Author: Benjamin Edelman

Posted on

Labels and Disclosures in Search Advertising with Duncan Gilchrist

Disclosure: I serve as a consultant to various companies that compete with Google. But I write on my own — not at the suggestion or request of any client, without approval or payment from any client.

Search engines have long labeled their advertisements with labels like “Sponsored links”, “Sponsored results”, and “Sponsored sites.” Do users actually know that these labels are intended to convey that the listings are paid advertisements? In a draft paper we’re posting today, Duncan Gilchrist and I try to find out.

“Sponsored Links” or “Advertisements”?: Measuring Labeling Alternatives in Internet Search Engines

In an online experiment, we measure users’ interactions with search engines, both in standard configurations and in modified versions with improved labels identifying search engine advertisements. In particular, for a random subset of users, we change “sponsored link” labels to instead read “paid advertisement.” We find that users receiving the “paid advertisement” label click 25% to 33% fewer advertisements and correctly report that they click fewer advertisements, controlling for the number of advertisements they actually click. Results are most pronounced for commercial searches, and for users with low income, low education, and little online experience.

We consider our findings particularly timely in light of Google’s change, just last week, to label many of its advertisements as “Ads.” On one view, “Ads”” is an improvement – probably easier for unsophisticated consumers to understand. Yet it’s a strikingly tiny label – the smallest text anywhere in Google’s search results, and about a quarter as many pixels as the corresponding disclosure on other search engines. As our paper points out, FTC litigation has systematically sought the label “Paid Advertisement, and we still think that’s the better choice.

Posted on

Tying Google Affiliate Network

Disclosure: I serve as co-counsel in unrelated litigation against Google, Vulcan Golf et al. v. Google et al. I also serve as a consultant to various companies that compete with Google. But I write on my own — not at the suggestion or request of any client, without approval or payment from any client.

In one of the few areas of Internet advertising where Google is not dominant – where just three years ago Google had no offering at all – Google now uses tying to climb towards a position of dominance. In particular, using its control over web search, Google offers preferred search ad placement and superior search ad terms to the advertisers who agree to use Google Affiliate Network. Competing affiliate networks cannot match these benefits, and Google’s bundling strategy threatens to grant Google a position of power in yet another online advertising market.

Google shows algorithmic search results at the left side of users’ screens, while Google’s “AdWords” ads appear at the right and, often, top. Historically, Google has sold search ads on a cost-per-click basis: An advertiser is charged each time a user clicks its ad. With these offerings, Google has grown to a position of dominance in search and in search advertising — 77% share of U.S. web search in the US, with even higher levels in other countries.

While Google dominates online search, Google to date has made less headway in the area of affiliate marketing, an approach to online advertising wherein small to midsized sites (“affiliates”) receive payments paid if users click links and make purchases from the corresponding merchants. For example, Gap pays a 2% to 4% commission if a user clicks an affiliate link to Gap and goes on to make a purchase. While almost all of the web’s largest merchants run affiliate programs, as of the start of 2007 Google offered no affiliate marketing services. Only through its mid-2007 acquisition of DoubleClick did Google obtain an affiliate marketing program, then called Performics and now renamed Google Affiliate Network (GAN). But Google’s affiliate network began in third place in the US market — behind larger competitors Commission Junction and LinkShare.

Google now grants GAN advertisers preferred placement in search results. Notice that the three GAN ads appear with images, whereas ordinary AdWords ads show only text. And Google places all GAN image ads at the top of the right rail -- above all right-side AdWords ads. Beginning in November 2009, Google’s Product Listing Ads service gave GAN major advantages over competing affiliate networks. Within search ads, Google now includes listings not just to Google’s AdWords pay-per-click advertisers, but also to GAN advertisers. Through these placements, Google offers GAN advertisers four striking and valuable benefits:

  • Image ads. AdWords advertisements show only text. But GAN advertisements include an image — making GAN offers stand out in search results. See the three image ads highlighted in red in the screenshot at right.
  • Preferred placement. AdWords advertisements are ordered, Google says, based on how much each advertiser bids as well as Google’s assessment of ad relevance, click-through rate, and other factors known only to Google. But in my testing, all GAN ads appear at the top of the “right rail” of side listings — prominent, highly visible screen space that gets more attention than any AdWords listings below. Indeed, by pushing AdWords ads further down the page, GAN ads reduce the value of the AdWords slots. In the screenshot at right, notice that all three GAN image ads appear above all the right-rail AdWords ads.
  • Conversion-contingent payment. AdWords advertisers continue to pay on a per-click basis, incurring costs as soon as a user clicks a link. In contrast, GAN advertisers only have to pay if a user clicks a link and purchases a product.
  • Preferred payment terms. Because AdWords advertisers pay as soon as a user clicks, they must pay for users’ clicks even if servers malfunction, even if credit card processors reject users’ charges, and even if users return their orders or initiate chargebacks. In contrast, in all these circumstances, GAN advertisers incur no advertising costs at all.

I expect Google will argue that it is within its rights to package, bundle, and tie its products as it sees fit. I disagree. Here, Google ties its search offering to its affiliate network without an apparent pro-competitive purpose but with obvious anti-competitive effects. In particular, tying affiliate network services to preferred search ad format and placement gives GAN an advantage over competing affiliate networks, without efficiencies or other countervailing benefits to users or advertisers.

Furthermore, there is no plausible justification for providing image ads only to GAN advertisers or for granting all GAN ads positions above all right-side AdWords ads. To the contrary, Google could easily allow all AdWords ads to include images, and Google could instead intersperse GAN ads (and ads from other affiliate networks) among AdWords advertisements in whatever order auctions and algorithms fairly deem optimal. Those would be the natural product design decisions if Google genuinely sought to include images wherever useful and if Google genuinely sought to include affiliate ads whenever relevant. Because Google instead reserves these benefits for GAN advertisers, the natural inference is that Google reserves special rewards for advertisers choosing GAN — benefits that come at the expense of genuine competition in affiliate marketing services.

In the remainder of this piece, I discuss why the public should be concerned about Google’s tying tactics, then assess Google’s tying-based promotion of its various other products. I conclude with brief policy prescriptions.

Cause for Concern

I see four major reasons for concern in Google’s decision to tie GAN to preferred placements, format, and terms in sponsored search.

First, GAN’s tying threatens to extend Google’s dominance into yet another facet of online advertising. Google’s dominance in search and search advertising is well-known. But affiliate marketing is a rare area where, until recently, Google had little or no presence. By leveraging its dominance in search to take over yet another type of online advertising, Google will importantly limit advertisers’ options. Today, advertisers unhappy with Google’s AdWords prices or rules can consider working with independent web sites through affiliate programs not operated by Google. But if Google comes to dominate affiliate marketing, then even affiliate marketing will become unavailable to advertisers dissatisfied with Google. Indeed, knowing that it dominates multiple aspects of online advertising, Google will be in a position to raise prices that much further.

Second, GAN’s tying harms those AdWords advertisers who refuse GAN and buy only pay-per-click ads from Google. The more GAN ads Google puts above ordinary AdWords listings, the less visible AdWords advertisers become. AdWords advertisers are at a further disadvantage when Google gives image ads to GAN advertisers but not AdWords advertisers, and when Google offers preferred terms (e.g. refunds of advertising costs if a user returns a product) to GAN advertisers but not AdWords advertisers. Google promises that “the highest ranked ad is displayed in the most prominent position,” but when Google gives GAN ads the top positions, ordinary AdWords advertisers are left bidding on the leftovers. And as Google makes its left-side listings increasingly visual — inline maps, images, product pictures, video thumbnails, and more — advertisers need images to capture users’ attention. So AdWords-only advertisers, without image-based ads, end up at a significant disadvantage.

