New and Notable
Secret Ties in Google's "Open" Android
February 13, 2014 - Permalink
Google claims that its Android mobile operating system is "open" and "open source"—hence a benefit to competition. Little-known contract restrictions reveal otherwise: In order to obtain key mobile apps, including Google's own Search, Maps, and YouTube, manufacturers must agree to install all the apps Google specifies, with the prominence Google requires, including setting these apps as default where Google instructs. It's a classic tie and an instance of full line forcing: If a phone manufacturer wants any of the apps Google offers, it must take the others also.
In this piece, I present relevant provisions from key documents not previously available for public examination. I then consider the effects on consumers, competitors, and competition, and I compare these revelations to what was previously known about Google's mobile rules. I conclude by connecting Google's mobile practices to Google's use of tying more broadly.
Continued: The Mobilie Application Distribution Agreements and their effects.
The Darker Side of Blinkx
January 28, 2014 - Permalink
Video and advertising conglomerate Blinkx tells investors its "strong performance" results from "strategic initiatives" and "expanding demand, content, and audiences." Indeed, Blinkx recently climbed past a $1.2 billion valuation. At first glance, it sounds like a great business. But looking more carefully, I see reason for grave doubts.
My concerns result in large part from the longstanding practices of two of Blinkx's key acquisitions, Zango and AdOn. But concerns extend even to Blinkx's namesake video site. In the following sections, I address each in turn. Specifically, I show ex-Zango adware still sneaking onto users' computers and still defrauding advertisers. I show the ex-AdOn traffic broker still sending invisible, popup, and other tainted traffic. I show Blinkx' namesake site, Blinkx.com, leading users through a maze of low-content pages, while charging advertisers for video ads systematically not visible to users.Continued: Video and screenshot proof; Blinkx's efforts at concealment; connecting the dots.
Discrimination at Airbnb
January 13, 2014 - Permalink
Online marketplaces often contain information not only about products, but also about the people selling the products. In an effort to facilitate trust, many platforms encourage sellers to provide personal profiles and even to post pictures of themselves. However, these features may also facilitate discrimination based on sellers' race, gender, age, or other characteristics.
Last week Michael Luca and I posted Digital Discrimination: The Case of Airbnb.com, in which we test for racial discrimination against landlords in the online rental marketplace Airbnb.com. We collected information about all Airbnb hosts in New York City, including their rental prices and the quality of their properties. We find that non-black hosts charge approximately 12% more than black hosts for the equivalent rental. These effects are robust when controlling for all information visible in the Airbnb marketplace, including even property photos.
Our findings highlight the risk of discrimination in online marketplaces, suggesting an important unintended consequence of a seemingly-routine mechanism for building trust. There is no fundamental reason why a guest needs see a host's picture in advance of making a booking -- nor does a guest necessarily even need to know a host's name (from which race may sometimes be inferred). In other respects, Airbnb has been quite sophisticated in limiting the information available to hosts and guests on its platform -- for example, AIrbnb prohibits (and runs software to prevent) hosts and guests from sharing email addresses or phone numbers before a booking is made, lest this information exchange let parties contract directly and avoid Airbnb fees. Given Airbnb's careful consideration of what information is available to guests and hosts, Airbnb might consider eliminating or reducing the prominence of host photos: It is not immediately obvious what beneficial information these photos provide, while they risk facilitating discrimination by guests.
Price Coherence: Impact and Incentives
January 6, 2014 - Permalink
In modern markets, buyers can often buy the same good or service directly from a seller, and through one or more intermediaries, all at the same exact price. How should buyers behave in these markets? The natural strategy is to choose whichever intermediary offers the greatest benefit -- perhaps a rebate, some loyalty points, or superior service. One intermediary might charge sellers far higher fees than another. But to buyers, these fees are irrelevant since they are paid entirely by sellers. It's a classic I-choose-you-pay situation, and buyers predictably head for high-benefit intermediaries. The resulting outcomes can be both distortionary and welfare-reducing. For example, seeing an airline's flights available both directly on the airline's web site and via an online travel agent (like Expedia or Orbitz) ("OTA"), a buyer has every reason to choose the latter -- avoiding retyping name, address, and payment details that the OTA already has on file. Convenient as an OTA may be, few users would willingly pay the ~$3 per segment (~$12 for a standard US domestic connecting round-trip) that OTAs charge to airlines. So too for credit cards: Their rebates and points are valuable, but most consumers would prefer a ~3% discount (the fee the seller pays to the card network).
Last week Julian Wright and I posted Price Coherence and Adverse Intermediation, analyzing incentives and outcomes in affected markets. We find that price coherence reduces consumer surplus and welfare due to inflated retail prices, over-investment in providing benefits to buyers, and excessive usage of intermediaries' services. Notably, competition among intermediaries does not fix these problems: Indeed, competition among intermediaries intensifies the problems by increasing the magnitude of the effects and broadening the circumstances in which they arise.
Continued: Affected markets; the puzzle of voluntary transactions that make all participants worse off.
