Featured Research

Delaying Payment to Deter Online Advertising Fraud

IPv6 Incentives & Market Solutions to IPv4 Scarcity

Resources for Advertisers and Ad Networks

"Spyware": Research, Testing, Legislation, and Suits

Benjamin EdelmanBenjamin Edelman



New and Notable

Aspira Networks Charging Merchants for Traffic That's Otherwise Free

May 27, 2014 - Permalink

Aspira Networks reconfigures ISPs' networks so that if a user makes a purchase from a targeted merchant's site, the merchant has to pay Aspira an affiliate commission -- even though Aspira did nothing to cause or encourage the user's purchase.

Continued: Video and packet log proof; applicable rules prohibiting this practice.


Mastering the Intermediaries: Strategies for Dealing with the Likes of Google, Amazon, and Kayak

May 22, 2014 - Permalink

Many companies depend on powerful platforms which distinctively influence buyers' purchasing. (Consider, Google, Amazon, and myriad others in their respective spheres.) I consider implications of these platforms' market power, then suggest strategies to help companies recapture value or at least protect themselves from abuse.

Continued: Four strategies; defenses and countermeasures.


Consumers Pay More when They Pay with Bitcoin

May 20, 2014 - Permalink

Who benefits from Bitcoin? Not savvy customers who would otherwise pay by credit card with cashback or loyalty points. I sketch the arithmetic in today's post.

Continued: Bitcoin adoption incentives; the role of price coherence.


Google's Tying and Bundling

May 13, 2014 - Permalink

Google often argues that "competition is one click away" -- as if Google's many successes result solely from competition on the merits. Let me offer a different perspective: After early success in search and search advertising, Google used its strength in those sectors to increase its likelihood of success elsewhere -- even where competitors' offerings were objectively preferable and even where consumers would have preferred alternatives had that choice been genuinely available.

Today I'm posting an article exploring a series of incidents where Google used tying and bundling to expand its dominance into additional markets. In each market, I present the details of Google's approach, then assess concerns under antitrust law.

My full article:
   Leveraging Market Power through Tying and Bundling: Does Google Behave Anti-Competitively?

Continued: Examples in brief; table of practices and effects.


Fake 'Flappy Bird' installation delivers Blinkx adware (but not the Flappy Bird game)Blinkx Adware Revisited: Installation and Operation

April 9, 2014 - Permalink

In remarks last week, Blinkx attributed Zango's downfall to "lax oversight of rogue partners." In today's posting, I show similar and repeated problems among Blinkx's partners. I begin with deceptive installation of Blinkx adware when users request a (nonexistent) Flappy Bird game -- an abusive bait-and-switch installation that burdens a user with half a dozen different adware programs yet never provides the promised game. I then show similarly deceptive installation of Blinkx adware when users request a (nonexistent) Snapchat app for Windows. I compare these practices to FTC requirements and evaluate Blinkx's defenses. I then to demonstrate Blinkx that adware undermines HTTPS security by collecting and retransmitting users' seemingly-secure browsing activity, as well as showing deceptive advertisements that targeted web sites would never allow along with numerous ad-fraud popups that charge merchants for traffic they would otherwise receive for free. I then find Blinkx adware loading Google ads in pop-ups, which specifically violates Google ad placement rules. I conclude with recommendations and next steps.

Continued: Video proof of tainted installations; critiquing Blinkx's rebuttal; FTC rules.


Secret Ties in Google's "Open" Android

February 13, 2014 - Permalink

Google claims that its Android mobile operating system is "open" and "open source"—hence a benefit to competition. Little-known contract restrictions reveal otherwise: In order to obtain key mobile apps, including Google's own Search, Maps, and YouTube, manufacturers must agree to install all the apps Google specifies, with the prominence Google requires, including setting these apps as default where Google instructs. It's a classic tie and an instance of full line forcing: If a phone manufacturer wants any of the apps Google offers, it must take the others also.

In this piece, I present relevant provisions from key documents not previously available for public examination. I then consider the effects on consumers, competitors, and competition, and I compare these revelations to what was previously known about Google's mobile rules. I conclude by connecting Google's mobile practices to Google's use of tying more broadly.

Continued: The Mobilie Application Distribution Agreements and their effects.


The Darker Side of Blinkx

January 28, 2014 - Permalink

Video and advertising conglomerate Blinkx tells investors its "strong performance" results from "strategic initiatives" and "expanding demand, content, and audiences." Indeed, Blinkx recently climbed past a $1.2 billion valuation. At first glance, it sounds like a great business. But looking more carefully, I see reason for grave doubts.

My concerns result in large part from the longstanding practices of two of Blinkx's key acquisitions, Zango and AdOn. But concerns extend even to Blinkx's namesake video site. In the following sections, I address each in turn. Specifically, I show ex-Zango adware still sneaking onto users' computers and still defrauding advertisers. I show the ex-AdOn traffic broker still sending invisible, popup, and other tainted traffic. I show Blinkx' namesake site, Blinkx.com, leading users through a maze of low-content pages, while charging advertisers for video ads systematically not visible to users.

Continued: Video and screenshot proof; Blinkx's efforts at concealment; connecting the dots.

Discrimination at Airbnb

January 13, 2014 - Permalink

Online marketplaces often contain information not only about products, but also about the people selling the products. In an effort to facilitate trust, many platforms encourage sellers to provide personal profiles and even to post pictures of themselves. However, these features may also facilitate discrimination based on sellers' race, gender, age, or other characteristics.

Last week Michael Luca and I posted Digital Discrimination: The Case of Airbnb.com, in which we test for racial discrimination against landlords in the online rental marketplace Airbnb.com. We collected information about all Airbnb hosts in New York City, including their rental prices and the quality of their properties. We find that non-black hosts charge approximately 12% more than black hosts for the equivalent rental. These effects are robust when controlling for all information visible in the Airbnb marketplace, including even property photos.

