New Anti-Clickfraud Tools from Blowsearch

34 comments
Source Title:
BlowSearch Releases Anti-Clickfraud Tool
Story Text:

Blowsearch have released anti-clickfraud tools, the DefenderT and Click Defender that will check to see if the clicker is human or bot...

If you've not seen it, there's a wonderful debate on clickfraud featuring Joe (agotoguy) from Blowsearch, Fantomaster and others.

I couldn't find a link to the tools, or a press release, but im sure Joe will see this and give a few more details :)

Comments

a link

site is not up yet, but http://www.clickdefender.com/

 

Nothing like a well planned launch...

thanks seobook

 

>Nothing like a well planned launch...

yeah, I told him that I thought the page could have at least expressed the site purpose on some front. He told me the URL was all that mattered. On that front, I just registered ClickFraudClickFraudStop.com and am populating the site with relevant on topic porn offers.

 

Blowsearch is such a terrible name. "The search that blows"...what were they thinking?

 

And..how can they tell if it is a human or a bot? Is there a definitive way to do it?

 

I guess the real questions / issues are:

  1. If the technology is on the search side why should we trust it? After all, the search engines are already actively fighting click fraud. If it is a better solution they why aren't they already using it if they actually care about the problem?
  2. If the technology is on the consumer side it probably can be easily reverse engineered. Even on the search side it is something that will be reverse engineered.
  3. There are other products on the consumer side. It may be better than those currently on the market, but it is probably not going to just stop click fruad.

>Blowsearch is such a terrible name.

yeah. not sure where that came from.

Hardly fail safe

Is there a definitive way to do it?

Depends on how smart people are trying to circumvent it. Basically, yes, there are many factors you can take into consideration to discern whether it's a human visitor or a bot ranging from UserAgent variable content to bot behavior on site, etc. etc.

But this is far from infallible, especially when attacking bots refuse to play by the rules.

And yes again, seobook: most anything can be reverse engineered and the only institutions you could ever really trust (to a certain degree) would be neutral third parties monitoring the clicking process.

Need To Make A Correction Guys

The Media Post article that ran was incorrect in stating 2 products. There is one. It also incorrectly stated that the product was fully launched - it is not. They have run a retraction on it today.

Click Defender is currently live across our affiliate feed and working like a charm. Have your doubts, say what you like, but we have a product here we will stand by. Can someone crack it, sure if they are savvy enough. However if they do we have built a system that will show us that crack in real time to address it and shut it down. There is no current software we know of in existance that can fool this system. The click fraud problem, at least for us and our network is resolved.

The proof is in the pudding. The product is not fully launched onto our advertiser side until month's end. We'll be happy to let you test to your heart's content once it's in place. You will be impressed.

If you have thoughts or questions bring em on. I'm here and ready to address them for you.

BTW, Third Parties

Will be an active part of the Click Defender process. We are already in preparations for testing with a few click fraud auditing services. Those results will be released to the public. You don't have to just take our word for it. We want you to be confident that what we are doing really works.

Here's a more well written article for you to view:
http://www.dmnews.com/cgi-bin/artprevbot.cgi?article_id=32585

BTW, the BlowSearch name was chosen on purpose because of memory recognition patterns. Bever heard of Blow Pops, or WANG Computers? And it's "Search as fast as the wind." LOL

machine access is questionable

To develop the technology, BlowSearch identified 20 points on a machine that indicate a valid user as opposed to a scripted user. Then it discovered certain combinations of those 20 points that would indicate whether it is a false click.

What do you guys, especially Fantomaster, make of this?

20 accessible data points, that is characteristics, accessible from the browser? How long before the major browser vendors sandbox this in response to hype from the anti-spyware vendors?

I take it that the 20 points, being trade secrets will not be enumerated publicly and will require a certain amount of reverse engineering by those interested.

Of course if they are willing to enumerate them, that would make interesting reading. Apparently, this is patent pending, anyone have the patent filing number?

++

I've always had a problem with slick numbers

ranging from the "10 Commandments" via Walter Pater's "Clouds can be painted and sketched in the following 10 manners" to "99 Things to Do in Zero Gravity" (which, at least, was a parody). More often than not, when you analyze such number schemes they'll usually boil down to something entirely different (mere subsets counting for full categories, etc.).

Also, it's a fairly common marketing trick: "The 7 Greatest Mistakes You Should Avoid in Online Marketing" - so if you can think of 5 yourself, you're supposed to get so excited about not guessing the other two, you're hooked to buy, yawn.
(Reflex Based Marketing™ is what I call it, he he.)