Measuring and Managing Online Affiliate Fraud
November 25, 2013 - Permalink
Affiliate programs vary dramatically in their incidence of fraud. In some merchants' affiliate programs, rogue affiliates fill the ranks of high-earners. Yet other similarly-sized merchants have little or no fraud. Why the difference?
In Information and Incentives in Online Affiliate Marketing, Wesley Brandi and I examine the impact of varying merchant management decisions. Which works best, as between network-managed programs, outsourced program managers, and in-house management? Our crawlers have the answers.
Continued: Our approach and findings, network's incentives, and an unexpected stand-out.
The Ad Networks and Advertisers that Fund Ad Injectors
September 19, 2013 - Permalink - with Wesley Brandi
Ad injectors insert ads into others' sites, without permission from those sites and without payment to those sites. In this article, we review the basic operation of ad injectors, then examine the ad networks, exchanges, and other intermediaries that broker the placement of advertising through injectors.
We also report which advertisers most often advertise through injectors. Whether through complexity, inattention, or indifference, these advertisers' expenditures are ultimately the sole revenue source for injectors.
Continued: Screenshots; tables and graphs of responsible intermediaries and advertisers.
Comments to European Commission on Proposed Google Commitments
May 29, 2013 - Permalink - with Zhenyu Lai
The European Commission last month posted a restatement of its concerns at certain Google practices as well as Google's proposed commitments. This week I filed two comments critiquing Google's proposal. They are available here:
Comments on AT.39740 (with Zhenyu Lai) as to Google's exclusive use of screen space to promote its own specialized services, and as to an alternative remedy to preserve competition and user choice in the area of specialized search services.
Comments on AT.39740 (Edelman) as to the failure of Google's proposed commitments to undo the harm of Google's past violations, and alternative remedies preserve competition in the area of specialized search services, taking data from publishers, providing advertising services to publishers, and allowing advertisers to use multiple ad platforms.
Continued: Details of our proposals and rationale.
Google's Exclusive Flight Search OneBox
April 15, 2013 - Permalink - with Zhenyu Lai
Google often shows “OneBox” search results promoting its own services. These results have prompted antitrust scrutiny: Google awards these preferred placements exclusively to Google's own services, such as Google Flight Search and Google Maps, but never to competing services such as Kayak or Mapquest. Moreover, Google presents OneBox with special format, including distinctive layouts, extra images, and even in-page interactivity – benefits not available to ordinary listings for other sites. Regulators and competitors sense that these exclusive practices can undermine competition and innovation by denying traffic to would-be competitors. But how large is the effect? How much does Google's exclusive OneBox placement impact search engine traffic to adjacent online markets?
In a working paper, Zhenyu Lai and I measure the impact of OneBox by using a quasi-experiment before and after the introduction of Google Flight Search. We compare user behavior on searches across thousands of search queries like “cheap flights from sfo to san ” (which displayed a OneBox for Google Flight Search), and similar search queries like “cheaper flights from sfo to san” (emphasis added) (which did not display OneBox). We find that Google's display of Flight Search in an exclusive OneBox decreased user click-through rates on unpaid search results by 65 percent, and increased user click-through rates on paid advertising links by 85 percent. This effect was disproportionately evident among online travel agencies that were popular destinations for affected search queries.
Our draft provides detailed empirical results as well as a model of how a search engine's incentives to divert search depend on consumers' perceptions of the difference between non-paid and paid placements.
Exclusive Preferential Placement as Search Diversion: Evidence from Flight Search and data appendix
Privacy Puzzles at Google Play
February 19, 2013 - Permalink
Misrepresentation of Fuel Surcharges in Airline Price Advertising
February 6, 2013 - Permalink - with Xiaoxiao Wu
Ever felt the "taxes" on air travel are unduly high? In other travel contexts (most notably, rental cars), genuine government-imposed taxes often approach or even exceed the amount payable to service providers. But when airlines quote fares, they sometimes include as "taxes" certain carrier-imposed surcharges they set on their own, not required by any government and used only to defray their ordinary costs of operations.
In today's post, we provide numerous examples. For example, we show American Airlines misrepresenting "tax" on paid tickets booked both online and by telephone, on award tickets, and even when customers seek alternative flights after cancelation. Meanwhile, we show BA's "fuel surcharges" not only disclosed in ways impermissible under DOT regulation, but of an amount that appears to exceed BA's actual cost of fuel. We have submitted complaints to DOT as to these and other violations.
Continued: Screenshot and call recording proof; airlines' efforts to conceal their violations; DOT regulation and my DOT complaint.
IAC Toolbars and Traffic Arbitrage in 2013
January 22, 2013 - Permalink
I have repeatedly flagged serious problems with IAC/Ask.com toolbars -- targeting kids, bundles without consent, even installs through security exploits.
In today's piece I provide a 2013 update. IAC is still targeting kids -- both explicitly (installation solicitations that promise "Kids Games" and the like) and through cartoons and animation. IAC continues to show voluminous advertising, far more than other search engines, and with oversized ad clickable areas in violation of Google policies and industry norms. IAC"s uninstaller is incomplete, also in breach of Google rules and industry standards.