Our findings highlight the risk of discrimination in online marketplaces, suggesting an important unintended consequence of a seemingly-routine mechanism for building trust. There is no fundamental reason why a guest needs see a host's picture in advance of making a booking -- nor does a guest necessarily even need to know a host's name (from which race may sometimes be inferred). In other respects, Airbnb has been quite sophisticated in limiting the information available to hosts and guests on its platform -- for example, AIrbnb prohibits (and runs software to prevent) hosts and guests from sharing email addresses or phone numbers before a booking is made, lest this information exchange let parties contract directly and avoid Airbnb fees. Given Airbnb's careful consideration of what information is available to guests and hosts, Airbnb might consider eliminating or reducing the prominence of host photos: It is not immediately obvious what beneficial information these photos provide, while they risk facilitating discrimination by guests.


Price Coherence: Impact and Incentives

January 6, 2014 - Permalink

In modern markets, buyers can often buy the same good or service directly from a seller, and through one or more intermediaries, all at the same exact price. How should buyers behave in these markets? The natural strategy is to choose whichever intermediary offers the greatest benefit -- perhaps a rebate, some loyalty points, or superior service. One intermediary might charge sellers far higher fees than another. But to buyers, these fees are irrelevant since they are paid entirely by sellers. It's a classic I-choose-you-pay situation, and buyers predictably head for high-benefit intermediaries. The resulting outcomes can be both distortionary and welfare-reducing. For example, seeing an airline's flights available both directly on the airline's web site and via an online travel agent (like Expedia or Orbitz) ("OTA"), a buyer has every reason to choose the latter -- avoiding retyping name, address, and payment details that the OTA already has on file. Convenient as an OTA may be, few users would willingly pay the ~$3 per segment (~$12 for a standard US domestic connecting round-trip) that OTAs charge to airlines. So too for credit cards: Their rebates and points are valuable, but most consumers would prefer a ~3% discount (the fee the seller pays to the card network).

Last week Julian Wright and I posted Price Coherence and Adverse Intermediation, analyzing incentives and outcomes in affected markets. We find that price coherence reduces consumer surplus and welfare due to inflated retail prices, over-investment in providing benefits to buyers, and excessive usage of intermediaries' services. Notably, competition among intermediaries does not fix these problems: Indeed, competition among intermediaries intensifies the problems by increasing the magnitude of the effects and broadening the circumstances in which they arise.

Continued: Affected markets; the puzzle of voluntary transactions that make all participants worse off.


Measuring and Managing Online Affiliate Fraud

November 25, 2013 - Permalink

Affiliate programs vary dramatically in their incidence of fraud. In some merchants' affiliate programs, rogue affiliates fill the ranks of high-earners. Yet other similarly-sized merchants have little or no fraud. Why the difference?

In Information and Incentives in Online Affiliate Marketing, Wesley Brandi and I examine the impact of varying merchant management decisions. Which works best, as between network-managed programs, outsourced program managers, and in-house management? Our crawlers have the answers.

Continued: Our approach and findings, network's incentives, and an unexpected stand-out.


The Ad Networks and Advertisers that Fund Ad Injectors

September 19, 2013 - Permalink - with Wesley Brandi

Webcake adware inserts an AT&T ad into the YouTube site without permission from Google. Ad injectors insert ads into others' sites, without permission from those sites and without payment to those sites. In this article, we review the basic operation of ad injectors, then examine the ad networks, exchanges, and other intermediaries that broker the placement of advertising through injectors.

We also report which advertisers most often advertise through injectors. Whether through complexity, inattention, or indifference, these advertisers' expenditures are ultimately the sole revenue source for injectors.

Continued: Screenshots; tables and graphs of responsible intermediaries and advertisers.


Comments to European Commission on Proposed Google Commitments

May 29, 2013 - Permalink - with Zhenyu Lai

The European Commission last month posted a restatement of its concerns at certain Google practices as well as Google's proposed commitments. This week I filed two comments critiquing Google's proposal. They are available here:

Comments on AT.39740 (with Zhenyu Lai) as to Google's exclusive use of screen space to promote its own specialized services, and as to an alternative remedy to preserve competition and user choice in the area of specialized search services.

Comments on AT.39740 (Edelman) as to the failure of Google's proposed commitments to undo the harm of Google's past violations, and alternative remedies preserve competition in the area of specialized search services, taking data from publishers, providing advertising services to publishers, and allowing advertisers to use multiple ad platforms.

Continued: Details of our proposals and rationale.


Google's Exclusive Flight Search OneBox

April 15, 2013 - Permalink - with Zhenyu Lai

Google Flight Search Google often shows “OneBox” search results promoting its own services. These results have prompted antitrust scrutiny: Google awards these preferred placements exclusively to Google's own services, such as Google Flight Search and Google Maps, but never to competing services such as Kayak or Mapquest. Moreover, Google presents OneBox with special format, including distinctive layouts, extra images, and even in-page interactivity – benefits not available to ordinary listings for other sites. Regulators and competitors sense that these exclusive practices can undermine competition and innovation by denying traffic to would-be competitors. But how large is the effect? How much does Google's exclusive OneBox placement impact search engine traffic to adjacent online markets?