Third, for nearly a year Google has offered the Product Listing Ads benefits in “limited beta” available only to “a small number of participants” Google selects. In fact I’ve seen numerous advertisers, large and small, promoted in Product Listing Ads. But it is striking to see Google offer preferred listings only to those advertisers Google chooses to favor. Elsewhere Google argues that its auction-based ad sales are “equitable.” But when Google gives superior placement to its preferred advertisers, for nearly a year, Google’s rules seem the opposite of fair.

Finally, GAN’s tying is particularly worrisome in the context of other Google tactics. As detailed in the next section, Google uses and has used bundling and tying to enter and dominate numerous markets. If these tactics continue unchecked, we face a future where Google’s dominance stretches even further.

Google’s Tying Strategy More Broadly

Tying GAN to search is just one example of Google’s oft-repeated tactic of forcing customers who want one Google service to accept additional Google services too. This section presents a series of such examples.

Throughout, these tying examples fit the following form:

A [user type] who wants [desirable Google service] must also accept [unwanted Google service].

I now turn to specifics.

Tying to promote affiliate marketing services: An advertiser who wants top placement in Google search advertisements, image ads, and preferred payment terms must join Google Affiliate Network.

Details: See above.

Tying to promote low-quality syndicated search marketing services: An advertiser who wants placement through high-quality Google Search Network sites must also accept low-quality Google Search Network placements.

Details: Google’s Search Network includes some top-quality publishers such as AOL Search and New York Times. But if an advertiser contracts to advertise through Google Search Network, Google demands permission to also place the advertiser’s ads on whatever other sites Google selects, in whatever quantity Google chooses. Many of these placements are low-quality or worthless, including spyware popups, typosquatting sites, and deceptive toolbars. Many of these placements trick advertisers into believing they are receiving valuable traffic when in fact the traffic consists of users the advertisers had already reached or would receive anyway. Even if an advertiser learns about these problems, the advertiser must continue to pay for this traffic, on pain of losing access to Google’s high-quality search partners.

Tying to promote vertical search: A user who wants Google’s core algorithmic search results must also accept Google’s own vertical search results.

Details: Users relish Google’s highly-regarded algorithmic search results. But a user running search at Google also receives Google’s vertical search services: Whether the user prefers Bing Maps, Google Maps, Mapquest, or Yahoo Maps, Google Search always presents inline maps from Google, and so too for images, local businesses, products, scholarly articles, videos, and more. On one view, these vertical search services are an integral part of Google’s offering, but scores of competing vendors reflect a competing vision of users choosing core algorithmic search separately from vertical search services. By granting its special-purpose search services preferred placement, Google sharply reduces traffic to competing vertical search services.

Tying to promote ancillary mobile services : A mobile phone developer who wants Google’s Android certification and access to Android Market application store must also accept Google’s ancillary services, including geolocation.

Details: In a September 2010 complaint, Skyhook alleges that Google ordered Motorola not to ship a proposed device that would have included both Google Location Service and Skyhook’s XPS service, two distinct methods to determine a user’s geographic location. Skyhook claims that Google grounded its threat in Google’s Android Market application store: If Motorola shipped a device with software Google did not approve, Google would ban users of that device from accessing Android Market or running the apps available there. By requiring that Motorola omit Skyhook’s service in order to give users access to Google Market, Google denied users access to Skyhook.

Policy Prescriptions

Advertisers, consumers, policy-makers and the concerned public should give tying relationships a careful look. In principle, bundling previously-separate offerings can offer useful synergies and efficiencies. But bundling can also let a company expand from strength in one area into dominating numerous additional fields — limiting choice, raising prices, and reducing innovation.