Continued: A full inventory of violations; screenshot proof.
The Right Remedies for Google's AdWords API Restrictions
January 7, 2013 - Permalink
Last week the FTC closed its 21-month investigation of Google after Google made several small concessions, among them dropping certain restrictions on use of Google's AdWords API -- rules that previously limited how advertisers and tool-makers may copy advertisers' own data from Google's servers. Removing the restrictions is a step forward for advertisers and for competition. But the FTC should have demanded more from Google in order to address the harm resulting from seven years of these restrictions.
Continued: The impact of the restrictions; who was harmed; effective remedies.
A Holiday "Top 10": Rogue Affiliates at Commission Junction and LinkShare
December 21, 2012 - Permalink - with Wesley Brandi
Our automation continuously scours the web for rogue affiliates. In our query tool, we provide a basic sense of how much we've found. We have also written up scores of sample rogue affiliates, but the holiday season provides an impetus for more: Thanks to high online spending, affiliate fraud at this time of year is particularly profitable for perpetrators -- and particularly costly to merchants.
In today's article, we report the ten Commission Junction affiliates and ten LinkShare affiliates most often seen by our automation. Our findings:
Twenty Oft-Found Commission Junction and LinkShare Affiliate Violations
Affiliate Fraud Litigation Index
September 5, 2012 - Permalink
Some analysts view affiliate marketing as "fraud-proof" because affiliates are only paid a commission when a sale occurs. But affiliate marketing nonetheless gives rise to various disputes -- typically, merchants alleging that affiliates claimed commission they had not properly earned. Most such disputes are resolved informally: merchants withhold amounts affiliates have purportedly earned but have not yet received. Occasionally, disputes end up in litigation with public availability of the details of alleged perpetrators, victims, amounts, and methods.
In today's posting, I present known litigation in this area including case summaries and primary source documents:
Affiliate Fraud Litigation Index
Search My Logs of Affiliate Fraud
March 19, 2012 - Permalink
Since 2004, I've been tracking and reporting all manner of rogue affiliates -- using spyware and adware to cover competitors' sites; using trickier spyware and adware to claim commission on merchants' organic traffic; typosquatting; stuffing cookies through invisible IFRAME's and IMG's, banner ads, and even hacked forum sites; and the list goes on. I now have automation catching these practices in ever-increasing quantities.
While I've written up dozens of rogue affiliates on this site and in various presentations, today Wesley Brandi and I are introducing something better: query-based access to our records of affiliate fraud targeting top affiliate merchants. Enter a merchant's domain name, and we'll tell you how much affiliate fraud we've seen targeting that domain -- handy for merchants wanting to check whether their program is clean, and for affiliates wanting to confirm the trustworthiness a program they're considering promoting. We're not currently posting details of the specific perpetrators, but we have affiliate ID numbers, domain names, and packet log proof on file for each violator, and we can provide these upon request.
Take a look:
Affiliate Fraud Information Lookup.
Hack-Based Cookie-Stuffing by Bannertracker-script
February 27, 2012 - Permalink - with Wesley Brandi
We present a cookie-stuffer that collects traffic by hacking numerous top sites, including sites as popular searchenginewatch.com (Alexa traffic rank #2045). The perpetrator then monetizes this traffic by invisibly dropping affiliate cookies for Amazon, using 200+ separate affiliate IDs to evade notice.
Large-Scale Cookie-Stuffing at Eshop600.co.uk
January 30, 2012 - Permalink - with Wesley Brandi
We present a cookie-stuffer notable for the volume of his attack and his attempts at obfuscation.
Advertising Disclosures in Online Apartment Search
January 25, 2012 - Permalink - with Paul Kominers
A decade ago, the FTC reminded search engines of their duty to label advertisements as such. Most general-purpose search engines now do so (though they're sometimes less than forthright). But practices at specialized search engines often fall far short.
In today's posting, Paul Kominers and I examine leading online apartment search services and evaluate the disclosures associated with their paid listings. We find paid placement and paid inclusion listings at each site, but disclosures range from limited to nonexistent. Where disclosures exist, they are largely hidden behind multiple intermediate pages, effectively invisible to most users. We propose specific ways these sites could improve their disclosures, and we flag their duties under existing law.
Continued: Disclosures ranging from hidden to missing altogether; euphemistic labels like "Featured" and "Best Match" .
Google Tying Google Plus and Many More
January 12, 2012 - Permalink
Google's new "Google Search Plus Your World" service favors Google Plus results at the expense of more popular social networks like Facebook and Twitter. These changes have prompted widespread concern, and rightly so. But in fact Google's dubious tying tactics extend well beyond Google Plus. I show Google using tying to favor all manner of its services, including using tying to force others to submit to Google's will even in areas where Google is not yet dominant.
Continued: Specific practices; Google services benefiting from tying; how Google penalizes those who reject Google's demands.
