By Ken Glueck, Executive Vice President, Oracle—March 7, 2021
To hear Google tell it, consumer privacy is now so important that it has decided to stop tracking and targeting individuals across the internet. Examined closely, Google’s announcement does nothing to protect consumers while advancing its campaign of anticompetitive conduct. Google positions its recent efforts as privacy-enhancing so long as we all agree to play in Google’s new Privacy Sandbox called Federated Learning of Cohorts (FLoC). No, really, that’s what they are calling it.
Let’s start with a plain-English description of this new sandbox, to the extent possible. Google says it will eliminate the use of third-party “cookies” in its Chrome browser. It will replace those “cookies” with a new algorithm that analyzes individual consumer’s types, habits, and preferences and places them into FLoCs, which are groups of individuals which will all receive the same ads. These “cohorts” are individuals that share common characteristics such as college-educated, charcuterie-loving golfers, who frequently visit the Hamptons and shop at Nordstrom. Let’s just say this FLoC won’t get ads for payday loans.
Now, even though Google claims it will no longer permit cookies and “will not build alternate identifiers,” it will not apply those new rules to itself. Google will certainly know enough to constantly place individuals into ever-changing groups. On Android devices alone, Google maintains over a dozen unique identifiers. So consumers will be tracked as individuals but marketed to as a group, and as part of multiple different groups. And these groups will change based on the ads being served. Consumers will be dynamically and instantaneously assigned (by algorithm) to different FLoCs based on their profiles and ad content. And as consumers are placed in more and more FLoCs, they rapidly generate a list of FLoCs that uniquely describes…one individual. This is Google’s new Privacy Sandbox. Yes, it’s FLoCed up.
You see, the core problem is Google very much wants to dominate digital advertising—which generates 90 percent of its revenues – but it also desperately wants to be included with the social norm that increasingly values and protects privacy. Stated differently, Google is running a brothel but wants to join the choir.
Maybe we need to take a step back. In the pre-smartphone era (2007), Google acquired DoubleClick and has been the dominant purveyor of “third-party cookies” ever since. To the extent “third-party cookies” are a problem, they are a problem of Google’s own making. So, what’s changed? Well, unlike 2007, Google now dominates global ads. The Google Chrome browser now sits with 65 percent global market share and Google Android is in excess of 70 percent market share. With dominance over both the browser and the mobile OS, Google no longer needs cookies.
What Google doesn’t really say is that effectively none of Google’s own privacy invasive practices are changing. Chrome will still monitor every web site and action a logged-in consumer takes on the web. Android will still collect your precise geolocation, your movements, and your app usage, while surreptitiously mapping every Wi-Fi base station and Bluetooth beacon on the planet. Google search will still catalogue every desire and query no matter how intimate, while the array of Google’s own first-party analytic and advertising cookies will collect more data than the now banned third-party cookies ever would have.
The FLoCers must be ROFLing (I know, very uncool) all over Mountain View because what they have just done – unilaterally—is wiped out the competition for consumer data and any semblance of competition in online advertising, without actually enhancing privacy.
Google’s sandbox is little more than an attempt at using privacy as a pretext to solidify its dominance. It creates anticompetitive rules for everyone to abide by, except for Google. Third parties—some people call them competitors—will be in the dark, but first parties—that would be Google—will have a 20/20 view into every consumer’s likes, desires, and location, to sell ads.
Google’s playbook is actually admirable.
First, Google acquires DoubleClick, rapidly kills off the competition for third-party data collection and becomes dominant in internet ads. Oh, and forget about any promises made at the time of acquisition regarding combining data between DoubleClick and Search. As of 2016, Google takes consumers’ formerly anonymous browsing data and links it with all the other personally identifiable data they have.
Then Google kicks everyone out of its sandbox under the pretext of privacy. So the company most responsible for creating the surveillance economy all of a sudden wants us to believe it values consumer privacy. But, of course, this new sandbox does not apply to Chrome, Android, Search, or YouTube.
Google then tries out the “everybody else is doing it” argument and points to the fact that Safari and Firefox eliminated third-party cookies a couple of years ago. But Safari and Firefox are not dominant in browsers or dominant in global advertising. So, it can be true that the Safari and Firefox decisions were privacy enhancing, while the Chrome decision is competition killing.
Google then leans hard on this concept of first party/third party. They just keep saying it fast enough and nobody slows them down and calls them out. Let’s do that now:
Google can use Search, Chrome, and Android to collect all the data it wants, run that data through its AI black box, and target ads because Google considers itself a “first party.” When someone creates a Google account and then uses Chrome to access the internet, Google uses that account sign-in to assume for itself first-party status.
Also, when a consumer activates a new Android phone, they agree to give Google first-party permissions.
Often times, when a consumer clicks “agree” on a pop-up that appears on a non-Google web site, buried in those terms of service could be language giving Google’s advertising and analytic cookies additional first-party privileges.
