March 21, 9 a.m. - 11 a.m. MST, AMA with Ian Trider, Director of RTB Platform Operations, Centro


#1

We’re live! Ask Ian your questions about all things ad quality, fraud prevention, Ads.txt, & DFP from a DSP’s perspective.

About Ian
Ian Trider is Centro’s Director of RTB Platform Operations. He and his team are responsible for inventory and data integrations on Centro’s DSP, Basis. They are also responsible for ad quality policy and fraud prevention. Ian is also a contributor to the OpenRTB and Ads.txt projects. Before he was running Platform Operations at a DSP, Ian was an experienced programmatic buyer, executing campaigns on several of the major DSPs. He also has experience in publisher-side ad ops using DFP as well as selling through multiple exchanges.

Reminder! If you want to post questions, then you need to Sign Up for Sovrn Community.

Note: This is the actual AMA thread! Please place your questions in the thread below for Ian.


Did you Miss: Fast payment, GDPR, Subscriptions, Prebid, site cloning and more
#3

Ian,

My question is on ad quality - specifically with one type of mal ad and how to prevent it. We’ve occasionally been hit with a very irritating browser hijack - most frequently with the “Congratulations Amazon User” dialog, well documented at https://discussions.apple.com/thread/8219535. Most typically it’s targeted at iOS devices.

Last week we decided to track it down. We have Confiant integrated in our site, and with their help we identified two different creatives, both from quality advertisers, that had been infected / injected with the malevolent code that spawned the browser hijack.

We have a standard prebid setup, mediating in prebid, with several partners including Sovrn. The two hijack instances we tracked both came through one of our partners (not Sovrn); both came from the same DSP (not Basis, but a well-regarded one); the two creatives were from two different national advertisers.

We blocked the first at the creative level. When we got reports later in the day on a different creative we blocked the DSP. That block is still on. I know we’re throwing away demand from a good partner, but I have to, as I don’t have any other effective way of stopping what was a significant problem.

Any thoughts on this? How does this happen - do the bad guys intercept that creative somewhere in its life cycle - perhaps in a dropbox between the agency who wrote it & whoever trafficks it to an ad server?

Thanks, Matt


#4

Hi Ian,

Thank you so much for taking time out of your day to participate in the AMA!

I am curious to know what your thoughts are regarding viewable engaged time metrics and products that will reload a new advertisement based on these metrics? Obviously, advertisers want to know that someone is viewing the ad, but do you find this type of publisher inventory to be more valuable over-all to the brands and advertisers? Do DSPs in general use viewable audience metrics for anything beyond ad buying?

Further, do you think that viewable engagement technology will become the norm for ad buying across the industry?

Thanks again,
Alex Ten Eyck


#5

Hi mlundbergy,

Thanks for your question. In actuality, it’s probably not really “from [a] quality advertiser”. Anybody who sees an ad on the internet can grab the creative. After all, for a static ad, it’s just a JPG or a GIF. It’s likely the malicious actor simply took a creative they saw while browsing the web and used it so to provide some cover for their activity.

Broadly, systemic reasons (read: money) and a lack of any technical safeguards is what allows this to happen. On the first point, I strongly believe that DSPs need to be taking responsibility for who they take money from. That means vetting customers before allowing them to use the DSP. It also means acting swiftly and firmly if such an incident occurs.

I wish I could say that such ads have never come through us. That’s not true, but we make some pretty aggressive efforts here. If a customer runs such an ad, the most likely outcome is that they immediately become an ex-customer. Ideally though, our vetting of new customers before they get access should prevent bad actors from ever getting on our platform in the first place.

I would suggest this: ask your partner for more details. Aside from the DSP in question, who was the DSP’s customer? What measures has the DSP taken to prevent reoccurrence? Have they punished the customer in any way? If you’re not happy with the answers you’re getting, I’d say that it sounds like the DSP does not have adequate controls in place. If that’s the case, you might have to live with keeping them blocked, because this sort of thing can and will recur if a DSP gives it the barest possible level of attention. For example, it would be easy for a DSP to take the complaint in isolation and block an offending ad ID. Without looking to the root cause though, it will recur.

For what it’s worth, I’m sorry that you have to do this. You shouldn’t have to.

On the technical safeguards front, ultimately an ad tag is a snippet of HTML/JavaScript. Essentially, the door is wide open to do anything, including force an auto-redirect. If we can assume there are those in the industry that will not take a stand against this, we can next look to technical measures that would make it difficult or impossible to deliver such an ad. AMPHTML Ads might be one such way that develops in the future. This is Google’s AMP project applied to ads. Because the allowed markup is constrained, it should prevent the ability to do an auto-redirect. Aside from that, pubs stand to benefit from the lightweight, polite practices that AMPHTML forces for ads.

Switching over to AMPHTML Ads would be a significant change for the industry. I can’t predict whether it will come to pass or not, but I can say OpenRTB 3.0/AdCOM 1.0 will natively support this, for exchanges and publishers who wish to go this route.

Thanks,
Ian Trider


#6

Hi Alex,

Certainly, some advertisers do track viewable time. I would say that its more common to simply track whether the ad was viewable per MRC standards. So, in that regard, if the viewability rate is higher for the inventory, it should generally be deemed more valuable by buyers.

My general feeling on refreshing ads is that’s it’s acceptable under certain circumstances. Web design nowadays tends to break the model of one page view = one ad, because the notion of a “page view” is much more vague. Consider an infinitely scrolling list. Should the publisher only be able to serve one impression, even if the user spends 10 minutes viewing the list? That seems ridiculous to me.

So long as this is done in a fair way – for example, an ad is given adequate time to make an impact (15-30s) and the unit is only refreshed while its viewable and the user appears to be engaged – this is A-OK by me.

We have seen, and I think we will continue to see, efforts by publishers to improve the viewability of the ads served on their page. So long as this is fair to everyone (advertisers are getting their money’s worth, users are not being annoyed with intrusive ads), I think that’s a great thing.