Revisiting Search Bias at Google
November 11, 2011 - Permalink
Last week Joshua Wright posted a critique of my January 2011 Measuring Bias in 'Organic' Web Search (with Ben Lockwood). In this piece, I offer a brief response.
Continued: Why search bias matters; consumer harm; Google's market power.
Understanding the Purposes – and Weaknesses – of Online-to-Offline Discounting
October 26, 2011 - Permalink
Daily deals sites often promise discounts exceeding 50% -- mobilizing millions of consumers spending billions of dollars. Yet this model faces growing resistance, particularly from merchants concerned that "deals" offers are unprofitable. The natural question: When and how are large discounts sustainable?
Deals services seem to envision delivering new customers who return paying full price, yet they've done little to demonstrate that return visits actually occur. And there's reason to doubt whether customers enticed by a discount will actually return to pay full price. I explore the implications, including the requirements for a profitable discounting model grounded in price discrimination rather than full-price return visits.
Continued: The "discovery" promise; the price discrimination alternative; knowing a merchant's limits.
Advertisers' Missing Perspective in the Google Antitrust Hearing
September 20, 2011 - Permalink
This week's Senate Antitrust Subcommittee hearing promises to investigate persistent allegations of Google abusing its market power. In these discussions, it's crucial to remember whose spending fuels Google's monopoly: advertisers. Google is far from generous to advertisers -- burdening them with high pricing, harsh terms, and various restrictions that primarily serve Google's interests. In this piece, I review worrisome practices regulators should investigate and, in due course, seek to prevent.
Continued: Specific practices; advertiser harm; what to do now.
Implications of Google's Pharmacy Debacle
August 26, 2011 - Permalink
A DOJ investigation of Google's pharmaceutical advertising practices yielded a $500 million forfeiture and an admission of wrongdoing. More than that, the resulting documents prove Google's knowledge of, and participation in, advertising practices Google knew to be unlawful. I explore the implications for other controversial conduct that remains widespread despite Google's promise to take action. From deceptive ads to trademark, copyright, and more, Google's claims of innocence are increasingly difficult to believe.
Continued: Google's admissions; how Google assisted the unlawful conduct; Google's profit motive.
Online Discount Vouchers - Letter-Writing Tool
August 2, 2011 - Permalink - with Paul Kominers and Xiaoxiao Wu
Following up on my recent article about consumer protection problems in discount voucher sales, I've posted a letter-writing tool to help consumers resolve their voucher problems. From expiration to cashback to day-of-week, time-of-day, and unexpected terms added after purchase, there are quite a few ways consumers can end up dissatisfied with the discount vouchers they buy. Many voucher services offer refunds only if consumers complain vigorously. Our tool helps consumers write concise but persuasive letters, including drawing on applicable state law where appropriate.
Give it a try:
Discount Voucher Problems - Letter-Writing Tool
Consumer Protection in Online Discount Voucher Sales
June 14, 2011 - Permalink - with Paul Kominers
We evaluate five areas where online discount voucher services -- Groupon and similar sites -- risk falling afoul of applicable consumer protection law. We present applicable laws from selected states and evaluate compliance by voucher services and their affiliated merchants. We examine voucher services' attempts to limit their liability, and we explain why consumers and regulators should find current practices insufficient.
Continued: Specific legal requirements; vendors' practices; assessing responsibility.
Revisiting Unlawful Advertisements at Google
May 18, 2011 - Permalink
Last week, Google's 10-Q disclosed a $500 million charge for, the Wall Street Journal revealed, Google's sale of advertising to online pharmacies that break US laws. Kudos to the Department of Justice for holding Google accountable for these unlawful advertisements. But in fact there are numerous other categories where Google also shows, and has long shown, widespread deceptive advertisements. From "free" ringtones that aren't, to spyware/adware bundlers, to dubious mortgage modification schemes, deceptive ads are all too widespread. Google could and should do more to prevent these schemes and to avoid doing business with such advertisers.
Continued: Categories of unlawful advertisements; Google's revenue; the scope of Google's involvement.
Remedies for Search Bias
February 22, 2011 - Permalink
In a forthcoming paper, I'll survey the problem of search bias -- search engines granting preferred placement and/or terms to their own links or to others' links chosen for improper purposes. Today I'd like to focus on remedies -- what tactics a dominant search engine ought not employ due to their detrimental effects on competition, and how prohibiting those tactics would help assure fair competition in search and related businesses.
Continued: Specific practices that impede competition and ought not continue; towards affirmative solutions.
In Accusing Microsoft, Google Doth Protest Too Much
February 3, 2011 - Permalink
Google this week sparked a media uproar by alleging that Microsoft Bing "copies" Google results. But is that actually the best characterization of what happened? In fact Google's engineers intentionally clicked bogus listings they had previously inserted into Google's results, and they did this on computers where they had specifically authorized Microsoft to examine their browsing in order to improve Bing.
Continued: What exactly happened; Google's prior statements; Google's widespread use of others' intellectual property.