In a working paper, Zhenyu Lai and I measure the impact of OneBox by using a quasi-experiment before and after the introduction of Google Flight Search. We compare user behavior on searches across thousands of search queries like “cheap flights from sfo to san ” (which displayed a OneBox for Google Flight Search), and similar search queries like “cheaper flights from sfo to san” (emphasis added) (which did not display OneBox). We find that Google's display of Flight Search in an exclusive OneBox decreased user click-through rates on unpaid search results by 65 percent, and increased user click-through rates on paid advertising links by 85 percent. This effect was disproportionately evident among online travel agencies that were popular destinations for affected search queries.

Our draft provides detailed empirical results as well as a model of how a search engine's incentives to divert search depend on consumers' perceptions of the difference between non-paid and paid placements.
    Exclusive Preferential Placement as Search Diversion: Evidence from Flight Search and data appendix


Privacy Puzzles at Google Play

February 19, 2013 - Permalink

Even the most careful read through Google's many Terms of Use and Privacy Policies gives no indication that whenever a user buys an Android app from the Google Play marketplace, Google send the app developer the user's name and email address. In today's post, I examine applicable Google policies -- finding that no document gives Google the right to provide users' information to app developers, and indeed multiple documents affirmatively commit that Google will not do so. I critique Google's response and suggest appropriate objectives and outcomes for an investigation.

Continued: A close reading of applicable Terms of Use and Privacy Policies; towards resolution.


Misrepresentation of Fuel Surcharges in Airline Price Advertising

February 6, 2013 - Permalink - with Xiaoxiao Wu

AA falsely claims the trip price includes 'Taxes' of $1222.16, when in fact $973 (79.5%) of this amount is carrier-imposed fees not required by any government or similar authority Ever felt the "taxes" on air travel are unduly high? In other travel contexts (most notably, rental cars), genuine government-imposed taxes often approach or even exceed the amount payable to service providers. But when airlines quote fares, they sometimes include as "taxes" certain carrier-imposed surcharges they set on their own, not required by any government and used only to defray their ordinary costs of operations.

In today's post, we provide numerous examples. For example, we show American Airlines misrepresenting "tax" on paid tickets booked both online and by telephone, on award tickets, and even when customers seek alternative flights after cancelation. Meanwhile, we show BA's "fuel surcharges" not only disclosed in ways impermissible under DOT regulation, but of an amount that appears to exceed BA's actual cost of fuel. We have submitted complaints to DOT as to these and other violations.

Continued: Screenshot and call recording proof; airlines' efforts to conceal their violations; DOT regulation and my DOT complaint.


IAC Toolbars and Traffic Arbitrage in 2013

January 22, 2013 - Permalink

I have repeatedly flagged serious problems with IAC/Ask.com toolbars -- targeting kids, bundles without consent, even installs through security exploits.

In today's piece I provide a 2013 update. IAC is still targeting kids -- both explicitly (installation solicitations that promise "Kids Games" and the like) and through cartoons and animation. IAC continues to show voluminous advertising, far more than other search engines, and with oversized ad clickable areas in violation of Google policies and industry norms. IAC"s uninstaller is incomplete, also in breach of Google rules and industry standards.

Continued: A full inventory of violations; screenshot proof.


The Right Remedies for Google's AdWords API Restrictions

January 7, 2013 - Permalink

Last week the FTC closed its 21-month investigation of Google after Google made several small concessions, among them dropping certain restrictions on use of Google's AdWords API -- rules that previously limited how advertisers and tool-makers may copy advertisers' own data from Google's servers. Removing the restrictions is a step forward for advertisers and for competition. But the FTC should have demanded more from Google in order to address the harm resulting from seven years of these restrictions.

Continued: The impact of the restrictions; who was harmed; effective remedies.


A Holiday "Top 10": Rogue Affiliates at Commission Junction and LinkShare

December 21, 2012 - Permalink - with Wesley Brandi

Our automation continuously scours the web for rogue affiliates. In our query tool, we provide a basic sense of how much we've found. We have also written up scores of sample rogue affiliates, but the holiday season provides an impetus for more: Thanks to high online spending, affiliate fraud at this time of year is particularly profitable for perpetrators -- and particularly costly to merchants.

In today's article, we report the ten Commission Junction affiliates and ten LinkShare affiliates most often seen by our automation. Our findings:
   Twenty Oft-Found Commission Junction and LinkShare Affiliate Violations


Affiliate Fraud Litigation Index

September 5, 2012 - Permalink

Some analysts view affiliate marketing as "fraud-proof" because affiliates are only paid a commission when a sale occurs. But affiliate marketing nonetheless gives rise to various disputes -- typically, merchants alleging that affiliates claimed commission they had not properly earned. Most such disputes are resolved informally: merchants withhold amounts affiliates have purportedly earned but have not yet received. Occasionally, disputes end up in litigation with public availability of the details of alleged perpetrators, victims, amounts, and methods.

In today's posting, I present known litigation in this area including case summaries and primary source documents:
   Affiliate Fraud Litigation Index


Search My Logs of Affiliate Fraud

March 19, 2012 - Permalink

Since 2004, I've been tracking and reporting all manner of rogue affiliates -- using spyware and adware to cover competitors' sites; using trickier spyware and adware to claim commission on merchants' organic traffic; typosquatting; stuffing cookies through invisible IFRAME's and IMG's, banner ads, and even hacked forum sites; and the list goes on. I now have automation catching these practices in ever-increasing quantities.

While I've written up dozens of rogue affiliates on this site and in various presentations, today Wesley Brandi and I are introducing something better: query-based access to our records of affiliate fraud targeting top affiliate merchants. Enter a merchant's domain name, and we'll tell you how much affiliate fraud we've seen targeting that domain -- handy for merchants wanting to check whether their program is clean, and for affiliates wanting to confirm the trustworthiness a program they're considering promoting. We're not currently posting details of the specific perpetrators, but we have affiliate ID numbers, domain names, and packet log proof on file for each violator, and we can provide these upon request.

