New and Notable
Uber Can’t Be Fixed — It’s Time for Regulators to Shut It Down
June 21, 2017 - Permalink
From many passengers' perspective, Uber is a godsend — lower fares than taxis, clean vehicles, courteous drivers, easy electronic payments. Yet the company’s mounting scandals reveal something seriously amiss, culminating in last week’s stern report from former U.S. Attorney General Eric Holder.
Some people attribute the company’s missteps to the personal failings of founder-CEO Travis Kalanick. These have certainly contributed to the company’s problems, and his resignation is probably appropriate. Kalanick and other top executives signal by example what is and is not acceptable behavior, and they are clearly responsible for the company’s ethically and legally questionable decisions and practices.
But I suggest that the problem at Uber goes beyond a culture created by toxic leadership. The company’s cultural dysfunction, it seems to me, stems from the very nature of the company’s competitive advantage: Uber’s business model is predicated on lawbreaking. And having grown through intentional illegality, Uber can’t easily pivot toward following the rules.
Continued at hbr.org.
Passenger Right to Record at Airports and on Airplanes?
June 20, 2017 - Permalink
Passengers have every reason to record airline staff and onboard events—documenting onboard disputes (such as whether a passenger is in fact disruptive or a service animal disobedient), service deficiencies (perhaps a broken seat or inoperational screen), and controversial remarks from airline personnel (like statements of supposed rules, which not match actual contract provisions). For the largest five US airlines, no contract provision—general tariff, conditions of carriage, or fare rules—prohibits such recordings. Yet airline staff widely tell passengers that they may not record—citing "policies" passengers couldn't reasonably know and certainly didn't agree to in the usual contract sense. (For example, United's policy is a web page not mentioned in the online purchase process. American puts its anti-recording policy in its inflight magazine, where passengers only learn it once onboard.) If passengers refuse to comply, airline staff have threatened all manner of sanctions including denial of transport and arrest. In one incident in July 2016, a Delta gate agent even assaulted a 12-year-old passenger who was recording her remarks.
In a Petition for Rulemaking filed this week with the US Department of Transportation, Mike Borsetti and I ask DOT to affirm that passengers have the right to record what they lawfully see and hear on and around aircraft. We explain why such recordings are in the public interest, and we present the troubling experiences of passengers who have tried to record but have been punished for doing so. We conclude with specific proposed provisions to protect passenger rights.
One need not look far to see the impact of passenger recordings. When United summoned security officers who assaulted passenger David Dao, who had done nothing worse than peacefully remain in the seat he had paid for, five passenger recordings provided the crucial proof to rebut the officers' false claim that Dao was "swinging his arms up and down with a closed fist," then "started flailing and fighting" as he was removed (not to mention United CEO Oscar Munoz's false contention that Dao was "disruptive and belligerent"). Dao and the interested public are fortunate that video disproved these allegations. But imagine if United had demanded that other passengers onboard turn off their cameras before security officers boarded, or delete their recordings afterward and prove that they had done so, all consistent with passengers experiences we report in our Petition for Rulemaking. Had United made such demands, the false allegations would have gone unchallenged and justice would not have been done. Hence our insistence that recordings are proper even—indeed, especially—without the permission of the airline staff, security officers, and others who are recorded.
Petition for Rulemaking: Passenger Right to Record
Enumerating Uber's Scandals
June 15, 2017 - Permalink
Collecting my thoughts for an article about Uber's mounting scandals and the proper legal and regulatory response, I took some time to review the range of recent concerns. It's overwhelming -- new issues arising daily, and prior problems almost inevitably forgotten. But by dividing the misdeeds into a taxonomy of subject areas, I'm seeing trends -- identifying the areas where Uber falls furthest short. I offer my notes to others in hopes that they can help.
Build Interactive Web Sites as Easily as Spreadsheet Formulas?
December 1, 2016 - Permalink
I'm rarely effusive in my praise for a new tool, but I can hardly overstate my excitement about Bubble, a web programming system. The basic concept: Draw the web app you want, using standard components like text boxes, images, and buttons. Create "thing" objects to hold the app's data, specifying the characteristics (fields) of each thing and the way one type of object relates to another. Then add flowchart-style "workflow" procedures to explain what happens when. Amazingly, this process yields a multiuser interactive web app that works as you instructed and as you'd expect.
Continued: Use cases; comparison with alternatives and competitors; support.
Formal DOT Complaints - A Guide for Consumers
November 16, 2016 - Permalink
When something goes wrong in air travel, consumers often need to reach an appropriate resolution with airline staff. But the standard methods are not always sufficient -- sometimes ordinary customer relations staff are intransigent or just unresponsive, and a credit card chargeback is a poor fit for disputes that can be surprisingly complex.
In today's post, I present a dispute resolution channel most consumers do not know about: formal complaints before the US Department of Transportation. The process lives up to the "formal" label, requiring documents formatted in a particular way, submitted through both web upload and email (neither particularly intuitive), with all proceedings posted for public review. But this approach typically goes straight to airline attorneys, and the on-the-record public proceeding helps assure high-quality discussion. In today's piece, I explore known dispute resolution methods, then give interested consumers a guide to the DOT Formal Complaint process.
Continued: Comparison of available options; instructions; complaint template.
English Translation of FAS Russia Decision in Yandex v. Google
September 28, 2016 - Permalink
In September 2015, the Russian Federal Antimonopoly Service announced its decision that Google had violated Russian law by tying its mobile apps to Google Play and setting additional restrictions on mobile device manufacturers, including limiting what other apps they install and how they configure those apps and devices. These topics are of great interest to me since I was the first to publicly distribute the Mobile Application Distribution Agreements, and because I explored related questions at length in my 2015 article Does Google Leverage Market Power Through Tying and Bundling? and more recently my working paper Android and Competition Law: Exploring and Assessing Google's Practices in Mobile (with Damien Geradin).
For those who wish to understand the reasoning and conclusions of Russia's FAS, one key limitation is that the September 2015 decision is available only in Russian. While the case document library summarizes key facts, allegations, and procedural developments, that's no substitute for the full primary source documents.
In the course of expanding my Android and Competition Law paper, I recently obtained an English translation of the September 2015 decision. The decision is unofficial but, as best I can tell, accurate and reliable. It suffers redactions, but the original in Russian has the same limitation. I offer it here to anyone interested:
Yandex v. Google - Resolution on Case No. 1-14-21/00-11-15 - resolution of September 18, 2015 - unofficial English translation
Response to Airbnb's Report on Discrimination
September 19, 2016 - Permalink
This month Airbnb released a report investigating discrimination by its hosts against guests (including racial minorities and others), assessing the evidence of the problem and evaluating proposed solutions. The accompanying announcement offers lofty principles—"creating a world where anyone can belong anywhere."
While Airbnb's report is a step in the right direction, it does little to address the crucial subject of how to actually fix the problem of discrimination. Indeed, the report proposes actions of uncertain or unproven effectiveness. At the same time, the report quickly dismisses a simpler alternative response—removing guest photos and names from booking requests—which would be far more likely to succeed. Meanwhile, the report completely fails to defend the legal gamesmanship by which Airbnb avoids litigation on the merits when consumers complain about Airbnb, and the report equally fails to defend Airbnb's continued prohibition on users conducting research to uncover and measure discrimination for themselves.
My post today offers my critique.
A close look at Airbnb's commitments; a better alternative; what Airbnb's report failed to discuss at all
Exploring and Assessing Google's Practices in Mobile
September 6, 2016 - Permalink
Since its launch in 2007, Android has become the dominant mobile device operating system worldwide. In light of this commercial success and certain disputed business practices, Android has come under substantial attention from competition authorities. In a paper Damien Geradin and I posted this week, we present key aspects of Google's strategy in mobile, focusing on Android-related practices that may have exclusionary effects. We then assess Google's practices under competition law and, where appropriate, suggest remedies to right the violations we uncover.
Continued: Primary source documents; remedies; our working paper.
Assessing Airbnb's Prospects in its San Francisco Litigation
July 15, 2016 - Permalink - with Nancy Leong
Last week the Internet buzzed with news of Airbnb's lawsuit against San Francisco. Dissatisfied with a new ordinance updating and enforcing 2014 regulations of short-term rentals, Airbnb filed suit against the city, arguing that the new ordinance violated both federal law and the federal constitution.