Measuring Bias in "Organic" Web Search
January 19, 2011 - Permalink - with Benjamin Lockwood
By comparing results between leading search engines, we identify patterns in their algorithmic search listings. We find that each search engine favors its own services in that each search engine links to its own services more often than other search engines do so. But some search engines promote their own services significantly more than others. We examine patterns in these differences, and we flag keywords where the problem is particularly widespread.
Even excluding "rich results" (whereby search engines feature their own images, videos, maps, etc.), we find that Google's algorithmic search results link to Google's own services more than three times as often as other search engines link to Google's services.
For selected keywords, biased results advance search engines' interests at users' expense: We demonstrate that lower-ranked listings for other sites sometimes manage to obtain more clicks than Google and Yahoo's own-site listings, even when Google and Yahoo put their own links first.
Continued: Methodology; analysis; policy implications.
Knowing Certain Trademark Ads Were Confusing, Google Sold Them Anyway -- for $100+ Million
November 30, 2010 - Permalink
Recently-released documents reveal Google's careful testing of consumer confusion resulting from certain uses of trademarks in advertisements. Google carefully measured consumers' understanding of trademark-triggered ads -- only to decide to loosen its policy when estimates revealed an opportunity $100 million to $1 billion of incremental annual revenue.
Continued: Documents and quotes.
Hard-Coding Bias in Google "Algorithmic" Search Results
November 15, 2010 - Permalink
I present categories of searches for which available evidence indicates Google has "hard-coded" its own links to appear at the top of algorithmic search results, and I offer a methodology for detecting certain kinds of tampering by comparing Google results for similar searches. I compare Google's hard-coded results with Google's public statements and promises, including a dozen denials but at least one admission. I conclude by analyzing the impact of Google's tampering on users and competition, and by proposing principles to block Google's bias.
Continued: Screenshots; methodology; proposed regulatory response; analogues in other industries.
A Closer Look at Google's Advertisement Labels
November 10, 2010 - Permalink
The FTC has called for "clear and conspicuous disclosures" in advertisement labels at search engines, and the FTC specifically emphasized the need for "terms and a format that are easy for consumers to understand." Unfortunately, Google's new advertisement labels fail this test: Google's "Ads" label is the smallest text on the page, far too easily overlooked. (Indeed, as I show in the image at left, the "Ads" label substantially fits within an "o" in "Google.") Meanwhile, Google now merges algorithmic and advertisement results merged within a single set of listings; Google's "Help" explanations are inaccurate; and Google uses inconsistent labels mere inches apart within search results, as well as across services.
Continued: Details of these shortfalls; screenshots and comparisons; proposed alternatives.
Labels and Disclosures in Search Advertising
November 9, 2010 - Permalink
Search engines have long labeled their advertisements with labels like "Sponsored links", "Sponsored results", and "Sponsored sites." Do users actually know that these labels are intended to convey that the listings are paid advertisements? In a draft paper we're posting today, Duncan Gilchrist and I try to find out.
"Sponsored Links" or "Advertisements"?: Measuring Labeling Alternatives in Internet Search Engines
In an online experiment, we measure users' interactions with search engines, both in standard configurations and in modified versions with improved labels identifying search engine advertisements. In particular, for a random subset of users, we change "sponsored link" labels to instead read "paid advertisement." We find that users receiving the “paid advertisement” label click 25% to 33% fewer advertisements and correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches, and for users with low income, low education, and little online experience.
We consider our findings particularly timely in light of Google's change, just last week, to label many of its advertisements as "Ads." On one view, "Ads"” is an improvement – probably easier for unsophisticated consumers to understand. Yet it’s a strikingly tiny label – the smallest text anywhere in Google’s search results, and about a quarter as many pixels as the corresponding disclosure on other search engines. As our paper points out, FTC litigation has systematically sought the label “Paid Advertisement, and we still think that’s the better choice.
Tying Google Affiliate Network
September 28, 2010 - Permalink
In one of the few areas of Internet advertising where Google is not dominant – indeed, where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. Thanks to Google’s dominance in web search, Google offers preferred placement and superior terms to the advertisers who agree to use Google Affiliate Network (GAN). Competing affiliate networks cannot match these benefits, and Google's bundling strategy threatens to grant Google a position of power in yet another online advertising market.
In today's piece, I identify the specific benefits Google grants to affiliate merchants who agree to use GAN -- including exclusive use of image ads, placement above AdWords advertisers, and fees payable only if a user makes a purchase. I explain why it is improper for Google to bundle these benefits with Google's dominant search service, and I compare Google's tactics in this area to Google's strategy in promoting other services.
Continued: Benefits to advertisers who accept; foreclosing competition in affiliate marketing; policy prescriptions.
Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers
May 20, 2010 - Updated May 26, 2010 - Permalink
But in my testing, Facebook's actual practices exactly contradict Facebook's promises. Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user's activity on Facebook, including name, photos, friends, and more.