But to the point. Sure, there are quite a few indicators you can identify to determine machine clicking, though I've never bothered to actually count them. It's not all about browsers - header calls, robots.txt calls, cookies, JavaScript, etc. sure, but all of that is dead easy to simulate if you know how to build a decent spider. IPs, hosts and geo location are another matter, but that, too, can be overcome if you've got the financial muscle and the determination to do it. (Which in turn is usually determined by the degree of profitability divided by the chance of detection.)

And yes, then there's permutation. However, just as no click fraud (CF) protection system can be 100% infallible, no CF perpetrating scheme needs to be 100% perfect either.

If you generate a million automatic, fraudulent clicks in varying randomized patterns and combinations a day, even if 90% of them are detected that would still leave you with a stately 100,000 revenue generating hits. Obviously, this won't work for smallish sets of keywords and it might require a thousand CF web sites and lots of publisher accounts to handle as unobtrusively as possible, but then again that's only one, the maximalist approach.

You could also work it low key on the principle that "a click a day holds the landlord at bay" - softly, softly and no big issue individually, perhaps, but overall it soon adds up.

And then there's medium scaled models etc. etc., you get the drift.

It's been happening on eBay for years - no vendor in his right mind will run the risk of actually having to part with goods he or she paid 10 bucks for in the first place for a mere pittance of 1 dollar: you'd soon be out of business if you did. So what do they do? Set up networks of friends and partners and relatives and even business associates and competitors to drive bids over break even point. In total violation of eBay's TOS, of course, but unless you're darn stupid about it you'll hardly ever be found out.

but ...

The point I find somewhat incredible is that there are 20 identifiable datum on the machine accessible by the browser. I am excluding the ability to just open a socket and do whatever you please for the moment. This is because in order to identify the variance from the norm, you first have to establish the norm, which is the browser being able to reflect those 20 identifiable datum. Moreover, they refer to the machine and not the browser. This implies a greater degree of access than the popular browsers permit.

So what might those 20 be, that are of sufficient dynamic range to be useful as identifiers.

The only new one that comes to mind might be the approach of using time skew fingerprinting. This would take an enormous amount of cpu cycles.

Since Agotoguy is unlikely to comment further, I yield the floor again to Fantomaster ...

Don't think browsers only

think machine behavior as projected into traffic patterns. Plus, geo location factors are technically independent of both, so are Host referrers, IPs, Whois data, etc.

And yes, time skewing could be of use as well, same goes for more conventional, obvious stuff like how long it takes on average until a link is clicked on a SERP, etc.

As for "those 20", read my previous post. Just because someone says they're 20 doesn't mean you and I would categorize them differently, as 18 perhaps or even as 25. So I'm not buying into that.

Anyway, a lot of what we're discussing here is very much related to spider detection which is, of course, one of our corporate mainstays (and trade secrets).

So: sorry, but I'm afraid I'm not going blog away the farm, no offense. :-)

Unlikely to comment?

C'mon guys you should no better than that! Of course I am paying attention.

Ok, to answer the BIG question - HELL NO we are not going to tell anyone what we are doing. Fanto is indeed correct (and we have had that discussion before) that nothing is 100% fool proof. However we have also built the system to detect work arounds. Right now we believe we have a product that is highly effective. Might that change with time? Sure, but so will Click Defender.

See what Fanto dosen't realize is that the idea of "a thousand CF web sites and lots of publisher accounts to handle as unobtrusively as possible" is just not plausable. Why, because the engines themselves control their networks and there are certain standards that must be met in order to be accepted into them. Knowing your network partners makes all the difference. 99% of the ones who apply for an XML feed are rejected. Why? Well, to be blunt.... their traffic is crapola.

I don't buy the theroy of "a click a day holds the landlord at bay". The fraudsters are simply going to move onto greener pastures for easier pickings and we'll be happy to let them degrade other PPC networks. It means more business for BlowSearch. Sure there will be a few script kiddies excited by the challenge but that is why we will be offering a Guarantee. The final nail in the coffin is the tie in of 3rd parties auditors who we will be working with. That makes what we offer a complete solution.

We know nothing is perfect. Offering a guarantee and the ability to have us work in cooperation with auditors creates validity and trust between us and the advertisers we serve. It also adds additional eyes watching over our traffic.