In today's piece, Nancy Leong and I assess Airbnb's arguments in its San Francisco complaint -- finding some validity but, on the whole, considerable weakness.
Continued: Assessing Airbnb's theories under the Communications Decency Act, Stored Communications Act, and First Amendment; looking ahead.
Refunds for Minors, Parents, and Guardians for Purchases of Facebook Credits
July 12, 2016 - Permalink
On May 26, 2016, the U.S. District Court for the Northern District of California approved the settlement of a class action against Facebook involving in-app purchases of Facebook Credits by minor children. The case was maintained on behalf of a class of children who were Facebook users ("child users") below the age of 18 from whose Facebook accounts Facebook Credits were purchased. The case was filed by two minor children through their parents on February 23, 2012. The two children and the class were represented by attorneys Brooks Cutter and John R. Parker of the Cutter Law Firm in Sacramento, California; Daniel B. Edelman of the firm of Katz, Marshall & Banks in Washington, D.C.; and Benjamin Edelman, an associate professor at the Harvard Business School. On March 10, 2015, the Court certified the case as a class action for purposes of declaratory and injunctive relief on behalf of all minor children who were users of Facebook from whose Facebook accounts Facebook Credits were purchased at any time between February 23, 2008 and the date of the certification order, March 10, 2015. At the same time, the Court declined to certify a class action for purposes of class-wide monetary relief.
Continued: The Court's decisions; benefits for parnets and kids; claiming refunds; more case documents.
Preventing Discrimination at Airbnb
June 23, 2016 - Permalink
In January 2014, Mike Luca and I posted a study finding that black hosts on Airbnb face discrimination -- best understood as guests less willing to stay at their properties, forcing them to lower their prices to attract guests. More recently, Mike Luca, Dan Svirsky, and I contacted hosts using test guest accounts that were white and black, male and female, showing that black guests are less likely to be accepted by hosts. Both findings are troubling: The Internet has the power to make markets fairer and more inclusive, but Airbnb designed its platform to make race needlessly prominent, all but inviting discrimination.
Initially Airbnb responded to our research by framing discrimination as a problem that has "plagued societies for centuries" and emphasizing that the company "can't control all the biases" of its users. After a barrage of media coverage, Airbnb CEO Brian Chesky this month admitted that discrimination is a "huge issue" and said the company "will be revisiting the design of our site from end to end to see how we can create a more inclusive platform." Indeed, today Airbnb convenes an invitation-only summit in Washington to discuss the situation and, perhaps, design improvements.
While I applaud Airbnb's new interest in fighting discrimination on its platform, I can't agree with Chesky's subsequent claim that preventing discrimination on Airbnb is "really, really hard." Quite the contrary, the solution is apparent and has been known for years. In today's piece, I renew my longstanding proposal that would substantially fix the problem, then offer two smaller adjustments that are appropriate under the circumstances.
Continued: When to reveal names and faces; allowing testing; dispute resolution.
How Uber Uses API Restrictions to Block Price Comparison and Impede Competition
May 31, 2016 - Permalink
For years, Uber has tried to use its API as a potential barrier against competition. Uber invites third-party developers to connect to its servers to get real-time information about vehicle location (how many minutes until a vehicle can pick up a passenger at a given location) and the current level of surge pricing. But there's a catch: To access data through Uber's API, developers must agree not to include Uber API data in any tool that Uber deems competitive.
In today's post, I assess the purpose and effect of Uber's API restrictions, then analyze their status under antitrust law. My bottom line: Uber's API restrictions are an improper attempt to block competition, and a special stretch for Uber in light of the company's positions on related issues of competition and regulation.
FCC Comment on Expanding Consumers' Video Navigation Choices
May 23, 2016 - Permalink
Today I filed comments in the FCC's ongoing proceeding Expanding Consumers' Video Navigation Choices. While I credit the FCC's goal of increasing competition in cable television hardware, I flag serious side effects of the proposed regulation. For one, alternative set-top boxes would likely add their own advertising and potentially remove existing advertising, undermining the basic business model and value exchange of advertising-supported video programming. Furthermore, the FCC's approach distinctively favors Google, particularly unwise in light of Google's dominance in so many other electronic advertising markets.
Continued: Comparing FCC Chairman Tom Wheeler's oral remarks with the proposed regulation; additional concerns.
Uber Overcharges, Spring 2016
May 11, 2016 - Permalink
While claiming price advantages over taxis, Uber overcharges consumers by withholding promised discounts and credits. In today's post, I examine a set of Uber pricing guffaws — each, a breach of the company's own unambiguous written commitments — that have overcharged consumers for months on end. Taken together, these practices call into question Uber's treatment of consumers, the company's legal and compliance processes, and its approach to customer service and dispute resolution.
Continued: A "free ride" that's actually a $15 discount? Credit on your "next trip" -- or not at all. Correspondence and dispute resolution.
EC Statement of Objections on Google's Tactics in Mobile
April 20, 2016 - Permalink
Today the European Commission announced a Statement of Objections to Google's approach to Android mobile licensing and applications. Broadly, the EC's concerns arise from Google's contractual restrictions on phone manufacturers -- requiring them to install certain apps, in certain settings, if they want other apps; preventing customizations that manufacturers would prefer; requiring manufacturers to set Google Search as the sole and default search provider.
In today's piece, I ground these concerns in Google's Mobile Application Distribution Agreement contracts, previously-secret documents that I was the first to reveal to the public (in a February 2014 post). I then assess Google's conduct and resulting incentives, evaluate Google's defenses, and begin to identify appropriate remedies to restore competition.
Continued: MADA requirements; naked exclusion; Google's defenses; remedies.
When Your Competitors Ignore the Law
March 28, 2016 - Permalink
Last fall I flagged the problem of transportation network companies (Uber and kin) claiming a cost advantage by ignoring legal requirements they considered ill-advised or inconvenient. But the problem stretches well beyond TNCs. Consider Airbnb declining to enforce (or, often, even tell hosts about) the insurance, permitting, tax, zoning, and other requirements they must satisfy in order to operate lawfully. Or Zenefits using selling insurance via staff not trained or certified to do so (and, infamously, helping some staff circumvent state-mandated training requirements). Or Theranos offering a novel form of blood tests without required certification, yielding results that federal regulators found "deficient" and worse. The applicable requirements may be clear -- get commercial insurance before driving commercially; be zoned for commercial activities if you want to rent out a room; be trained and licensed to sell insurance if you intend to do so. Yet a growing crop of startups decline to do so, finding it faster and more expedient to seek forgiveness rather than permission. And the approach spreads through competition: once one firm in a sector embraces this method, others have to follow lest they be left behind.
A first question is how violations should be sanctioned. I've long thought that penalties could appropriately be severe. Consider the Pennsylvania Public Utility Commission's $49 million civil penalty against Uber for its intentional operation in violation of a PUC order. The PUC discussed the purpose of this penalty: "not just to deter Uber, but also [to deter] other entities who may wish to launch ... without Commission approval." Their rationale is compelling: If the legal system requires a permit for Uber's activity, and if we are to retain that requirement, sizable penalties are required to reestablish the expectation that following the law is indeed compulsory. Now suppose every state and municipality were to impose a penalty comparable in size. Despite Uber's wealth, the numbers add up -- 100 such penalties would take $4.9 billion from Uber's investors, a sizable share of Uber's valuation and plausibly more than the company's cash on hand.
Meanwhile, competitors are compelled to respond. For a typical taxi fleet owner or driver, or anyone else trying to compete with a law-breaking entrant, it's little answer to hope that regulators may some day impose penalties. (And indeed there's scant evidence that Pennsylvania's approach will prevail more broadly.) What to do? Damien Geradin and I offer a menu of suggestions in two recent articles:
Spontaneous Deregulation: How to compete with platforms that ignore the rules - Harvard Business Review
Competing with Platforms that Ignore the Law - HBR Online
Discrimination Against Airbnb Guests
December 10, 2015 - Permalink
In an article posted today, Michael Luca, Dan Svirsky, and I present results of a field experiment on Airbnb. Using guest accounts that are identical save for names indicating varying races, we submitted requests to more than 6,000 hosts. Requests from guests with distinctively African-American names are roughly 16% less likely to be accepted than identical guests with distinctively White names. The difference persists whether the host is African American or White, male or female. The difference also persists whether the host shares the property with the guest or not, and whether the property is cheap or expensive.