But to the typical consumer, the first party is not the web browser they are using, but the web site they are visiting. Think of it this way. When I call my dad using Verizon, I assume my dad and I are the only people in the conversation. The two of us are the first parties. I did not call my dad and Verizon; there aren’t three of us on the call. But under Google’s rules, Verizon is a first party to the call, and they should be able to advertise to us based on the restaurants or movies—or health or financial issues—we discussed on our call.
So let’s follow the phone call analogy to the web. Let’s say I sit down and “call” the New York Times using my Chrome web browser—HTTP instead of my phone. Here, the consumer considers the New York Times a first party—just like when I call my dad. The New York Times also considers the consumer its first party (i.e. customer). It’s ridiculous to consider Google a first party to this interaction just because I am using Chrome, even if the New York Times hires Google to place ads or track analytics on its website. Google, just as Verizon, is just a service provider. Google could ask consumers for opt-in consent to be treated as a first party, but consumers are as likely to do that as they are to consent to Verizon listening in to their phone calls. So, Google just anoints itself a first party anyway. After all, it’s Google’s sandbox.
Of course, if Google were genuine in its privacy conversion, then it would apply its rules uniformly and apply those same rules to itself. It would stop tracking individuals browsing on Chrome and on Android. It would offer consumers opt-in control over their data. It would stop sharing data across its platforms. And it would stop tracking individuals across devices. But, of course, they won’t.
Google just wants consumers and advertisers to sit down and play in Google’s new “Privacy Sandbox” using Google’s rules and terms dictated by Google. Some might call that a Privacy Quicksandbox, but we won’t.
As many of you know, we love bulls at El Toro. Our intern program is called “Running with the Bulls;” our office has been called “The Bullpen” by local media outlets, and; our annual user conference is named “Round Up.” The year 2021 was always going to be an exciting one for El Toro since – according to the Chinese Zodiac — it is the Year of the Ox (which we at El Toro believe is the bull’s brother from another mother.)
Google recently announced some changes to how Chrome will allow 3rd parties to track users. Collectively, these changes have the AdTech world in a panic, with many companies struggling to replace their cookie-based solutions with something else – anything just to remain relevant. But there is no panic (or cookies) at El Toro, and there never has been. Here is how we cut through the Bull…
What is Google Doing?
Beginning 2022, Google is moving away from support of 3rd party cookies and replacing them with a new, less-powerful tool called Federated Learning of Cohorts (FLoC), which keeps data and web history private and instead groups people based on interests to allow advertisers to reach them. This move has broad negative ramifications for companies that have built their technology stack and consumer insights tools based on cookies, which is almost everyone with the exception of Google and El Toro.
Most of the large, independent targeting, trading and analytics platforms extensively use cookies to target ads, resolve identity, and determine campaign efficacy. As such, many of the largest companies in AdTech and analytics including Oracle, LiveRamp and The Trade Desk are rushing to launch systems that no longer depend on cookies. Oracle’s “We’re all FLoCed” post is a particularly fun read.
How does this impact El Toro?
The impact for El Toro so far has been amazing! We have seen unprecedented demand from our customers and media agencies looking for alternatives to cookie-based solutions. The good news is El Toro was established as a 100% cookie-free solution and continues to be today.
As brands and agencies start to look for accurate, measurable, high-ROI technologies to replace cookies, they realize one-to-one IP targeting should be part of the solution, and El Toro is an unquestioned leader in non-cookie data, insights, and targeted digital advertising. We first patented the process of one-to-one IP targeting in 2013, today we have 9 issued patents on this and related processes.
We may be the only AdTech company (other than Google) to embrace this move. For us, we have always felt cookies were an inaccurate relic of the past, and with these moves, Google is now forcing the AdTech industry into the future. For El Toro customers, FLoC will have no impact on match-rate, accuracy, measurability, or efficacy since our tools for ad targeting and attribution have always been based 100% on IP address and/or MAID.
The old saying, “two heads are better than one” certainly rings true for regional Endeavor Entrepreneurs Jonathan Erwin and Patrick Goodman of Red e App, and Stacy Griggs, CEO and President of El Toro Marketing. The two companies have recently combined their entrepreneurial strengths to create HealthePassport, a comprehensive health management solution to help companies reopen safely and continue to protect the health of their employees and businesses by limiting exposure to, and slowing the spread of COVID-19.
Leveraging Red e App’s leading workflow and business communications platform, HealthePassport collects several health inputs from employees and utilizes contact tracing, including GPS-powered location tracking through a partnership with El Toro, the leader in mobile location analytics. This powerful portal allows companies to monitor outbreaks, identify at-risk employees and expedite communications between employers, managers and employees – keeping employees and businesses safe. HealthePassport also generates a mobile, color-coded Passport that can be used for employees to display their real-time health status so they can work in safety with reduced risk of exposure. The companies’ innovative product was recently featured in TechRepublic.