Search marketers have been asking for the tools we have on the table for years. I heard them all that time I was with the "other" engine. I listened and took my notes. The team at BlowSearch has done a fantastic job of helping make the ideas we shared before they even hired me, a reality. What we are about is giving you guys what you have asked for. No we will not reveal our secrets but we can still fulfill our responsibility to our advertisers either way.

Fantomaster, like others, have their own reasons for doubting what we are doing. As he said himself, "a lot of what we're discussing here is very much related to spider detection which is, of course, one of our corporate mainstays (and trade secrets)." I don't balme him for wanting to discredit what we have. It might threaten his very business model. Rest assured Fanto that this technology is staying in house. We are not giving it away so your secrets are safe with me.

Fanto is a sensationalistic writer and very prolific at it. I really enjoy reading his posts.

PPC marketers have wanted this kind of protection for the longest time. What I don't understand is why the flap over discrediting something before you even have the opportunity to test it? Maybe what we have really works gang? Maybe we really can detect what no one else can? Fanto, knows it is possible to build it. He also knows it may be possible to work around it. What he dosen't know is that if someone does they will get caught. It's all in the metrics. The data is there. We just figured out how to use it.

but, but, but ...

unlikely to comment

Ok, let me rephrase that as unlikely to divulge useful details

Fantomaster, what I am driving at is that job number one is to baseline what a browser looks like over the wire. Only after establishing that baseline is it possible to say that a particular click deviates from the norm. That means that those 20/19/18... machine characteristics must be determinable from within the confines of the browser to be further manipulated before going over the wire. As differentiated from robot detection, your mainstay, click fraud behaviour differs from robots in that they will never go after robots.txt, come from a much larger pool of ip's, can be programmed to be inefficient, can be programmed to process JS, process cookies, headers, send headers exactly duplicating the usual browsers, blah, blah, blah ...

If the clickbot limits it's exact behaviour to that of IE, I fail to see how clickdefender can force a differential response pattern. The differentials are just not there to either manipulate or determine.

Given a sufficiently good emulation, the only differentiating data at the server nic is ip address and port. With enough intervening machines, these are not hard to manipulate either.

So I am saying that not only are there not 20 newly discovered identifiers, there are none. Only the possibility that the existing identifiers are interpreted in a new way.

Of course, the proof will be in finding an opportunity to reverse what is seen on the client side of the wire. Or, look at the patent filing, should one be forthcoming. Blowsearch, or the inventor has to either treat this as a trade secret or file the patent application. They claim it is patent pending technology. If they have filed, sooner or later it has to be divulged and cannot be treated as a trade secret.

Fanto ?

Not far apart

As I see it, we're on the same wavelength here. What it boils down to is that if a click bot can simulate a web browser 100%, it's non-browser specifics that will count. Maybe you're taking that "machine" bit of Joe's a mite too literally, but that's something he would know better than I.

So simulating a browser is one thing (easy) - any well designed spider can do that including JavaScript, cookies, graphics, the works.

Where it gets a bit more complicated is simulating typical (i. e. statistified and parametrized) human behavior.

E. g. how long an average, authentic human visitor will normally view a SERP or several before actually clicking on an ad or a paid listing. Or where traffic actually comes from (geographically, IP related, etc.). Peak traffic days, depending on target group (e. g. weekends, times of day, public holidays, etc.) Nothing insurmountable but fairly sophisticated.

Re patents, I'd rather defer my judgment: patent law being much more liberal in the U. S., I'm not sure they couldn't file a patent without giving anything away in detail. But not being a patent lawyer or involved in patenting to any serious degree, I'll leave it to the experts to make sense of this particular rats nest.

Let's get some things straight here

Joe,

to set some things straight, and I quote you:

Fanto is a sensationalistic writer

Assuming it's actually "sensationalist" what you meant, of course you're perfectly free to view it any way you please.

However, name calling and ad hominem arguments aren't typically the resort of someone who's justifiably as confident about his case as he claims to be.

Neither is character assassination of the "ulterior hidden agenda" insinuation type.

Fanto is indeed correct (and we have had that discussion before) that nothing is 100% fool proof.
[...]
We know nothing is perfect.

Yep, after enough people pointed it out to you. This was your original take:

The "infallable solution" allows for any work around to be caught and killed in minutes.

Source: http://www.threadwatch.org/node/2270

I don't buy the theroy of "a click a day holds the landlord at bay".

