BenEdelman.org

11 Jan 2012 12:00:00 GMT

Large-Scale Cookie-Stuffing at Eshop600.co.uk

30 Jan 2012 12:00:00 GMT

We present a cookie-stuffer notable for the volume of his attack and his attempts at obfuscation.

Advertising Disclosures in Online Apartment Search

25 Jan 2012 12:00:00 GMT

A decade ago, the FTC reminded search engines of their duty to label advertisements as such. Most general-purpose search engines now do so (though they're sometimes less than forthright). But practices at specialized search engines often fall far short.

In today's posting, Paul Kominers and I examine leading online apartment search services and evaluate the disclosures associated with their paid listings. We find paid placement and paid inclusion listings at each site, but disclosures range from limited to nonexistent. Where disclosures exist, they are largely hidden behind multiple intermediate pages, effectively invisible to most users. We propose specific ways these sites could improve their disclosures, and we flag their duties under existing law.

Google Tying Google Plus and Many More

12 Jan 2012 12:00:00 GMT

Google's new "Google Search Plus Your World" service favors Google Plus results at the expense of more popular social networks like Facebook and Twitter. These changes have prompted widespread concern, and rightly so. But in fact Google's dubious tying tactics extend well beyond Google Plus. I show Google using tying to favor all manner of its services, including using tying to force others to submit to Google's will even in areas where Google is not yet dominant.

Revisiting Search Bias at Google

11 Nov 2011 12:00:00 GMT

Last week Joshua Wright posted a critique of my January 2011 Measuring Bias in 'Organic' Web Search (with Ben Lockwood). In this piece, I offer a brief response.

Understanding the Purposes – and Weaknesses – of Online-to-Offline Discounting

26 Oct 2011 12:00:00 GMT

Daily deals sites often promise discounts exceeding 50% -- mobilizing millions of consumers spending billions of dollars. Yet this model faces growing resistance, particularly from merchants concerned that "deals" offers are unprofitable. The natural question: When and how are large discounts sustainable?

Deals services seem to envision delivering new customers who return paying full price, yet they've done little to demonstrate that return visits actually occur. And there's reason to doubt whether customers enticed by a discount will actually return to pay full price. I explore the implications, including the requirements for a profitable discounting model grounded in price discrimination rather than full-price return visits.

Advertisers' Missing Perspective in the Google Antitrust Hearing

20 Sep 2011 12:00:00 GMT

This week's Senate Antitrust Subcommittee hearing promises to investigate persistent allegations of Google abusing its market power. In these discussions, it's crucial to remember whose spending fuels Google's monopoly: advertisers. Google is far from generous to advertisers -- burdening them with high pricing, harsh terms, and various restrictions that primarily serve Google's interests. In this piece, I review worrisome practices regulators should investigate and, in due course, seek to prevent.

Implications of Google's Pharmacy Debacle

26 Aug 2011 12:00:00 GMT

A DOJ investigation of Google's pharmaceutical advertising practices yielded a $500 million forfeiture and an admission of wrongdoing. More than that, the resulting documents prove Google's knowledge of, and participation in, advertising practices Google knew to be unlawful. I explore the implications for other controversial conduct that remains widespread despite Google's promise to take action. From deceptive ads to trademark, copyright, and more, Google's claims of innocence are increasingly difficult to believe.

Online Discount Vouchers - Letter-Writing Tool

2 Aug 2011 12:00:00 GMT

Following up on my recent article about consumer protection problems in discount voucher sales, I've posted a letter-writing tool to help consumers resolve their voucher problems. From expiration to cashback to day-of-week, time-of-day, and unexpected terms added after purchase, there are quite a few ways consumers can end up dissatisfied with the discount vouchers they buy. Many voucher services offer refunds only if consumers complain vigorously. Our tool helps consumers write concise but persuasive letters, including drawing on applicable state law where appropriate.

Give it a try: Discount Voucher Problems – Letter-Writing Tool

A special thanks to Paul Kominers and Xiaoxiao Wu, whose efforts brought this idea to fruition.

Consumer Protection in Online Discount Voucher Sales

14 Jun 2011 12:00:00 GMT

We evaluate five areas where online discount voucher services -- Groupon and similar sites -- risk falling afoul of applicable consumer protection law. We present applicable laws from selected states and evaluate compliance by voucher services and their affiliated merchants. We examine voucher services' attempts to limit their liability, and we explain why consumers and regulators should find current practices insufficient.