“We believe this challenge needs to be tackled and managed by businesses for businesses,” said Red e App CEO, Jonathan Erwin. “The early results have shown that relying on consumers won’t produce actionable data, relying on manual tracing is too slow, and relying on a hodge-podge of platforms will create more complications than solutions.”
This unique partnership with El Toro and its top-of-the-line tracking capabilities combines the data learnings from two industry leaders, turning mobile devices into powerful, personal, protective devices.
“This is about saving lives and providing businesses with the tools and technologies that can allow them to open in a safe manner,” said Stacy Griggs, CEO of El Toro. “In order to do that you need a broad vista of data and broad participation.”
While this may mark the first time Red e App and El Toro have collaborated on a project, it’s not the first time the two have crossed paths. As three of Endeavor Louisville’s early Endeavor Entrepreneurs, Erwin, Goodman, and Griggs have been acquainted for quite some time.
Erwin and Goodman were the second and third Endeavor Entrepreneurs selected into the global Endeavor network of high-impact entrepreneurs from Louisville in December 2015 at the 62nd International Selection Panel hosted in Mexico City. Griggs entered the scene shortly after in February 2016, following his selection as the third Endeavor Entrepreneur from Louisville at the 63rd International Selection Panel in Dubai.
In addition to being selected as an Endeavor Entrepreneur, Griggs has since joined the Endeavor Board to support Endeavor’s work across Kentucky, Indiana, and Ohio. Both Griggs and Erwin are Peer Mentors for early-stage entrepreneurs in Endeavor Scale Up, a growth acceleration program that connects successful Endeavor Entrepreneurs with start-ups in the region.
Since their inductions to the Endeavor Network, Erwin, Goodman, and Griggs have led by example, growing, scaling and making a positive impact in their industries, and in the region. It was only a matter of time before the entrepreneurial minds of both came together to help solve an issue troubling the nation.
By: Aaron Peabody Do you advertise online? Have you ever wondered who is actually viewing and clicking on your ads? Did you ever get the feeling that something wasn’t quite right? We have. And when we performed some simple math and basic research, we were astonished at what we found.
Each year advertisers are inundated with fraud and non-human traffic which is estimated to cost billions of dollars. When one observes the volume of traffic considered fraudulent, “non-human,” or simply unviewable, the numbers vary with every source. Most sources quote roughly 30%. Imperva Incapsula says 51.8% and Google cites as high as 56%. In 2013, El Toro began analyzing about 91% of all the programmatic display inventory at the exchange level, excluding Facebook and Google. What we uncovered was that there were 20-30 billion quality purchasable impressions every day. Presently, in 2017, Eltoro analyzes 60-80 billion display impressions daily. From simple usage and population studies, we know that Web traffic in the United States didn’t increase three-fold in that given time period. Something was wrong. Where did this traffic come from? How can there be three times the traffic available to purchase in just a few years time? In this article we’ll define the diverse forms of fraudulent and non-human traffic and quantify how much suspected fraudulent traffic is on the Internet.
Fraud and Non-Human Traffic
Fraud and non-human traffic comes in various shapes and sizes. Although both categories feed into the same systemic problem, it’s important to understand the difference between the two. The reason being, is that the general misconception is all fraudulent traffic is non-human (robotic).
Non-Human Traffic
When we refer to “non-human traffic,” we’re referencing what is known as “bots.” Web traffic can be generated by (ro)bots which are computer programs that can mimic human keystrokes, clicking patterns, and/or Web surfing. There are a variety of different categories of bots, but the three you must know are simple bots, sophisticated bots, and botnets.
Bots are typically classified as legitimate or illegitimate. Legitimate bots are usually designed out of a legitimate business necessity for the purpose of doing something advantageous. An example of a legitimate bot would be a Web vulnerability analyzer, referred to usually as a “crawler,” that will look at a website for problems and then document security issues for the owner. These types of bots are helpful and normally not a consequential concern to digital ad buyers.
Illegitimate bots, on the other hand, express themselves in the form of malware, spam, ad clickers, and “viewability” busters. These types of bots are utilized to artificially inflate web traffic, click on ads, mimic human behavior in some shape or fashion, and usually do so with the purpose to delude digital ad metrics and steal from ad-buyers. These bots are employed for malicious intent and are an immense problem for digital ad buyers and the digital ad industry at large.
Human Fraudulent Traffic
Fraudulent traffic that does not fall into the bot categorization is more difficult to track, considering the person initiating the session is an actual human, but the impressions, clicks, and conversions they generate, although made by a human, are fraudulent in nature. Normally this is done for financial gain where the person doing the clicking/browsing/etc. has no intention of buying a product or service, but is being paid to click or browse a site to inflate statistics. This type of traffic is almost always utilized to intentionally misrepresent Internet audiences. Some notable forms of this traffic are click-farms, domain-spoofing, and site-bundling.