Take a look:
    Affiliate Fraud Information Lookup.


Hack-Based Cookie-Stuffing by Bannertracker-script

February 27, 2012 - Permalink - with Wesley Brandi

We present a cookie-stuffer that collects traffic by hacking numerous top sites, including sites as popular searchenginewatch.com (Alexa traffic rank #2045). The perpetrator then monetizes this traffic by invisibly dropping affiliate cookies for Amazon, using 200+ separate affiliate IDs to evade notice.

Continued: JavaScript to hide the practices; other efforts to evade detection; revenue estimates.


Large-Scale Cookie-Stuffing at Eshop600.co.uk

January 30, 2012 - Permalink - with Wesley Brandi

We present a cookie-stuffer notable for the volume of his attack and his attempts at obfuscation.

Continued: Screenshot; encoded and decoded JavaScript; implications for merchants.


Advertising Disclosures in Online Apartment Search

January 25, 2012 - Permalink - with Paul Kominers

A decade ago, the FTC reminded search engines of their duty to label advertisements as such. Most general-purpose search engines now do so (though they're sometimes less than forthright). But practices at specialized search engines often fall far short.

In today's posting, Paul Kominers and I examine leading online apartment search services and evaluate the disclosures associated with their paid listings. We find paid placement and paid inclusion listings at each site, but disclosures range from limited to nonexistent. Where disclosures exist, they are largely hidden behind multiple intermediate pages, effectively invisible to most users. We propose specific ways these sites could improve their disclosures, and we flag their duties under existing law.

Continued: Disclosures ranging from hidden to missing altogether; euphemistic labels like "Featured" and "Best Match" .


Google Tying Google Plus and Many More

January 12, 2012 - Permalink

Google's new "Google Search Plus Your World" service favors Google Plus results at the expense of more popular social networks like Facebook and Twitter. These changes have prompted widespread concern, and rightly so. But in fact Google's dubious tying tactics extend well beyond Google Plus. I show Google using tying to favor all manner of its services, including using tying to force others to submit to Google's will even in areas where Google is not yet dominant.

Continued: Specific practices; Google services benefiting from tying; how Google penalizes those who reject Google's demands.


Revisiting Search Bias at Google

November 11, 2011 - Permalink

Last week Joshua Wright posted a critique of my January 2011 Measuring Bias in 'Organic' Web Search (with Ben Lockwood). In this piece, I offer a brief response.

Continued: Why search bias matters; consumer harm; Google's market power.


Understanding the Purposes – and Weaknesses – of Online-to-Offline Discounting

October 26, 2011 - Permalink

Daily deals sites often promise discounts exceeding 50% -- mobilizing millions of consumers spending billions of dollars. Yet this model faces growing resistance, particularly from merchants concerned that "deals" offers are unprofitable. The natural question: When and how are large discounts sustainable?

Deals services seem to envision delivering new customers who return paying full price, yet they've done little to demonstrate that return visits actually occur. And there's reason to doubt whether customers enticed by a discount will actually return to pay full price. I explore the implications, including the requirements for a profitable discounting model grounded in price discrimination rather than full-price return visits.

Continued: The "discovery" promise; the price discrimination alternative; knowing a merchant's limits.


Advertisers' Missing Perspective in the Google Antitrust Hearing

September 20, 2011 - Permalink

This week's Senate Antitrust Subcommittee hearing promises to investigate persistent allegations of Google abusing its market power. In these discussions, it's crucial to remember whose spending fuels Google's monopoly: advertisers. Google is far from generous to advertisers -- burdening them with high pricing, harsh terms, and various restrictions that primarily serve Google's interests. In this piece, I review worrisome practices regulators should investigate and, in due course, seek to prevent.

Continued: Specific practices; advertiser harm; what to do now.


Implications of Google's Pharmacy Debacle

August 26, 2011 - Permalink

A DOJ investigation of Google's pharmaceutical advertising practices yielded a $500 million forfeiture and an admission of wrongdoing. More than that, the resulting documents prove Google's knowledge of, and participation in, advertising practices Google knew to be unlawful. I explore the implications for other controversial conduct that remains widespread despite Google's promise to take action. From deceptive ads to trademark, copyright, and more, Google's claims of innocence are increasingly difficult to believe.

Continued: Google's admissions; how Google assisted the unlawful conduct; Google's profit motive.


Online Discount Vouchers - Letter-Writing Tool

August 2, 2011 - Permalink - with Paul Kominers and Xiaoxiao Wu

Following up on my recent article about consumer protection problems in discount voucher sales, I've posted a letter-writing tool to help consumers resolve their voucher problems. From expiration to cashback to day-of-week, time-of-day, and unexpected terms added after purchase, there are quite a few ways consumers can end up dissatisfied with the discount vouchers they buy. Many voucher services offer refunds only if consumers complain vigorously. Our tool helps consumers write concise but persuasive letters, including drawing on applicable state law where appropriate.

Give it a try:
  Discount Voucher Problems - Letter-Writing Tool


Consumer Protection in Online Discount Voucher Sales

June 14, 2011 - Permalink - with Paul Kominers

We evaluate five areas where online discount voucher services -- Groupon and similar sites -- risk falling afoul of applicable consumer protection law. We present applicable laws from selected states and evaluate compliance by voucher services and their affiliated merchants. We examine voucher services' attempts to limit their liability, and we explain why consumers and regulators should find current practices insufficient.

Continued: Specific legal requirements; vendors' practices; assessing responsibility.