In some instances, it may not be obvious how to separate bundled products. For example, there is currently no single clear mechanism whereby Google search results could embed maps, product feeds, or other structured or interactive information from other search services. Pending a compelling plan to unbundle vertical results from core search, my instinct is to save this problem for later — albeit perhaps requiring disclosure of favored treatment Google gives its own search services, or limiting the permissible extent of such favored treatment.

In other instances, market structure and product design yield a natural vision of products that could be separate, generally are separate, and should rightly remain separate. To my eye, these principles ring particularly true in the separation between search marketing and affiliate marketing. There is no logical reason why GAN advertisers should enjoy the only listings with images. Nor is there any logical reason why all GAN ads should appear above all right-side AdWords ads. When Google grants its GAN advertisers these special benefits, the best conclusion is that Google is using its dominance in search to establish dominance in affiliate marketing — seizing an unearned advantage over competing affiliate marketing services. These exclusionary tactics are unjustified and improper, and they ought not be permitted.

Google’s first step should be to cease tying Google Affiliate Network to preferred search placement, format, and terms: An advertiser seeking to include image ads should not have to sign up with GAN, nor should GAN ads arbitrarily appear above competitors. A recent post at Channel Dollars off-handedly reports that Product Listing Ads “has been taken out” GAN and “is being merged into” AdWords. That’s a fair start. But even temporary ties can impede competition, and Google has delivered these large benefits only to GAN advertisers for some ten months.

Meanwhile, Google’s preferred treatment of selected GAN advertisers foreshadows a worrisome future. If Google can give preferred treatment to advertisers who use GAN, what prevents preferred treatment of advertisers who support Google’s regulatory agenda, and inferior treatment of advertisers who complain to policy-makers? Indeed, I doubt that Google invited to Product Listing Ads any advertisers who have publicly criticized Google’s practices. Google’s ability to distribute valuable but opaque favors to preferred advertisers — and to withhold such favors from anyone Google dislikes — makes Google’s power that much stronger and, to my eye, that much more troubling.

Posted on

Enhanced Airline Passenger Protections – comment to DOT

In the DOT’s first Enhancing Airline Passenger Protections proceeding, I filed a comment as to the risk of opportunistic behavior by GDS’s taking advantage of potential new regulations requiring airlines to purchase information distribution services. After pointing out the potential unintended consequences of the regulation DOT was considering, I offered three alternatives that would improve the information available to consumers while avoiding negative side effects.

Posted on

Public comment on Enhanced Airline Passenger Protections

In 2010, the Department of Transportation issued a Notice of Proposed Rulemaking (NPRM) as to enhancing airline passenger protections. I filed a comment as to one of the subjects under discussion: whether and how airlines should be required to disclose fees through GDS’s, and what might happen if the DOT imposed such a duty without airlines contracting in advance to obtain such service from GDS’s.

Posted on

Least-Cost Avoiders in Online Fraud and Abuse

Edelman, Benjamin. “Least-Cost Avoiders in Online Fraud and Abuse.” IEEE Security & Privacy 8, no. 4 (July-August 2010): 78-81.

Web users face considerable fraud, malfeasance, and economic harm that system operators could prevent or mitigate. Although the legal system can respond, regulations have mixed results. I examine the applicable legal rules that constrain online fraud and the economic underpinnings to identify whether those rules assign responsibility to the parties best positioned to take action.

Posted on

The Pathologies of Online Display Advertising Marketplaces

Edelman, Benjamin. “The Pathologies of Online Display Advertising Marketplaces.” Art. 2. SIGecom Exchanges (June 2010).

Display advertising marketplaces place “banner” ads on all manner of popular sites. While these services are widely used, they suffer significant challenges, including weak user response and low accountability for both advertisers and web site publishers. I survey a few major challenges, flagging possible areas for future research.

Posted on

Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers updated May 26, 2010

Browse Facebook, and you wouldn’t expect Facebook’s advertisers to learn who you are. After all, Facebook’s privacy policy and blog posts promise not to share user data with advertisers except when users grant specific permission. For example, on April 6, 2010 Facebook’s Barry Schnitt promised: “We don’t share your information with advertisers unless you tell us to (e.g. to get a sample, hear more, or enter a contest). Any assertion to the contrary is false. Period.”