Revisiting Unlawful Advertisements at Google

18 May 2011 12:00:00 GMT

Last week, Google's 10-Q disclosed a $500 million charge for, the Wall Street Journal revealed, Google's sale of advertising to online pharmacies that break US laws. Kudos to the Department of Justice for holding Google accountable for these unlawful advertisements. But in fact there are numerous other categories where Google also shows, and has long shown, widespread deceptive advertisements. From "free" ringtones that aren't, to spyware/adware bundlers, to dubious mortgage modification schemes, deceptive ads are all too widespread. Google could and should do more to prevent these schemes and to avoid doing business with such advertisers.

Continued: Categories of unlawful advertisements; Google's revenue; the scope of Google's involvement.

Remedies for Search Bias

22 Feb 2011 12:00:00 GMT

In a forthcoming paper, I'll survey the problem of search bias -- search engines granting preferred placement and/or terms to their own links or to others' links chosen for improper purposes. Today I'd like to focus on remedies -- what tactics a dominant search engine ought not employ due to their detrimental effects on competition, and how prohibiting those tactics would help assure fair competition in search and related businesses.

In Accusing Microsoft, Google Doth Protest Too Much

3 Feb 2011 12:00:00 GMT

Google this week sparked a media uproar by alleging that Microsoft Bing "copies" Google results. But is that actually the best characterization of what happened? In fact Google's engineers intentionally clicked bogus listings they had previously inserted into Google's results, and they did this on computers where they had specifically authorized Microsoft to examine their browsing in order to improve Bing.

Strikingly, Google's own Matt Cutts previously endorsed the use of Toolbar and similar data to improve search results -- calling this approach "a good idea." And Google's own Toolbar Privacy Policy allows Google to perform the same analysis Bing used. So I don't have much sympathy for Google's allegations of impropriety. Quite the contrary: With Bing's small market share, this data is important in improving Bing search results and building a viable competitor to Google's dominant search offering.

Measuring Bias in "Organic" Web Search

19 Jan 2011 12:00:00 GMT

By comparing results between leading search engines, we identify patterns in their algorithmic search listings. We find that each search engine favors its own services in that each search engine links to its own services more often than other search engines do so. But some search engines promote their own services significantly more than others. We examine patterns in these differences, and we flag keywords where the problem is particularly widespread.

Even excluding "rich results" (whereby search engines feature their own images, videos, maps, etc.), we find that Google's algorithmic search results link to Google's own services more than three times as often as other search engines link to Google's services.

For selected keywords, biased results advance search engines' interests at users' expense: We demonstrate that lower-ranked listings for other sites sometimes manage to obtain more clicks than Google and Yahoo's own-site listings, even when Google and Yahoo put their own links first.

Knowing Certain Trademark Ads Were Confusing, Google Sold Them Anyway -- for $100+ Million

30 Nov 2010 12:00:00 GMT

Recently-released documents reveal Google's careful testing of consumer confusion resulting from certain uses of trademarks in advertisements. Google carefully measured consumers' understanding of trademark-triggered ads -- only to decide to loosen its policy when estimates revealed an opportunity $100 million to $1 billion of incremental annual revenue.

Hard-Coding Bias in Google "Algorithmic" Search Results

15 Nov 2010 12:00:00 GMT

I present categories of searches for which available evidence indicates Google has "hard-coded" its own links to appear at the top of algorithmic search results, and I offer a methodology for detecting certain kinds of tampering by comparing Google results for similar searches. I compare Google's hard-coded results with Google's public statements and promises, including a dozen denials but at least one admission. I conclude by analyzing the impact of Google's tampering on users and competition, and by proposing principles to block Google's bias.

A Closer Look at Google's Advertisement Labels

10 Nov 2010 12:00:00 GMT

The FTC has called for "clear and conspicuous disclosures" in search engines' advertisement labels, and the FTC specifically emphasized the need for "terms and a format that are easy for consumers to understand." Unfortunately, Google's new advertisement labels fail this test: Google's "Ads" label is the smallest text on the page, far too easily overlooked. (Indeed, the "Ads" label substantially fits within an "o" in "Google".) Meanwhile, Google now merges algorithmic and advertisement results merged within a single set of listings; Google's "Help" explanations are inaccurate; and Google uses inconsistent labels mere inches apart within search results, as well as across services.

Labels and Disclosures in Search Advertising

9 Nov 2010 12:00:00 GMT

Search engines have long labeled their advertisements with labels like "Sponsored links", "Sponsored results", and "Sponsored sites." Do users actually know that these labels are intended to convey that the listings are paid advertisements? In a draft paper we're posting today, Duncan Gilchrist and I try to find out.