Buy what you like - it's happening and if you choose to ignore it or pretend that it doesn't exist, big service you're doing your advertisers: isn't that exactly what the others are doing all the time? And why you're in business: to put an end to their deniability tricks? Sorry if I misread you there, though a hunch tells me that I'm probably in the best of company on that score ...
How I know that it's happening? Simple: I've seen it myself, in fact we're currently preparing litigation focused on this. And I'm not interested in getting back the money so much because that's a) fairly trivial, and b) will come later anyway - it's the fellow doing it whose balls I'm after.
So don't tell me it's not there - either you know better, in which case you're lying. Or you don't, in which case you don't know what you're talking about and brushing up on your homework would be in order.

your secrets are safe with me.

Nothing personal, but I'll rather take care of "my secrets" myself, thank you very much.

For someone who isn't even aware of the fact that a run-of-the-mill service like AOL assigns new, dynamic IPs to every fresh browser window opened, that's quite a mouthful you're spreading ...

I don't balme him for wanting to discredit what we have. It might threaten his very business model.

So expressing skepticism when confronted with high flying claims instead of waxing all excited and affirmative about it is "discreditation"? Funny dictionary you seem to be using.

Nor will it threaten my business model even if it should work (for which, you may remember, we only have your word so far): our clients aren't people worried about CF (which, albeit a phenomenon as old as banner ads, has only cropped up as a major buzz word very recently), though we'll cordially invite anyone to our fold who is. And no, I'm not going to bore people with our client demographics - believe me or not, CF is definitely not our clients' primary concern. But ROI is, which is a different topic and doesn't belong here.

But to your more salient points:

See what Fanto dosen't realize is that the idea of "a thousand CF web sites and lots of publisher accounts to handle as unobtrusively as possible" is just not plausable. Why, because the engines themselves control their networks and there are certain standards that must be met in order to be accepted into them.

I'll gladly concede that hand picking your "publishers" (well, that's nothing but a new-fangled fancy word for "affiliate partners", isn't it?) may and probably will do a load of good in toning down CF. On the downside, you're considerably reducing ad exposure that way, too. (Ok, preferring quality to quantity myself, I don't have a contention with that. But it will significantly limit your ambitions to break out of the "middle tier" ghetto, at least for a very, very long time.)

And what it won't address is the issue of competitors clicking people's advertising budgets to oblivion. With click bot nets.

So you said in your article that that's a very minor problem. Not sure if I can follow you there: again, I've seen that happen, too. Also, there are quite a few people on this forum who have actively been approached by clients to do it for them.

And: in a multi-billion dollar market, how minor is "minor"?

Fanto, knows it is possible to build it. He also knows it may be possible to work around it.

Sign me up for the latter statement, not the former - in any case it's a pretty self-contradictory assertion.

What he dosen't know is that if someone does they will get caught. It's all in the metrics. The data is there. We just figured out how to use it.

Interesting, how well informed you seem to be about what I do know and don't - more than I do myself at times, methinks.

Finally, let me reiterate that voicing musings, doubts, criticism in response to exuberant messages making fairly hefty claims is what forums are all about - this has nothing to do with product bashing or trying to "discredit" what, from our point of view, is still nothing but hot air. I'm sure that everyone participating here will be perfectly happy to stand corrected and acknowledge as much if your approach should indeed deliver as promised. I know that I would.

Until then, however, I really don't see why we shouldn't discuss the mechanics - real and virtual - of CF and analyze which counter measure may or may not work.

Or, as you would probably put it: "Even though it may prove a problem for your product launch." Hum.

sorry I still approach this from the other angle as well

It clearly is possible to prevent click fraud - I mean you can just assume every click is fraud, voila. What is important as well is how well it deals with non fraudulant clicks.

If so many clicks are counted as fraudulant and the measures are so expensive that the cpc has high baseline, then from an average advertisers point of view there's little incentive to use the system. I'd be really interested to see where this averages out a year after launch, I'm yet to be convinced for most advertisers in most markets that click fraud levels justify such extreme solutions.

Perhaps it's just because I tend not to have ads for adsense and therefore get less fraud, or perhaps it's because we write targeted ads and actually conversions would be way good rather than just decent if fraud was taken out, but I honestly have only seen one set of clients stats that really worried me and it turned out that was just fraud, not click fraud.

Now I'll prepare to be shouted down :)

Trade secret... hmmmm....might be a better idea....

Point well taken plumsauce. Indeed we are filing, however it takes quite a long time given the patent office backlog even for the pending patent to get published. At the current time we're being told no less than one year and as much as two.