Viewability and Non-Human Traffic
In order to counteract the fraudulent traffic problem, the digital advertising industry introduced metrics that were meant to combat fraud, one of which was “Viewability.” “Viewability” is a metric supposedly used to prove if an ad was seen or not. However, sophisticated bots replicate human behavior which can render the viewability metric completely useless. Furthermore, other forms of fraudulent traffic are real humans employing a multitude of tactics meant to abuse an ad system and its automated fraud checks, including those of viewability. So the question is: how can any metric be trusted, if bots, by their very nature, are built to mimic natural human behavior? And if humans are the ones perpetrating the fraud, then the Viewability metric is again useless because the human knows what to do in order to perpetrate the fraud while satisfying the underlying requirements for Viewability or any other standard.
The answer to all of this is very simple: Viewability and other metrics that are employed for the sole purpose of fighting fraud, are not metrics that can be trusted. Period.
Because of the aforementioned, El Toro believes viewability is not the metric that matters when measuring digital advertising success. As such, we have devised a method to measure actual sales lift, revenue, and Return on Ad Spend (ROAS) in a clear and open framework; all of which are real and measurable by both parties. By focusing on actual conversions (both online and offline), each campaign is an honest campaign. Metrics can be abused, but conversions cannot.
El Toro believes in taking the complete opposite position to the industry standard of cookie-based, container-based, and javascript-based programmatic hogwash. Malicious bots are coded to take advantage of viewability and CTR, not work against it. The end result is an artificial boost of campaign metrics and a waste in advertising budgets. El Toro’s technology drastically reduces ad serving to fraudulent traffic by foregoing targeting by cookies and by not claiming success based on unreliable metrics like viewability. Furthermore, El Toro only serves ads to verified IP addresses that correlate with a physical address to a statistical confidence level of at least 95%.
The Math – Quantifying the Number of Impressions in the United States utilizing simple math
In order for an advertisement to be placed, an individual has to be connected to the Internet and browsing the Web. If someone wants to calculate how many impressions are served to a segment of real people, one should be able to quantify that by how many individuals have access to the Internet, multiplied by how many banner ads an average Internet user sees per day. From there, a person with basic mathematical skills could take the amount of impressions actually available on any given day subtracted by the plausible amount of impressions that should be available, and the difference of the two should roughly equal the amount of fraudulent non-human traffic in the United States network. Below, we expound upon this mathematical methodology and extrapolate the calculation. The results will surprise you.
The Equation
As of 2016, according to Internet Live Stats, the United States has 286,942,362 people with Internet access. In 2012, ComScore released a report that every internet user in the U.S. will view an average of 1,707 display advertisements every month. Considering this was the last study regarding average monthly online ad impressions per person that we could find, let’s adjust the figure to accurately reflect current digital media usage rates.
In 2012, the average adult spent 4.1 hours per day online. From that same study we saw a 28.78% use increase from 2012 to 2015, bringing the figure up to 5.28 hours a day. If we assume a consistent yearly digital consumption growth rate of around 29%, the original 1,707 ad impressions per month in 2012 can be adjusted to 2,202 ad impressions per month in 2015 (assuming the digital media they are utilizing has ads, unlike services without ads such as Netflix or Hulu Plus). Simplifying the calculation to daily ads served, let’s divide 2,202 monthly ad impressions by 30 days (in order to derive the daily impressions), thus on average, an individual in the United States sees about 73 impressions a day. Assuming that all 290 million people were on the Internet on any given day, this would imply that, on average, there should be 21.17 billion ad impressions available per day in the United States. Available Internet Users (290,000,000) X Average Daily Number of Banner Ads Seen Per Internet User (73) = Total Plausible Daily Available Impressions (21,170,000,000)
So how does this compare to actual available web traffic? Consider that Google, which owns 42.3% of the digital ad market, serves 30 billion impressions daily. From here we can estimate with relative certainty that there are roughly 70.9 billion impressions available on the market every single day. Or in other words:
Actual Daily Available Internet Ad Impressions (70,921,985,815) – Total Theoretically Plausible Daily Available Impressions (21,170,000,000) =Estimated Fraudulent Traffic Impressions (49,751,985,815) The Answer, Which is a Severe Problem We can estimate that these 49.7 billion impressions being served are either highly suspect or perhaps even fraudulent, and the numbers themselves conclude that up to 70.15% of total traffic is potentially non-human.
So how much does fraudulent traffic cost advertisers in just display advertising? According to eMarketer, annual digital display ad spending in 2014 was $21.07 billion. eMarketer also notes that Display Ad spending was $32.17 billion in 2016. Calculations based on 2014 spending means fraudulent traffic cost advertisers roughly $14.8 billion dollars. Calculations based on 2016 spending show that fraudulent traffic has cost advertisers roughly $22.6 billion dollars– a mind-boggling growth in fraud of $7.8 billion dollars in only two years. Without significant change, this problem is only going to get more expensive as time goes on.
The Solution
The first step of the design of El Toro’s platform was to eliminate the “headless funnel” by identifying highly desirable targets and advertising directly to them. This is the exact same model that direct mailers use and is called “direct response.” The advertiser knows something about the client and then advertises to the client based on what is already known. For example, this could mean that an auto dealership could send a mailer to someone who is due for an oil change, a new extended warranty, or perhaps a new car. But instead of sending mailers to a home address, El Toro is sending digital ads to the recipient’s IP address.