"Sponsored Links" or "Advertisements"?: Measuring Labeling Alternatives in Internet Search Engines

In an online experiment, we measure users' interactions with search engines, both in standard configurations and in modified versions with improved labels identifying search engine advertisements. In particular, for a random subset of users, we change "sponsored link" labels to instead read "paid advertisement." We find that users receiving the "paid advertisement" label click 25% to 33% fewer advertisements and correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches, and for users with low income, low education, and little online experience.

Tying Google Affiliate Network

28 Sep 2010 12:00:00 GMT

In one of the few areas of Internet advertising where Google is not dominant – indeed, where just three years ago Google had no offering at all – Google now uses tying to achieve a position of dominance. Thanks to Google’s dominance in web search, Google offers preferred placement and superior terms to the advertisers who agree to use Google Affiliate Network (GAN). Competing affiliate networks cannot match these benefits, and Google's bundling strategy threatens to grant Google a position of power in yet another online advertising market.

Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers

20 May 2010 12:00:00 GMT

Browse Facebook, and you wouldn't expect Facebook's advertisers to learn who you are. After all, Facebook's privacy policy and blog posts promise not to share user data with advertisers except when users grant specific permission.

But in my testing, Facebook's actual practices exactly contradict Facebook's promises. Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user's activity on Facebook, including name, photos, friends, and more.

Sony's Crackle: Invisible Traffic Galore

27 Apr 2010 12:00:00 GMT

Advertisers buying display ads from Sony's Crackle.com rightly and reasonably expect that users can see the ads. But that's not always the case. In today's posting, I present three recent examples of Crackle partners loading the Crackle site invisibly, largely via 1x1 IFRAMEs. I then tabulate observations preserved by my automation, demonstrating that Crackle's tainted traffic has continued for more than a year. I conclude by flagging implications for traffic measurement and ad pricing, and by suggesting what Crackle should do to clean up this mess.

Measuring Typosquatting Perpetrators and Funders

17 Feb 2010 12:00:00 GMT

For more than a decade, aggressive website registrants have been engaged in 'typosquatting' -- the intentional registration of misspellings of popular website addresses. Uses for the diverted traffic have evolved over time, ranging from hosting sexually-explicit content to phishing. Several countermeasures have been implemented, including outlawing the practice and developing policies for resolving disputes. Despite these efforts, typosquatting remains rife.

But just how prevalent is typosquatting today, and why is it so pervasive? Tyler Moore and I set out to answer exactly these questions. In Measuring the Perpetrators and Funders of Typosquatting (appearing at the Financial Cryptography conference), we estimate that at least 938,000 typosquatting domains target the top 3,264 .com sites, and we crawl more than 285,000 of these domains to analyze their revenue sources.

Our full posting: Measuring the Perpetrators and Funders of Typosquatting and web appendix.

Google Toolbar Tracks Browsing Even After Users Choose "Disable"

26 Jan 2010 12:00:00 GMT

I present screenshots and screen-capture videos demonstrating that even after a user specifically chooses to "disable" the Google Toolbar, and even after the Google Toolbar disappears from view, Google Toolbar continues tracking users' web browsing -- including the specific sites visited, pages browsed, and searches conducted. I then critique Google's installation -- which lets users activate these transmissions in a single click, while ceasing the transmissions is much harder. I compare Google's current notice/consent process to Google's 2004 version, finding important decline in both presentation and clarity.

Upromise Savings -- At What Cost?

21 Jan 2010 12:00:00 GMT

When users install the Upromise toolbar, Upromise admits collecting "non-personally identifiable information" about users' online activities. But Upromise actually transmits detailed information -- not just page-views and searches, but email addresses and even full credit card numbers, expiration dates, and CVV2 codes. Upromise copies card numbers out of users' encrypted (HTTPS) browsing, but Upromise retransmits card numbers in plain text -- making it all too easy for others to gain access.

Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying

12 Jan 2010 12:00:00 GMT

In today's post, I show click fraud with a twist. Like standard click fraud, this infraction completely fakes clicks -- charging advertisers for clicks that didn't actually occur. But this click fraud is carefully targeted -- faking a click to the victim advertiser when the user is already at that advertiser's site. Thus, standard efforts to measure conversion rates classify this traffic as legitimate and valuable -- tricking advertisers into raising their bids and paying even more, when they should be demanding refunds.

Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware

5 Jan 2010 12:00:00 GMT

In February and May 2009, I reported Google paying WhenU spyware to cover selected sites with those sites' own Google PPC ads. These bogus placements perpetrate a practice I call "conversion inflation": They let Google claim credit for purchases that would have happened anyway -- overstating Google's effectiveness and leading advertisers to overbid and overpay for Google traffic. Google admitted the impropriety of these placements -- even offering a credit to RCN, the advertiser I featured in May, though denying refund requests from other affected advertisers. But, remarkably, Google and its partners have restarted these placements. Today I post the proof -- screenshots, video, and packet log records prepared just this week.

