Category: ad platforms

The pricing mechanisms of online advertising platforms, including auction design and rules

Posted on

Google Discovery Violations in United States v. Google (Ad Tech)

This post is part of Revisiting Litigation Alleging Google Discovery Violations.

United States of America v. Google LLC – docket.  1:23-cv-00108-LMB-JFA (E.D. Va.).

Filed January 24, 2023. First filing as to discovery violations: August 2, 2024.

Case allegation: Google used unlawful methods to dominate the ad tech stack, including buying control of key tools, locking out rivals, buying and killing a burgeoning competitor, and “drying out” other competition.  Complaint.

Case disposition: Bench trial complete.  Awaiting decision.

United States’ Memorandum of Law ISO Plaintiffs’ Motion for an Adverse Inference and referenced documents.

On document preservation generally: “Aware of the risk of ‘several significant legal and regulatory matters’, Google … trained its employees to channel discussion of ‘hot topics’ that ‘may be used against [Google]’ … to Google’s internal instant-message chat tools [where] absent manual intervention by business employees on a chat-by-chat basis, all internal chat communications would be automatically destroyed after 24 hours.  Google adopted this auto-delete policy knowing that its employees’ communications could someday be scrutinized by a Court such as this one.”

On purpose and intent of preservation failures: “Google’s spoliation is the predictable and intended result of the intersection of Google’s broader policies and culture with its specific litigation choices here.  Google’s stated goal … was to avoid having its ‘sensitive’ communications ‘discovered by an adversary and used against … Google.’”  “[N]ot only did Google choose to continue its policy of auto-deletion of chats after 24 hours, Google also chose to delay placing many of its employees on a litigation on hold in this case until months (or even years) after Google was required to preserve their documents.”  “Employees … chose to make chats ‘history off’ … for the express purpose of evading discovery.”  “Despite Google’s anticipation of litigation on [specified] subjects …, and Google’s agreement to produce relevant documents… Google continued its policy of automatically deleting chats.”  “Google’s document production contains numerous examples of employees seeking to make chats ‘history off’ to ensure they were not discoverable.”

On effects of preservation failures: “Plaintiffs were deprived of valuable, likely irreplaceable, discovery. … The total volume of chats produced by Google in this case is remarkably low in proportion to the volume of other communications (e.g. emails) produced from the same employees.”  “Chats are an important window into the candid thought processes, intentions, and observations of [employees … by design, one of the only places in which employees were free to write down candid observations or opinions relating to the core issues in this case.”  “Google’s conduct … is deeply troubling.  Google has stretched and weaponized the attorney-client privilege and its protections; it has intentionally spoliated evidence; and despite branding itself as a world-class technology innovator, it has engaged in a series of repeated errors and delays in the production of discovery, all of which have served Google’s broader, strategic ends of impeding its adversaries’ access to information to which they are entitled.”

On “Communicate with Care” training: Remarked that this training “advised Google employees that discussing sensitive topics via ‘off the record’ chats was ‘[b]etter than sending [an] email’ because such charts ‘are not retained by Google as emails are’.”  “Second, ‘Communicate with Care’ cultivated a corporate culture of hiding documents from discovery by training Google employees to leverage pretextual claims of privilege, including detailed instructions on how to craft an email that will appear to be subject to the attorney-client privilege.”

On remedy: “The Court should presume the spoliated chats were unfavorable to Google.”  “The Court may limit the testimony of witnesses who participated in the spoliation conduct at issue by precluding them from offering testimony supportive of Google on issues such as intent, procompetitive justifications, and the effect of Google’s challenged conduct on competition.”  “The Court may preclude Google from arguing that a paucity of direct, contemporaneous evidence supports an inference that no additional evidence exists.” “The Court may sanction Google by admonishing, censuring, or otherwise publicly reprimanding it.”  “When, as here, a litigant violates those obligations in ways that compromise or undercut the truth-seeking function of the judicial process, they must be held accountable. If not, Google and other companies aware of this litigation will continue to encourage employees to adopt careless or evasive discovery-related practices, particularly when faced with similar high-stakes litigation.”

Kent Walker Memo (September 16, 2008).  “Please do think twice before you write about hot topics.”  “To help avoid inadvertent retention of instant messages, we have decided to make ‘off the record’ the Google corporate default setting for Google Talk.”

Employee training as to “Communicate With Care.”  Discusses what an employee might do when seeking to communicate on a sensitive subject.  To a suggestion to send an email, remarks “Don’t send the email. Chat ‘off the record’ via Hangouts instead.”  The training instructs that off the record chat is “Better than sending the email” because such chats are “not retained by Google as emails are.”  See also Antitrust Basics for Search Team (March 2011).

