Advertisers Should Intervene With "Direct Action"

"Direct action" in the military or spycraft sense of the word means "immediate intervention with the use of force to achieve a specific outcome." The question is when will advertisers take "direct action" with their digital media? What is significant enough to get them to act? Obviously, my documenting and writing about ad fraud for 10 years was not significant enough to get folks to act. But perhaps the following might be.

Gannett's mis-declared domains scandal

Last month's exposure of Gannett's "mess-up" by two independent researchers, Well-Known.dev and Adalytics, revealed multiple elephants in the room -- that "no one was looking" and "the tools used for detection and prevention were not working well, or at all."

"it appears that no one in the entire programmatic supply chain detected the domain mis-match 'error' or acted on it, until after the news broke in the Wall Street Journal "USA Today Owner Gannett Co. Gave Advertisers Inaccurate Information for Nine Months. Publisher misrepresented where billions of ads were placed"

• None of the ad exchanges and DSPs caught this or acted on it.
• None of the fraud-detection tech companies caught this or acted on it.
• None of the TAG "certified against fraud" companies caught this or acted on it.
• None of the adtech companies with MRC accreditation caught this or acted on it.

"If Gannett didn't correct this 'error' and the researchers didn't document that the issue continued for at least nine months without anyone noticing, how long would it have continued? Ad buyers were merrily buying ads thinking the ads ran on USA Today, when they did not. Billions of ads were transacted in that timeframe, with mis-declared domains -- that means the ads didn't go where the advertiser thought they would go.

Consider this: if they couldn't catch the domain mis-match "mistake" by a mainstream publisher like Gannett, what are the chances they are catching all the bad guy's deliberate falsification of domains to avoid detection?

"Billions of ads were transacted with mis-declared domains, no one noticed"

Yahoo buying incentivized, redirect, pop-under/adult traffic

Research from deepsee.io published today shows detailed examples (with screen recordings) of how incentivized traffic (get X points for viewing Y webpages), forced redirects, and pop-unders on adult sites are used to deliver vast amounts of traffic to a formerly reputable family of sites -- yahoo.com, aol.com and related subdomains. Left side of chart below -- adult domains (red highlight) delivering traffic to yahoo domains (yellow highlight).

The right side of the table below shows another invalid traffic phenomenon -- mobile apps loading webpages with hidden browsers. Years of data collected by FouAnalytics in client campaigns show strange apps like myvegas, lotto, casino apps, and thousands of others like casual games apps loading yahoo webpages in the background. None of this is caught and stopped by current fraud detection tech. Hundreds of billions of ads have been transacted, going back at least 10 years, and none of the fraud detection tech caught this, notified their clients, or stopped it. Perhaps they didn't know it was IVT ("invalid traffic")?

Google has taken a strong stance -- drawing the line for IVT at a users' intent to be on a page. Let me repeat -- "the line for invalid traffic has officially been drawn at the user’s intent to visit an ad-supported publisher page. Did the user intend to visit the page ("valid") or were they coerced, incentivized, auto-redirected, or couldn't see the page (pop-under) (all "invalid").

"Google offered this on-the-record statement: “Google considers invalid traffic to be ad traffic that does not represent genuine user intent or interest. This includes both incentivized traffic and traffic from pop-unders. Generally speaking, invalid traffic applies to any clicks or impressions that may artificially inflate an advertiser’s costs or a publisher’s earnings.” The Trade Desk said: “We consider popunders and incentivized traffic as IVT." See full deepsee research here: Large Publishers Buy Incentivized Traffic & Popups Too.

"Billions of ads transacted, no one noticed, no one cared."

