OpenX Opens New Front On Fraud, Takes Battle To User's Browser
- by Joe Mandese @mp_joemandese, March 23, 2015
Programmatic audience exchange OpenX today
unveiled a more aggressive method of tracking the quality of online audience impressions sold through its exchange, taking the battle from a publisher’s page to a user’s browser. The new
generation of its so-called “Traffic Quality Platform” relies on directly integrating tags on publishers pages that can detect when suspicious browser activity lands on them, and then
automatically filtering out user traffic deemed fraudulent or of insufficient quality.
Among other things, the tags can identify when a user’s browser is operating unusually slowly in terms of loading content on pages, which is a surefire signal that it might be infected with malware that could be perpetrating fraudulent user behavior.
Previously, OpenX’s traffic quality efforts were based on a team of analysts manually evaluating user traffic to determine when fraudulent of unsavory activity was happening. Taking it to the browser is the next logical extension of what looks to be an ongoing “arms race” between the “bad guys” who develop malicious code to exploit fraudulent user activity in the programmatic audience marketplace, and the ad tech firms, publishers and exchanges that are trying to get ahead of it, says John Murphy, vice president-marketplace quality at OpenX, who is leading the new initiative.
Murphy says currently such behavior is only a few percentage points of total traffic activity passing through OpenX’s systems, but he says the new direct tag integrations with publishers is a step to reduce that further and to get out ahead of the next iteration of fraudulent traffic.
Murphy claims the new approach, gives advertisers and publishers the “earliest possible look” at potentially fraudulent activity by taking detection directly to the user’s browser.
Basically, he says, the technology detects and automatically blocks suspicious traffic based on patterns and norms defined by OpenX’s traffic quality team.
Murphy says the code used to identify users’ browsers will have no perceptible effect on their performance, and theoretically could be used someday to inform consumers when their browsers are infected with suspicious code that might be slowing their systems down. But he says there is no immediately plan to promote it has an end-user benefit to consumers.
Really, so the privacy one has in their browser habits is now open to the word. What ever happened to privacy of the consumer. Or do we still come back with Fraud - "the sky is falling" routine. What brand can not see this being a class action law suit.
This is actually nothing new... (although it sounded like it by the headline). Many/most javascript based fraud detection mechanisms already detect if "a user’s browser is operating unusually slowly in terms of loading content on pages" by giving it known quantities of work to perform.
Furthermore, most malware, unless it is operating in the browser does not slow down the operation of the browser. For it to do so, it would need to overload the CPU and/or GPU to have an impact manifest itself in the detectable actions of a browser -- e.g. like rendering a page, etc.
The user privacy concern of the previous comment is well known and well documented, since the EFF's Panoptoclick demonstration https://panopticlick.eff.org/ in June 2010.
Then there is the limitation of code that is run from a web page inside a browser.
I agree with Augustine, javascript browsing has been around for years, so why is it now considered something new? We have been maturing that technology for the past 10 years. However, I am glad to see some of the bigger companies out there starting to get with the times.
Unusually slow browsers? Anything can cause that to happen such as slow internet, another software process tying up all of the resources on the users machine, or any number of things can cause the browser to be unusually slow. So that is not something you can rely on in the search for fraud.
With all of this "new" technology, the site owner is STILL paying for the traffic they buy for their site to ultimately drive to their ads. I see how openX can protect the ads on that page, but who is protecting the web site owner from buying traffic that is fraudulent?
Wouldn't it make sense to stop that bad traffic BEFORE it gets to the page hosting the ads?
:)