Continued: Details of the data leakage; Facebook's promises; eight-plus months of notice; what Facebook should do.
Sony's Crackle: Invisible Traffic Galore
April 27, 2010 - Permalink
Advertisers buying display ads from Sony's Crackle.com rightly and reasonably expect that users can see the ads. But that's not always the case. In today's posting, I present three recent examples of Crackle partners loading the Crackle site invisibly, largely via 1x1 IFRAMEs. I then tabulate observations preserved by my automation, demonstrating that Crackle's tainted traffic has continued for more than a year. I conclude by flagging implications for traffic measurement and ad pricing, and by suggesting what Crackle should do to clean up this mess.
Continued: Specific examples; IFRAMEs to consummate the invisibility; overstated traffic measurements.
Measuring Typosquatting Perpetrators and Funders
February 17, 2010 - Permalink - with Tyler Moore
For more than a decade, aggressive website registrants have been engaged in 'typosquatting' -- the intentional registration of misspellings of popular website addresses. Uses for the diverted traffic have evolved over time, ranging from hosting sexually-explicit content to phishing. Several countermeasures have been implemented, including outlawing the practice and developing policies for resolving disputes. Despite these efforts, typosquatting remains rife.
But just how prevalent is typosquatting today, and why is it so pervasive? Tyler Moore and I set out to answer exactly these questions. In Measuring the Perpetrators and Funders of Typosquatting (appearing at the Financial Cryptography conference), we estimate that at least 938,000 typosquatting domains target the top 3,264 .com sites, and we crawl more than 285,000 of these domains to analyze their revenue sources.
Our full posting: Measuring the Perpetrators and Funders of Typosquatting and web appendix.
Google Toolbar Tracks Browsing Even After Users Choose "Disable"
January 26, 2010 - Permalink
I present screenshots and screen-capture videos demonstrating that even after a user specifically chooses to "disable" the Google Toolbar, and even after the Google Toolbar disappears from view, Google Toolbar continues tracking users' web browsing -- including the specific sites visited, pages browsed, and searches conducted. I then critique Google's installation -- which lets users activate these transmissions in a single click, while ceasing the transmissions is much harder. I compare Google's current notice/consent process to Google's 2004 version, finding important declines in both the presentation and substance of disclosures.
Continued: Screenshot and video proof; transmission logs; disclosure screenshots and analysis.
Upromise Savings -- At What Cost?
January 21, 2010 - Updated, January 25, 2010 - Permalink
When users install the Upromise toolbar, Upromise admits collecting "non-personally identifiable information" about users' online activities. But Upromise actually transmits detailed information -- not just page-views and searches, but email addresses and even full credit card numbers, expiration dates, and CVV2 codes. Upromise copies card numbers out of users' encrypted (HTTPS) browsing, but Upromise retransmits card numbers in plain text -- making it all too easy for others to gain access.
Continued: Specific transmissions; promises broken; what Upromise should do.
Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying
January 12, 2010 - Permalink
In today's post, I show click fraud with a twist. Like standard click fraud, this infraction completely fakes clicks -- charging advertisers for clicks that didn't actually occur. But this click fraud is carefully targeted -- faking a click to the victim advertiser when the user is already at that advertiser's site. Thus, standard efforts to measure conversion rates classify this traffic as legitimate and valuable -- tricking advertisers into raising their bids and paying even more, when they should be demanding refunds.
This scam targets Google advertisers -- who pay Google's high prices in expectation of receiving high-quality traffic, but instead suffer this unwanted ruse. The traffic comes through a lengthy chain -- fully seven partners passing the traffic from the underlying spyware through to Google. Closest to Google is InfoSpace, whose pattern of dubious traffic I chronicle in special detail.
Continued: The offending placements; video and packet log proof; what Google should do.
Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware
January 5, 2010 - Permalink
In February and May 2009, I reported Google paying WhenU spyware to cover selected sites with those sites' own Google PPC ads. These bogus placements perpetrate a practice I call "conversion inflation": They let Google claim credit for purchases that would have happened anyway -- overstating Google's effectiveness and leading advertisers to overbid and overpay for Google traffic.
Google admitted the impropriety of these placements -- even offering a credit to RCN, the advertiser I featured in May, though denying refund requests from other affected advertisers. But, remarkably, Google and its partners have restarted these placements. Today I post the proof -- screenshots, video, and packet log records prepared just this week.
Continued: The offending placements; violation of Google's promises to users and advertisers; what Google should do.
Deception in Post-Transaction Marketing
November 19, 2009 - Updated, December 5, 2009 - Permalink
Post-transaction marketers Webloyalty, Vertrue, and Affinion have attracted criticism for solicitations that tend to deceive consumers. They typically feature recurring billing programs that promise a savings or discount, but actually charge users on an ongoing basis. They promote these services while customers are finishing the checkout process at trusted e-commerce sites -- a time when few users expect unrelated offers from third parties. Furthermore, they obtain consumers' credit card numbers from partner sites -- so a user may enter a billing relationship and face credit card charges without providing a card number to the company that posts the charges.