Payment Card Network Rules Prohibit Aggressive Post-Transaction Tactics

5 Dec 2009 12:00:00 GMT

Post-transaction marketers crucially rely on automatic transfer of consumers' payment card numbers -- copying a customer's credit card number from a merchant (where the consumer intentionally made a purchase) to a post-transaction marketer's membership club (which typically attracts a consumer's attention with a deceptive offer promising illusory savings). Copying credit card numbers raises numerous concerns, as detailed in my Statement for the Record last month. Crucially, it also violates applicable credit card network rules, which specifically prohibit merchants from copying card numbers. In today's post, I cite, quote, and analyze relevant rules. I also present letters I recently sent to leading card networks, urging them to enforce their existing rules.

Deception in Post-Transaction Marketing

19 Nov 2009 12:00:00 GMT

Post-transaction marketers have attracted criticism for solicitations that tend to deceive consumers. Offers often promise a savings or discount while actually charging customers on an ongoing basis. Offers often appear while customers are finishing the checkout process at trusted e-commerce sites -- a time when few users expect unrelated offers from third parties. Furthermore, post-transaction marketers obtain consumers' credit card numbers from partner sites (without consumers providing their card numbers to the companies that actually post charges). I summarize and post key documents recently released by the US Senate Commerce Committee, as well as reports from victims, an analysis by Committee staff, and recommendations from witness testimony (including my own).

Towards a Bill of Rights for Online Advertisers

21 Sep 2009 12:00:00 GMT

I offer five rights to protect advertisers from increasingly powerful ad networks -- avoiding fraudulent charges for services not rendered, guaranteeing data portability so advertisers get the best possible value, and assuring price transparency so advertisers know what they're buying. I explain the need for these rights by presenting specific practices causing particular concern.

How Google and Its Partners Inflate Measured Conversion Rates and Increase Advertisers' Costs

13 May 2009 12:00:00 GMT

I present four examples of Google and its partners interceding to grab users already on (or headed for) advertisers' sites -- spyware/adware popups, tricky toolbars, typosquatting, and Chrome browser autocomplete. In each instance, Google charges advertisers for pay-per-click traffic they would have otherwise received for free.

In Support of Utah's HB450

9 Mar 2009 12:00:00 GMT

I analyze Utah's HB450, which would prohibit certain deceptive online advertising. I consider the bill's effects, and I explain why I support its approach.

False and Deceptive Display Ads at Yahoo's Right Media

14 Jan 2009 12:00:00 GMT

Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics. To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory.

Privacy Lapse at Google JotSpot

30 Oct 2008 12:00:00 GMT

Google's JotSpot service posts sensitive user data, despite specific promises to the contrary in JotSpot's privacy policy. JotSpot even allows this information to be indexed by Google's search crawlers. JotSpot's postings are, by all indications, accidental. But in the context of a series of similar slip-ups, this error raises questions about the efficacy of Google's model of hosted applications.

Hydra Media's Pop-Up Problem -- Ten Examples

14 Oct 2008 12:00:00 GMT

Affiliate marketer Hydra Network claims to be tough on fraud. But my AutoTester has seen Hydra affiliates receiving traffic from spyware or adware on fully 1,343 occasions. Today I'm posting ten examples -- ten different Hydra affiliates using five different spyware/adware programs to claim commissions from Hydra's top merchants.

CPA Advertising Fraud: Forced Clicks and Invisible Windows

7 Oct 2008 12:00:00 GMT

Not all CPA fraud requires placing (or using) spyware or adware on a user's PC. In today's article, I show three examples of affiliates cheating CPA merchants using only a web browser -- without any special software on users' PCs. In particular, I show affiliates running invisible IFRAMEs, hidden portions of banner ads, and redirects loaded through signature icons in forum discussions. In each instance, affiliate claim commissions they did not earn.

Auditing Spyware Advertising Fraud: Wasted Spending at VistaPrint

30 Sep 2008 12:00:00 GMT

This month and last, my AutoTester observed more than two dozen different affiliates cheating VistaPrint through spyware pop-ups -- in each instance, using "self-targeting" to claim affiliate commission on traffic VistaPrint would otherwise have received for free. In today's article, I offer six examples of these observations -- as well as some musings on what VistaPrint might do to block these scams.