Our working paper: Racial Discrimination in the Sharing Economy: Evidence from a Field Experiment.
Continued: Costs to hosts who discriminate; solutions by Airbnb; our browser plugin.
Assessing Uber: Competition and Regulation in Transportation Networks
November 24, 2015 - Permalink
For consumers, it's easy to applaud Uber, Lyft, and kin (transportation network companies or TNCs). Faster service, usually more reliable, often in nicer vehicles—all at lower prices. What's to dislike?
Look behind the curtain and things are not so clear. TNCs cut corners on issues from insurance to inspections to background checks, thereby pushing costs from their customers to the general public—while also delivering a service that plausibly falls short of generally-applicable requirements duly established by law and, sometimes, their own marketing promises.
In a forthcoming article in Competition Policy International, Whither Uber?: Competitive Dynamics in Transportation Networks, I look at a range of concerns in this area, focusing on market dynamics and enforcement practices that have invited TNC to play fast-and-loose. In today's article, I offer excerpts and some further thoughts.
Continued: violations; competitive dynamics when enforcement is lax; Pennsylvania's notable efforts to enforce its laws; what comes next.
The Online Ad Scams Every Marketer Should Watch Out For
October 13, 2015 - Permalink
Imagine you run a retail store and hire a leafleteer to distribute handbills to attract new customers. You might assess her effectiveness by counting the number of customers who arrived carrying her handbill and, perhaps, presenting it for a discount. But suppose you realized the leafleteer was standing just outside your store’s front door, giving handbills to everyone on their way in. The measured "effectiveness" would be a ruse, merely counting customers who would have come in anyway. You’d be furious and would fire her in an instant. Fortunately, that wouldn’t actually be needed: anticipating being found out, few leafleteers would attempt such a scheme.
In online advertising, a variety of equally brazen ruses drain advertisers' budgets -- but usually it's more difficult for advertisers to notice them. I've been writing about this problem since 2004, and doing my best to help advertisers avoid it.
In this piece for hbr.org, I survey these problems in a variety of types of online advertising -- then try to offer solutions.
Continued: Measuring the wrong thing; measuring the right thing; setting appropriate incentives.
Beyond the FTC Memorandum: Comparing Google's Internal Discussions with Its Public Claims
April 1, 2015 - Permalink
Through a FOIA request, the Wall Street Journal recently obtained--and generously provided to the public--never-before-seen documents from the FTC's 2011-2012 investigation of Google for antitrust violations. The Journal's initial report (Inside the U.S. Antitrust Probe of Google) examined the divergence between the staff's recommendation and the FTC commissioners' ultimate decision, while search engine guru Danny Sullivan later highlighted 64 notable quotes from the documents.
In today's piece, I compare the available materials (particularly the staff memorandum's primary source quotations from internal Google emails) with the company's public statements on the same subjects. The comparison is revealing: Google's public statements typically emphasize a lofty focus on others' interests, such as giving users the most relevant results and paying publishers as much as possible. Yet internal Google documents reveal managers who are primarily focused on advancing the company's own interests, including through concealed tactics that contradict the company's public commitments.
Continued: Quoting Google's prior claims; comparing with internal emails and documents.
Strategies for Launching Platform-Based Businesses
March 18, 2015 - Permalink
For online platform businesses, customer mobilization challenges loom large. The most successful platforms connect two or more types of users—buyers and sellers on a shopping portal, travelers and hotel operators on a booking service—and a strong launch usually requires convincing early users to join even before the platform reaches scale. Customers find Skype worth installing only if there are people on the platform to talk to. Who would join PayPal if there were no one to pay? Every platform starts out empty, making these worries particularly acute. For multisided platforms, which need not only many users, but many users of different types, the risk is even greater. It’s not enough for a car-dispatch platform to have a large base of customers who want to book rides by smartphone. It also needs drivers willing to accept those bookings.
Often, a platform's designer has a workable plan once it achieves an early critical mass of users. If a service had drivers, it could attract passengers, or vice versa. And when we look at the myriad platforms that have overcome these hurdles, it can be easy to assume solutions will present themselves. In fact success is far from guaranteed, and many startups fail at this crucial stage. In an article in next month's Harvard Business Review, I offer strategies to guide entrepreneurs through this challenge.
How to Launch Your Digital Platform - Harvard Business Review (April 2015)
A Closer Look at IronSource Installation Tactics
February 18, 2015 - Permalink - with Pat *
In today's post, I examine a company called IronSource, maker and bundler of deceptive adware. Among other problems, IronSource insatllations widely promise to provide software IronSource and its partners have no legal right to redistribute (indeed, specifically contrary to applicable license agreements); they bundle adware that users have no reason to expect with genuine software; they bombard users with popup ads, injected banner ads, extra toolbars, and other intrusions. It's the very opposite of mainstream legitimate advertising. Despite these problems, IronSource counts support from industry certifiers such as TRUSTe and McAfee, as well as financial support from top-tier bankers JP Morgan and Morgan Stanley.
Continued: Screenshot and video evidence; analysis; applicable rules.
Digital Business Models Should Have to Follow the Law, Too
January 6, 2015 - Permalink
A timeless maxim suggests that it’s better to ask forgiveness than permission. Nowhere is that more prominent than in the current crop of digital businesses, which tend to skirt laws they find inconvenient. Though these services and their innovative business models win acclaim from consumers and investors, their approach to the law is troubling — both for its implications for civil society and in its contagious influence on other firms in turn pressured to skirt legal requirements.
Continued: Intentional copyright infringement at YouTube; cutting corners at Uber; how competition pushes companies to be increasingly aggressive.
My Emails with Sichuan Garden
December 10, 2014 - Permalink
Many people have seen my emails with Ran Duan of Sichuan Garden restaurant in Brookline.
Having reflected on my interaction with Ran, including what I said and how I said it, it's clear that I was very much out of line. I aspire to act with great respect and humility in dealing with others, no matter what the situation. Clearly I failed to do so. I am sorry, and I intend to do better in the future.
I have reached out to Ran and will apologize to him personally as well.
Google's Advertising Labels in 2014
October 13, 2014 - Permalink
While FTC guidelines call for "clear" and "prominent" visual cues to separate advertisements from algorithmic results, Google has moved in the opposite direction -- eliminating distinctive colors that previously helped distinguish advertisements from other search results.
Continued: Color samples; charting the changes; applicable rules.
Aspira Networks Charging Merchants for Traffic That's Otherwise Free
May 27, 2014 - Permalink
Aspira Networks reconfigures ISPs' networks so that if a user makes a purchase from a targeted merchant's site, the merchant has to pay Aspira an affiliate commission -- even though Aspira did nothing to cause or encourage the user's purchase.
Continued: Video and packet log proof; applicable rules prohibiting this practice.
Mastering the Intermediaries: Strategies for Dealing with the Likes of Google, Amazon, and Kayak
May 22, 2014 - Permalink
Many companies depend on powerful platforms which distinctively influence buyers' purchasing. (Consider, Google, Amazon, and myriad others in their respective spheres.) I consider implications of these platforms' market power, then suggest strategies to help companies recapture value or at least protect themselves from abuse.
Continued: Four strategies; defenses and countermeasures.
Consumers Pay More when They Pay with Bitcoin
May 20, 2014 - Permalink
Who benefits from Bitcoin? Not savvy customers who would otherwise pay by credit card with cashback or loyalty points. I sketch the arithmetic in today's post.
Continued: Bitcoin adoption incentives; the role of price coherence.
Google's Tying and Bundling
May 13, 2014 - Permalink
Google often argues that "competition is one click away" -- as if Google's many successes result solely from competition on the merits. Let me offer a different perspective: After early success in search and search advertising, Google used its strength in those sectors to increase its likelihood of success elsewhere -- even where competitors' offerings were objectively preferable and even where consumers would have preferred alternatives had that choice been genuinely available.