And you're right we can't divulge "useful details". It dosen't benefit our advertisers to have our technology reverse engineered. That only benefits those who wish to commit the act of click fraud. I'm hoping that is not why you want those details? After participating a number of discussions here at ThreadWatch I have a good deal of respect for you guys and your opinions. I'd like to think we're not trying to uncover the processes so we can perpetrate more abuse of paid advertising.

BTW, "Of course, the proof will be in finding an opportunity to reverse what is seen on the client side of the wire." You're not going to find it there. The advertiser's logs will show the same old info they always did. Nothing changes on their end other than being certain they are getting quality traffic.

prior art

BTW, "Of course, the proof will be in finding an opportunity to reverse what is seen on the client side of the wire." You're not going to find it there. The advertiser's logs will show the same old info they always did. Nothing changes on their end other than being certain they are getting quality traffic.

By client, I am referring to the box where the click is initiated and not the advertising buyer.

If you are sufficiently confident that your technology is not visible from the network then the use of trade secrets is actually superior to patent protection. The backlog at the USPTO has nothing to do with the one to two year period that is being quoted to you. Those time periods are built into the regulations. The application will be published one year from the filing date and may be delayed using certain procedures for up to the longer limit of two years.

If the code that I have seen coming over the wire is any indication then there are competing patent applications in existence. One of them was filed in 2003.

A click fraud artist would be just as reluctant to encourage public discourse about the techniques used as clickdefender. For a click fraud artist it is all about keeping learned lessons secret because those lessons have a monetary value. The stronger the system, the more value there is in possessing a method to circumvent it.

two little tidbits

Since nothing technical is forthcoming, let me add just the two little things below:

1/ Yes, we are on the same wavelength. The only method, short of that new flash thingy, for extracting, organising and returning information from a legitimate click is JS. JS has limited access to unique information. It cannot even access iframes readily. Add to that the ip address, port, and port sequence, and that is about it. This is the basis for the normative behaviour. We all understand this. What is sensationalistic is the emphasis in the claims by blowsearch that there is some uniquely reliable and definitive method of detecting click fraud.

2/ Google's apparent defence to click fraud claims is the new terms of service introduced which give them the final determination as to whether click fraud has occurred, and that, compensation for click fraud is limited to adwords credits, not refunds. It appears that their confidence in their ability to detect click fraud is not high enough for them to leave themselves exposed to monetary claims.

Last month Google CFO George Reyes conceded that click fraud was a significant threat to his firm's burgeoning bottom line. "I think something has to be done about this really, really quickly, because I think, potentially, it threatens our business model," he told an investors' conference.

Plus some

Add to that the ip address, port, and port sequence, and that is about it.

Plus Host address, UserAgent and http_referer variables as well as some derivative info (e. g. geo location, documented open proxies and anonymizer gateways, etc.), yes.

The rest boils down to policy. E. g. if only 3% of web browsers have their JS function turned off, you could plausibly discount this traffic as irrelevant ("pseudo-fraudulent" or "high fraud risk profile" or similar) by default without further analysis. This might arguably eradicate quite a bit of the less sophisticated CF attempts including dumb spiders.
The same goes for excluding traffic by country of origin (e. g. high risk locations like China, Russia, etc.) based on historical data - very similar to spam filter heuristics or anti-virus technology.

A fairly smart combo of nitty gritty tech factors and "external" data evaluation could indeed reduce current generic CF significantly.

But from a security point of view, that's akin to the search engines dropping meta tag evaluation when these began to be keyword stuffed, with SEO moving on to greener manipulation pastures instead. As pointed out before: it's an armament race with the victims (search engines, PPC providers) always working on a strictly reactive basis - which, when all is said and done, translates down to "coming to late".

There seems to be a very low degree of "anticipatory development" in these fields (spam protection, anti-virus tech, anti CF setups) which is probably a corporate culture thing. Ok, was a time when the old adage that it takes a thief to catch a thief converted into security firms hiring notorious virus hackers, but I'm not sure that this really ever significantly went beyond the usual media hype. (There's an interesting parallel in parapsychology, btw: it took them the better part of 60 years to come to terms with the fact that they'd better hire some trick experts, stage magicians etc. in order to stop making themselves the laughing stock of the scientific community by continuously falling for the oldest of stage tricks ...)

