Home The Sell Sider Methbot’s Hidden Cost: Publisher Data Integrity

Methbot’s Hidden Cost: Publisher Data Integrity

SHARE:

mannypuentes_rebelaiThe Sell Sider” is a column written by the sell side of the digital media community.

Today’s column is written by Manny Puentes, founder and CEO at Rebel AI.

Although White Ops estimated that Methbot siphoned $3 million to $5 million per day from advertisers, fraud where domains are falsified carry a hidden price tag that costs the industry much more.

Since Methbot and similar operations send a false domain location, such as vogue.com, false data is also being passed along and bundled with real data from the legitimate vogue.com site, compromising the digital identity and audience data of real publishers.

How It Happens 

A complex ecosystem makes passing inauthentic domain data all too easy and obscures real data in the process.

As seen in the graph below, both a publisher and a data center run by a fraud operation may send inventory to the same supply-side platform (SSP), which works with a number of demand-side platforms (DSPs). In the example, both real “premiumpub.com” inventory and fraudulent “premiumpub.com” inventory are passed through the ecosystem as the same domain, and they show up in DSP and SSP reporting as the same domain.

puentes1

Why Digital Identity Matters In A Data-Driven World

The industry talks about fraud in terms of its dollar impact on advertisers and brands, but publishers also suffer. The flood of fake supply obviously drives down the CPM of real inventory, but Methbot-style fraud is harming publishers in more subtle ways.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

By stealing a publisher’s digital identity and using the value of the brand associated with it, fraudsters not only take money that might otherwise belong to the publisher, they also manipulate the associated site and audience data. White Ops reported that the Methbot operation faked clicks, mouse movements, geolocation data and even social network login information to further look like real, engaged people.

Every time a perpetrator fakes a domain, the market is hit with these fake metrics. This dilutes a publisher’s brand in the industry as advertisers and platforms see a mix of metrics that don’t accurately represent a publisher’s inventory.

Data is the currency that defines the value of a publisher. As the explosion of devices has exponentially increased the amount of data that’s processed daily, it has become increasingly important that a publisher’s data is accurately represented. Machine learning algorithms in programmatic environments are driven by data. The buy side uses this data to update their models to determine the value of the inventory. Like any data model, garbage in, garbage out.

As the advertising ecosystem continues to evolve and we increase our dependence on machines to determine publisher value, the fidelity and accuracy of the data that represents the publisher will be vital to the publisher brand.

A New Target

As the header-bidding trend moves to a server-to-server approach, programmatic transactions will become increasingly susceptible to manipulation. Any time there is a server-to-server connection, the IPs, domains and other browser metadata passed on the query as part of the media transaction can be altered.

Methbot-type fraud works by manipulating IP addresses within the perpetrator’s data center. When an ad platform or other code executes within a browser, the code asks the browser for its location. This location can reference an IP inside the data center, making it look like a legitimate domain.

Server-side header bidding isn’t bad; there’s no doubt it solves header bloat for the publisher and moves auction-type mechanics back to the server. But there is an inherent risk associated with more server-to-server connections. In this model, the SSP that is connected to the publisher will need to closely manage the data entry points to prevent future Methbot-style fraud.

puentes2

This type of fraud is difficult to eliminate, since the browser remains the source of truth for domain reporting in the industry. That said, publishers can take a stand in controlling their digital identity by carefully vetting their programmatic partners and advocating for their own interests and needs with fraud and verification companies.

Protecting The Future Of Programmatic

Methbot may have been largely dismantled by the significant press coverage and release of associated IPs, but it’s only a matter of time before the next operation arises. Protecting data integrity and brand identity from this kind of fraud in the future will be paramount for both publishers and advertisers.

Follow Manny Puentes (@epuentes), Rebel AI (@Rebel_AI_) and AdExchanger (@adexchanger) on Twitter.

Must Read

Comic: Off-Platform Media

How RMNs Use MFA And Cheap Inventory To Game Attribution Rules

Retail media is built on its attribution quality, but real purchases can be gamed by programmatic metrics and create perverse incentives for RMNs to serve ads across low-quality inventory.

There’s A Lot Wrong With Google’s And Meta’s Non-Transparent ‘Refund’ Practices

Google and Meta are playing with fire. Their opaque refund practices have already exposed them to customer blowback – and could lead to class-action lawsuits by disgruntled advertisers.

Comic: The Great Online Privacy Battle

How US Intelligence Agencies Buy And Use Programmatic Data For Surveillance

Mike Yeagley, an independent contractor who has scouted and acquired commercial data and technology on behalf of intelligence agencies, is one of the earliest evangelists of using ad tech tracking information to identify and surveil government targets.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Comic: The MFA Cafe

Adalytics Report Torches Ad Tech For Touting MFA Prevention While Scarfing MFA Supply

Practically every ad tech vendor has put out a press release in recent months full of bluster about cutting out made for advertising sites – and yet supply sources remain oversaturated with garbage inventory.

Cloud-Based Collaboration Is Ad Tech’s Post-Cookie Lifeline – But Will It Last?

Cross-cloud data collaboration technology is the best bet for a post-cookie solution. But it’s vulnerable to similar privacy concerns.

Topsort Raises $20 Million To Seize The Post-Cookie Market Opportunity This Year

Topsort raised $20 million, with plans to seize the 2024 opportunity for post-cookie ad tech.