Slashdot Mirror
Google's Click-Fraud Crackdown
An anonymous reader writes "Wired reports that Google is making some effort to put a crack in the practice of click-fraud. Because of the pernicious abuse of the company's advertising business, it simply can't be sure that anyone is actually looking at the ads. Bruce Schneier talks about the problems of ensuring that people are really people, and Google's solution." From the article: "Google is testing a new advertising model to deal with click fraud: cost-per-action ads. Advertisers don't pay unless the customer performs a certain action: buys a product, fills out a survey, whatever. It's a hard model to make work — Google would become more of a partner in the final sale instead of an indifferent displayer of advertising — but it's the right security response to click fraud: Change the rules of the game so that click fraud doesn't matter."
That way, Google will want to enforce it's ad (avoid ad blockers, make them more visible, etc) even more.
factor 966971: 966971
CPA is a good model for Google and a very good model for advertisers. Advertisers, in effect, can pay for only the advertising which results in a sale.
Small publishers, however, will likely suffer. The vast majority of click-throughs on text ads result in no sale. Yet publishers still get paid for it. The only way this would balance out would be for the payment to publishers per action to go up. That would be fair. But I think the small bloggers who like to use adsense will lose revenue from this model.
Developers: We can use your help.
Perhaps because Google's customers care?
emt 377 emt 4
> Why does Google care so much? They get more money when people abuse it. Just charge less per click
> if they're that concerned about it.
Because most people *don't* cheat, which means that Google would be making less money from everyone because of a tiny amount of fraud.
I like to think, though, that I've helped cause this problem by right clicking/open in new tab on ads I have no interest in. I also fill in questionaires with random answers if I have to complete them to proceed into an otherwise "free" website, though, so I'm not sure how long this proposed solution is going to do any good...
But if people abuse it, the adversiters will find less value on Google ads.
They are trying to protect the value of their product.
factor 966971: 966971
Fraud results in distrust by advertisers. Many advertisers ignore adsense because of the high level of fraud. They don't want to pay for something that brings no sales. With enough fraud this whole business model disappears.
Developers: We can use your help.
1.) Because their company's culture is geared towards providing the best user experiences it can and that whole "Don't be evil." bit.
2.) Even if you think all of that's a crock, Google will make more money selling online advertising if they aren't continually making ~$90 million or so click fraud settlements periodically . . .
This approach may or may not solve click fraud, but it certainly doesn't solve the wider problem of proving that it's a human performing some action instead of a computer - and that one definitely needs to be nailed.
There seem to be at least two alternatives - you could use a chain-of-trust type model such as TCPA to be able to remotely prove that [a] this packet is coming from [b] this program that is [c] digitally signed by this party who [d] asserts that it only accepts input from humans when run on [e] an operating system that will ignore [f] debuggers and [g] un-approved input devices. But this seems unworkable and contrary to the spirit of open computing.
A better solution might be some kind of fingerprint reader that generates digitally signed "proof of life" which can be demanded by remote sites. For instance if you want to post a blog comment you have to touch your finger against the reader which is now 'charged' with 10 proofs - enough that a legit user probably won't be bothered again for some time, but not enough to make automatic spamming profitable.
I don't know of anybody developing such a thing though.
This CPA model is already very common. See Commission Junction and other affiliate networks.
Developers: We can use your help.
I'm an AdWords advertiser and click-fraud means zero to me -- in fact, I don't care either way. All AdWords-advertised sites make a better profit from AdWords than one can believe -- it works. If even 10% of the clicks are fraud (I _highly_ doubt it), I don't care -- the profit is still better than most advertising campaigns.
I also get a ton of impressions -- most of my ads have a click through rate of under 5%. Considering that 95% of the unclicked ads still form a brand impression, I'm even more satisfied (free advertising, basically).
AdWords advertisers who complain are just idiots. I've run TV, radio, magazine and newspaper ads for years and never had this kind of ROI.
I'm also an AdSense publisher, and I don't see what people bother with fraud. For the few bucks you make an hour trying to defraud the system, you can do a better job selling something online and using AdWords to drive business to you.