Revisiting Unlawful Advertisements at Google

May 18, 2011 - Permalink

Last week, Google's 10-Q disclosed a $500 million charge for, the Wall Street Journal revealed, Google's sale of advertising to online pharmacies that break US laws. Kudos to the Department of Justice for holding Google accountable for these unlawful advertisements. But in fact there are numerous other categories where Google also shows, and has long shown, widespread deceptive advertisements. From "free" ringtones that aren't, to spyware/adware bundlers, to dubious mortgage modification schemes, deceptive ads are all too widespread. Google could and should do more to prevent these schemes and to avoid doing business with such advertisers.

Continued: Categories of unlawful advertisements; Google's revenue; the scope of Google's involvement.


Remedies for Search Bias

February 22, 2011 - Permalink

In a forthcoming paper, I'll survey the problem of search bias -- search engines granting preferred placement and/or terms to their own links or to others' links chosen for improper purposes. Today I'd like to focus on remedies -- what tactics a dominant search engine ought not employ due to their detrimental effects on competition, and how prohibiting those tactics would help assure fair competition in search and related businesses.

Continued: Specific practices that impede competition and ought not continue; towards affirmative solutions.


In Accusing Microsoft, Google Doth Protest Too Much

February 3, 2011 - Permalink

Google this week sparked a media uproar by alleging that Microsoft Bing "copies" Google results. But is that actually the best characterization of what happened? In fact Google's engineers intentionally clicked bogus listings they had previously inserted into Google's results, and they did this on computers where they had specifically authorized Microsoft to examine their browsing in order to improve Bing.

Strikingly, Google's own Matt Cutts previously endorsed the use of Toolbar and similar data to improve search results -- calling this approach "a good idea." And Google's own Toolbar Privacy Policy allows Google to perform the same analysis Bing used. So I don't have much sympathy for Google's allegations of impropriety. Quite the contrary: With Bing's small market share, this data is important in improving Bing search results and building a viable competitor to Google's dominant search offering.

Continued: What exactly happened; Google's prior statements; Google's widespread use of others' intellectual property.


Measuring Bias in "Organic" Web Search

January 19, 2011 - Permalink - with Benjamin Lockwood

By comparing results between leading search engines, we identify patterns in their algorithmic search listings. We find that each search engine favors its own services in that each search engine links to its own services more often than other search engines do so. But some search engines promote their own services significantly more than others. We examine patterns in these differences, and we flag keywords where the problem is particularly widespread.

Even excluding "rich results" (whereby search engines feature their own images, videos, maps, etc.), we find that Google's algorithmic search results link to Google's own services more than three times as often as other search engines link to Google's services.

For selected keywords, biased results advance search engines' interests at users' expense: We demonstrate that lower-ranked listings for other sites sometimes manage to obtain more clicks than Google and Yahoo's own-site listings, even when Google and Yahoo put their own links first.

Continued: Methodology; analysis; policy implications.


Knowing Certain Trademark Ads Were Confusing, Google Sold Them Anyway -- for $100+ Million

November 30, 2010 - Permalink

Recently-released documents reveal Google's careful testing of consumer confusion resulting from certain uses of trademarks in advertisements. Google carefully measured consumers' understanding of trademark-triggered ads -- only to decide to loosen its policy when estimates revealed an opportunity $100 million to $1 billion of incremental annual revenue.

Continued: Documents and quotes.


Hard-Coding Bias in Google "Algorithmic" Search Results

November 15, 2010 - Permalink

I present categories of searches for which available evidence indicates Google has "hard-coded" its own links to appear at the top of algorithmic search results, and I offer a methodology for detecting certain kinds of tampering by comparing Google results for similar searches. I compare Google's hard-coded results with Google's public statements and promises, including a dozen denials but at least one admission. I conclude by analyzing the impact of Google's tampering on users and competition, and by proposing principles to block Google's bias.

Continued: Screenshots; methodology; proposed regulatory response; analogues in other industries.


A Closer Look at Google's Advertisement Labels

November 10, 2010 - Permalink

The FTC has called for "clear and conspicuous disclosures" in advertisement labels at search engines, and the FTC specifically emphasized the need for "terms and a format that are easy for consumers to understand." Unfortunately, Google's new advertisement labels fail this test: Google's "Ads" label is the smallest text on the page, far too easily overlooked. (Indeed, as I show in the image at left, the "Ads" label substantially fits within an "o" in "Google.") Meanwhile, Google now merges algorithmic and advertisement results merged within a single set of listings; Google's "Help" explanations are inaccurate; and Google uses inconsistent labels mere inches apart within search results, as well as across services.

Continued: Details of these shortfalls; screenshots and comparisons; proposed alternatives.


Labels and Disclosures in Search Advertising

November 9, 2010 - Permalink

Search engines have long labeled their advertisements with labels like "Sponsored links", "Sponsored results", and "Sponsored sites." Do users actually know that these labels are intended to convey that the listings are paid advertisements? In a draft paper we're posting today, Duncan Gilchrist and I try to find out.

"Sponsored Links" or "Advertisements"?: Measuring Labeling Alternatives in Internet Search Engines

In an online experiment, we measure users' interactions with search engines, both in standard configurations and in modified versions with improved labels identifying search engine advertisements. In particular, for a random subset of users, we change "sponsored link" labels to instead read "paid advertisement." We find that users receiving the “paid advertisement” label click 25% to 33% fewer advertisements and correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches, and for users with low income, low education, and little online experience.

We consider our findings particularly timely in light of Google's change, just last week, to label many of its advertisements as "Ads." On one view, "Ads"” is an improvement – probably easier for unsophisticated consumers to understand. Yet it’s a strikingly tiny label – the smallest text anywhere in Google’s search results, and about a quarter as many pixels as the corresponding disclosure on other search engines. As our paper points out, FTC litigation has systematically sought the label “Paid Advertisement, and we still think that’s the better choice.