My findings are exactly the contrary: Merely clicking an advertiser’s ad reveals to the advertiser the user’s Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user’s activity on Facebook, including name, photos, friends, and more.

In this article, I show examples of Facebook’s data leaks. I compare these leaks to Facebook’s privacy promises, and I point out that Facebook has been on notice of this problem for at least eight months. I conclude with specific suggestions for Facebook to fix this problem and prevent its reoccurrence.

Details of the Data Leak

Facebook’s data leak is straightforward: Consider a user who clicks a Facebook advertisement while viewing her own Facebook profile, or while viewing a page linked from her profile (e.g. a friend’s profile or a photo). Upon such a click, Facebook provides the advertiser with the user’s Facebook username or user ID.

Facebook leaks usernames and user IDs to advertisers because Facebook embeds usernames and user IDs in URLs which are passed to advertisers through the HTTP Referer header. For example, my Facebook profile URL is http://www.facebook.com/bedelman. Notice my username (yellow).

Of course, it would be incorrect to assume that a person looking at a given profile is in fact the owner of that profile. A request for a given profile might reflect that user looking at her own profile, but it might instead be some other user looking at the user’s profile. However, when a user views her own profile page, Facebook automatically embeds a “profile” tag (green) in the URL:

http://www.facebook.com/bedelman?ref=profile

Furthermore, when a user clicks from her profile page to another page, the resulting URL still bears the user’s own user ID or username, along with the details of the later-requested page. For example, when I view a friend’s profile, the resulting URL is as shown below. Notice the continued reference to my username (yellow) and the fact that this is indeed my profile (green), along with an appendage naming the user whose page I am now viewing (blue).

http://www.facebook.com/bedelman?ref=profile#!/pacoles

Each of these URLs is passed to advertisers whenever a user clicks an ad on Facebook. For example, when I clicked a Livingsocial ad on my own profile page, Facebook redirected me to the advertiser, yielding the following traffic to the advertiser’s server. Notice the transmission in the Referer header (red) of my username (yellow) and the fact that I was viewing my own profile page (green).

GET /deals/socialads_reflector?do_not_redirect=1&preferred_city=152&ref=AUTO_LOWE_Deals_ 1273608790_uniq_bt1_b100_oci123_gM_a21-99 HTTP/1.1
Accept: */*
Referer: http://www.facebook.com/bedelman?ref=profile

Host: livingsocial.com

The same transmission occurs when a user clicks from her profile page to a friend’s page. For example, I clicked through to a friend’s profile, http://www.facebook.com/bedelman?ref=profile#!/pacoles, where I clicked another Livingsocial ad. Again, Facebook’s redirect caused my browser to transmit in its Referer header (red) my username (yellow), the fact that that username reflects my personal profile (green). Interestingly, my friend’s username was omitted from the transmission because it occurred after a pound sign, causing it to be automatically removed from Referer transmission.

GET /deals/socialads_reflector?do_not_redirect=1&preferred_city=152&ref=AUTO_LOWE_Deals_ 1273608790_uniq_bt1_b100_oci123_gM_a21-99 HTTP/1.1
Accept: */*
Referer: http://www.facebook.com/bedelman?ref=profile

Host: livingsocial.com

In further testing, I confirmed that the same transmission occurs when a user clicks from her profile page to a photo page, or to any of various other pages linked form a user’s profile.

With a Facebook member’s username or user ID, current Facebook defaults allow an advertiser (and anyone else) to obtain a user’s name, gender, other profile data, picture, friends, networks, wall posts, photos, and likes. Furthermore, the advertiser already knows the user’s basic demographics, since the advertiser knows the user fits the profile the advertiser had requested from Facebook. For example, in grey highlighting above, the advertiser learned from Facebook my age, gender, and geographic location.