Instead of placing online ads in front of unidentified prospective clients based on the keywords they type into a search engine (which is the existing, old model), El Toro picks the exact household that they want to target via that home’s IP address which we’ve mapped.
El Toro’s platform is designed to specifically reduce the possibility of programmatic ads being seen by non-human and fraudulent sources by designing a system that leveraged IP Addresses instead of cookies. It employs patented algorithms which can ensure a minimum of 95% degree accuracy that the ads they displayed were targeted accurately.
Programmatically, the El Toro system is able to detect malware and infected toolbars, prior to serving ads and thereby creating a solution that connects to the target on a one-to-one basis within an environment where cookies are completely ignored. In other words, instead of adhering to an existing model that is known to be broken, El Toro invented a new model to address the actual problem instead of the symptom.
Prior to a digital ad campaign, El Toro’s clients provide a list of targets which are nothing more than physical mailing addresses. During the campaign, El Toro displays advertisements to those list of addresses which it has converted into IP addresses. After the campaign is run, El Toro asks for the list of mailing addresses of the conversions on the advertisers side and then matches it back to the original list. If “John Doe” who resides at “123 Anywhere Lane, Louisville KY” was on the original targeting list, then “John Doe” purchases, then there is a 1-to-1 match. This is an easy, straightforward way to perform attribution which takes into account almost all forms of purchases/conversions, not just online conversions. When you can prove conversions, then things like Click-Through Rate (CTR), bounce rate, viewability, and other metrics become almost useless.
Additionally, since some clients are likely to purchase in any target group (assuming you did a good job of defining the group) even if we don’t serve ads to them, we then compare these sales results to a control group and determine the real lift in sales and increase in average ticket. Once we have this number we can then calculate a metric called Return on Ad Spend (ROAS), which can be used to measure any of your direct marketing campaigns in a balanced scorecard. No one else in the Advertising Technology industry offers this.
Lastly…
Mark Twain is famously quoted for saying, “Whenever you find yourself on the side of the majority, it is time to pause and reflect.” That saying holds true in regards to online advertising. If you find yourself following the pattern that everyone else is following by adhering to the metrics of the masses, then you’re part of the statistics in the online fraud scheme. The only way to separate yourself from this is to not be a part of the majority.
The goal of this article was not only to point out, with basic math, one of the biggest issues that plagues the programmatic advertising industry– it was also to suggest that you don’t have to blindly accept this as one of those things that come at the “cost of doing business.” And while I might have shamelessly plugged my employer (hey, they pay my bills and give me the platform and opportunity to write articles like this so I obviously I have to throw them a bone), the fraud numbers speak for themselves and they are truly troubling. Not just troubling, but it’s also absurd that with only a few calculations we can demonstrate how big of an issue ad fraud is for digital advertisers.
El Toro has solved a problem for many companies. But it cannot be just El Toro that steps up. It has to be every company in the industry. We cannot continue to use a broken system as a base and then try to develop further flawed technology to try to correct that base’s inherent problems. Many flawed arguments don’t produce a sound conclusion. The only way fraud is going to be stamped out in online advertising is by stopping it before it makes its way into the system.
By reinventing the model, El Toro has opened up a “Blue Ocean” scenario where it doesn’t compete with other media companies on metrics, namely because those metrics aren’t applicable anymore. Instead, El Toro started from the ground up by building a new targeting technology that directly addressed fraud, which then solved the problem of viewability, click farms, and most bots/malware because of the way it is designed to operate. This is the type of thinking that will bring El Toro and other AdTech firms head-to-head against the existing companies that are complicit in the continuation and proliferation of online fraud traffic. It’s not enough to just expose a problem. The problem itself has to be fixed. Luke Wilson’s character in the cult classic movie Idiocracy said, “you either lead, follow or get out of the way.” We are choosing to lead. The Idiocracy reference was intentional– in the movie, society devolved over time as the global average IQ plummeted. As AdTech gets more complex, doesn’t it feel like buyers are getting less sophisticated? Let’s change it together.
In this post we’ll elaborate on targeting via internet cookies versus 1-to-1 IP targeting–the El Toro way, and why one is immeasurably more sound and accurate than the other.
A Brief History on Cookies
When we say “cookie” we’re not referencing the dough creations one bakes in their oven. We are referring to the bite-sized pieces of data passed from a web server to a web browser when you visit a website. This could be represented by the action of filling out a form, or creating user preferences on a website application. Cookies were first baked up at Netscape in 1995 by Lou Montulli. The solution was designed to combat functionality issues he was experiencing within the online shopping cart while building an “ecommerce” application.