Today I'm posting an article exploring a series of incidents where Google used tying and bundling to expand its dominance into additional markets. In each market, I present the details of Google's approach, then assess concerns under antitrust law.
My full article:
Leveraging Market Power through Tying and Bundling: Does Google Behave Anti-Competitively?
(published June 2015: Does Google Leverage Market Power through Tying and Bundling?)
Continued: Examples in brief; table of practices and effects.
Blinkx Adware Revisited: Installation and Operation
April 9, 2014 - Permalink
In remarks last week, Blinkx attributed Zango's downfall to "lax oversight of rogue partners." In today's posting, I show similar and repeated problems among Blinkx's partners. I begin with deceptive installation of Blinkx adware when users request a (nonexistent) Flappy Bird game -- an abusive bait-and-switch installation that burdens a user with half a dozen different adware programs yet never provides the promised game. I then show similarly deceptive installation of Blinkx adware when users request a (nonexistent) Snapchat app for Windows. I compare these practices to FTC requirements and evaluate Blinkx's defenses. I then to demonstrate Blinkx that adware undermines HTTPS security by collecting and retransmitting users' seemingly-secure browsing activity, as well as showing deceptive advertisements that targeted web sites would never allow along with numerous ad-fraud popups that charge merchants for traffic they would otherwise receive for free. I then find Blinkx adware loading Google ads in pop-ups, which specifically violates Google ad placement rules. I conclude with recommendations and next steps.
Continued: Video proof of tainted installations; critiquing Blinkx's rebuttal; FTC rules.
Secret Ties in Google's "Open" Android
February 13, 2014 - Permalink
Google claims that its Android mobile operating system is "open" and "open source"—hence a benefit to competition. Little-known contract restrictions reveal otherwise: In order to obtain key mobile apps, including Google's own Search, Maps, and YouTube, manufacturers must agree to install all the apps Google specifies, with the prominence Google requires, including setting these apps as default where Google instructs. It's a classic tie and an instance of full line forcing: If a phone manufacturer wants any of the apps Google offers, it must take the others also.
In this piece, I present relevant provisions from key documents not previously available for public examination. I then consider the effects on consumers, competitors, and competition, and I compare these revelations to what was previously known about Google's mobile rules. I conclude by connecting Google's mobile practices to Google's use of tying more broadly.
Continued: The Mobilie Application Distribution Agreements and their effects.
The Darker Side of Blinkx
January 28, 2014 - Permalink
Video and advertising conglomerate Blinkx tells investors its "strong performance" results from "strategic initiatives" and "expanding demand, content, and audiences." Indeed, Blinkx recently climbed past a $1.2 billion valuation. At first glance, it sounds like a great business. But looking more carefully, I see reason for grave doubts.
My concerns result in large part from the longstanding practices of two of Blinkx's key acquisitions, Zango and AdOn. But concerns extend even to Blinkx's namesake video site. In the following sections, I address each in turn. Specifically, I show ex-Zango adware still sneaking onto users' computers and still defrauding advertisers. I show the ex-AdOn traffic broker still sending invisible, popup, and other tainted traffic. I show Blinkx' namesake site, Blinkx.com, leading users through a maze of low-content pages, while charging advertisers for video ads systematically not visible to users.Continued: Video and screenshot proof; Blinkx's efforts at concealment; connecting the dots.
Discrimination at Airbnb
January 13, 2014 - Permalink
Online marketplaces often contain information not only about products, but also about the people selling the products. In an effort to facilitate trust, many platforms encourage sellers to provide personal profiles and even to post pictures of themselves. However, these features may also facilitate discrimination based on sellers' race, gender, age, or other characteristics.
Last week Michael Luca and I posted Digital Discrimination: The Case of Airbnb.com, in which we test for racial discrimination against landlords in the online rental marketplace Airbnb.com. We collected information about all Airbnb hosts in New York City, including their rental prices and the quality of their properties. We find that non-black hosts charge approximately 12% more than black hosts for the equivalent rental. These effects are robust when controlling for all information visible in the Airbnb marketplace, including even property photos.
Our findings highlight the risk of discrimination in online marketplaces, suggesting an important unintended consequence of a seemingly-routine mechanism for building trust. There is no fundamental reason why a guest needs see a host's picture in advance of making a booking -- nor does a guest necessarily even need to know a host's name (from which race may sometimes be inferred). In other respects, Airbnb has been quite sophisticated in limiting the information available to hosts and guests on its platform -- for example, AIrbnb prohibits (and runs software to prevent) hosts and guests from sharing email addresses or phone numbers before a booking is made, lest this information exchange let parties contract directly and avoid Airbnb fees. Given Airbnb's careful consideration of what information is available to guests and hosts, Airbnb might consider eliminating or reducing the prominence of host photos: It is not immediately obvious what beneficial information these photos provide, while they risk facilitating discrimination by guests.
Price Coherence: Impact and Incentives
January 6, 2014 - Permalink
In modern markets, buyers can often buy the same good or service directly from a seller, and through one or more intermediaries, all at the same exact price. How should buyers behave in these markets? The natural strategy is to choose whichever intermediary offers the greatest benefit -- perhaps a rebate, some loyalty points, or superior service. One intermediary might charge sellers far higher fees than another. But to buyers, these fees are irrelevant since they are paid entirely by sellers. It's a classic I-choose-you-pay situation, and buyers predictably head for high-benefit intermediaries. The resulting outcomes can be both distortionary and welfare-reducing. For example, seeing an airline's flights available both directly on the airline's web site and via an online travel agent (like Expedia or Orbitz) ("OTA"), a buyer has every reason to choose the latter -- avoiding retyping name, address, and payment details that the OTA already has on file. Convenient as an OTA may be, few users would willingly pay the ~$3 per segment (~$12 for a standard US domestic connecting round-trip) that OTAs charge to airlines. So too for credit cards: Their rebates and points are valuable, but most consumers would prefer a ~3% discount (the fee the seller pays to the card network).
Last week Julian Wright and I posted Price Coherence and Excessive Intermediation (updated link adjusted in March 2015), analyzing incentives and outcomes in affected markets. We find that price coherence reduces consumer surplus and welfare due to inflated retail prices, over-investment in providing benefits to buyers, and excessive usage of intermediaries' services. Notably, competition among intermediaries does not fix these problems: Indeed, competition among intermediaries intensifies the problems by increasing the magnitude of the effects and broadening the circumstances in which they arise.
Continued: Affected markets; the puzzle of voluntary transactions that make all participants worse off.
Measuring and Managing Online Affiliate Fraud
November 25, 2013 - Permalink
Affiliate programs vary dramatically in their incidence of fraud. In some merchants' affiliate programs, rogue affiliates fill the ranks of high-earners. Yet other similarly-sized merchants have little or no fraud. Why the difference?
In Information and Incentives in Online Affiliate Marketing, Wesley Brandi and I examine the impact of varying merchant management decisions. Which works best, as between network-managed programs, outsourced program managers, and in-house management? Our crawlers have the answers.
Continued: Our approach and findings, network's incentives, and an unexpected stand-out.
The Ad Networks and Advertisers that Fund Ad Injectors
September 19, 2013 - Permalink - with Wesley Brandi
Ad injectors insert ads into others' sites, without permission from those sites and without payment to those sites. In this article, we review the basic operation of ad injectors, then examine the ad networks, exchanges, and other intermediaries that broker the placement of advertising through injectors.
We also report which advertisers most often advertise through injectors. Whether through complexity, inattention, or indifference, these advertisers' expenditures are ultimately the sole revenue source for injectors.
Continued: Screenshots; tables and graphs of responsible intermediaries and advertisers.
Comments to European Commission on Proposed Google Commitments
May 29, 2013 - Permalink - with Zhenyu Lai
The European Commission last month posted a restatement of its concerns at certain Google practices as well as Google's proposed commitments. This week I filed two comments critiquing Google's proposal. They are available here:
Comments on AT.39740 (with Zhenyu Lai) as to Google's exclusive use of screen space to promote its own specialized services, and as to an alternative remedy to preserve competition and user choice in the area of specialized search services.