Appendix C: Examples of Google Employees Spoliating Chats.  Nine single-spaced pages listing spoliation by Google CEO Sundar Pichai (“can we change the setting of this group to history off”) as well as numerous employees:

Vip Andleigh: “lets keep confi, we can also turn off history. if i see something important, i’ll note it down somewhere”

Amin Charaniya: “btw didnt realize history is on for us” “mind if I turn it off?” “sure” [end of chat]

Amin Charaniya with dardelean@ and touma@: “this group is on record . . . we should kill it and create one that is single threaded and off the record” “who is in charge with creating this room? I really feel super uncomfortable us continuing this on the record” “im gonna create a new room and kill this one” “I copied everyone into a new room . . . let’s stop using this one” [end of chat]

Anthony Chavez: “separate topic – this chat room has history / is persisted? . . . can we configure it to be transient” “okay, let me create a new one right now. It’ll still be a space.” [end of chat]

Nash Islam: “too sensitive for email so keep on ping?”

Adam Juda: “I see that History is on in this chat. If that can’t be changed, can I please be removed from this discussion?”

Adam Juda: “My preference is history off”

Adam Juda: “How do we turn History off? I don’t do History on” [end of chat]

Roshan Khan: “Can you turn history off . . . Otherwise let’s chat in Vcs” [end of chat]

Woojim Kim: “can you turn off history?”

Chris Lasala: “maybe start an off the record ping thread”

Chris Lasala: “start a ping with history turned off”

Wendy Logan: “We can pivot to group chat with history off — or — keep the current setup and only reserve this space for non-sensitive discussions”

Uchechi Okereke: “Please can we turn history off?”

Aparna Pappu: “Please keep history off on this legally sensitive chat room”

Martin Pal with tris@ :”We want chat history on? I would generally prefer for us to keep history off.” … “let’s turn it off then” [end of chat]

Prabhakar Raghavan: “ugh pl stop this chat, for some reason History is on”

Prabhakar Raghavan: “I’m going to kill this room and re-create as a group chat with History OFF.”

Danielle Romain: “I’m not supportive of turning history on. The discussion that started this thread gets into legal and potentially competitive territory, which I’d like to be conscientious of having under privilege. So that you’re aware, when history is on, it’s discoverable. Sometimes that’s totally fine but I’d like to stick to the default of history off.”

Vidhya Srinivasan: “we should turn history off”

Vidhya Srinivasan: “pls turn off history”

Bonita Stewart and Jason Washing: “btw you might want to turn your chat history off” “geez . . . for sure! . . . thank you!” [end of chat]

Bonita Stewart and Cyrus Beagley: “on your chats you have the history turned on. we are advised to turn history off so messages are cleared after 24 hours” “oh I didn’t know that … I’ll turn it off then…”

Appendix D: Plaintiffs’ Timeline of Google’s Spoliation.

Appendix E: Plaintiffs’ chart showing a sharp increase of chats produced after Google suspended auto-delete.  Plaintiffs remark on “at least two trial witnesses whose volume of substantive chats dramatically increased (eight times over) when Google suspended auto-deletion (Nirmal Jayaram and George Levitte).”

Google’s Memorandum of Law in Opposition to Plaintiffs’ Motion for an Adverse Inference. “Plaintiffs’ motion is barred because it is untimely.” “Plaintiffs have not demonstrated, by clear and convincing evidence, that Google acted with the specific intent to deprive them of evidence.”  “Plaintiffs have not demonstrated prejudice, a prerequisite to any form of sanction under Rule 37(e)(1).”  “Plaintiffs have not demonstrated that any ESI—much less ESI relevant to their claims—was lost.”  “Plaintiffs’ request for sanctions pursuant to the court’s inherent authority should be denied because Rule 37 controls.”

Reply Memorandum of Law in Further Support of Plaintiffs’ Motion for an Adverse Inference.  “Google does not dispute that it failed to meet that obligation and destroyed relevant chats. Google does not deny that witnesses, including senior executives, used chats to discuss their work, including work relevant to this case. Nor does Google deny that it: (i) made ‘history off’ the default setting for chats, such that they would be deleted automatically after 24 hours; (ii) required individual employees to make cumbersome, in-the-moment decisions about a chat’s relevance to a litigation hold in order to preserve them; and, most concerning, (iii) trained employees to discuss ‘sensitive’ matters in ‘history off’ chats so they would not be ‘discovered by an adversary,’ all of which facilitated and encouraged destruction of work-related chats. Google does not dispute that this conduct went on for years, stopping only after this case was filed.”  “When Google was faced with increasing exposure from litigation by government enforcement agencies, it took a calculated risk to create a system that would deprive its litigation adversaries of evidence. The Court need not guess or make an inference about that goal; the Walker Memo expressly stated it. Over time, Google (including witnesses here) consistently underscored and reinforced the messages from the Walker Memo with mandatory corporate trainings about avoiding ‘discoverable’ communications. Consistent with that corporate training, Google employees, including witnesses here, deliberately turned to ‘off the record’ chats to discuss sensitive material they did not want preserved and turned over in litigation.”

