn sites load the pop-under as an invisible window that can’t be seen."

It's not terribly complicated JavaScript. A pop-behind is generally done by calling Window.open() to open a new window, then Window.focus() to re-focus the original window. Another method I've seen is opening a pop-up with the original site, then redirecting the original window to the advertising site. The MDN page for Window.open()[0] actually mentions some of the restrictions around opening windows and focusing other windows that have been added to browsers.

[0] https://developer.mozilla.org/en-US/docs/Web/API/Window/open

Is there a policy on [NSFW] tags or the equivalent? Nothing about this headline suggested to me that opening it while at work was going to plaster my screen with a giant cartoon ass, and while I'm fortunate to work in a tolerant space, others might not be so lucky.

I came here to say the same. I was not expecting a huge graphic with a cartoon naked ass to show up on my work system.

also here to say the precise same thing. left my laptop while this page was loading and it was up for 5 or 6 minutes. Work with understanding fellows, but that is not okay to load without warning, BuzzFeed.