Comments on AT.39740 (Edelman) as to the failure of Google's proposed commitments to undo the harm of Google's past violations, and alternative remedies preserve competition in the area of specialized search services, taking data from publishers, providing advertising services to publishers, and allowing advertisers to use multiple ad platforms.
Continued: Details of our proposals and rationale.
Google's Exclusive Flight Search OneBox
April 15, 2013 - Permalink - with Zhenyu Lai
Google often shows “OneBox” search results promoting its own services. These results have prompted antitrust scrutiny: Google awards these preferred placements exclusively to Google's own services, such as Google Flight Search and Google Maps, but never to competing services such as Kayak or Mapquest. Moreover, Google presents OneBox with special format, including distinctive layouts, extra images, and even in-page interactivity – benefits not available to ordinary listings for other sites. Regulators and competitors sense that these exclusive practices can undermine competition and innovation by denying traffic to would-be competitors. But how large is the effect? How much does Google's exclusive OneBox placement impact search engine traffic to adjacent online markets?
In a working paper, Zhenyu Lai and I measure the impact of OneBox by using a quasi-experiment before and after the introduction of Google Flight Search. We compare user behavior on searches across thousands of search queries like “cheap flights from sfo to san ” (which displayed a OneBox for Google Flight Search), and similar search queries like “cheaper flights from sfo to san” (emphasis added) (which did not display OneBox). We find that Google's display of Flight Search in an exclusive OneBox decreased user click-through rates on unpaid search results by 65 percent, and increased user click-through rates on paid advertising links by 85 percent. This effect was disproportionately evident among online travel agencies that were popular destinations for affected search queries.
Our draft provides detailed empirical results as well as a model of how a search engine's incentives to divert search depend on consumers' perceptions of the difference between non-paid and paid placements.
Exclusive Preferential Placement as Search Diversion: Evidence from Flight Search
Privacy Puzzles at Google Play
February 19, 2013 - Permalink
Misrepresentation of Fuel Surcharges in Airline Price Advertising
February 6, 2013 - Permalink - with Xiaoxiao Wu
Ever felt the "taxes" on air travel are unduly high? In other travel contexts (most notably, rental cars), genuine government-imposed taxes often approach or even exceed the amount payable to service providers. But when airlines quote fares, they sometimes include as "taxes" certain carrier-imposed surcharges they set on their own, not required by any government and used only to defray their ordinary costs of operations.
In today's post, we provide numerous examples. For example, we show American Airlines misrepresenting "tax" on paid tickets booked both online and by telephone, on award tickets, and even when customers seek alternative flights after cancelation. Meanwhile, we show BA's "fuel surcharges" not only disclosed in ways impermissible under DOT regulation, but of an amount that appears to exceed BA's actual cost of fuel. We have submitted complaints to DOT as to these and other violations.
Continued: Screenshot and call recording proof; airlines' efforts to conceal their violations; DOT regulation and my DOT complaint.
IAC Toolbars and Traffic Arbitrage in 2013
January 22, 2013 - Permalink
I have repeatedly flagged serious problems with IAC/Ask.com toolbars -- targeting kids, bundles without consent, even installs through security exploits.
In today's piece I provide a 2013 update. IAC is still targeting kids -- both explicitly (installation solicitations that promise "Kids Games" and the like) and through cartoons and animation. IAC continues to show voluminous advertising, far more than other search engines, and with oversized ad clickable areas in violation of Google policies and industry norms. IAC"s uninstaller is incomplete, also in breach of Google rules and industry standards.
Continued: A full inventory of violations; screenshot proof.
The Right Remedies for Google's AdWords API Restrictions
January 7, 2013 - Permalink
Last week the FTC closed its 21-month investigation of Google after Google made several small concessions, among them dropping certain restrictions on use of Google's AdWords API -- rules that previously limited how advertisers and tool-makers may copy advertisers' own data from Google's servers. Removing the restrictions is a step forward for advertisers and for competition. But the FTC should have demanded more from Google in order to address the harm resulting from seven years of these restrictions.
Continued: The impact of the restrictions; who was harmed; effective remedies.
A Holiday "Top 10": Rogue Affiliates at Commission Junction and LinkShare
December 21, 2012 - Permalink - with Wesley Brandi
Our automation continuously scours the web for rogue affiliates. In our query tool, we provide a basic sense of how much we've found. We have also written up scores of sample rogue affiliates, but the holiday season provides an impetus for more: Thanks to high online spending, affiliate fraud at this time of year is particularly profitable for perpetrators -- and particularly costly to merchants.
In today's article, we report the ten Commission Junction affiliates and ten LinkShare affiliates most often seen by our automation. Our findings:
Twenty Oft-Found Commission Junction and LinkShare Affiliate Violations
Affiliate Fraud Litigation Index
September 5, 2012 - Permalink
Some analysts view affiliate marketing as "fraud-proof" because affiliates are only paid a commission when a sale occurs. But affiliate marketing nonetheless gives rise to various disputes -- typically, merchants alleging that affiliates claimed commission they had not properly earned. Most such disputes are resolved informally: merchants withhold amounts affiliates have purportedly earned but have not yet received. Occasionally, disputes end up in litigation with public availability of the details of alleged perpetrators, victims, amounts, and methods.
In today's posting, I present known litigation in this area including case summaries and primary source documents:
Affiliate Fraud Litigation Index
Search My Logs of Affiliate Fraud
March 19, 2012 - Permalink
Since 2004, I've been tracking and reporting all manner of rogue affiliates -- using spyware and adware to cover competitors' sites; using trickier spyware and adware to claim commission on merchants' organic traffic; typosquatting; stuffing cookies through invisible IFRAME's and IMG's, banner ads, and even hacked forum sites; and the list goes on. I now have automation catching these practices in ever-increasing quantities.
While I've written up dozens of rogue affiliates on this site and in various presentations, today Wesley Brandi and I are introducing something better: query-based access to our records of affiliate fraud targeting top affiliate merchants. Enter a merchant's domain name, and we'll tell you how much affiliate fraud we've seen targeting that domain -- handy for merchants wanting to check whether their program is clean, and for affiliates wanting to confirm the trustworthiness a program they're considering promoting. We're not currently posting details of the specific perpetrators, but we have affiliate ID numbers, domain names, and packet log proof on file for each violator, and we can provide these upon request.
Take a look:
Affiliate Fraud Information Lookup (2015 update: service no longer operational)
Hack-Based Cookie-Stuffing by Bannertracker-script
February 27, 2012 - Permalink - with Wesley Brandi
We present a cookie-stuffer that collects traffic by hacking numerous top sites, including sites as popular searchenginewatch.com (Alexa traffic rank #2045). The perpetrator then monetizes this traffic by invisibly dropping affiliate cookies for Amazon, using 200+ separate affiliate IDs to evade notice.
Large-Scale Cookie-Stuffing at Eshop600.co.uk
January 30, 2012 - Permalink - with Wesley Brandi
We present a cookie-stuffer notable for the volume of his attack and his attempts at obfuscation.
Advertising Disclosures in Online Apartment Search
January 25, 2012 - Permalink - with Paul Kominers
A decade ago, the FTC reminded search engines of their duty to label advertisements as such. Most general-purpose search engines now do so (though they're sometimes less than forthright). But practices at specialized search engines often fall far short.
In today's posting, Paul Kominers and I examine leading online apartment search services and evaluate the disclosures associated with their paid listings. We find paid placement and paid inclusion listings at each site, but disclosures range from limited to nonexistent. Where disclosures exist, they are largely hidden behind multiple intermediate pages, effectively invisible to most users. We propose specific ways these sites could improve their disclosures, and we flag their duties under existing law.
Continued: Disclosures ranging from hidden to missing altogether; euphemistic labels like "Featured" and "Best Match" .
Google Tying Google Plus and Many More
January 12, 2012 - Permalink
Google's new "Google Search Plus Your World" service favors Google Plus results at the expense of more popular social networks like Facebook and Twitter. These changes have prompted widespread concern, and rightly so. But in fact Google's dubious tying tactics extend well beyond Google Plus. I show Google using tying to favor all manner of its services, including using tying to force others to submit to Google's will even in areas where Google is not yet dominant.
Continued: Specific practices; Google services benefiting from tying; how Google penalizes those who reject Google's demands.