Identifies six distinct facts Google failed to disclose to the United States about its document destruction practices:

1. “History off” chats (an undefined term) were automatically deleted after 24 hours;
2. “History off” was the default chat setting, absent manual intervention;
3. Google employees were asked to manually override this default on a chat-by-chat basis;
4. Google conducted no oversight of whether employees were manually preserving chats;
5. Google trained its employees to use “history-off” chats as preferable to email to discuss “sensitive” topics, so that such discussions would not be discoverable; and
6. Google’s in-house lawyers instructed employees to keep their chats “history off” so that they would be automatically deleted

Flags specific instances of Google employees failing to preserve relevant documents:

document custodian “Ms. [Chetna] Bindra, whom Plaintiffs now know was on litigation hold in December 2019, proposed the next month that a group discussing Google’s ad targeting policies, including trial witness Nitish Korula, ‘do a ping thread with history off and without Nitish’ because Mr. Korula was on litigation hold.” – source

document custodian “Bindra in Feb. 2020: ‘The thread has history on. Using the other one.’” – source

document custodian Jason Washing “turning ‘history off’ while on litigation hold” – source

“relevant history-off chats from [Haskell] Garon in 2020, copied into email by another custodian but not found in Garon’s files” – source

“trial witness and then-head of ads business [Jerry] Dischler successfully proposing ‘a group chat that disappears after 24h’ for business discussion in 2020” – source

trial witness “[Aparna] Pappu’s efforts in 2020 to turn history off” – sources 1, 2, 3, 4

trial witness “Pappu in 2020 participating in a chat that abruptly ends when colleague states, ‘I could see this being done in a way that leads to law suits . . . Omfg . . . History is on, jesus . . . Sigh [end of chat]’” – source

trial witness “Pappu in Oct. 2019: ‘so weird I realized this one random topic is history on!’ [end of chat]” – source (thereby indicating that many other topics have history off)

trial witness “LaSala in Dec. 2020: ‘Jeff turned history on! . . . I should be careful now’)” – source

trial witness “LaSala proposing ‘history off’ chats for sensitive business discussions with trial witness Duke Dukellis months after new lit hold dates.” – source

Adam Lasnik explaining why he avoids “discoverable medium[s]” for “especially sensitive” topics, including “competitive landscape (monopoly, crushing competition, etc.)” and instead uses “off-the-record chats” to avoid messages “ending up in court” – source

then-CEO of YouTube Susan Wojcicki proposed that then-Chief Business Officer of YouTube Robert Kyncl “send via Hangouts” because that is “off the record” or if not she “can change to off the record” – source

Plaintiffs’ Post-Trial Proposed Findings of Fact and Conclusions of Law at heading “The Court Should Sanction Google for Its Spoliation of Chats.”  “Google’s conduct has thwarted the Court’s truth-seeking function not only in this case but in several other cases” (citing Google Search [update caption]).  Flags “Google’s repeated and persistent efforts to ensure its employees’ chats were deleted despite its known discovery obligations.”   On that basis, argues that “The Court should … go beyond mere condemnation to ensure Google’s ‘contempt’ for its ‘discovery obligations’ receives the appropriate sanctions.”  “Because Google acted ‘with the intent to deprive’ Plaintiffs of the use of chats in this litigation, the Court may ‘presume that the lost information was unfavorable’ to Google.  Specifically, the Court may reasonably infer that intentionally deleted chats about ‘sensitive’ topics relevant to the claims in this case would have been unfavorable to Google on the core issues that were disputed at trial, including market definition, monopoly power, Google’s intent, the anticompetitive nature of Google’s conduct, and the harm Google’s conduct caused its competitors and customers.”

August 27, 2024 hearing.  Transcript not publicly available, but quoted in part in Plaintiffs’ Post-Trial Proposed Findings of Fact and Conclusions of Law at heading “The Court Should Sanction Google for Its Spoliation of Chats.”  Court called Google’s conduct “very serious” “clear abuse of the [attorney-client] privilege” and “absolutely inappropriate and improper.”  “Had Google set the default settings for chats to history on, ‘the government could see … in this particular case somebody deleted [a chat], then you could focus on why was that deleted.’”  “Because Google kept its default settings for chats to history off, ‘You’ve lost that ability in this case because everything is deleted unless it’s saved’.”   “[T] his record creates a very serious problem for Google in terms of how much credibility the Court will be able to apply. Intent is a serious issue in this case, and I think it’s going to be a problem given this history.”

Posted on

An Introduction to the Competition Law and Economics of “Free” with Damien Geradin

Benjamin Edelman and Damien Geradin. An Introduction to the Competition Law and Economics of ‘Free’.  Antitrust Chronicle, Competition Policy International.  August 2018.

Many of the largest and most successful businesses today rely on providing services at no charge to at least a portion of their users. Consider companies as diverse as Dropbox, Facebook, Google, LinkedIn, The Guardian, Wikipedia, and the Yellow Pages.

For consumers, it is easy to celebrate free service. At least in the short term, free services are often high quality, and users find a zero price virtually irresistible.

But long-term assessments could differ, particularly if the free service reduces quality and consumer choice. In this short paper, we examine these concerns.  Some highlights:

First, “free” service tends to be free only in terms of currency.  Consumers typically pay in other ways, such as seeing advertising and providing data, though these payments tend to be more difficult to measure.

Second, free service sometimes exacerbates market concentration.  Most notably, free service impedes a natural strategy for entrants: offer a similar product or service at a lower price.  Entrants usually can’t pay users to accept their service.  (That would tend to attract undesirable users who might even discard the product without trying it.)  As a result, prices are stuck at zero, entry may be more difficult, effectively shielding incumbents from entry.