It was a compliment, not an insult Fantomaster

Fanto, I was trying to give you a compliment. I really do feel you have a flair for sensationalism, meaning that you tend to invoke a very passionate response based on ideas that are simply plausible rather than practical. You have a great way of putting things even though in my view some of the ideas really are pretty far out there.

I really do enjoy your writing - it was not a personal attack on you at all. In fact, I don't even know why you would see it that way? Just because we don't agree does not mean I am attacking you, or your character. Let's get that straight right now, OK?

Oh, BTW from Dictionary.com (yes I know how to use words, most times)
the word sen·sation·al·istic is the adj. for sen·sa·tion·al·ism. I may not have the best vocabulary in the world but it's not right to simply pick apart someone else's statements like that.

Also, I did retract what I said in that past thread Fanto even saying "I have seen the error of my ways" or something like that.

Plumsauce, good food for thought.
By client, I am referring to the box where the click is initiated and not the advertising buyer.
I had assumed you were speaking of the client side. We have taken appropriate precautions to make sure that the box where the click is initiated is given only the info that is needed only to display the actual listing. All of the major calculations happen on our servers.

Let's remember that I have said that it is not impossible to work around our system, but we have made it entirely so difficult that unless there are certain variables we believe to be human behavior, the clicks will not be charged to the advertiser. Gurtie had a very important statement you all missed:
I mean you can just assume every click is fraud, voila. What is important as well is how well it deals with non fraudulent clicks.

Now back to Fanto
So don't tell me it's not there - either you know better, in which case you're lying. Or you don't, in which case you don't know what you're talking about and brushing up on your homework would be in order.

I have stated that it is possible and you know that I have.

In talking about "the phantom network" which guys like Frank Ferk of StoneDiver.com had in place - that guy was shut out of most networks a long time ago. Oh yeah and the magical clicks that sometime happen 1x or 2x a day add up to all that great big cash? If they are automated in any fashion, based on what we feel current technology does those clicks will not count either.

And what it won't address is the issue of competitors clicking people's advertising budgets to oblivion. With click bot nets.

Actually it does. There is something in our system called Competitor IP Blocking. Is anyone else offering that on their network? Nope. Also, a "click bot net" refers to automated clicks unless I hear you wrong here. Again, Click Defender is designed to stop that activity.

As I did say "nothing is perfect". That is why we are offering a guarantee. Do you see any other engine stepping to the plate to do no, NO, you don't. So please tell me why this is not a complete solution? I'd love to hear that.

So you said in your article that that's a very minor problem. Not sure if I can follow you there: again, I've seen that happen, too. Also, there are quite a few people on this forum who have actively been approached by clients to do it for them.

And: in a multi-billion dollar market, how minor is "minor"?

You are incorrect here, what I said in my article was:
Competitor based click fraud is minuscule as compared to automated click fraud.

The automated fraud is the larger issue industry wide. If click fraud is estimated at 20% of all clicks, then automated click fraud is 19% of all those clicks. There are some pretty rich software programmers out there who do nothing but “game the engines” on a daily basis.

That is the truth. The amount of dollars picked off by a competitor of any advertiser is minuscule compared to the amount of money being drained by "click bot nets". I'll clarify my point further in saying that 99% of all fraudulent clicks are committed by click bots, spiders, robots, or anything else you want to call an automated click. This is the case and I have seen it with my own eyes. The amount of complaints received for competitor fraud is few and VERY far between.

Ok, preferring quality to quantity myself, I don't have a contention with that. But it will significantly limit your ambitions to break out of the "middle tier" ghetto, at least for a very, very long time.

Not true. Revenue is what breaks engines out of the middle market. With a higher overall RPC we will garner even more traffic.

See, by cleaning up the traffic it increases the advertiser's overall ROI in the long run. I agree with Fanto when he said ROI is all that matters. However it also makes that traffic worth more to the advertiser. We have learned over time that better quality traffic directly correlates to higher bids for keywords. The higher the bid, the better position the advertiser gains across the network. That means more traffic, of better quality, for the advertiser.

Getting rid of click fraud and adding higher quality publishers (yes a newfangled term for affiliates) is the only road to better ROI for the advertiser, sans, problems with their listings or the design of their own site which is in their control, not ours.

Until then, however, I really don't see why we shouldn't discuss the mechanics - real and virtual - of CF and analyze which counter measure may or may not work.

Or, as you would probably put it: "Even though it may prove a problem for your product launch." Hum.