Revisiting Search Bias at Google
November 11, 2011 - Permalink
Last week Joshua Wright posted a critique of my January 2011 Measuring Bias in 'Organic' Web Search (with Ben Lockwood). In this piece, I offer a brief response.
Continued: Why search bias matters; consumer harm; Google's market power.
Understanding the Purposes – and Weaknesses – of Online-to-Offline Discounting
October 26, 2011 - Permalink
Daily deals sites often promise discounts exceeding 50% -- mobilizing millions of consumers spending billions of dollars. Yet this model faces growing resistance, particularly from merchants concerned that "deals" offers are unprofitable. The natural question: When and how are large discounts sustainable?
Deals services seem to envision delivering new customers who return paying full price, yet they've done little to demonstrate that return visits actually occur. And there's reason to doubt whether customers enticed by a discount will actually return to pay full price. I explore the implications, including the requirements for a profitable discounting model grounded in price discrimination rather than full-price return visits.
Continued: The "discovery" promise; the price discrimination alternative; knowing a merchant's limits.
Advertisers' Missing Perspective in the Google Antitrust Hearing
September 20, 2011 - Permalink
This week's Senate Antitrust Subcommittee hearing promises to investigate persistent allegations of Google abusing its market power. In these discussions, it's crucial to remember whose spending fuels Google's monopoly: advertisers. Google is far from generous to advertisers -- burdening them with high pricing, harsh terms, and various restrictions that primarily serve Google's interests. In this piece, I review worrisome practices regulators should investigate and, in due course, seek to prevent.
Continued: Specific practices; advertiser harm; what to do now.
Implications of Google's Pharmacy Debacle
August 26, 2011 - Permalink
A DOJ investigation of Google's pharmaceutical advertising practices yielded a $500 million forfeiture and an admission of wrongdoing. More than that, the resulting documents prove Google's knowledge of, and participation in, advertising practices Google knew to be unlawful. I explore the implications for other controversial conduct that remains widespread despite Google's promise to take action. From deceptive ads to trademark, copyright, and more, Google's claims of innocence are increasingly difficult to believe.
Continued: Google's admissions; how Google assisted the unlawful conduct; Google's profit motive.
Online Discount Vouchers - Letter-Writing Tool
August 2, 2011 - Permalink - with Paul Kominers and Xiaoxiao Wu
Following up on my recent article about consumer protection problems in discount voucher sales, I've posted a letter-writing tool to help consumers resolve their voucher problems. From expiration to cashback to day-of-week, time-of-day, and unexpected terms added after purchase, there are quite a few ways consumers can end up dissatisfied with the discount vouchers they buy. Many voucher services offer refunds only if consumers complain vigorously. Our tool helps consumers write concise but persuasive letters, including drawing on applicable state law where appropriate.
Give it a try:
Discount Voucher Problems - Letter-Writing Tool
Consumer Protection in Online Discount Voucher Sales
June 14, 2011 - Permalink - with Paul Kominers
We evaluate five areas where online discount voucher services -- Groupon and similar sites -- risk falling afoul of applicable consumer protection law. We present applicable laws from selected states and evaluate compliance by voucher services and their affiliated merchants. We examine voucher services' attempts to limit their liability, and we explain why consumers and regulators should find current practices insufficient.
Continued: Specific legal requirements; vendors' practices; assessing responsibility.
Revisiting Unlawful Advertisements at Google
May 18, 2011 - Permalink
Last week, Google's 10-Q disclosed a $500 million charge for, the Wall Street Journal revealed, Google's sale of advertising to online pharmacies that break US laws. Kudos to the Department of Justice for holding Google accountable for these unlawful advertisements. But in fact there are numerous other categories where Google also shows, and has long shown, widespread deceptive advertisements. From "free" ringtones that aren't, to spyware/adware bundlers, to dubious mortgage modification schemes, deceptive ads are all too widespread. Google could and should do more to prevent these schemes and to avoid doing business with such advertisers.
Continued: Categories of unlawful advertisements; Google's revenue; the scope of Google's involvement.
Remedies for Search Bias
February 22, 2011 - Permalink
In a forthcoming paper, I'll survey the problem of search bias -- search engines granting preferred placement and/or terms to their own links or to others' links chosen for improper purposes. Today I'd like to focus on remedies -- what tactics a dominant search engine ought not employ due to their detrimental effects on competition, and how prohibiting those tactics would help assure fair competition in search and related businesses.
Continued: Specific practices that impede competition and ought not continue; towards affirmative solutions.
In Accusing Microsoft, Google Doth Protest Too Much
February 3, 2011 - Permalink
Google this week sparked a media uproar by alleging that Microsoft Bing "copies" Google results. But is that actually the best characterization of what happened? In fact Google's engineers intentionally clicked bogus listings they had previously inserted into Google's results, and they did this on computers where they had specifically authorized Microsoft to examine their browsing in order to improve Bing.
Continued: What exactly happened; Google's prior statements; Google's widespread use of others' intellectual property.
Measuring Bias in "Organic" Web Search
January 19, 2011 - Permalink - with Benjamin Lockwood
By comparing results between leading search engines, we identify patterns in their algorithmic search listings. We find that each search engine favors its own services in that each search engine links to its own services more often than other search engines do so. But some search engines promote their own services significantly more than others. We examine patterns in these differences, and we flag keywords where the problem is particularly widespread.
Even excluding "rich results" (whereby search engines feature their own images, videos, maps, etc.), we find that Google's algorithmic search results link to Google's own services more than three times as often as other search engines link to Google's services.
For selected keywords, biased results advance search engines' interests at users' expense: We demonstrate that lower-ranked listings for other sites sometimes manage to obtain more clicks than Google and Yahoo's own-site listings, even when Google and Yahoo put their own links first.
Continued: Methodology; analysis; policy implications.
Knowing Certain Trademark Ads Were Confusing, Google Sold Them Anyway -- for $100+ Million
November 30, 2010 - Permalink
Recently-released documents reveal Google's careful testing of consumer confusion resulting from certain uses of trademarks in advertisements. Google carefully measured consumers' understanding of trademark-triggered ads -- only to decide to loosen its policy when estimates revealed an opportunity $100 million to $1 billion of incremental annual revenue.
Continued: Documents and quotes.
Hard-Coding Bias in Google "Algorithmic" Search Results
November 15, 2010 - Permalink
I present categories of searches for which available evidence indicates Google has "hard-coded" its own links to appear at the top of algorithmic search results, and I offer a methodology for detecting certain kinds of tampering by comparing Google results for similar searches. I compare Google's hard-coded results with Google's public statements and promises, including a dozen denials but at least one admission. I conclude by analyzing the impact of Google's tampering on users and competition, and by proposing principles to block Google's bias.
Continued: Screenshots; methodology; proposed regulatory response; analogues in other industries.
A Closer Look at Google's Advertisement Labels
November 10, 2010 - Permalink
The FTC has called for "clear and conspicuous disclosures" in advertisement labels at search engines, and the FTC specifically emphasized the need for "terms and a format that are easy for consumers to understand." Unfortunately, Google's new advertisement labels fail this test: Google's "Ads" label is the smallest text on the page, far too easily overlooked. (Indeed, as I show in the image at left, the "Ads" label substantially fits within an "o" in "Google.") Meanwhile, Google now merges algorithmic and advertisement results merged within a single set of listings; Google's "Help" explanations are inaccurate; and Google uses inconsistent labels mere inches apart within search results, as well as across services.
Continued: Details of these shortfalls; screenshots and comparisons; proposed alternatives.
Labels and Disclosures in Search Advertising
November 9, 2010 - Permalink
Search engines have long labeled their advertisements with labels like "Sponsored links", "Sponsored results", and "Sponsored sites." Do users actually know that these labels are intended to convey that the listings are paid advertisements? In a draft paper we're posting today, Duncan Gilchrist and I try to find out.
"Sponsored Links" or "Advertisements"?: Measuring Labeling Alternatives in Internet Search Engines
In an online experiment, we measure users' interactions with search engines, both in standard configurations and in modified versions with improved labels identifying search engine advertisements. In particular, for a random subset of users, we change "sponsored link" labels to instead read "paid advertisement." We find that users receiving the “paid advertisement” label click 25% to 33% fewer advertisements and correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches, and for users with low income, low education, and little online experience.
