PODCAST: Malvertising and Fake News

The front page of a newspaper with the headline “Fake News” which illustrates the current phenomena. Front section of newspaper is on top of loosely stacked remainder of newspaper. All visible text is authored by the photographer. Photographed in a studio setting on a white background with a slight wide angle lens.

Charles Tendell from The Charles Tendell show interviews Chris Olson, CEO of The Media Trust, about fake news and its presence in the digital ecosystem.

Listen now

Fake news and the spread of disinformation has been tied to influencing the 2016 U.S. national election via the use of fake accounts (organic) & digital advertising (synthetic/paid) promotion channels. The primary drivers are:

• Programmatic ad buying, enables serving of millions of ads every minute
• Targeting tools accurately & dynamically serve ads to client-defined target markets
• 3^rd party service providers, which websites rely on for a myriad of different service providers and technologies to serve ads to their site visitors

The key to addressing fake news is driving transparency into the inner workings of the digital ecosystem. This requires media and other website operators to:

• Know your customer, aka advertising buyer or content contributor
• Communicate your digital asset policy to these customers; political ads, data privacy, security
• Analyze their activity and evaluate compliance with your digital asset policy
• Block and resolve non-compliant activity by going to the source of the violation

The Honest Truth about The Honest Ads Act

Building transparency with a little upfront disclosure

Authored by Chris Olson, CEO & Co-Founder, The Media Trust

The fake news furor and potential Russian involvement in the U.S. 2016 general election is reaching a fever point with multiple congressional hearings, and, digital advertising is in the crosshairs. Like many challenging discussions about digital advertising, transparency is at the heart of the issue.

Digital compliance for political ads

The proposed Honest Ads Act, a bipartisan effort to govern digital advertising according to the same rules followed by traditional broadcast media regarding political advertising, and is the one tangible fallout from the investigations.

The act calls for all politically-oriented digital ads to be declared at purchase, clearly labeled in the creative, and available for consumer access via a searchable interface. Among other things, the buyer must disclose their contact information, candidate and/or campaign, ad flight duration, number of impressions/views, and targeting criteria. The platform must collect this information and retain it for at least four years. It applies to digital platforms with at least 50 million unique visitors a month for the preceding 12-month period that have political ad buyers who spend at least $500 within a calendar year.

In a nutshell, it requires publishers know their ad buyers, ensure ads comply with (regulatory) policies and provide consumer access to these ads and any associated targeting criteria. Sounds familiar?

Transparency starts with the buyer

As The Media Trust announced a few short months ago, our Digital Vendor Risk Management (DVRM) platform provides real-time visibility and insight into non-compliant activity and threats operating in an enterprise website and mobile app environments. More than a risk management framework, DVRM operationalizes client-specific digital asset policies, continuously evaluates digital partner compliance, and actively facilitates the resolution of violating behavior.

The crux of this solution is the ability to identify and manage an enterprise’s digital ecosystem participants, from ad tech up to the source buyer, and authorize their presence. In addition to privacy regulation and escalating security concerns, the Honest Ads Act is just another reason why enterprises need to know their partners.

DVRM – A simple solution to a complex problem

Applying a political lens to DVRM it’s evident that the platform is already satisfying most of the requirements to enable transparency and accountability. Advertising supply chain partners register via an online portal; ads are uploaded and continuously scanned according to targeting criteria; client-specific policy violations are flagged; and, ads are stored for historical reference.

Self-regulation forces a new digital approach

Major platforms have announced their approaches to address congressional concerns and hopefully stave off the vote, let alone passage, of the Honest Ads Act. However, this self-regulation will need to extend to others meeting the requirement threshold, like ecommerce and media publishers.

Regardless of Honest Ads going to vote, changes are in the air. As an industry that has largely grown via self-regulation, the signals are obvious. It is incumbent upon the industry to embrace these changes, especially with the DVRM platform as an easy way to codify and operationalize your policies.

The Skinny on L.E.A.N. Ads

Breaking down newly-announced advertising industry principles.

In October 2015, the Interactive Advertising Bureau (IAB) announced L.E.A.N. Ads (LEAN), an initiative to overhaul and update standard advertising principles. In response to the steady rise in ad blocking capabilities, Flash furor, surge in HTML5 creative and a corresponding battery drain on mobile devices, the IAB proposed these principles to guide the development of the next phase of advertising technical standards. These principles aim to address consumer concerns regarding the affect advertisements have on site performance, security and data privacy.

What exactly is LEAN? That’s what The Media Trust clients want to know.

Defining LEAN

In a nutshell, LEAN aims to tighten the guidelines associated with the delivery of advertising content across desktop, mobile and tablet devices. As clients have discovered, The Media Trust’s Media Scanner service already supports the proposed LEAN elements, and more.