Facebook’s Contrary Statements about User Privacy vis-a-vis Advertisers

Facebook has made specific promises as to what information it will share with advertisers. For one, Facebook’s privacy policy promises “we do not share your information with advertisers without your consent” (section 5). Then, in section 7, Facebook lists eleven specific circumstances in which it may share information with others — but none of these circumstances applies to the transmission detailed above.

Facebook’s recent blog postings also deny that Facebook shares users’ identities with advertisers. In an April 6, 2010 post, Facebook promised: “We don’t share your information with advertisers unless you tell us to (e.g. to get a sample, hear more, or enter a contest). Any assertion to the contrary is false. Period.” Facebook’s prior postings were similar. July 1, 2009: “Facebook does not share personal information with advertisers except under the direction and control of a user. … You can feel confident that Facebook will not share your personal information with advertisers unless and until you want to share that information.” December 9, 2009: “Facebook never shares personal information with advertisers except under your direction and control.” As to all these claims, I disagree. Sharing a username or user ID upon a single click, without any disclosure or indication that such information will be shared, is not at a user’s direction and control.

Facebook Has Been on Notice of This Problem for Eight Months

AT&T Labs researcher Balachander Krishnamurthy and Worcester Polytechnic Instituteprofessor Craig Wills previously identified the general problem of social networks leaking user information to advertisers, including leakage through the Referer headers detailed above. In August 2009, their On the Leakage of Personally Identifiable Information Via Online Social Networks was posted to the web and presented at the Workshop on Online Social Networks (WOSN).

Through Krishnamurthy and Wills’ research, Facebook eight months ago received actual notice of the data leakage at issue. A September 2009 MediaPost article confirms Facebook’s knowledge through it spokesperson’s response. However, Facebook spokesperson Simon Axten severely understated the severity of the data leak: Axten commented “The average Facebook user views a number of different profile pages over the course of a session …. It’s thus difficult for a tracking website to know whether the identifier belongs to the person being tracked, or whether it instead belongs to a friend or someone else whose profile that person is viewing.” I emphatically disagree. As shown above, when a user views her own profile, or a page linked from her own profile, the “?ref=profile” tag is added to the URL — exactly confirming the identity of the profile owner.

What Facebook Should Do

Since receiving actual notice of these data leaks, Facebook has implemented scores of new features for advertising, monetization, information-sharing, and reorganization. Inexplicably, Facebook has failed to address leakage of user information to advertisers. That’s ill-advised and short-sighted: Users don’t expect ad clicks to reveal their names and details, and Facebook’s privacy policy and blog posts promise to honor that expectation. So Facebook needs to adjust its actual practices to meet its promises.

Preventing advertisers from receiving usernames and user IDs is strikingly straightforward: A modified redirect can mask referring URLs. Currently, Facebook uses a simple HTTP 301 redirect, which preserves referring URLs — exactly creating the problem detailed above. But a FORM POST redirect, META REFRESH redirect, or JavaScript redirect could conceal referring URLs — preventing advertisers from receiving username or user ID information.

Instead, Facebook has partially implemented the pound sign method described above — putting some, but not all, sensitive information after a pound sign, with the result that sometimes this information is not transmitted as a Referer. If fully implemented across the Facebook site, this approach might prevent the data leakage I uncovered. However, in my testing, numerous within-Facebook links bypass the pound sign masking. In any event, an improved redirect would be much simpler to implement — requiring only a single adjustment to the ad click-redirect script, rather than requiring changes to URL formats across the Facebook site.

Finally, Facebook should inform users of what has occurred. Facebook should apologize to users, explain why it didn’t live up to its explicit privacy commitments, and establish procedures — at least robust testing, if not full external review — to assure that users’ privacy is correctly protected in the future.