Google offers preferred terms to GAN advertisers, including image ads as well as placement above right-side AdWords adsTying Google Affiliate Network

September 28, 2010 - Permalink

In one of the few areas of Internet advertising where Google is not dominant – indeed, where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. Thanks to Google’s dominance in web search, Google offers preferred placement and superior terms to the advertisers who agree to use Google Affiliate Network (GAN). Competing affiliate networks cannot match these benefits, and Google's bundling strategy threatens to grant Google a position of power in yet another online advertising market.

In today's piece, I identify the specific benefits Google grants to affiliate merchants who agree to use GAN -- including exclusive use of image ads, placement above AdWords advertisers, and fees payable only if a user makes a purchase. I explain why it is improper for Google to bundle these benefits with Google's dominant search service, and I compare Google's tactics in this area to Google's strategy in promoting other services.

Continued: Benefits to advertisers who accept; foreclosing competition in affiliate marketing; policy prescriptions.


Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers

May 20, 2010 - Updated May 26, 2010 - Permalink

Browse Facebook, and you wouldn't expect Facebook's advertisers to learn who you are. After all, Facebook's privacy policy and blog posts promise not to share user data with advertisers except when users grant specific permission.

But in my testing, Facebook's actual practices exactly contradict Facebook's promises. Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user's activity on Facebook, including name, photos, friends, and more.

Continued: Details of the data leakage; Facebook's promises; eight-plus months of notice; what Facebook should do.


Sony's Crackle: Invisible Traffic Galore

April 27, 2010 - Permalink

Advertisers buying display ads from Sony's Crackle.com rightly and reasonably expect that users can see the ads. But that's not always the case. In today's posting, I present three recent examples of Crackle partners loading the Crackle site invisibly, largely via 1x1 IFRAMEs. I then tabulate observations preserved by my automation, demonstrating that Crackle's tainted traffic has continued for more than a year. I conclude by flagging implications for traffic measurement and ad pricing, and by suggesting what Crackle should do to clean up this mess.

Continued: Specific examples; IFRAMEs to consummate the invisibility; overstated traffic measurements.


Measuring Typosquatting Perpetrators and Funders

February 17, 2010 - Permalink - with Tyler Moore

For more than a decade, aggressive website registrants have been engaged in 'typosquatting' -- the intentional registration of misspellings of popular website addresses. Uses for the diverted traffic have evolved over time, ranging from hosting sexually-explicit content to phishing. Several countermeasures have been implemented, including outlawing the practice and developing policies for resolving disputes. Despite these efforts, typosquatting remains rife.

But just how prevalent is typosquatting today, and why is it so pervasive? Tyler Moore and I set out to answer exactly these questions. In Measuring the Perpetrators and Funders of Typosquatting (appearing at the Financial Cryptography conference), we estimate that at least 938,000 typosquatting domains target the top 3,264 .com sites, and we crawl more than 285,000 of these domains to analyze their revenue sources.

Our full posting: Measuring the Perpetrators and Funders of Typosquatting and web appendix.


Google Toolbar Tracks Browsing Even After Users Choose "Disable"

January 26, 2010 - Permalink

I present screenshots and screen-capture videos demonstrating that even after a user specifically chooses to "disable" the Google Toolbar, and even after the Google Toolbar disappears from view, Google Toolbar continues tracking users' web browsing -- including the specific sites visited, pages browsed, and searches conducted. I then critique Google's installation -- which lets users activate these transmissions in a single click, while ceasing the transmissions is much harder. I compare Google's current notice/consent process to Google's 2004 version, finding important declines in both the presentation and substance of disclosures.

Continued: Screenshot and video proof; transmission logs; disclosure screenshots and analysis.


Upromise Savings -- At What Cost?

January 21, 2010 - Updated, January 25, 2010 - Permalink

When users install the Upromise toolbar, Upromise admits collecting "non-personally identifiable information" about users' online activities. But Upromise actually transmits detailed information -- not just page-views and searches, but email addresses and even full credit card numbers, expiration dates, and CVV2 codes. Upromise copies card numbers out of users' encrypted (HTTPS) browsing, but Upromise retransmits card numbers in plain text -- making it all too easy for others to gain access.

Continued: Specific transmissions; promises broken; what Upromise should do.


Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying

January 12, 2010 - Permalink

In today's post, I show click fraud with a twist. Like standard click fraud, this infraction completely fakes clicks -- charging advertisers for clicks that didn't actually occur. But this click fraud is carefully targeted -- faking a click to the victim advertiser when the user is already at that advertiser's site. Thus, standard efforts to measure conversion rates classify this traffic as legitimate and valuable -- tricking advertisers into raising their bids and paying even more, when they should be demanding refunds.

This scam targets Google advertisers -- who pay Google's high prices in expectation of receiving high-quality traffic, but instead suffer this unwanted ruse. The traffic comes through a lengthy chain -- fully seven partners passing the traffic from the underlying spyware through to Google. Closest to Google is InfoSpace, whose pattern of dubious traffic I chronicle in special detail.

Continued: The offending placements; video and packet log proof; what Google should do.


Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware

January 5, 2010 - Permalink

In February and May 2009, I reported Google paying WhenU spyware to cover selected sites with those sites' own Google PPC ads. These bogus placements perpetrate a practice I call "conversion inflation": They let Google claim credit for purchases that would have happened anyway -- overstating Google's effectiveness and leading advertisers to overbid and overpay for Google traffic.

Google admitted the impropriety of these placements -- even offering a credit to RCN, the advertiser I featured in May, though denying refund requests from other affected advertisers. But, remarkably, Google and its partners have restarted these placements. Today I post the proof -- screenshots, video, and packet log records prepared just this week.