In this short paper, we examine the competition economics of “free” — how competition works in affected markets, what role competition policy might have and what approach it should take, and finally how competitors and prospective competitors can compete with “free.” Our bottom line: While free service has undeniable appeal for consumers, it can also impede competition, and especially entry. Competition authorities should be correspondingly attuned to allegations arising out of “free” service and should, at least, enforce existing doctrines strictly in affected markets.

Posted on

Convergence of Position Auctions under Myopic Best-Response Dynamics

Cary, Matthew, Aparna Das, Benjamin Edelman, Ioannis Giotis, Kurtis Heimerl, Anna Karlin, Scott Duke Kominers, Claire Mathieu, and Michael Schwarz. “Convergence of Position Auctions under Myopic Best-Response Dynamics.” ACM Transactions on Economics and Computation 2, no. 3 (July 2014): 1-20.

We study the dynamics of multi-round position auctions, considering both the case of exogenous click-through rates and the case in which click-through rates are determined by an endogenous consumer search process. In both contexts, we demonstrate that the dynamic auctions converge to their associated static, envy-free equilibria. Furthermore, convergence is efficient, and the entry of low-quality advertisers does not slow convergence. Because our approach predominantly relies on assumptions common in the sponsored search literature, our results suggest that dynamic position auctions converge more generally.

Posted on

Optimal Auction Design and Equilibrium Selection in Sponsored Search Auctions

Edelman, Benjamin, and Michael Schwarz. “Optimal Auction Design and Equilibrium Selection in Sponsored Search Auctions.” American Economic Review 100, no. 2 (May 2010): 597-602. (First circulated in 2006 as Optimal Auction Design in a Multi-unit Environment: The Case of Sponsored Search Auctions. Reprinted in The Economics of E-Commerce, Michael Baye and John Morgan, editors, 2016.)

We characterize the optimal (revenue maximizing) auction for sponsored search advertising. We show that a search engine’s optimal reserve price is independent of the number of bidders and independent of the rate at which click-through rate declines over positions. We separate the effects of reserve price increases into direct effects (on the low bidder) and indirect effects (on others), and we show that most of the incremental revenue from setting reserve price optimally comes from indirect effects.

Posted on

Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying

I’ve repeatedly reported improper placements of Google ads. In most of my write-ups, the impropriety occurs in ad placement — Google PPC ads shown in spyware popups (1, 2, 3, 4), in typosquatting sites (1, 2), or in improperly-installed and/or deceptive toolbars (1, 2). This article is different: Here, the impropriety includes a fake click — click fraud — charging an advertiser for a PPC click, when in fact the user never actually clicked.

But this is no ordinary click fraud. Here, spyware on a user’s PC monitors the user’s browsing to determine the user’s likely purchase intent. Then the spyware fakes a click on a Google PPC ad promoting the exact merchant the user was already visiting. If the user proceeds to make a purchase — reasonably likely for a user already intentionally requesting the merchant’s site — the merchant will naturally credit Google for the sale. Furthermore, a standard ad optimization strategy will lead the merchant to increase its Google PPC bid for this keyword on the reasonable (albeit mistaken) view that Google is successfully finding new customers. But in fact Google and its partners are merely taking credit for customers the merchant had already reached by other methods.

In this piece, I show the details of the spyware that tracks user browsing and fakes Google PPC ad clicks, and I identify the numerous intermediaries that perpetrate these improper charges. I then criticize Google’s decision to continue placing ads through InfoSpace, the traffic broker that connected Google to this click fraud chain. I consider this practice in light of Google’s advice to advertisers and favored arguments that click fraud problems are small and manageable. Finally, I propose specific actions Google should take to satisfy to prevent these scams and to satisfy Google’s obligations to advertisers.

Introducing the Problem: A Reader’s Analogy

Reading a prior article on my site, a Register discussion forum participant offered a useful analogy:

Let’s say a restaurant decides [it] wants someone to hand out fliers … so they offer this guy $0.10 a flier to print some and distribute them.

The guy they hire just stands at the front door and hand the fliers to anyone already walking through the door.

Restaurant pays lots of money and gains zero customers.

Guy handing out the fliers tells the owner how many fliers were printed and compares that to how many people bring the fliers into his restaurant.

The owner thinks the fliers are very successful and now offers $0.20 for each one.

It’s easy to see how the restaurant owner could be tricked. Such scams are especially easy in online advertising — where distance, undisclosed partnerships, and general opacity make it far harder for advertisers to figure out where and how Google and its partners present advertisers’ offers.

Google and Its Partners Covering Advertisers’ Sites with Spyware-Delivered Click-Fraud Popups

PPC advertisers (e.g. Finish Line)
money viewers
   Google   
money viewers
InfoSpace
money viewers
Cheapstuff
money viewers
Adfirmative
money viewers
dSide Marketing
money viewers
Netaxle
money viewers
eWoss
money viewers
AdOn Network
money viewers
Trafficsolar

The money trail – how funds flow from advertisers to Google to Trafficsolar spyware.

