Spyware Still Cheating Merchants

Jamie found an interesting story about how Spyware is still on the move. It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. It breaks down several common types of spyware and some analysis of each.

Ben Edelman, here

[bedelman]

I'm Ben Edelman, the author of the piece. I'm happy to answer any questions folks may have.

It would be particularly interesting to hear from merchants and by legit (non-spyware-using) affiliates who are ripped off by the practices I documented.

Re:Ben Edelman, here

[teknopurge]

I'm a merchant that has recently looked into many forms of online advertising, and these are my thoughts:

Sponsored-search advertising is a ripoff. Google makes the vast majority of their money this way and I take issue. We have run numerous campaigns and stopped due to the lack of quantification. Talking with other merchants, people are starting to get disgusted by the google/yahoo/ms advertising avenues. clickfraud is rampant and we end up paying for it. recently, every time google releases earnings i can't help but laugh. all it takes is for a adwords merchant to start a campaign and watch their traffic and usage for a month to see what is going on. my feeling is that there is no better solution for online advertising, so people feel the need to do _something_, so they will continue to pay because they feel it is better than nothing.

Re:Ben Edelman, here

[idesofmarch]

Which pop-up blocker did you find most effective?

Spyware will become clean...

[Kjella]

It talks about how Spyware vendors are trying to clean up their image, but still doing fishy things. ...the day Tony Soprano becomes a 'respectable businessman'. Crapware (my common term for deceotive adware, spyware, malware and whatever else "toolbars" and "helpers" and "assistants") couldn't get clean without going into legitimate advertising and shareware. And there the competition is solidly entrenched already, so all I want for them is to quietly die. They're a cancer to the computer industry and should be eradicated.

Serves them right?

[140Mandak262Jamuna]

These merchants, Netflix, Blockbuster and others signed with people with very low ethical standards. These spyware vendors install software without consent, fool people, irritate people with pop-ups etc. And these companies thought that is how they should get their customers. It should not surprise anyone, least of all these merchants, that the spyware vendors use every trick in the book and then some to cheat them and charge fees and commissions. Let them go bankrupt. Serves them right for providing food to these cockroaches.

Now google has a till option....

[simm1701]

I can see the ideal solution to this type of advertising fraud.

If I am running a site selling certain goods, then I don't really care how many hits I get, I'm bothered about how many sales I get.

Now if google can set up an adwords system for me that does not charge per click, but instead I use their payment system as a check out and grant them a commission on refered sales (as long as they can prove that the refereal was sent via a targetted ad in the current browser session would be my condition) then they can take say 5% of the sale (on top of their normal processing comission.

Then the problem comes down to trusting google to correctly report which sales on your site are actually directly from one of their adverts and not from their main search.... however its only one company, its a large and well known company so auditing it would be a lot easier than many of the smaller more dubious companies.

Re:Ben Edelman, here

[Aladrin]

No offense, but isn't that the same as all other types of advertising? If you feel you are getting enough for your money, you buy the advertising. If you don't, you don't.

TV ads continue to be annoying and people are actively avoiding them now. Instead of making better commercials that don't annoy people, they just keep shelling out the money for the same old crap.

Radio, ditto.

Newspapers, magazines... Other than the sale ads and video game magazines (which are disappointing, because the ads rarely tell you anything the actual game), I don't think I've bothered to do more than glance at an ad in years.

How is 'sponsored-search advertising' any different?

And you say 'clickfraud is rampant.' ... Are you saying that you think Google is faking clicks? Or pays someone to? I can't see how anyone but Google would benefit from this. (I suppose the paranoid part of me says your competitor could be faking the clicks, to get rid of your ads... But that could have serious legal consequences.)

Re:Ben Edelman, here

[Anonymous Coward]

I'm just amazed that Netflix spends over 20% of their revenue on advertising.

I've also always thought that any merchant that pays for click-throughs or indirect referrals are foolish. It is just too easy to game those processes.

Here's a question or few for you

[Specks]

How would the merchants detect that Zango or other spyware makers have hijacked organic traffic or a legitimate affiliates cookie? If the software routs traffic through the spyware vendor's servers first then to the intended website how is a site like Netflix or Blockbuster going to tell if they don't get a chance to put a cookie there? Not to mention that a spyware vendor probably doesn't have the affiliate code in their name but probably a shell corporation or some other company. If companies like Netflix take action how bad do you think the shakeup will be for companies like Zango?

Re:Ben Edelman, here

[bignetbuy]

"No offense, but isn't that the same as all other types of advertising? If you feel you are getting enough for your money, you buy the advertising. If you don't, you don't."

From what I read, the merchants are paying for advertising results that they would have received for free. That, in turn, forces merchants to spend more money on advertising and ultimately results in higher prices for consumers.