Continued: The offending placements; violation of Google's promises to users and advertisers; what Google should do.


Deception in Post-Transaction Marketing

November 19, 2009 - Updated, December 5, 2009 - Permalink

Post-transaction marketers Webloyalty, Vertrue, and Affinion have attracted criticism for solicitations that tend to deceive consumers. They typically feature recurring billing programs that promise a savings or discount, but actually charge users on an ongoing basis. They promote these services while customers are finishing the checkout process at trusted e-commerce sites -- a time when few users expect unrelated offers from third parties. Furthermore, they obtain consumers' credit card numbers from partner sites -- so a user may enter a billing relationship and face credit card charges without providing a card number to the company that posts the charges.

In this posting, I present key primary source documents (internal company emails and analyses and reports from victim consumers) as well as outside analyses (a Senate staff report and testimony from hearing witnesses including my own statement for the record).

Higlights of my Statement for the Record: I argue that the timing, placement, and format of post-transaction offers deceptively suggest that the offers are part of the checkout process. (3) I suggest that automatic transfer of consumers’ payment information removes a key warning that customers are incurring a financial obligation. (3-4) I examine disclosures and find them inadequate to cure the deception resulting from the substance, format, and context of the offers. (5) I point out that credit card network rules disallow key post-transaction marketing practices, and I suggest that credit card networks enforce these rules. (6-7) I suggests that low usage rates support an inference of deception, and I provide an empirical strategy to estimate usage rates from publicly-available sources. (7)

Full article: Deception in Post-Transaction Marketing.

My subsequent Payment Card Network Rules Prohibit Aggressive Post-Transaction Tactics cites, quotes, and analyzes relevant rules -- finding that existing card network requirements disallow key post-transaction marketing practices.


Towards a Bill of Rights for Online Advertisers

September 21, 2009 - Permalink

I offer five rights to protect advertisers from increasingly powerful ad networks -- avoiding fraudulent charges for services not rendered, guaranteeing data portability so advertisers get the best possible value, and assuring price transparency so advertisers know what they're buying. I explain the need for these rights by presenting specific practices causing particular concern.

Continued: Five rights; their urgency; their benefits.


How Google and Its Partners Inflate Measured Conversion Rates and Increase Advertisers' Costs

May 13, 2009 - Permalink

With its lofty "Software Principles" and its "do no evil" mantra, Google might seem the last company likely to partner with spyware or adware vendors. But in today's article, I show Google doing exactly that.

Consumers certainly suffer from the sneaky software Google supports. But the clearest victims are advertisers, for these placements systematically charge advertisers for traffic the advertisers would otherwise have received for free.

Continued: Specific examples; videos, screenshots, and packet logs; a way forward.


In Support of Utah's HB450

March 9, 2009 - Permalink

When a user searches for one company, may a search engine show ads for a direct competitor instead? A natural libertarian instinct might reply yes, sure, do whatever you want. In this brief piece, I push back on that idea, offering reasons why such ads are improper.

I then analyze Utah's HB450, which would prohibit certain deceptive online advertising. I consider the bill's effects, and I explain why I support its approach.

Continued: Confusing ads; ineffective disclosures; how state regulation can help.


False and Deceptive Display Ads at Yahoo's Right Media

January 14, 2009 - Permalink

Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics. To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory.

Continued: False and Deceptive Display Ads at Yahoo's Right Media.


Privacy Lapse at Google JotSpot

October 30, 2008 - Permalink

Google's JotSpot service posts sensitive user data, despite specific promises to the contrary in JotSpot's privacy policy. JotSpot even allows this information to be indexed by Google's search crawlers. JotSpot's postings are, by all indications, accidental. But in the context of a series of similar slip-ups, these postings raise questions about the efficacy of Google's model of hosted applications.

Continued: Screenshots of the leaked data; privacy policy promises; harms; a pattern of privacy breaches on Google's hosted applications.


Hydra Media's Pop-Up Problem -- Ten Examples

October 14, 2008 - Permalink

Affiliate marketer Hydra Network claims to be tough on fraud. Hydra says it "guards against compliance problems from every angle" to assure that ad placements are "safe[,] secure [and] profitable." Furthermore, Hydra claims to provide "tough affiliate pre-screening and policing to assure quality."

Despite Hydra's claims, my observations reveal major room for improvement. On fully 1,343 occasions, my AutoTester has seen Hydra affiliates receiving traffic from spyware or adware. Today I'm posting ten examples -- ten different Hydra affiliates using five different spyware/adware programs to claim commissions from Hydra's top merchants.

More: Full video and packet log proof.


CPA Advertising Fraud: Forced Clicks and Invisible Windows

October 7, 2008 - Permalink

Not all CPA fraud requires placing (or using) spyware or adware on a user's PC. In today's article, I show three examples of affiliates cheating CPA merchants using only a web browser -- without any special software on users' PCs. In particular, I show affiliates running invisible IFRAMEs, hidden portions of banner ads, and redirects loaded through signature icons in forum discussions. In each instance, affiliate claim commissions they did not earn.

More: Videos and packet logs; detection and defenses.


Auditing Spyware Advertising Fraud: Wasted Spending at VistaPrint

September 30, 2008 - Permalink

This month and last, my AutoTester observed more than two dozen different affiliates cheating VistaPrint through spyware pop-ups -- in each instance, using "self-targeting" to claim affiliate commission on traffic VistaPrint would otherwise have received for free. In today's article, I offer six examples of these observations -- as well as some musings on what VistaPrint might do to block these scams.

More: Videos and packet logs; which CPA networks are involved; VistaPrint's claims of effective advertising management.