In testing of December 31, 2009, my Automatic Spyware Advertising Tester browsed Finishline.com, a popular online shoe store, on a virtual computer infected with Trafficsolar spyware (among other advertising software, all installed through security exploits without user consent). Trafficsolar opened a full-screen unlabeled popup, which ultimately redirected back to Finish Line via a fake Google PPC click (i.e., click fraud).

My AutoTester preserved screenshots, video, and packet log of this occurrence. The full sequence of redirects:

Trafficsolar opens a full-screen popup window loading from urtbk.com, a redirect server for AdOn Network. (AdOn, of Tempe, Arizona, first caught my eye when it boasted of relationships with 180solutions/Zango and Direct Revenue. NYAG documents later revealed that AdOn distributed more than 130,000 copies of Direct Revenue spyware. More recently, I’ve repeatedly reported AdOn facilitating affiliate fraud, inflating sites’ traffic stats, and showing unrequested sexually-explicit images.)

AdOn redirects to eWoss. (eWoss, of Overland Park, Kansas, has appeared in scores of spyware popups recorded by my testing systems.)

eWoss redirects to Netaxle. (NetAxle, of Prairie Village, Kansas, has also appeared in numerous popups — typically, as here, brokering traffic from eWoss.)

Netaxle redirects to dSide Marketing. (dSide Marketing, of Montreal, Canada, says it provides full-service SEO and SEM services.)

dSide Marketing redirects to Adfirmative. (Adfirmative, of Austin, Texas, promises “click-fraud protected, targeted advertising” and “advanced click-fraud prevention.”)

Adfirmative redirects to Cheapstuff. (Cheapstuff fails to provide an address on its web site or in Whois, though its posted phone number is in Santa Monica, California. Cheapstuff’s web site shows a variety of commercial offers with a large number of advertisements.)

Cheapstuff redirects to InfoSpace. (InfoSpace, of Bellevue, Washington, is discussed further in the next section.)

InfoSpace redirects to Google, which redirects through DoubleClick and onwards back to Finish Line — the same site my tester had been browsing in the first place.

This placement is a bad deal for Finish Line for at least two reasons. First, Google charges Finish Line a fee to access a user already at Finish Line’s site. But that’s more of a shake-down then genuine advertising: an advertiser should not have to pay to reach a user already at its site. Furthermore, Google styles its advertising as “pay per click”, promising advertisers that “You’re charged only if someone clicks your ad.” But here, the video and packet log clearly confirm that the Google click link was invoked without a user even seeing a Google ad link, not to mention clicking it. Advertisers paying high Google prices deserve high-quality ad placements, not spyware popups and click fraud.

Finally, the popup lacks the labeling specifically required by FTC precedent. Consistent with FTC’s settlement in its Direct Revenue and Zango cases, every spyware/adware popup must be labeled with the name of the program that caused the popup, along with uninstall instructions. Furthermore, the FTC has taken an appropriately dim view of advertising software installed on users’ computers without user consent. But every single Trafficsolar installation I’ve ever seen has arrived on my test computers through security exploits, without consent. For these reasons, this Trafficsolar-Google popup clearly falls afoul of applicable FTC requirements.

Critiquing InfoSpace’s role

As shown in the prior section and diagram, traffic flows through a remarkable seven intermediaries en route from Trafficsolar spyware to the victim Google advertiser. Looking at such a lengthy chain, the problem may seem intractable: How could Google effectively supervise a partner’s partner’s partner’s partner’s partner’s partner’s partner’s partner? That insurmountable challenge is exactly why Google should never have gone down this path. Instead, Google should place ads only through the companies with which Google has direct relationships.

In this instance, when traffic finally gets to Google, it comes through a predictable source: InfoSpace. It was InfoSpace, and InfoSpace alone, that distributed Google ads into the morass of subsyndicators and redistributors detailed above.

Flipping through my records of prior InfoSpace observations, I was struck by the half-decade of bad behavior. Consider:

June 2005: I showed InfoSpace placing Google ads into the IBIS Toolbar which, I demonstrated in multiple screen-capture videos, was arriving on users’ computers through security exploits (without user consent). The packet log revealed that traffic flowed from IBIS directly to InfoSpace’s Go2net.com — suggesting that InfoSpace had a direct relationship with IBIS and paid IBIS directly, not via any intermediary.

August 2005: I showed InfoSpace placing ads through notorious spyware vendor Direct Revenue (covering advertisers’ sites with unlabeled popups presenting their own PPC ads). The packet log revealed that traffic flowed from Direct Revenue directly to InfoSpace — suggesting that InfoSpace had a direct relationship with Direct Revenue and paid Direct Revenue directly, not via any intermediary.

August 2005: I showed InfoSpace placing ads through notorious spyware vendor 180solutions/Zango. The packet log revealed that traffic flowed from 180solutions directly to InfoSpace — suggesting that InfoSpace had a direct relationship with 180solutions and paid 180solutions directly, not via any intermediary.

February 2009: I showed InfoSpace placing Google ads into WhenU popups that covered advertisers’ sites with their own PPC ads.