By the early 2000’s third-party cookies were already being utilized to place digital advertisements in front of Internet users. The idea of targeting based upon site visitation behavior, as well as creating custom online experiences for users derived from cookie data, was groundbreaking for the times. It also was quite controversial. Many advocated against cookie targeting due to privacy concerns and vulnerabilities (several notable anti-cookie tracking campaigns still exist today). In time these disputes gradually dissolved in intensity and frequency, and what was once was an ingenious engineering solution for online shopping, soon became the main vessel by which digital advertising was served to targeted Internet users. Nonetheless, as the programmatic marketplace for digital media buying and ad placement has evolved, cookies’ original architectural design has not diverted greatly, making the technology rather archaic, and subsequently exposing it to fraud and non-human traffic. Because of this, targeting accuracy for the digital advertising industry has never been more important, and that’s why we plead for media buyers to not get their hands stuck in the cookie jar.
Cookies Never Jailed Anyone: Cyber crime isn’t afraid of the Cookie
No one was ever convicted of a crime because of their cookies. So what does that really mean? Well for example, in the Napster lawsuits, in which both individuals and companies throughout the world were sued or fined millions of dollars for illegally downloading and sharing licensed media, the incriminating evidence came from IP addresses not cookies.
The FBI routed site requests back to users’ IP addresses and matched them to physical home addresses from public record databases. This mapping was then coupled with alternative sources of evidence, such as site activity levels, to convict Napster users of copyright infringement.
Of course this is relatively intuitive. How else would you accurately assess if someone could be convicted of a crime like peer-to-peer music file sharing over the Internet without mapping them to a physical location of where the crime occurred, or where the defendant happened to be located during the crime? The FBI knew site cookie behavior is not an accurate tool to assess cyber crime. Much less to know if a Napster user was “guilty beyond a reasonable doubt” of actually distributing and ripping music files. All that cookie information would divulge is if the user visited the Napster website, and perhaps the time spent on site. Cookies are not built with the functionality to identify Internet users 1-to-1 at the household level. They’re behavioral trackers, not location trackers–and more or less aggregate data, rather than delineate it.
So with all things said, cookies were not an appropriate system to identify people uniquely at the household level in order to build lawsuits against Napster users. When it comes to building compelling legal evidence that an individual has committed a crime, accuracy is everything. Only an IP address mapped to a home address provided precision to endure the courtrooms. And advertisers should demand similar targeting effectiveness when running digital display campaigns.
A Notion On Why the Cookie Crumbled
While writing our first comprehensive post regarding fraudulent Internet traffic, we were continually asking the question, “How did this all run away?” The story isn’t necessarily just how shockingly excessive fraud is in the digital advertising world. That’s old news. Newspaper headlines have gradually cited the increase in internet fraud over the years–with each published number more scandalous than the next. The compelling story is both “how” and “why” this happened. And why so many people don’t seem to really care.
If we are to divulge exactly how this house of cards was propped up, we need to start with the fundamental incentives that drive the digital advertising industry. The whole business model is inexcusably backwards.
For starters, the exchanges don’t value Internet traffic at the household level. Rather, traffic is accepted from publishers with very little screening. This means that rather than quantifying how much traffic could feasibly be available in a given geo-parameter, and arbitrating traffic from those households to guarantee the placement of impressions in front of real people–media buyers rely on the benevolence of publishers and ad networks to validate their inventories, and then proceed to purchase digital ad placements from them. If this sounds crazy–you’re not alone, we think it is too. It’s actually in the ad networks and publishers best interest to purchase that traffic at the lowest amount possible (almost always signifying extremely poor quality of inventory–bots, fraudulent human traffic, etc.) and sell high. This subsequently means more profit for them. This is why publishers won’t divulge much information about the traffic on their sites which is usually limited to their monthly active users, and general country demographics of site visitors. The expectation is that media buyers on ad exchanges are sophisticated and have the technology to cipher the traffic themselves–which we know is just not the case–So brands and agencies end up getting ripped off.
On the side of the equation lie advertising agencies. Agencies typically serve as the campaign organizers and media buyers on behalf of their clients, but they too are improperly incentivised. Agencies are given a budget by their clients to spend, which subsequently makes them revenue consumers–not producers. The performance measurements of an agency typically aggregates click through rates (CTR), time on site, and cost per acquisition (CPA).
The problem with this is that none of these key performance indicators (KPI’s) tell us very much about who was engaging with the advertisements, and if that traffic actually converted to real sales dollars. John Wanamaker famously said that half of what he spent on advertising is wasted, the problem is he didn’t know which half. This is because sales attribution is impossible to measure without knowing who your targets are on a 1-to-1 level.
So with exchanges improperly incentivised to increase traffic, and most agencies — the primary media buyers– not incentivized to optimize ROI for client’s ad-spend due to the very nature of their business model, the industry is left with a mechanism primed for people to take advantage of programmatic inefficiencies. But it doesn’t stop there.