Yes, it is frustrating.

[140Mandak262Jamuna]

I have tried to explain to my relatives and friends, with "real world" analogies. Like, "OK, the cable company says just leave the door unlocked, that way our tech can get in and install your new cable box and you dont have to house sit. Will you agree? Wont you feel outraged if all the merchants in town walk into your living room and paste their advertisement on your wall? Yes, security will entail some inconvences like staying at home and letting in the technician. But you would not leave the home unlocked, would you?"

The usual responses are that "You are exaggerating the dangers", and "I have nothing of value for anyone to steal in my computer" or "it is too complex to lock the machine down" or "I dont know how to lock the machine down" or "there are millions of people who dont lock their machine down, are they all fools and are you the only smart guy out there".

Their file sharing stops working. They call the tech. Some cousin of me from India walks them step-by-step to turn off the firewall in the router so that "he can come in and fix it", turns off the firewall in the machine, turns on remote assistance, fixes something and leaves. For the tech guy the metric is "minutes to solve the problem". Staying on line to turn back all the firewalls and turning off remote-assistances "does not pay". The machine gets pwend even before he is done and he recommends wiping the hard disk and restoring, wiping out everything the customer had in the disk.

It is a torture to be the one-eyed man in the land of the blind.

Re:Capital S?

[TheHawke]

spyware, adware, or malware of any kind does not deserve to be capitalized, nor do corporations, entities, or persons trying to destroy our ways of life.

I do not care if the grammar nazis give me a d-, I refuse to comply.

Re:Ben Edelman, here

[aclarke]

And you say 'clickfraud is rampant.' ... Are you saying that you think Google is faking clicks? Or pays someone to? I can't see how anyone but Google would benefit from this. (I suppose the paranoid part of me says your competitor could be faking the clicks, to get rid of your ads... But that could have serious legal consequences.)

Click fraud can happen on Google's "content network". I just happen to be looking at one of my ads right now. In the last week, it's been shown 104 times on Google's pages. It's been shown 13,636 times on other pages using Google's Adsense. You know, the Google ads on other peoples' pages.

If I run a site and put Adsense on it, I get a percentage of Google's revenue for each ad clicked through from my site. Therefore, if I have more click-throughs, I get paid more. That's where click fraud comes in. The advertiser gets a higher bill due to more clicks, and Google pays the fraudulent Adsense operator a portion of the revenue.

You can opt out of your ads being shown on the content network, or even on certain sites. But as you can see from the numbers above, you'll be losing out on a HUGE percentage of your ad impressions. OTOH, in my experience the CTR off Google's sites is higher than the content network CTR, and quite possibly depending on what your product is, the people might be more qualified.

Re:Ben Edelman, here

[MttJocy]

Or like in my case (as a publisher) by a user who happens to disagree with the content of your site and decides the best way to deal with that is to attack the revenue stream that is funding your hosting costs.

In this case the attack worked, prior to the attack I was averaging around 1,000 clicks per month legitimately and thus gaining reasonable revenues which paid for hosting, domain registration and various other services (such as occasional professional design services to help with certain things I am less skilled at), until one evening there is an extremely strong worded scathing comment written by some anonymous user, the next morning I wake up to discover 1,896 clicks in one night which all originated from the same IP as that comment (thanks google for giving that info), my account by this point had been blocked.

I immediately contacted google, explained the situations, provided server logs and other relevant info re the comment and the massive amount of traffic generated by that IP during the night on my own site including raw server logs of this general traffic also. Google then provided me with their statistical information on clicks in that time period not raw data however which I can understand on privacy grounds (it would have included legitimate users also, I had removed data not relating to the suspect IP in my own logs I sent out of respect for my legitimate users who had committed no crime which is what this amounts to). Their representative even agreed that it was quite clear to them this was a case of a click fraud attack aimed at causing my disqualification, however they would not even consider reinstatement even under any kind of trial basis which eventually lead to me being forced to abandon the site on financial grounds not being able to find another system able to generate such reasonable revenues that covered the costs, with acceptable ad formats which were not overly obtrusive.

So to suggest they do not take click fraud serious is not something I can believe, with a one strike and you are out no questions asked policy irrespective of evidence proving the publishers innocence when any click fraud of any description is detected by their system resulting in a lifetime ban from the scheme seams to me like extremely stringent anti click fraud policies to me, too stringent in reality when clear evidence of innocence on the part of the publisher and evidence the fraud was actually an attack on the publisher and their funding mechanism for their website with the intention of making it impossible to keep the website online is beyond unreasonable.

Not to mention the $612.45 in legitimate click revenues they withheld and and dropped into their own coffers which is in itself wrong in my opinion especially when they themselves agree that the publisher was the victim of a targeted attack they should have at least had the decency to settle the account for all the legitimate clicks.