May 2009: Again, I showed InfoSpace using WhenU to cover advertisers’ sites with their own PPC ads, through partners nearly identical to the February report.

January 2010 (last week): I showed InfoSpace’s still placing Google ads into WhenU popups and still covering advertisers’ sites with their own PPC ads.

And those are just placements I happened to write up on my public site! Combine this pattern of behavior with InfoSpace’s well-documented accounting fraud, and InfoSpace hardly appears a sensible partner for Google and the advertisers who entrust Google to manage their spending.

Nor can InfoSpace defend this placement by claiming Cheapstuff looked like a suitable place to show ads. The Cheapstuff site features no mailing address or indication of the location of corporate headquarters. WHOIS lists a “privacy protection” service in lieu of a street address or genuine email address. These omissions are highly unusual for a legitimate advertising broker. They should have put InfoSpace and Google on notice that Cheapstuff was up to no good.

This Click Fraud Undercuts Google’s Favorite Defense to Click Fraud Complaints

When an advertiser buys a pay-per-click ad and subsequently makes a sale, it’s natural to assume that sale resulted primarily from the PPC vendor’s efforts on the advertiser’s behalf. But the click fraud detailed in this article takes advantage of this assumption by faking clicks to target purchases that would have happened anyway. Then, when advertisers evaluate the PPC traffic they bought, they overvalue this “conversion inflation” traffic — leading advertisers to overbid and overpay.

Indeed, advertisers’ following Google’s own instructions will fall into the overbidding trap. Discussing “traffic quality” (i.e. click fraud and similar schemes),Google tells advertisers to “track campaign performance” for “ROI monitoring.” That is, when an advertiser sees a Google ad click followed by a sale, the advertiser is supposed to conclude that ads are working well and delivering value, and that click fraud is not a problem. Google’s detailed “Click Fraud: Anecdotes from the Front Line” features a similar approach, advising that “ROI is king,” again assuming that clicks that precede purchases must be valuable clicks.

Google’s advice reflects an overly optimistic view of click fraud. Google assumes click fraudsters will send random, untargeted traffic. But click-frauders can monitoring user activities to identify the user’s likely future purchases, just as Trafficsolar does in this example. Such a fraudster can fake the right PPC clicks to get credit for traffic that appears to be legitimate and valuable — even though in fact the traffic is just as worthless as other click fraud.

What Google Should Do

Google’s best first step remains as in my posting last week: Fire InfoSpace. Google doesn’t need InfoSpace: high-quality partners know to approach Google directly, and Google does not need InfoSpace to add further subpartners of its own.

Google also needs to pay restitution to affected advertisers. Every time Google charges an advertiser for a click that comes from InfoSpace, Google relies on InfoSpace’s promise that the click was legitimate, genuine, and lawfully obtained. But there is ample reason to doubt these promises. Google should refund advertisers for corresponding charges — for all InfoSpace traffic if Google cannot reliably determine which InfoSpace traffic is legitimate. These refunds should apply immediately and across-the-board — not just to advertisers who know how to complain or who manage to assemble exceptional documentation of the infraction.

More generally, Google must live up to the responsibility of spending other people’s money. Through its Search Network, Google takes control of advertisers’ budgets and decides, unilaterally, where to place advertisers’ ads. (Indeed, for Search Network purchases, Google to this day fails to tell advertisers what sites show their ads. Nor does Google allow opt-outs on a site-by-site basis — policies that also ought to change.) Spending others’ money, wisely and responsibly, is a weighty undertaking. Google should approach this task with significantly greater diligence and care than current partnerships indicate. Amending its AdWords Terms and Conditions is a necessary step in this process: Not only should Google do better, but contracts should confirm Google’s obligation to offer refunds when Google falls short.

I’m disappointed by Google’s repeated refusal to take the necessary precautions to prevent these scams. InfoSpace’s shortcomings are well-known, longstanding, and abundantly documented. What will it take get Google to eject InfoSpace and protect its advertisers’ budgets?

Posted on

Google Still Charging Advertisers for Conversion-Inflation Traffic from WhenU Spyware updated January 7, 2010

When an advertiser buys a pay-per-click ad and subsequently makes a sale, it’s natural to assume that sale resulted primarily from the PPC vendor’s efforts on the advertiser’s behalf. But tricky PPC platforms take advantage of this assumption by referring purchases that would have happened anyway. Then, when advertisers evaluate the PPC traffic they bought, they overvalue this “conversion inflation” traffic — leading advertisers to overbid and overpay.

In this piece, I show Google and its partners still covering popular sites with PPC advertisements promoting those same sites. I present the role of InfoSpace, the Google partner at the core of these misplacements, and I argue that Google should long ago have severed its ties to InfoSpace. I cite specific Google promises that these placements violate, and I critique Google’s contractual disclaimers that claim advertisers must pay for these bogus placements. Finally, I propose specific actions Google should take to satisfy to its obligations to advertisers.