Your ads running on sanctioned websites

Research from Adalytics, published yesterday, show ads from the largest advertisers on sanctioned websites. "U.S. banks and financial services companies are estimated to spend billions of dollars and millions of labor-hours each year on sanctions compliance." But it's as if no one's looking, when it comes to digital ads. When ads run on fake news, disinformation, or Russian propaganda sites, those sites make ad revenue. Advertisers' dollars flowed directly to sites spreading disinformation and propaganda. Ads were even "serving on Russian military and intelligence operated websites." Listing a few highlights:

• "Google’s ad exchange appears to have been serving ads on websites which are explicitly mentioned in the Treasury OFAC SDN list – for at least 3 years"
• "Google’s ad exchange has been observing serving ads on possible Iranian, Syrian, Donetsk, and Crimean websites for at least 5 years"
• "Major U.S. brands that were observed running ads placed by Google on websites which may be under Treasury sanctions include: Citibank, HSBC, PayPal, Subaru, Charles Schwab, Refinitiv, GoDaddy, Zillow, Kayak, Zendesk, Facebook, Adidas, Norton, Alibaba, Banker's Compliance Consulting, Inc., Oxford University, and Yale University"
• "Major media agencies, including Interpublic Group (IPG), WPP, and Publicis Groupe, may have placed clients’ ads on websites which may be under sanctions"

While the sanctions on Russia were implemented recently, sanctions on other countries and regions have existed for far longer. "Google’s own Publisher Policies states that: “Google publisher products are not available to publishers in the following countries or territories: Crimea, Cuba, So-called Donetsk People's Republic (DNR) and Luhansk People's Republic (LNR), Iran, North Korea, Syria." The research shows Google’s ad exchange serving ads on Iranian sites from dozens of small American businesses, as well as several large Fortune 500 brands, including: PayPal, Twilio, Ionos, Alibaba, Coldwell Banker Bain, GoDaddy, etc. Syrian websites serving ads. Donetsk & Luhansk People's Republic websites serving ads. Crimean websites serving ads. This goes back a while. Google's in the middle of it every time.

2019 -- ads on sanctioned websites -- Advertisers say that Google makes it far too easy to accidentally run ads in countries under US sanctions like Iran, North Korea, or Syria. https://www.wired.com/story/google-ads-sanctioned-countries-iran/

2021 -- ads on sanctioned websites -- How Ad Tech Wound Up Monetizing Sanctioned Russian Websites https://www.adweek.com/programmatic/how-ad-tech-wound-up-monetizing-sanctioned-russian-websites/

2022 - ads on sanctioned websites - Google continued to serve ads on Russia-linked and other websites after they were placed on US sanctions list https://www.businessinsider.com/google-served-ads-sanctioned-websites-adalytics-report-russia-2022-4

"Billions of ads transacted; is anyone looking? Does anyone care about compliance with sanctions?"

Lack of data and lack of transparency

You should act and take a closer look at your digital media, because everyone you assumed was "looking" for you appears to be asleep at the wheel. Where are all the brand safety tech companies now? They sold you a bill of goods, via interstate electronic communications ("wire fraud") and printed brochures ("mail fraud"), that turned out to not work as well as they claimed ("false claims"). Be aware that even if you looked, there's a large amount of data that's redacted or missing. The spreadsheet below shows the percentage of "confidential sellers." These are publishers/sellers of ads whose identity is redacted. How can you determine if they are on the sanctioned list or not? You can't. Why would you continue to buy ads from those sites that are marked "confidential" and risk running afoul of government sanctions when screen shots of your ad on one or more of those sites is emailed to your CEO and to "the feds." Even if marketers get placement reports, large portions of data is lumped into "mobile in-app" or (not set). How would you know where your ad went? Why would you still buy ads when half of the ads went to unknown (right side, cumulative percent).

So What?

DIRECT ACTION: TURN IT ALL OFF -- until the ad networks, exchanges, DSPs, SSPs, can show you where your ads went, so you can check if your ads went to sanctioned sites, regions, or countries. If you don't have the courage to do that just yet, here's a pro tip from Keri Thomas, a programmatic media specialist, "TTD (The Trade Desk) blocks confidential entries by default so if you buy Google exchange via TTD it’d be safe from this problem. That would also explain why there is endless inventory available on Google platforms but it’s so much less in TTD."

Is the Gannett scandal significant enough to get you to take action? Is Yahoo buying incentivized traffic significant enough to get you to take action? Is the "ads showing up on sanctioned websites" research significant enough to get you to take action? If not, please let me know what WILL get you to take action. When you take direct action you are not only protecting your company's interests; you are also protecting your own interests (by preventing your company from being shut down or going out of business due to fraud and sanctions violations, and other bad stuff).

What is the direct action that you will take now?