Competition among Sponsored Search Services

July 11, 2008 - Permalink

Last month I was asked to testify to the United States House of Representatives Committee on the Judiciary Task Force on Competition Policy and Antitrust Laws about competition among paid search providers, particularly the proposed Google-Yahoo partnership.

At the last minute, the hearing was cancelled, and I won't be able to testify at the rescheduled session. Rather than let my draft written statement languish unread, I'm taking this opportunity to post the prepared testimony I had planned to offer last month.

More: My prior testimony about the Senate Counter Spy Act.


PPC Platform Competition and Google's "May Not Copy" Restriction

June 27, 2008 - Permalink

A little-noticed Google AdWords API Terms & Conditions restriction substantially hinders advertisers' efforts to use multiple providers -- prohibiting software vendors from using Google's API to help advertisers copy AdWords campaigns to competing platforms. This provision hinders competition between sponsored search providers -- creating an unnecessary and artificial barrier to advertisers easily copying their ads elsewhere.

More: The restriction at issue; its effects; Google's defenses and my analysis; Google's requests for data portability in other contexts.


Running Out of Numbers? The Impending Scarcity of IPv4 Addresses and What To Do About It

June 6, 2008 - Permalink

The Internet's current numbering system is nearing exhaustion: The Internet's primary communications protocol, "IP" (more precisely, IPv4) allows only a finite set of computer numbers ("IP addresses"), and central authorities will soon exhaust the supply.

An alternative IP standard, IPv6, would dramatically increase Internet address capacity. But network incentives impede transition to v6. For example, a device with only a v6 address cannot directly retrieve most web sites because most web sites have only v4 addresses. Consider the undesirability of owning the world's first fax machine (no one to communicate with); to date, v6 has suffered a similar problem, with the additional challenge that existing IPv4 systems boast widespread usage (making an upgrade to v6 appear particularly unnecessary). Furthermore, v4-v6 translation systems are limited at best -- allowing v6-only computers to receive some kinds of v4 content, but often failing to support proprietary or nonstandard systems such as VoIP, videoconferencing, multiplayer video games, and custom software.

With these substantial disincentives and limitations hindering v6 transition, v6 deployment has been slow. It seems continued use of IPv4 will remain necessary for the foreseeable future -- even after central authorities have no more v4 addresses to give out. Today I'm posting an initial analysis of market mechanisms to reallocate existing v4 addresses and facilitate v4's continued use. In particular, I consider the possible effects of paid transfers of v4 addresses. I emphasize rules to ameliorate the worst effects of v4 scarcity, while preserving the core principles of existing regulation and avoiding major negative externalities.

My draft:
  Running Out of Numbers? The Impending Scarcity of IP Addresses and What To Do About It


Zango Offers 'Borat'Debunking Zango's "Content Economy"

May 28, 2008 - Permalink

Zango often touts its so-called "content economy" -- purportedly providing users access to media in exchange for accepting Zango's popup ads. But Zango's media library is nothing to celebrate. Today I report my recent examinations. I show:

Continued: My findings; screenshots and examples; legal implications.


Coupons.com and TRUSTe: Lots of Talk, Too Little Action

March 18, 2008 - Updated, March 20, 2008 - Permalink

Six and a half months ago, I reported a variety of bad practices at Coupons.com. Key among my concerns: Coupons.com stored data in deceptive filenames and registry entries designed to look like part of Windows -- with names like c:\windows\WindowsShellOld.Manifest.1 and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Presentation Style . Furthermore, Coupons.com failed to remove these files upon a user's specific request.

Because Coupons.com is certified by TRUSTe Trusted Download, I reported these behaviors through TRUSTe's Watchdog form. TRUSTe investigated and last month declared success, claiming that "Coupons, Inc. rolled out ... [a] new version of the software ... that writes only one registry key placed in a typical location, named in an appropriate manner." Nonetheless, my tests indicate exactly the opposite -- including all the same deceptive filenames and registry keys I previously identified. Furthermore, my tests indicate that all these files are left behind even after a user performs an uninstall.

Continued: My findings; video proof; other violations.


Delaying Payment to Deter Online Advertising Fraud

March 10, 2008 - Permalink

In Optimal Deterrence when Judgment-Proof Agents are Paid in Arrears - with an Application to Online Advertising Fraud, I introduce an alternative method of fraud prevention for certain online advertising systems. By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good.

Continued: Details on my approach, including initial data on merchants' and networks' current payment terms.


Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices

February 14, 2008 - Permalink

I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version.

Continued: Specific deceptive advertising practices; trademark registrations; response from the advertising and security industries.


Sears Exposes Customer Purchase History in Violation of Its Privacy Policy

January 4, 2008 - Permalink

Want to know what a given customer has purchased from Sears? It's surprisingly easy to find out. In this article, I demonstrate how Sears reveals customers' major purchases to anyone who asks -- notwithstanding Sears' stated privacy policy.

Continued: The procedure for obtaining data; screenshots of customer purchases; the privacy breach in context.


The Sears "Community" Installation of ComScore

January 1, 2008 - Permalink

Late last month, Benjamin Googins (a senior researcher in the Anti-Spyware unit at Computer Associates) critiqued a ComScore installation performed by Sears' "Sears Holdings Community" ("My SHC Community" or "SHC"). After reviewing the installation sequence, Ben concluded that the installation offered "very little mention of software or tracking" and otherwise fell short of CA and industry standards. I agree.

I write today to add my own critique. I begin by presenting the entire installation sequence in screenshots and video. I then explain why the limited notice provided falls far short of the standards the FTC has established. Finally, I show that Sears' claims of adequate notice are demonstrably false.

Continued: Installation screenshots & video; limited notice; FTC standards; false claims from Sears.


For older postings, see site archives.