Agreed, so talk about mechanics. Unfortunately I am not revealing what we're doing. I can't and you guys know that. So let the ideas fly. I can neither verify or nix the ideas coming forth. You know that I cannot. To do so would simply be stupid on my part. Also, whatever you come up with does not present any problem for our product launch.

I'm sure that everyone participating here will be perfectly happy to stand corrected and acknowledge as much if your approach should indeed deliver as promised. I know that I would.

Good, I'll be glad when that day comes :) More for you than for myself. This is an effort for the advertiser - not to blow smoke up anyone's arse....

What is sensationalistic is the emphasis in the claims by blowsearch that there is some uniquely reliable and definitive method of detecting click fraud.

There is, or I would not be here defending it. We would simply let you believe what you like and not even participate in the discussion. One thing that anyone who really knows me will tell you is that when it comes to protecting my advertiser and retaining their business - I believe in 100% honesty with them. Even if that means admitting to them that you really screwed something up. Business is about relationships, people, and doing what is right. You have to listen and find out what your customers really want. Advertisers want a way to defeat click fraud. We feel we have a definitive solution. It will be up to you guys to test it.

Google's apparent defence to click fraud claims is the new terms of service introduced which give them the final determination as to whether click fraud has occurred, and that, compensation for click fraud is limited to adwords credits, not refunds.

I agree on Google on this one. Our guarantee will only issue a credit to the advertiser too. In our case it is not because we don't have faith in our system. We discussed complete refunds in our office. It’s not that it cannot be done. However issuing a credit goes straight to the core of retaining advertisers and keeping them happy. Advertisers would prefer to see you listening to their concerns, by admitting an error, and correcting the problem.

This is why our terms of service (not the current one but the new ones forthcoming on the product launch) will state "The advertiser has the right to request confirmation that the problem or issue has been addressed by BlowSearch before they relaunch their campaign." If we say we addressed it, and then it turns out we didn't, that's bad for us, really bad.... because then the advertiser who was told "we fixed it" loses all faith in us to perform.

That is unacceptable to me, period.

Click fraud refunds

Regarding how you refund identified click fraud I think you should be aware that just giving credits may not be legal in all jurisdictions. So be aware where you market this. In Denmark I would be able to go straight to my credit card provider and make a charge back. Law protects me over ANY agreement you write. So if you want to keep stupid rules like this make sure you don't sell anything to me or any other people in countries that protects them from stupid things like this.

Okay So Mikkel Wants Refunds

If we were in Denmark I would imagine that we would have to do refunds then, and I don't live there so I don't know the laws. But you're missing the point. It's better to make an advertiser happy than it is to let them walk away pissed off.

Regardless of what you do with your credit card company.

BTW, if you initiate a chargeback here in the US it usually works the same way unless there is a Terms of Service in place which a user agrees to when they sign up. Even, in some cases, a chargeback can still be obtained. Locality does matter a little bit but I am no lawyer so I'll leave stuff like that up to them.

 

> But you're missing the point. It's better to make an advertiser happy than it is to let them walk away pissed off.

No, I am not missing the point at all and I would get relly pissed if I was offered anything else than my money back if the product I paid for turned out not be fraud. I would call THAT fraud and a blatant scam. I really am surprised that you can't see the stupidity of that rule. It just makes all your talk of being on the customer side worthless giberish to me

and in response

I agree on Google on this one. Our guarantee will only issue a credit to the advertiser too. In our case it is not because we don't have faith in our system. We discussed complete refunds in our office. It’s not that it cannot be done. However issuing a credit goes straight to the core of retaining advertisers and keeping them happy.

Let me quote you what I wrote somewhere else, which I have the perfect right to do as the original author:

Well yes of course. It's a great way to create customers. Let a whole bunch of fraudulent clicks through, bang the credit card, and then say adwords credits only. Hell, Enron and MCI booked their sales this way. Why not Google?

So,

month 1, bang everything through.

month 2, customer squeals like a stuck pig

month 3, issue adwords credit

repeat cycle because customer has to keep account open to use adwords credits, so let more fraudulent clicks go through and bang the credit card again in exchange for even more adwords credits.

month 3028, customer still trying to use up paper credits
while Google tries to explain to the IRS why the prepaid services deduction is so high.

Plus Host address, UserAgent and http_referer variables as well as some derivative info (e. g. geo location, documented open proxies and anonymizer gateways, etc.), yes.

Of course, this is all part of what I consider within the realm of the client side.