The industry has relied so heavily on outdated, incomplete performance measurement systems, such as CTR and viewability (a metric designed to “prove” if an ad was seen or not by a human) that players have lost complete perspective on the goal of a digital advertising campaign. The goal of digital advertising is, and should always be, to generate revenue. This happens in the form of sales conversions. Some will argue that branding awareness plays an important role in all of this–which as a former graphic designer, I will not rule out completely. However, branding awareness is just a distant cousin of a firm’s goal to drive revenue. What else would it be worth if that were not the case?
With all things said, the industry has been dying for a sophisticated buyer to emerge onto the market. One that breaks the incentives of all the other players. One that vests interest by producing ROI for clients, has incentive to purchase from premium human traffic, and is empowered with the technology to navigate the complexities of programmatic exchanges.
The Bull that Ran Over the Cookie
Internet Protocol Addresses (IP Addresses), are essentially like the street addresses of the Internet. IP’s are used to identify a device, or devices, connection point to the Internet. The early concept of geo-targeting was built upon the assumption that IP’s are relatively stable, and are also a pretty good signifier that the traffic routed via the address is “most likely” human. When the industry decided to begin targeting via IP addresses, their motivation largely stemmed from having the ability to build better segmentation models. For example, if one were to run a geo-targeted campaign around a local restaurant–one could choose to set fencing parameters of IP’s within a five mile vicinity from that restaurant. That granular level geo-targeting could then be coupled with cookie data, (such as how the Google Adwords platform is built) to “accurately” place ads in front of Internet users.
The idea of geo-targeting is not necessarily “new”. However, its original form was sorely lacking one crucial component: bypassing the cookie pool and instead map the IP address to an actual home address. Part of the reason why geo-targeting has subsequently failed (unbeknownst to most advertisers) in the past is because relying on just an IP for targeting, while also assigning value to the impression through the cookie pool in the exchanges, can be atrociously inaccurate. Here’s why:
Cookies Skew User Data
Let’s examine my browser history to better understand how advertisers could bid on my cookie profile.
Some popular sites I visit frequently are forbes.com, nytimes.com, motortrend.com, watches.com, and amazon.com (where I curate my reading selection which includes books on business, economics, mathematics, design and engineering, as well as novels on business titans such as John D. Rockefeller). I’m also prone to window shop on zillow.com for homes I can’t afford for pure amusement. Recently I’ve been spending time on jewelry sites as well in search of the optimal Mothers day gift. So what would my cookie profile look like to marketers?
Well considering I read my news on the New York Times and Forbes, to an advertiser I would be someone of affluence. Coupling that with my time spent looking at fancy watches and cars, their assumption would be that I am a top tier earner in terms of gross income and available disposable income. My reading preferences signal a more mature reader profile, and the expensive house perusing is the real kicker. Heck who wouldn’t want to advertise to me, I’m probably cash flush right? And the jewelry shopping would probably flag me as married with respects to the other variables mentioned earlier.
I can promise you I do not have the income to purchase a Mercedes-Benz S-Class Coupe in the near future. Nor will I be purchasing a yacht, million-dollar home, or a Rolex. I am not married either. Just about the only thing that would make sense is re-targeting me with the books I’m shopping for. This example is rather facetious–I’m aware. But nonetheless, that really does prove my point. Advertisers relying on programmatic ad targeting via internet cookies are wasting impressions on someone like me, who will not be buying those things any time soon. I regularly receive display ads for all of those items mentioned above. Wouldn’t it make more sense to target me based upon legitimate demographic data or data compiled from CRM’s, not just my browsing history?
I.P. Traffic Anomalies
Since El Toro is an ad tech company, we’re plugged into the largest, invitation-only programmatic exchanges. So one could consider it a dark market, meaning many media buyers (and most advertisers) will never know what happens behind the curtain.
One thing we find particularly fascinating is when we observe extremely high traffic volumes coming from a singular home. In our previous article about fraudulent Internet traffic, we estimated that the average internet user will see about 73 banner ads a day–give or take 5-10 impressions based on relative activity levels. So a household, depending on how many people live there, could really only have a few hundred available impressions for purchase on any given day. However, there are times when we’ll see a singular home that has 10,000-30,000 available impressions in a given weekend. How could that possibly be? Clearly this is highly suspect traffic, so we choose not to serve to it. But considering most media buyers will not bypass the cookie pool in the exchange to even have a chance of observing this anomaly, they’re left to bid on questionable and suspect impressions unbeknownst to them.
Other times we’ll see an IP appear in multiple different states over the course of a week, and then also see that same IP pushing traffic in high volume from a foreign country such as India. Again, this is extremely fishy behavior, and to us, most likely would signal click farm activity. The only way we’re able to validate this assumption is by matching the IP’s to actual physical addresses. To the folks bidding in the cookie pool, this would look like normal purchasable impressions.
The Magic Equation: To El Toro — IP Address = Home Address
So why does El Toro choose to target based upon an IP Address matched to a physical address? Well if street addresses are the identifier for where a household is positioned on the physical globe, and an IP address is the identifier for where an individual is accessing the Internet, then correlating the two would give us an extremely confident sense of who we’re advertising to and where they are located.