Google and Its Partners Still Covering Advertisers’ Sites with Spyware-Delivered Popups

WhenU covers Continental with its own Google ads -- charging ad fees for traffic Continental would otherwise receive for free
WhenU covers Continental with its own Google ads — chargingad fees for traffic Continental would otherwise receive for free

As shown in the thumbnail at right and detailed in screenshots, video, and packet log, WhenU continues to cover web sites with PPC popups. Crucially, those popups show Google ads — often promoting the very same sites users are already browsing.

In the example shown at right, I browsed the Continental Airlines site. WhenU opened the popup shown at right — covering the Continental site with a list of Google ads, putting a prominent Continental ad front-and-center. Thus, Google charges Continental a fee to access a user already at Continental’s site. That’s a rotten deal for Continental: For one, an advertiser should not have to pay to reach a user already at its site. Furthermore, advertisers paying high Google prices deserve high-quality ad placements, not spyware popups.

The details of the Continental ad, as shown in the WhenU-Google popup, further entice users to click. The ad promises a “low fare guarantee” — suggesting that users who book some other way (without clicking the ad) may not enjoy that guarantee. And the ad promises to take users to the “official site” — suggesting that users who don’t click the ad will book through a site that is less than official. In fact both suggestions are inaccurate, but a reasonable user would naturally reach these conclusions based on the wording of the advertisement and the context of its appearance.

The WhenU-Google popup lacks the labeling specifically required by FTC policy. In particular, all sponsored search ads are to be labeled as such, pursuant to the FTC ‘s 2002 instructions. But look closely at the popup screenshot. On my ordinary 800×600 screen, no such label appears. I gather the required label would ordinarily appear on a sufficiently large screen, but the FTC’s policies make no exceptions for users with small to midsized screens. Indeed, as netbooks gain popularity, small screens are increasingly common.

The diagram below (left) confirms the specific intermediaries passing traffic from WhenU to Google in this instance.

The money trail: how funds flow from advertisers to Google to WhenU
(three examples persisting over ten months)
December 2009

PPC advertisers
(e.g. Continental)
money viewers
   Google   
money viewers
InfoSpace
money viewers
LocalPages
money viewers
(unknown company*)
money viewers
WhenU
May 2009

PPC advertisers
(e.g. RCN)
money viewers
   Google   
money viewers
InfoSpace
money viewers

*  LocalPages
money viewers
Nbcsearch
money viewers
LocalPages

money viewers
WhenU
February 2009

PPC advertisers
(e.g. Verizon)
money viewers
   Google   
money viewers
InfoSpace
money viewers
LocalPages
money viewers
WhenU

This observation marks the third sequence by which I have observed Google paying WhenU to cover advertisers’ sites with the advertisers’ own Google ads. The center and right diagrams (above) show the intermediaries in my May 2009 and February 2009 observations of similar placements.

The Impropriety of Google’s Relationship with InfoSpace

In all three instances I reported (as summarized in the diagram above), Google’s closest link is to InfoSpace. That is, Google pays InfoSpace, and InfoSpace pays the various entities that follow. In my view, Google’s relationship with InfoSpace is ill-advised for at least three reasons:

First, InfoSpace has a track record of improper placements of Google ads. InfoSpace is implicated in all three of the placements detailed above — misplacements that have continued over a lengthy period despite ample notice and opportunity for correction. Furthermore, I have personally observed other improper placements by InfoSpace. (Perhaps I’ll post more in a futher piece.) Google need not continue to do business with a distributor with such a poor track record.

Second, Google does not need a distributor whose business model entails farming out ad placements to subdistributors. If InfoSpace’s subdistributors seek to distribute Google ads, and to be paid for doing so, let them apply directly to Google and undergo Google’s ordinary quality control and oversight. Inserting InfoSpace as an additional intermediary serves only to lessen accountability.

Third, InfoSpace’s corporate history undermines any request for lenience or forgiveness. The Seattle Times chronicles InfoSpace’s accounting fraud in a three-part investigative report, “Dot-Con Job“, presenting 12,000+ words of analysis as well as primary source documents and even voicemail recordings. The Seattle Times byline summarizes their findings: “Investors were cashing out millions, and faithful investors were left with pennies.” Hardly a mark of trustworthiness!

These Ads Violate Google’s Promises to Users

These ad placements fall short of Google’s promises to users. By paying spyware vendors to show advertisements, Google both enlarges and prolongs the spyware problem. In particular, Google’s funding supports software that users struggle to remove from their computers. Google’s payments make it more profitable for vendors to sneak such software onto users’ computers in the first place.

Furthermore, Google’s Software Principles specifically disallow WhenU’s practices. Google’s “installation” and “upfront disclosure” principles disallow deceptive and nonconsensual WhenU installations. (I have video proof on file showing nonconsensual WhenU installations.) Google’s prohibition on “snooping” prohibits certain WhenU privacy practices, including WhenU’s historic violation of its own privacy policy (transmitting full page URLs despite a privacy policy promising “As the user surfs the Internet, URLS visited by the user … are NOT transmitted to WhenU.com or any third party server”).

Crucially, Google’s partnership with WhenU directly contradicts Google’s call for software makers and advertising intermediaries to “keep[] good company” by supervising partners. Despite that commitment, present on Google’s site for 4+ years, Google inexplicably continues its relationship with WhenU.