Competition among Sponsored Search Services

11 Jul 2008 12:00:00 GMT

Last month I was invited to Congress about competition among paid search providers, particularly Google's proposed purchase of susbtantial advertising inventory from Yahoo. At the last minute, the hearing was cancelled, and I won't be able to testify at the rescheduled session. But I'm posting the prepared testimony I had planned to offer last month.

PPC Platform Competition and Google's "May Not Copy" Restriction

27 Jun 2008 12:00:00 GMT

A little-noticed Google AdWords API Terms and Conditions restriction substantially hinders advertisers' efforts to use multiple providers -- prohibiting software vendors from using Google's API to help advertisers copy AdWords campaigns to competing platforms. I present the restriction, analyze its effects, and critique the defense Google offers.

Running Out of Numbers? The Impending Scarcity of IPv4 Addresses and What To Do About It

6 Jun 2008 12:00:00 GMT

The Internet's current IPv4 numbering system is nearing exhaustion, and transition incentives hinder rapid v6 deployment. In that context, I present market mechanisms to reallocate existing v4 addresses and facilitate continued use of v4. In particular, I consider the possible effects of paid transfers of v4 addresses. I emphasize rules to ameliorate the worst effects of v4 scarcity, while preserving the core principles of existing regulation and avoiding major negative externalities.

Debunking Zango's "Content Economy"

28 May 2008 12:00:00 GMT

I examine Zango's media library. I find widespread copyrighted videos presented without any indication of license from the corresponding rights-holders. I also find widespread sexually-explicit material, including prominent explicit material nowhere labeled as such.

Coupons.com and TRUSTe: Lots of Talk, Too Little Action

18 Mar 2008 12:00:00 GMT

Coupons.com continues to use deceptive filenames and registry keys that falsely indicate they're part of Windows -- some 6+ months after I uncovered this practice. Although TRUSTe last month announced that Coupons.com had stopped these practices, my tests indicate exactly the contrary. Furthermore, I show other ongoing violations by Coupons.com -- including incomplete uninstall and executable code left behind after an uninstall.

Delaying Payment to Deter Online Advertising Fraud

10 Mar 2008 12:00:00 GMT

I introduce an alternative method of fraud prevention for certain online advertising systems. By delaying payments, a merchant or network differentially harms bad affiliates (who rightly worry they may get caught) without unduly harming good affiliates (who know they'll get paid, and who receive a bonus in compensation for the delay). With a suitable delay, a merchant or network can deter many bad affiliates while retaining the good.

Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices

14 Feb 2008 12:00:00 GMT

I examine anti-spyware software from C-NetMedia. I show deceptive advertising for C-Net's products, including product names, ad text, and web site designs that falsely suggest affiliation with security industry leaders. I examine C-Net's use of many disjoint product names -- preventing consumers from easily learning more about C-Net, its reputation, and its practices. I analyze C-Net's high-pressure sales tactics, including false positives, which overstate the urgency of paying for an upgraded version.

Sears Exposes Customer Purchase History in Violation of Its Privacy Policy

4 Jan 2008 12:00:00 GMT

I show that Sears' ManageMyHome site provides detailed customer purchase data without effective security measures.

The Sears "Community" Installation of ComScore

1 Jan 2008 12:00:00 GMT

I critique a Sears installation of ComScore software without meaningful notice or consent. I present the entire installation sequence in screenshots and video, then explain why the limited notice falls far short of applicable FTC standards. I also show that Sears' claims of adequate notice are demonstrably false.

A Closer Look at Coupons.com

28 Aug 2007 12:00:00 GMT

I examine software from Coupons.com. Key findings: Coupons.com disguises some of its key files to make them look like they're part of Windows. These files stay on disk even if a user requests removal of Coupons.com. Coupons.com prints a user ID on each coupon, without any meaningful disclosure in its privacy policy. Any web site can use simple JavaScript to retrieve a user's Coupons.com user ID. Given a user ID, any person can check whether a user has printed a given coupon -- revealing sensitive information about users' purchasing interests.

Zango's Compliance Problems

31 Jul 2007 12:00:00 GMT

Despite Zango's 2006 settlement with the FTC, Zango continues behaviors exactly contrary to what the settlement specifies -- including installations lacking out-of-EULA disclosure of Zango's material terms, and including unlabeled ads that don't tell users why the ads appeared or how to make them stop. I document these and other troubling behaviors in a series of screenshots and videos.

ComScore Doesn't Always Get Consent

29 Jun 2007 12:00:00 GMT

I describe multiple recent ComScore RelevantKnowledge installations that occur without user consent. I provide video proof of one such installation. I compare these installations with applicable law and with TRUSTe Trusted Download rules.