Additionally, since we know the households we’re targeting prior to serving digital advertisements, we can customize audiences for our clients based upon their CRM data or actual demographic data. We then bypass the cookie pools and bid on the impressions via the desired IP addresses, which truly is the only 1-to-1 100% cookie free targeting methodology available on the market. Finally, considering we have identified our targets before campaigns have launched, we can calculate Return On Ad Spend (ROAS) for our clients based upon who actually converted to real sales dollars post campaign. This would eliminate John Wanamaker’s fear of not knowing where half his ad-budget went to use and his other fear of half of it being wasted.
In this day and age of complex programmatic ad placement buying and excessive Internet fraud–there’s just no other system built to the El Toro standard of veracity. Are you losing your appetite for cookies?
Onward
The point of this article was to address that advertisers lackadaisical disposition towards Internet fraud can no longer be grounded upon “lack of solutions.” Although we stand to benefit from the validity of our arguments, please understand that our great commission is to ratify the way digital advertising occurs–in order to create a more honest, transparent, and results driven industry. Our plea is that buyers don’t continue to subject themselves, and their clients, to the cookie scam. Precious resources are being wasted on mechanisms unintentionally designed to fail. And they will continue to fail.
A popular slogan you’ll hear and see in El Toro marketing materials is: “We dreamed with you, and evolved for you.” We stand by that undertaking and responsibility, for we too have endured the frustrations of media buying. We saw the sinister repercussions of an ill-aligned and mis-incentivised industry and chose to build something to alleviate that tribulation. We’ll continue to innovate and disrupt relentlessly to secure a better future for the world of digital advertising.
The digital advertising industry has operated under false perceptions and inefficient mechanisms for far too long. The players have accepted this as just the cost of doing business, but it doesn’t need to be that way! When running digital advertising campaigns with El Toro, you won’t have to deal with not knowing where 50% of your ad budget goes. You’ll know who you’re targeting, and who actually converted to real sales dollars. You’ll know if your campaigns are producing meaningful results that won’t be measured by just arbitrary metrics. And that’s how the cookie crumbles.
Third-party cookies – the backbone of programmatic advertising – are not long for this world. Google’s Chrome browser will phase them out in two years, according to a Tuesday blog post.
Google Chrome is betting that its Privacy Sandbox – the privacy-preserving API first unveiled in August – will over the next two years build functionality that replaces third-party cookies.
“We are confident … mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete,” said Justin Schuh, director of Chrome engineering.
Google Chrome proposes to store individual user-level information in the browser, letting outside ad tech companies do an API call to the Privacy Sandbox in order to receive personalization and measurement data without user-level information.
The idea bears some similarity to Ads Data Hub (ADH), a Google spokesperson said. Since Google closed off access to DoubleClick IDs, the only way to analyze user-level information in campaigns is through Google’s privacy-focused ADH cloud. And the data can’t be exported.
How Google will support cookie-less measurement and targeting
The loss of third-party cookies endangers a number of marketing activities on Chrome, from targeting to measurement.
Google’s Privacy Sandbox will first try to solve for conversion measurement, followed by interest-based advertising.
By the end of this year, the Google Chrome team will begin trials that allow for click-based conversion measurement without third-party cookies. Conversions will be tracked within the browser, not a third-party cookie, according to a Google spokesperson. When an advertiser needs to track a conversion, they’ll call an API that will send the conversion value from the browser. Individual user data would not be passed back.
Google Chrome will next explore how to run interest-based advertising without third-party cookies.
This pilot will test a couple of different scenarios without third-party cookies.
For instance, an ad tech provider might call Chrome for a list of people who have visited a group of 100 sites, avoiding granular targeting. Or, Chrome might group people with similar browsing habits.
Regardless of the methodology, it seems as if Chrome will support messaging a cohort of users, but 1:1 messaging is out.
Massive impact on Google, publishers and vendors
These changes will affect Google’s business buying ads across the open web, often known as its DoubleClick business, a Google spokesperson confirmed.
Google Display Network, for example, relies on third-party cookies to serve ads based on a person’s browsing behavior. For those ads to continue running, this Google product would need to use the Privacy Sandbox API.
And Google’s partners – including publishers using Google Ad Manager to sell their ads – would likewise be affected. Google released a study last year showing that removing third-party cookies reduced publisher ad revenue by 52%. Making sure this change doesn’t negatively impact publishers is a priority, the Google spokesperson said. The upcoming pilots will compare monetization for publishers under the new setup vs. the old one with third-party cookies in place.
However, Google’s much larger business serving ads on Google.com and YouTube.com would mostly be unaffected, since it runs on first-party cookies.
Chrome’s Privacy Sandbox is open, and any ad tech company with a third-party cookie offering would be able to call the API.
However, these outside ad tech providers would lose access to data they gathered through third-party cookies when they get phased out. Instead, they would need to target and measure ads by calling the Chrome browser API.