L – Light: Limit the ad file size.

This is easier said than done. The actual size of an ad’s creative design can be weighty, and the larger it is the longer it takes to load on a browser. For example, a 10MB design file loading on a 10k page destroys the user experience, especially if viewed on a mobile device.

But, the creative file size is not the only contributor to an ad’s disruption to the user experience. Once the initial creative is inserted into an ad tag, it moves through the advertising ecosystem accumulating additional components not critical to the actual rendering of the ad. For the most part, well-intentioned parties append tags to evaluate and optimize the ad’s overall performance and provide a more positive customer experience so that, in the future, the user is served a relevant ad when and how he wants to see it.

With the more widely adopted use of HTML5, site performance will become a bigger challenge as additional scripts—i.e., more verbose HTML, CSS, JavaScript—run, resulting in a more resource-intensive process. Combined, an ad’s design and its technical tag components significantly affect a page’s ability to load efficiently and meet the user’s expectations.

Managing the total ad file size is critical to the user experience—if it takes too long to load then the entire experience is at risk, negatively impacting both the advertiser and publisher. Hundreds of publishers and advertisers already use features in Media Scanner to set policies to alert on ads that exceed client-determined policies spanning total creative file size, total download size, number of calls/connections and CPU utilization, among others.

E – Encrypted: Ensure ad complies with HTTPS standards.

Site security initiatives took the world by storm earlier this summer when Google ad networks moved to HTTPS and the White House directed federal sites to be HTTPS compliant. As outlined in a previous post, to have a truly encrypted site EACH and EVERY connection made must communicate through HTTPS, including all third-party code, not just advertising. This means other site vendors—content delivery networks, data management platforms, hosting services, analytic tools, product reviews, video platforms, etc.—need to ensure all of their connections are made via HTTPS. Just one break in any call chain will cause the entire site to be unencrypted.

However, encryption is just one element of providing a secure consumer experience. Publishers and ad tech partners need to continuously be on the lookout for compromised ads exposing site visitors to malware. The only way these will be found is through continuously scanning sites and ads for malware, vulnerable ads and all encryption call failures.

A – Ad Choice Supported: Comply with industry data collection standards.

Launched in 2011, AdChoices is an industry self-regulation program outlining how advertisers and publishers collect consumer data used for re-targeting and giving consumers control over the process by allowing them to opt out of data collection activity. While created with good intentions, the program is not well understood by most consumers with the net effect that many who are against data collection do not actually opt out.

Determining an ad’s compliance with AdChoices is relatively straightforward. The tricky part is ensuring compliance with the myriad of state and federal regulations covering healthcare and children. In these instances, compliance isn’t a consumer choice, it is the law.

Data privacy is a serious concern among the general public who want to know the “who,” “what” and “how” of data collection—who is collecting, what is collected and how is it going to be used. Publishers want to know the answers to these basic questions and use Media Scanner to identify, analyze and report on all vendors executing on their digital properties with particular attention paid to the players involved in serving an ad. What publishers frequently discover is that their vendors—and external parties called to help the vendor render a service—perform actions that are not germane to the contracted relationship, such as dropping customer-tracking cookies. Besides giving up valuable customer data, publishers know that these unauthorized actions are contrary to many privacy policies posted on their sites and use Media Scanner to track this violating behavior.

N – Non-invasive: Don’t irritate the site visitor

This vague statement can be broken down into two categories that affect the consumer experience: technical performance and visual quality of an ad. Technical aspects of an ad, such as download size and CPU utilization, are represented in the “L” of LEAN described earlier. Visual ad quality refers to how an ad looks and behaves to the user. There’s nothing quite as startling as visiting a page to be greeted with ads automatically blaring audio or playing a video. And almost everyone is annoyed at ads that shake, blink, expand and push content around, or take over the page.

Reputable publishers have policies regarding the presence of these irritating ads on their sites. They use Media Scanner to enforce the policies by alerting on any ad in violation. In addition, publisher clients set policies regarding appropriate content of ads for their audience. While many clients ban adult, alcohol and gambling, some categorize ads by company, industry and brand to ensure the ads don’t conflict with the content. For example, an airline would not want their ads appearing on pages featuring a plane crash; nor would an automotive company appreciate their ads appearing on pages chronicling a safety recall for their vehicle brand.

Why Now?

The mounting backlash from consumers regarding slow site performance, malware exposure and data collection activities generated from digital advertisements must be addressed. Publishers that truly understand the value of a positive customer experience already closely protect it and avoid serving resource-draining, unsecure and intrusive ads. They use The Media Trust to preview ads (and third-party code) before being served and to continuously monitor and detect any policy-breaking activity.

In the end, the best way to protect the consumer experience is for advertisers and publishers to work together, adopt LEAN and enforce compliance with the proposed technical standards.