Update – May 26, 2010

On May 20, 2010, the Wall Street Journal reported the problem detailed above. On or about that same day, Facebook removed the ref=profile tags that were the crux of the data leak.

I yesterday spoke with Arturo Bejar, a Facebook engineer who investigated this problem. Arturo told me that after Krishnamurthy and Wills’ article, he reviewed relevant Facebook systems in search of leakage of user information. At that time, he found none, in that Facebook revealed the URLs users were browsing when they clicked ads, but did not indicate whether the user clicking a given ad was in fact the owner of the profile showing that ad. However, in a subsequent Facebook redesign, beginning in February 2010, Facebook user home pages received a new “profile” button which carried the ref=profile URL tags I analyze above. Because this tag was added without a further privacy review, Arturo tells me that he and others at Facebook did not consider the interaction between this tag and the problem I describe above. Arturo says that’s why this problem occurred despite the prior Krishnamurthy and Wills article.

Arturo also pointed out that the problem I describe did not affect advertisers whose landing pages were pages on Facebook (rather than advertisers’ own external sites).

Meanwhile, Facebook’s May 24 “Protecting Privacy with Referrers” presents Facebook’s view of the problem in greater detail. Facebook’s posting offers a fine analysis of the various methods of redirects and Facebook’s choice among them. It’s worth a read.

After discussing the problem with Arturo and reading Facebook’s new post, I reached a more favorable impression of Facebook’s response. But my view is tempered by Facebook’s ill-advised attempts to downplay the breach.

  • Rather than affirmatively describing the specific design flaw, Facebook’s post describes what “could” “potentially” occur. Facebook’s post never gives a clear affirmative statement of the problem.
  • Facebook says advertisers would need to “infer” a user’s username/ID. But usernames and IDs are sent directly, in clear and unambiguous URLs, hardly requiring complex analysis
  • Facebook claims that the breach affected only “one case … if a user takes a specific route on the site” (WSJ quote). Facebook also calls the problem “a rarely occurring case” (posting). I dispute these characterizations. It is hardly “rare” for a user to view her own profile. To view her own profile and click an ad? There’s no reason to think that’s any less frequent than clicking an ad elsewhere. To view her own profile, click through to another page, and then click an ad? That’s perfectly standard. Furthermore, although Facebook told the Journal there is “one case” in which data is leaked improperly, in fact I’ve found many such cases including clicking from profile to ad, from profile to friend’s page to ad, and from profile to photo page to ad, to name three.
  • Through transmission in HTTP Referer headers, usernames and IDs appears reach advertisers’ web servers in a manner such that default server log files would store this data indefinitely, and default analytics would tabulate it accordingly. Facebook says it has “no reason to believe that any advertisers were exploiting” the data breach I reported, but the fact is, this data ends up in a place where advertisers could (and, as to historic data, still can) access it easily, using standard tools, and at their convenience.
  • Although Facebook’s post says the problem is “potential,” I found that a user’s username/ID is sent with each and every click in the affected circumstances.

So the problem was substantial, real, and immediate. Facebook errs in suggesting the contrary.

Posted on

Optimal Auction Design and Equilibrium Selection in Sponsored Search Auctions

Edelman, Benjamin, and Michael Schwarz. “Optimal Auction Design and Equilibrium Selection in Sponsored Search Auctions.” American Economic Review 100, no. 2 (May 2010): 597-602. (First circulated in 2006 as Optimal Auction Design in a Multi-unit Environment: The Case of Sponsored Search Auctions. Reprinted in The Economics of E-Commerce, Michael Baye and John Morgan, editors, 2016.)

We characterize the optimal (revenue maximizing) auction for sponsored search advertising. We show that a search engine’s optimal reserve price is independent of the number of bidders and independent of the rate at which click-through rate declines over positions. We separate the effects of reserve price increases into direct effects (on the low bidder) and indirect effects (on others), and we show that most of the incremental revenue from setting reserve price optimally comes from indirect effects.