We consider our findings particularly timely in light of Google's change, just last week, to label many of its advertisements as "Ads." On one view, "Ads"” is an improvement – probably easier for unsophisticated consumers to understand. Yet it’s a strikingly tiny label – the smallest text anywhere in Google’s search results, and about a quarter as many pixels as the corresponding disclosure on other search engines. As our paper points out, FTC litigation has systematically sought the label “Paid Advertisement, and we still think that’s the better choice.
Tying Google Affiliate Network
September 28, 2010 - Permalink
In one of the few areas of Internet advertising where Google is not dominant – indeed, where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. Thanks to Google’s dominance in web search, Google offers preferred placement and superior terms to the advertisers who agree to use Google Affiliate Network (GAN). Competing affiliate networks cannot match these benefits, and Google's bundling strategy threatens to grant Google a position of power in yet another online advertising market.
In today's piece, I identify the specific benefits Google grants to affiliate merchants who agree to use GAN -- including exclusive use of image ads, placement above AdWords advertisers, and fees payable only if a user makes a purchase. I explain why it is improper for Google to bundle these benefits with Google's dominant search service, and I compare Google's tactics in this area to Google's strategy in promoting other services.
Continued: Benefits to advertisers who accept; foreclosing competition in affiliate marketing; policy prescriptions.
Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers
May 20, 2010 - Updated May 26, 2010 - Permalink
But in my testing, Facebook's actual practices exactly contradict Facebook's promises. Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user's activity on Facebook, including name, photos, friends, and more.
Continued: Details of the data leakage; Facebook's promises; eight-plus months of notice; what Facebook should do.
Sony's Crackle: Invisible Traffic Galore
April 27, 2010 - Permalink
Advertisers buying display ads from Sony's Crackle.com rightly and reasonably expect that users can see the ads. But that's not always the case. In today's posting, I present three recent examples of Crackle partners loading the Crackle site invisibly, largely via 1x1 IFRAMEs. I then tabulate observations preserved by my automation, demonstrating that Crackle's tainted traffic has continued for more than a year. I conclude by flagging implications for traffic measurement and ad pricing, and by suggesting what Crackle should do to clean up this mess.
Continued: Specific examples; IFRAMEs to consummate the invisibility; overstated traffic measurements.
Measuring Typosquatting Perpetrators and Funders
February 17, 2010 - Permalink - with Tyler Moore
For more than a decade, aggressive website registrants have been engaged in 'typosquatting' -- the intentional registration of misspellings of popular website addresses. Uses for the diverted traffic have evolved over time, ranging from hosting sexually-explicit content to phishing. Several countermeasures have been implemented, including outlawing the practice and developing policies for resolving disputes. Despite these efforts, typosquatting remains rife.
But just how prevalent is typosquatting today, and why is it so pervasive? Tyler Moore and I set out to answer exactly these questions. In Measuring the Perpetrators and Funders of Typosquatting (appearing at the Financial Cryptography conference), we estimate that at least 938,000 typosquatting domains target the top 3,264 .com sites, and we crawl more than 285,000 of these domains to analyze their revenue sources.
Our full posting: Measuring the Perpetrators and Funders of Typosquatting and web appendix.
Google Toolbar Tracks Browsing Even After Users Choose "Disable"
January 26, 2010 - Permalink
I present screenshots and screen-capture videos demonstrating that even after a user specifically chooses to "disable" the Google Toolbar, and even after the Google Toolbar disappears from view, Google Toolbar continues tracking users' web browsing -- including the specific sites visited, pages browsed, and searches conducted. I then critique Google's installation -- which lets users activate these transmissions in a single click, while ceasing the transmissions is much harder. I compare Google's current notice/consent process to Google's 2004 version, finding important declines in both the presentation and substance of disclosures.
Continued: Screenshot and video proof; transmission logs; disclosure screenshots and analysis.
Upromise Savings -- At What Cost?
January 21, 2010 - Updated, January 25, 2010 - Permalink
When users install the Upromise toolbar, Upromise admits collecting "non-personally identifiable information" about users' online activities. But Upromise actually transmits detailed information -- not just page-views and searches, but email addresses and even full credit card numbers, expiration dates, and CVV2 codes. Upromise copies card numbers out of users' encrypted (HTTPS) browsing, but Upromise retransmits card numbers in plain text -- making it all too easy for others to gain access.
Continued: Specific transmissions; promises broken; what Upromise should do.
Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying
January 12, 2010 - Permalink
In today's post, I show click fraud with a twist. Like standard click fraud, this infraction completely fakes clicks -- charging advertisers for clicks that didn't actually occur. But this click fraud is carefully targeted -- faking a click to the victim advertiser when the user is already at that advertiser's site. Thus, standard efforts to measure conversion rates classify this traffic as legitimate and valuable -- tricking advertisers into raising their bids and paying even more, when they should be demanding refunds.
This scam targets Google advertisers -- who pay Google's high prices in expectation of receiving high-quality traffic, but instead suffer this unwanted ruse. The traffic comes through a lengthy chain -- fully seven partners passing the traffic from the underlying spyware through to Google. Closest to Google is InfoSpace, whose pattern of dubious traffic I chronicle in special detail.
Continued: The offending placements; video and packet log proof; what Google should do.
Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware
January 5, 2010 - Permalink
In February and May 2009, I reported Google paying WhenU spyware to cover selected sites with those sites' own Google PPC ads. These bogus placements perpetrate a practice I call "conversion inflation": They let Google claim credit for purchases that would have happened anyway -- overstating Google's effectiveness and leading advertisers to overbid and overpay for Google traffic.
Google admitted the impropriety of these placements -- even offering a credit to RCN, the advertiser I featured in May, though denying refund requests from other affected advertisers. But, remarkably, Google and its partners have restarted these placements. Today I post the proof -- screenshots, video, and packet log records prepared just this week.
Continued: The offending placements; violation of Google's promises to users and advertisers; what Google should do.
Deception in Post-Transaction Marketing
November 19, 2009 - Updated, December 5, 2009 - Permalink
Post-transaction marketers Webloyalty, Vertrue, and Affinion have attracted criticism for solicitations that tend to deceive consumers. They typically feature recurring billing programs that promise a savings or discount, but actually charge users on an ongoing basis. They promote these services while customers are finishing the checkout process at trusted e-commerce sites -- a time when few users expect unrelated offers from third parties. Furthermore, they obtain consumers' credit card numbers from partner sites -- so a user may enter a billing relationship and face credit card charges without providing a card number to the company that posts the charges.
In this posting, I present key primary source documents (internal company emails and analyses and reports from victim consumers) as well as outside analyses (a Senate staff report and testimony from hearing witnesses including my own statement for the record).
Higlights of my Statement for the Record: I argue that the timing, placement, and format of post-transaction offers deceptively suggest that the offers are part of the checkout process. (3) I suggest that automatic transfer of consumers’ payment information removes a key warning that customers are incurring a financial obligation. (3-4) I examine disclosures and find them inadequate to cure the deception resulting from the substance, format, and context of the offers. (5) I point out that credit card network rules disallow key post-transaction marketing practices, and I suggest that credit card networks enforce these rules. (6-7) I suggests that low usage rates support an inference of deception, and I provide an empirical strategy to estimate usage rates from publicly-available sources. (7)
Full article: Deception in Post-Transaction Marketing.
My subsequent Payment Card Network Rules Prohibit Aggressive Post-Transaction Tactics cites, quotes, and analyzes relevant rules -- finding that existing card network requirements disallow key post-transaction marketing practices.
Towards a Bill of Rights for Online Advertisers
September 21, 2009 - Permalink
I offer five rights to protect advertisers from increasingly powerful ad networks -- avoiding fraudulent charges for services not rendered, guaranteeing data portability so advertisers get the best possible value, and assuring price transparency so advertisers know what they're buying. I explain the need for these rights by presenting specific practices causing particular concern.
Continued: Five rights; their urgency; their benefits.
How Google and Its Partners Inflate Measured Conversion Rates and Increase Advertisers' Costs
May 13, 2009 - Permalink
With its lofty "Software Principles" and its "do no evil" mantra, Google might seem the last company likely to partner with spyware or adware vendors. But in today's article, I show Google doing exactly that.