This could open up a big can of worms, precisely because it increases Google's stake in the actual buying process. The protests over ads for controversial stuff like religious or medical items, "adult" materials, political stuff, and so on simmer to a faint background hum when Google is just churning out automatic ads, but if Google can be shown to be taking part in the actual sales and transactions of this stuff their critics are likely to pounce on that. "OMG Google is selling evil pr0n/Satanism books/weaponry/GTA San Andreas/Online Gambling/etc..."
Slashdot Burying Stories About Slashdot Media Owned
TFA talks a lot about fraud, but what do you call it if I finish reading the article, and I click the nice linkies at the bottom with no intention of buying anything? What if I don't need a "Trojan remover download", credit report restoration, a work-from-home scheme, or (my favorite) to "Make Money With Adsense" with help from some outfit called cash-sense dot com.
So if I do four shift-ctl-clicks (open in a new window, keeping current window active, I love Opera), am I a bored 'net surfer, or have I just committed Click Fraud? For the advertiser, is there really any difference?
Stressed? Me? Of course not. Stress is what a rubber band feels before it breaks, silly.
::Old-fart Now while Google's advertising is generally pretty inoffensive what's with the idea of putting adverts on anything that stands still long enough for the paint to dry? There are blogs running on $2/month webhosts that use AdSense. Just because it is possible to make money doesn't mean that it's an appropriate thing to do. It reeks of the same kind of greed that causes people to put lengthy disclaimers on their naff short stories or trivial programmes (copyleft excepted) just because they can't stand the idea of missing out on 5 cents. ::End
Think of the Children; Sleep with your Sister
I would like to have the ability to see which IPs are clicking my ads and then be able to block them - i.e. my competitors and other random fraudsters.
This is headed in the wrong direction. The traditional role of the ad is to attract the eye, and get the consumer to consider and then remember the product when they want/need it in the future. Even if the ad isn't clicked on, the company advertising is getting itself noted and noticed, for free. That's the entire value of traditional print, radio, TV and billboard ads, just given away by web content providers. It's unreal, and is stifling the growth of online media. I suppose it's OK for enormous middlemen like Google, but it sucks for those making and maintaining websites. Advertisers have gotten too much of a free ride, and the models used to support this free ride... banner ads, popunders, flash ads, etc... have been largely self defeating.
Making the burden on the content creator heavier and more onerous before they get their dollar is not the way to go. The middlemen and the ad buyers are getting too much for too little in return. New models need to be developed. I'm in favor of the old fashioned sponsorship: flat fee so it's a predictable expense for the ad buyer, and predictable income for the content provider. I'm sure there are other ways to charge advertisers what their advertisements are worth, and increase their effectiveness at the same time.
This new Google approach doesn't deliver.
SoupIsGood Food
Are you kidding? My company has about 2MM in sales annually, and we spend almost $500,000 a year on Google Adwords. Over 90% of our sales come from Google. We're getting a conversion rate that is less then one percent and it's gotten worse over time. If it continues to drop we'll have no choice but reduce our adwords cost-per-click limit and take our advertising dollars elsewhere. No matter how you spell it, that means problems for the GOOG.
It's not that simple. Google is a middle-man, they're not creating the ads. Joes Pizza shop pays Google to display their ad when certain keywords are found on a web-page. They pay different rates for different words, and they pay by the number of times their ad is displayed.
Click-fraud hurts Joes Pizza because hey's paying Google to show his ad to potential customers, but during click-fraud, no-one is actually seeing it. He's paying for nothing. Google just takes a cut of what Joe paid, and passes the rest on to the websites that actually displayed the ads (or claimed they did).
Google only cares about this because if Joe thinks he's paying for nothing (i.e. no real people are actually seeing his ads, and all the "clicks" he's charged for are actually fraud), he might stop paying Google to farm out his ads. If that happens, Google loses their revenue stream.
Lots of clicks are good for Google, they get to charge Joes Pizza more. But they're only good if Joe thinks he's getting his message out to lots of people.