Agreed, so talk about mechanics. Unfortunately I am not revealing what we're doing. I can't and you guys know that. So let the ideas fly. I can neither verify or nix the ideas coming forth. You know that I cannot. To do so would simply be stupid on my part. Also, whatever you come up with does not present any problem for our product launch.

Ok, can we have a url for a page where a blowsearch ad is displayed using the clickdefender technology?

Sorry for the late reply

I was at AdTech in San Francisco the last couple of days.

Mikkel, I am sorry but I simply don't agree with you. Client retention is the cornerstone of ANY successful business. The fact that you want a refund is fine. I don't have a problem with that but as a customer you should be willing to let the company that you are not satisfied with make the problem right for you.

And please note that I did say earlier that "We discussed complete refunds in our office. It’s not that it cannot be done." Any good company is always prepared to make exceptions on a case by case basis.

Hey, I can't make 100% of people happy 100% of the time. I would much rather have the opportunity to work with someone who was unhappy and make it right for them than let them walk away pissed off. It's called good customer service. Building trust with your clients by solving their biggest problems is what builds long lasting relationships. I am really surprised that you cannot see the value of that Mikkel!

Still, you have a choice if you don't like the rules that companies put in place. Don't buy their services! This is a part of the upcoming TOS that will not change, for any reason. Sorry if that bothers you but that's the way it is. It's about client retention, nothing more, nothing less.

Plumsauce, I like your effort but I'm not going to give you any info. When I said, "Agreed, so talk about mechanics." that meant without asking me for specifics on what we are doing. I don't mind you speculating on it but I am certainly not going to hand you anything that would help you to reverse engineer what we are doing, not that you could anyway.

Like I said before. Everything involved in calculating what we need is housed on our servers. It's a backend process. You need access to our data in order to find out what we are doing. Giving you a URL would be simply pointless.

pointless? not really

....but I am certainly not going to hand you anything that would help you to reverse engineer what we are doing, not that you could anyway.

Like I said before. Everything involved in calculating what we need is housed on our servers. It's a backend process. You need access to our data in order to find out what we are doing. Giving you a URL would be simply pointless.

Well first, you would have to know the capabilities of all the readers here. Whether they could exactly reverse engineer what is being done is not the point. It is also useful to make educated guesses at what is being done.

It is only a matter of time before at least one url is known that is running the technique in question unless you are planning to run ads only on private networks. Why make it a mystery? It only delays the inevitable. All the noise that blowsearch is making about this technique is bound to draw at least some attention.

Pointless! Yes, really!

Plumsauce look, I have seen your site Clickbench previously so it's not a matter of what readers here are capable of. I am sure there are a lot of people here who could understand what we are doing fairly easily.

The point is that the data looked at to determine whether or not a click is valid happens as a backend process. Giving you a URL would tell you next to nothing about what we are doing with our analysis. Would it tell you anything? Yeah a tiny tidbit about how we have implemented it on the front end of our system. It WILL NOT tell you what data we are gathering or looking for to determine a valid click.

You would literally have to hack our servers to get the coding associated with this process in order to figure that out. The frontend stuff is useless to you from my perspective. Regardless we have taken some precautions to protect that as well.

This is not a service we plan to license so it's not a threat to your own company's services. I don't think you're really worried about that anyway and no auditing service should be. As a matter of fact I am in the process of putting together a program for the auditors so they can be the intermediary if a problem should occur on their clients accounts. We'll be working closely with more than a few services that are in the market now.

My biggest concern on that side of things is how do we know that an audtior's service is really any good? How can their data be trusted? Do they sometimes identify genuinely valid clicks as invalid ones? I know I can trust what we are doing. I'm just wondering about some of the auditing services and whether or not their data is credible. As an engine how do we trust it?

By establishing auditing standards

I know I can trust what we are doing. I'm just wondering about some of the auditing services and whether or not their data is credible. As an engine how do we trust it?

It's a legitimate concern, but it can only be addressed by having yet another third party or gremium establish standards all parties involved would have to endorse formally.

Else, the courts will make them up as they go along, which, if their historical track record of haphazard to non-existent IT tech savvy is anything to go by, could well qualify for just about everybody's nightmare.

subjective math

Would it tell you anything? Yeah a tiny tidbit about how we have implemented it on the front end of our system.

Which would be 100% more than is publicly disclosed about your system. Hence, the curiosity.

You would literally have to hack our servers to get the coding associated with this process in order to figure that out. The frontend stuff is useless to you from my perspective.

Obviously, I disagree.

That's good....

... so we agree to disagree. Finally an agreement!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.