Consumers certainly suffer from the sneaky software Google supports. But the clearest victims are advertisers, for these placements systematically charge advertisers for traffic the advertisers would otherwise have received for free.
Continued: Specific examples; videos, screenshots, and packet logs; a way forward.
In Support of Utah's HB450
March 9, 2009 - Permalink
When a user searches for one company, may a search engine show ads for a direct competitor instead? A natural libertarian instinct might reply yes, sure, do whatever you want. In this brief piece, I push back on that idea, offering reasons why such ads are improper.
I then analyze Utah's HB450, which would prohibit certain deceptive online advertising. I consider the bill's effects, and I explain why I support its approach.
Continued: Confusing ads; ineffective disclosures; how state regulation can help.
False and Deceptive Display Ads at Yahoo's Right Media
January 14, 2009 - Permalink
Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics. To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory.
Continued: False and Deceptive Display Ads at Yahoo's Right Media.
Privacy Lapse at Google JotSpot
October 30, 2008 - Permalink
Hydra Media's Pop-Up Problem -- Ten Examples
October 14, 2008 - Permalink
Affiliate marketer Hydra Network claims to be tough on fraud. Hydra says it "guards against compliance problems from every angle" to assure that ad placements are "safe[,] secure [and] profitable." Furthermore, Hydra claims to provide "tough affiliate pre-screening and policing to assure quality."
Despite Hydra's claims, my observations reveal major room for improvement. On fully 1,343 occasions, my AutoTester has seen Hydra affiliates receiving traffic from spyware or adware. Today I'm posting ten examples -- ten different Hydra affiliates using five different spyware/adware programs to claim commissions from Hydra's top merchants.
More: Full video and packet log proof.
CPA Advertising Fraud: Forced Clicks and Invisible Windows
October 7, 2008 - Permalink
Not all CPA fraud requires placing (or using) spyware or adware on a user's PC. In today's article, I show three examples of affiliates cheating CPA merchants using only a web browser -- without any special software on users' PCs. In particular, I show affiliates running invisible IFRAMEs, hidden portions of banner ads, and redirects loaded through signature icons in forum discussions. In each instance, affiliate claim commissions they did not earn.
More: Videos and packet logs; detection and defenses.
Auditing Spyware Advertising Fraud: Wasted Spending at VistaPrint
September 30, 2008 - Permalink
This month and last, my AutoTester observed more than two dozen different affiliates cheating VistaPrint through spyware pop-ups -- in each instance, using "self-targeting" to claim affiliate commission on traffic VistaPrint would otherwise have received for free. In today's article, I offer six examples of these observations -- as well as some musings on what VistaPrint might do to block these scams.
More: Videos and packet logs; which CPA networks are involved; VistaPrint's claims of effective advertising management.
Competition among Sponsored Search Services
July 11, 2008 - Permalink
Last month I was asked to testify to the United States House of Representatives Committee on the Judiciary Task Force on Competition Policy and Antitrust Laws about competition among paid search providers, particularly the proposed Google-Yahoo partnership.
At the last minute, the hearing was cancelled, and I won't be able to testify at the rescheduled session. Rather than let my draft written statement languish unread, I'm taking this opportunity to post the prepared testimony I had planned to offer last month.
More: My prior testimony about the Senate Counter Spy Act.
PPC Platform Competition and Google's "May Not Copy" Restriction
June 27, 2008 - Permalink
A little-noticed Google AdWords API Terms & Conditions restriction substantially hinders advertisers' efforts to use multiple providers -- prohibiting software vendors from using Google's API to help advertisers copy AdWords campaigns to competing platforms. This provision hinders competition between sponsored search providers -- creating an unnecessary and artificial barrier to advertisers easily copying their ads elsewhere.
More: The restriction at issue; its effects; Google's defenses and my analysis; Google's requests for data portability in other contexts.
Running Out of Numbers? The Impending Scarcity of IPv4 Addresses and What To Do About It
June 6, 2008 - Permalink
The Internet's current numbering system is nearing exhaustion: The Internet's primary communications protocol, "IP" (more precisely, IPv4) allows only a finite set of computer numbers ("IP addresses"), and central authorities will soon exhaust the supply.
An alternative IP standard, IPv6, would dramatically increase Internet address capacity. But network incentives impede transition to v6. For example, a device with only a v6 address cannot directly retrieve most web sites because most web sites have only v4 addresses. Consider the undesirability of owning the world's first fax machine (no one to communicate with); to date, v6 has suffered a similar problem, with the additional challenge that existing IPv4 systems boast widespread usage (making an upgrade to v6 appear particularly unnecessary). Furthermore, v4-v6 translation systems are limited at best -- allowing v6-only computers to receive some kinds of v4 content, but often failing to support proprietary or nonstandard systems such as VoIP, videoconferencing, multiplayer video games, and custom software.
With these substantial disincentives and limitations hindering v6 transition, v6 deployment has been slow. It seems continued use of IPv4 will remain necessary for the foreseeable future -- even after central authorities have no more v4 addresses to give out. Today I'm posting an initial analysis of market mechanisms to reallocate existing v4 addresses and facilitate v4's continued use. In particular, I consider the possible effects of paid transfers of v4 addresses. I emphasize rules to ameliorate the worst effects of v4 scarcity, while preserving the core principles of existing regulation and avoiding major negative externalities.
Running Out of Numbers? The Impending Scarcity of IP Addresses and What To Do About It
Debunking Zango's "Content Economy"
May 28, 2008 - Permalink
Zango often touts its so-called "content economy" -- purportedly providing users access to media in exchange for accepting Zango's popup ads. But Zango's media library is nothing to celebrate. Today I report my recent examinations. I show:
Continued: My findings; screenshots and examples; legal implications.
Coupons.com and TRUSTe: Lots of Talk, Too Little Action
March 18, 2008 - Updated, March 20, 2008 - Permalink
Six and a half months ago, I reported a variety of bad practices at Coupons.com. Key among my concerns: Coupons.com stored data in deceptive filenames and registry entries designed to look like part of Windows -- with names like c:\windows\WindowsShellOld.Manifest.1 and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Presentation Style . Furthermore, Coupons.com failed to remove these files upon a user's specific request.
Because Coupons.com is certified by TRUSTe Trusted Download, I reported these behaviors through TRUSTe's Watchdog form. TRUSTe investigated and last month declared success, claiming that "Coupons, Inc. rolled out ... [a] new version of the software ... that writes only one registry key placed in a typical location, named in an appropriate manner." Nonetheless, my tests indicate exactly the opposite -- including all the same deceptive filenames and registry keys I previously identified. Furthermore, my tests indicate that all these files are left behind even after a user performs an uninstall.
Continued: My findings; video proof; other violations.
Delaying Payment to Deter Online Advertising Fraud
March 10, 2008 - Permalink
In Optimal Deterrence when Judgment-Proof Agents are Paid in Arrears - with an Application to Online Advertising Fraud, I introduce an alternative method of fraud prevention for certain online advertising systems. By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good.
Continued: Details on my approach, including initial data on merchants' and networks' current payment terms.
Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices
February 14, 2008 - Permalink
I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version.
Continued: Specific deceptive advertising practices; trademark registrations; response from the advertising and security industries.
January 4, 2008 - Permalink
Continued: The procedure for obtaining data; screenshots of customer purchases; the privacy breach in context.
The Sears "Community" Installation of ComScore
January 1, 2008 - Permalink
Late last month, Benjamin Googins (a senior researcher in the Anti-Spyware unit at Computer Associates) critiqued a ComScore installation performed by Sears' "Sears Holdings Community" ("My SHC Community" or "SHC"). After reviewing the installation sequence, Ben concluded that the installation offered "very little mention of software or tracking" and otherwise fell short of CA and industry standards. I agree.
I write today to add my own critique. I begin by presenting the entire installation sequence in screenshots and video. I then explain why the limited notice provided falls far short of the standards the FTC has established. Finally, I show that Sears' claims of adequate notice are demonstrably false.
Continued: Installation screenshots & video; limited notice; FTC standards; false claims from Sears.
For older postings, see site archives.