On two occassions, I've had my google account cancelled and funds withdrawn because Google accused me of click-fraud. Of course I had nothing to do with it and when I pleaded my case to Google I got no reply. I was willing to provide click logs and etc. But they just ignored me. I guess it's cheaper to just cancel accounts who are suspected of click-fraud then actually investigate. But if all it takes is a few malicious users with some scripting knowledge and open proxies to ruin my revenue why should I as a publisher use Google Adsense?
Actually, no, because Google charges the owner of the ad for that click and pays you (the adsense hoster) a portion of that amount. So in the end, the company paying to have the ads displayed loses money to invalid clicks. Google still makes money (ignoring legal costs and such) for each false click. However, it does make adsense a less valuable advertising tool and thus would cost them in the long run.
To record an ad impression? Let me get this straight. You're honestly suggesting that users submit their fingerprint to verify they've seen your ad and you expect people to submit to this? Are you high?
I mean, it's inconvenient, and invasive! Now if you can just find a way to make it really uncomfortable for the user while they're at it and you'll have achieved the prostate-exam trifecta that everybody shoots for when they want to pitch a new product idea.
Help us build a better map!
Google really needs to fix their fraud-detection systems, and this idea isn't going to fly with most people. Either put up with a certain percentage of fraud, or risk banning those who don't deserve it ... Damned if they do, damned if they don't.
1. Pursuade existing Google advertisers to use GooglePay so transactions can be monitored and click-fraud prevented.
2. ???
3. Profit!
CPA only works when there's a trackable action... and in many cases, the trackable action is going to be impossible to define. For example, I launched a new site in July (geochecker.com), which is a free geocaching-related site, supported by Google Adsense ads, and doesn't sell anything. To get some initial traffic, I used my existing Adwords account to run ads on related search terms. Now, since my only monetizing product is advertising (from Google itself!), and the services the site offers are free, how on earth can there be any action? As a matter of fact, the very "action" that I'm trying to get IS a click - I want them to visit the site. I don't have anything to sell beyond that, other than possibly deciding they don't really want to be there and leaving thru a similar click on the Adsense links. I just need to build traffic above the breakeven critical mass. Beyond that, I don't care what happens to any "conversion".
(And given the economy of Google ads, I'm basically paying about 50% of the Adwords cost because I get about a 1% click-in, and about 1% click-out, and the Adsense click-out pays about half of what an Adwords click-in costs me. So obviously I can't use Adwords long-term, but it's okay for building initial traffic, and incidentally for making sure my site got quickly indexed - thanks to daily visits by the Adwords robot.)
Now, in that model, as with many other businesses who are not selling online, it becomes impossible to track CPA, and the CPC is really the only valid business model. And this is true of millions of link-farm sites (not that I'd mind most of THEM disappearing).
As others have mentioned above, advertising is about much more than simple action-tracking - if you put a favorable ad in front of a potential customer enough times, it will build brand awareness and eventually convert. But not in enough time to make CPA useful, and usually in ways that cannot be directly tracked anyway.
Sorry, but I think CPC is going to be around for quite some time. And I'm sure Google is well aware of these dynamics.
--Brandon / Split Infinity Music
For the past few years we have had ads running on adsense... 2 weeks ago, we decided we would rather lose the sales that adsense was bringing in than continue to pay google for ads that weren't generating enough revenue.
For comparison, our conversion rates:
Google Search: 3.5%
Google adsense: 0.25%
I don't know what other companies are doing.. but I wouldn't be surprised companies are considering dropping adsense. There is just to much fraud.
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
I'm not real familiar with how AdSense works, since I've never run it on any of my web servers, but I would expect that if a shady webmaster is engaging in click fraud then either:
In the first and third cases, the cap on clicks per unit of time from a single IP address will serve to reduce (but admittedly, not eliminate) click fraud. In the second case, dropping RFC-1918 addresses on the floor will prevent fraud, since *only* the webmaster's internal network could possibly have accessed the server from private IP space.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Steal a credit card number, click on a Google CPA advert, and buy lots of expensive things.
The profit is in the percentage the advertising website gets, not in the goods.
This is correct. In our case a bit more. And 95% goes to adwords. When you sell a service, the only cost is development, infrastructure, customer acqisition, and, of course, payroll and administrative expenses. And we're profitable.