In this posting, I present key primary source documents (internal company emails and analyses and reports from victim consumers) as well as outside analyses (a Senate staff report and testimony from hearing witnesses including my own statement for the record).
Higlights of my Statement for the Record: I argue that the timing, placement, and format of post-transaction offers deceptively suggest that the offers are part of the checkout process. (3) I suggest that automatic transfer of consumers’ payment information removes a key warning that customers are incurring a financial obligation. (3-4) I examine disclosures and find them inadequate to cure the deception resulting from the substance, format, and context of the offers. (5) I point out that credit card network rules disallow key post-transaction marketing practices, and I suggest that credit card networks enforce these rules. (6-7) I suggests that low usage rates support an inference of deception, and I provide an empirical strategy to estimate usage rates from publicly-available sources. (7)
Full article: Deception in Post-Transaction Marketing.
My subsequent Payment Card Network Rules Prohibit Aggressive Post-Transaction Tactics cites, quotes, and analyzes relevant rules -- finding that existing card network requirements disallow key post-transaction marketing practices.
Towards a Bill of Rights for Online Advertisers
September 21, 2009 - Permalink
I offer five rights to protect advertisers from increasingly powerful ad networks -- avoiding fraudulent charges for services not rendered, guaranteeing data portability so advertisers get the best possible value, and assuring price transparency so advertisers know what they're buying. I explain the need for these rights by presenting specific practices causing particular concern.
Continued: Five rights; their urgency; their benefits.
How Google and Its Partners Inflate Measured Conversion Rates and Increase Advertisers' Costs
May 13, 2009 - Permalink
With its lofty "Software Principles" and its "do no evil" mantra, Google might seem the last company likely to partner with spyware or adware vendors. But in today's article, I show Google doing exactly that.
Consumers certainly suffer from the sneaky software Google supports. But the clearest victims are advertisers, for these placements systematically charge advertisers for traffic the advertisers would otherwise have received for free.
Continued: Specific examples; videos, screenshots, and packet logs; a way forward.
In Support of Utah's HB450
March 9, 2009 - Permalink
When a user searches for one company, may a search engine show ads for a direct competitor instead? A natural libertarian instinct might reply yes, sure, do whatever you want. In this brief piece, I push back on that idea, offering reasons why such ads are improper.
I then analyze Utah's HB450, which would prohibit certain deceptive online advertising. I consider the bill's effects, and I explain why I support its approach.
Continued: Confusing ads; ineffective disclosures; how state regulation can help.
False and Deceptive Display Ads at Yahoo's Right Media
January 14, 2009 - Permalink
Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics. To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory.
Continued: False and Deceptive Display Ads at Yahoo's Right Media.
Privacy Lapse at Google JotSpot
October 30, 2008 - Permalink
Hydra Media's Pop-Up Problem -- Ten Examples
October 14, 2008 - Permalink
Affiliate marketer Hydra Network claims to be tough on fraud. Hydra says it "guards against compliance problems from every angle" to assure that ad placements are "safe[,] secure [and] profitable." Furthermore, Hydra claims to provide "tough affiliate pre-screening and policing to assure quality."
Despite Hydra's claims, my observations reveal major room for improvement. On fully 1,343 occasions, my AutoTester has seen Hydra affiliates receiving traffic from spyware or adware. Today I'm posting ten examples -- ten different Hydra affiliates using five different spyware/adware programs to claim commissions from Hydra's top merchants.
More: Full video and packet log proof.
CPA Advertising Fraud: Forced Clicks and Invisible Windows
October 7, 2008 - Permalink
Not all CPA fraud requires placing (or using) spyware or adware on a user's PC. In today's article, I show three examples of affiliates cheating CPA merchants using only a web browser -- without any special software on users' PCs. In particular, I show affiliates running invisible IFRAMEs, hidden portions of banner ads, and redirects loaded through signature icons in forum discussions. In each instance, affiliate claim commissions they did not earn.
More: Videos and packet logs; detection and defenses.
Auditing Spyware Advertising Fraud: Wasted Spending at VistaPrint
September 30, 2008 - Permalink
This month and last, my AutoTester observed more than two dozen different affiliates cheating VistaPrint through spyware pop-ups -- in each instance, using "self-targeting" to claim affiliate commission on traffic VistaPrint would otherwise have received for free. In today's article, I offer six examples of these observations -- as well as some musings on what VistaPrint might do to block these scams.
More: Videos and packet logs; which CPA networks are involved; VistaPrint's claims of effective advertising management.
Competition among Sponsored Search Services
July 11, 2008 - Permalink
Last month I was asked to testify to the United States House of Representatives Committee on the Judiciary Task Force on Competition Policy and Antitrust Laws about competition among paid search providers, particularly the proposed Google-Yahoo partnership.
At the last minute, the hearing was cancelled, and I won't be able to testify at the rescheduled session. Rather than let my draft written statement languish unread, I'm taking this opportunity to post the prepared testimony I had planned to offer last month.
More: My prior testimony about the Senate Counter Spy Act.
PPC Platform Competition and Google's "May Not Copy" Restriction
June 27, 2008 - Permalink
A little-noticed Google AdWords API Terms & Conditions restriction substantially hinders advertisers' efforts to use multiple providers -- prohibiting software vendors from using Google's API to help advertisers copy AdWords campaigns to competing platforms. This provision hinders competition between sponsored search providers -- creating an unnecessary and artificial barrier to advertisers easily copying their ads elsewhere.
More: The restriction at issue; its effects; Google's defenses and my analysis; Google's requests for data portability in other contexts.
Running Out of Numbers? The Impending Scarcity of IPv4 Addresses and What To Do About It
June 6, 2008 - Permalink
The Internet's current numbering system is nearing exhaustion: The Internet's primary communications protocol, "IP" (more precisely, IPv4) allows only a finite set of computer numbers ("IP addresses"), and central authorities will soon exhaust the supply.
An alternative IP standard, IPv6, would dramatically increase Internet address capacity. But network incentives impede transition to v6. For example, a device with only a v6 address cannot directly retrieve most web sites because most web sites have only v4 addresses. Consider the undesirability of owning the world's first fax machine (no one to communicate with); to date, v6 has suffered a similar problem, with the additional challenge that existing IPv4 systems boast widespread usage (making an upgrade to v6 appear particularly unnecessary). Furthermore, v4-v6 translation systems are limited at best -- allowing v6-only computers to receive some kinds of v4 content, but often failing to support proprietary or nonstandard systems such as VoIP, videoconferencing, multiplayer video games, and custom software.
With these substantial disincentives and limitations hindering v6 transition, v6 deployment has been slow. It seems continued use of IPv4 will remain necessary for the foreseeable future -- even after central authorities have no more v4 addresses to give out. Today I'm posting an initial analysis of market mechanisms to reallocate existing v4 addresses and facilitate v4's continued use. In particular, I consider the possible effects of paid transfers of v4 addresses. I emphasize rules to ameliorate the worst effects of v4 scarcity, while preserving the core principles of existing regulation and avoiding major negative externalities.
Running Out of Numbers? The Impending Scarcity of IP Addresses and What To Do About It
Debunking Zango's "Content Economy"
May 28, 2008 - Permalink
Zango often touts its so-called "content economy" -- purportedly providing users access to media in exchange for accepting Zango's popup ads. But Zango's media library is nothing to celebrate. Today I report my recent examinations. I show:
Continued: My findings; screenshots and examples; legal implications.
Coupons.com and TRUSTe: Lots of Talk, Too Little Action
March 18, 2008 - Updated, March 20, 2008 - Permalink
Six and a half months ago, I reported a variety of bad practices at Coupons.com. Key among my concerns: Coupons.com stored data in deceptive filenames and registry entries designed to look like part of Windows -- with names like c:\windows\WindowsShellOld.Manifest.1 and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Presentation Style . Furthermore, Coupons.com failed to remove these files upon a user's specific request.
Because Coupons.com is certified by TRUSTe Trusted Download, I reported these behaviors through TRUSTe's Watchdog form. TRUSTe investigated and last month declared success, claiming that "Coupons, Inc. rolled out ... [a] new version of the software ... that writes only one registry key placed in a typical location, named in an appropriate manner." Nonetheless, my tests indicate exactly the opposite -- including all the same deceptive filenames and registry keys I previously identified. Furthermore, my tests indicate that all these files are left behind even after a user performs an uninstall.
Continued: My findings; video proof; other violations.
Delaying Payment to Deter Online Advertising Fraud
March 10, 2008 - Permalink
In Optimal Deterrence when Judgment-Proof Agents are Paid in Arrears - with an Application to Online Advertising Fraud, I introduce an alternative method of fraud prevention for certain online advertising systems. By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good.
Continued: Details on my approach, including initial data on merchants' and networks' current payment terms.
Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices
February 14, 2008 - Permalink
I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version.
Continued: Specific deceptive advertising practices; trademark registrations; response from the advertising and security industries.
January 4, 2008 - Permalink
Continued: The procedure for obtaining data; screenshots of customer purchases; the privacy breach in context.
The Sears "Community" Installation of ComScore
January 1, 2008 - Permalink
Late last month, Benjamin Googins (a senior researcher in the Anti-Spyware unit at Computer Associates) critiqued a ComScore installation performed by Sears' "Sears Holdings Community" ("My SHC Community" or "SHC"). After reviewing the installation sequence, Ben concluded that the installation offered "very little mention of software or tracking" and otherwise fell short of CA and industry standards. I agree.
I write today to add my own critique. I begin by presenting the entire installation sequence in screenshots and video. I then explain why the limited notice provided falls far short of the standards the FTC has established. Finally, I show that Sears' claims of adequate notice are demonstrably false.
Continued: Installation screenshots & video; limited notice; FTC standards; false claims from Sears.
For older postings, see site archives.