These Ads Violate Google’s Promises to Advertisers

These ad placements also fall short of Google’s obligations to advertisers. For example, when Google describes its Search Network, Google promises:

Ads are targeted based on a user’s search terms.   (emphasis added)

But here, the user performed no search — so there was no proper cause to display a Search Network ad or charge an advertiser a high Search Network price.

Google confirms:

On the Search Network, ads are shown … on … the search results pages of … Google’s search partners … within the Search Network. On our search partners, your ads may appear alongside or above search results, as part of a results page as a user navigates through a site’s directory, or on other relevant search pages.   (emphasis added)

A placement through a spyware popup does not meet these criteria: A spyware popup is not a “page.” Furthermore, a user browsing an ordinary web site (like the Continental site shown above) is neither “search[ing]” nor navigating a “directory,” contrary to Google’s promise that search ads are shown to users at search engines and directories.

Despite these clear promises, Google’s AdWords Terms and Conditions purport to allow these placements and any others Google might choose to foist on unsuspecting advertisers. Google requires advertisers to accept the following form contract provisions:

Customer understands and agrees that ads may be placed on … (z) any other content or property provided by a third party (‘Partner’) upon which Google places ads (‘Partner Property’).   (emphasis added)

That’s circular, uninformative, and a rotten deal. Advertisers should demand better. Nor should Google’s fine print claim the right to impose such bogus charges. Google should amend its contract to disavow charges from spyware, adware, conversion-inflation, and other schemes contrary to Google’s affirmative promises.

What Google Should Do

Google’s first step is easy: Fire InfoSpace. Google doesn’t need InfoSpace, and there’s zero reason for this relationship to continue in light of InfoSpace’s repeated failings.

Google also needs to pay restitution to affected advertisers. Every time Google charges an advertiser for a click that comes from InfoSpace, Google relies on InfoSpace’s promise that the click was legitimate, genuine, and lawfully obtained. But there is ample reason to doubt these promises. Google should refund advertisers for corresponding charges — for all InfoSpace traffic if Google cannot reliably determine which InfoSpace traffic is legitimate. These refunds should apply immediately and across-the-board — not just to advertisers who know how to complain or who manage to assemble exceptional documentation of the infraction. (Indeed, in response to my May 2009 report, I know Google provided a credit to RCN — the specific advertiser whose targeting I happened to feature in my example. But I gather Google failed to provide automatic credits to all affected advertisers, even though Google’s billing records provide ample documentation of which advertisers faced charges from which Google partners. And I understand that Google denied requests for refunds or credits from other affected advertisers.)

More generally, Google must live up to the responsibility of spending other people’s money. Through its Search Network offering, Google takes control of advertisers’ budgets and decides, unilaterally, where to place advertisers’ ads. (Indeed, for Search Network purchases, Google to this day fails to tell advertisers what sites show their ads. Nor does Google allow opt-outs on a site-by-site basis — policies that also ought to change.) Spending others’ money, wisely and responsibly, is a weighty undertaking. Google should approach this task with significantly greater diligence and care than current partnerships indicate. Amending its AdWords T&C’s is a necessary step in this process: Not only should Google do better, but contracts should confirm Google’s obligation to offer refunds when Google falls short.

I’m disappointed by how little has changed since my year-ago reports of these same practices. In a conference presentation in February 2009, I demonstrated substantially similar WhenU placements, with Google’s Rose Hagan (Senior Trademark Counsel) present in the audience. In May 2009 I wrote up these WhenU placements on my web site in great detail. Yet ten months later, the problem continues unabated. Indeed, the other misplacements I identified in May 2009 also continue: Google continues partnering with IAC SmileyCentral (deceptive browser plug-ins that induce searches when users attempt navigations), placing ads on typosquatting sites (including sites that show a company’s own ads when users mistype that company’s domain name), and, through Google Chrome, inviting users to search (and click prominent top-of-page ads) when direct navigation would better satisfy users’ requests and avoid unnecessary advertising costs for advertisers. I’m disappointed by the lack of progress when, in each instance, the improper charges are clear and well-documented. Google’s intransigence confirms the need for the Bill of Rights for Online Advertisers I proposed this fall.

Posted on

How Google and Its Partners Inflate Measured Conversion Rates and Inflate Advertisers’ Costs

When advertisers measure the effectiveness of their pay-per-click ad campaigns, advertisers systematically assume additionality, i.e. that the sales that follow a paid click are sales that would not have happened without the ad platform’s assistance. This assumption offers intuitive appeal: If a user clicked an ad and then bought the advertised product, by all indications the ad platform should be thanked for finding and sending an interested customer. Or should it?

As it turns out, Google and its partners systematically inflate advertisers’ conversion rates by interceding in transactions advertisers would otherwise have received for free. This conversion-inflation syndication fraud overstates the true effectiveness of the ads Google delivers — leading advertisers to pay more than they should.

In this piece, I offer four examples of Google and its partners inflating conversions to claim credit for traffic advertisers would otherwise have received for free. In each example, an advertiser intensely measuring its conversion rate would mismeasure the true effectiveness of its ads, and would end up overpaying for traffic that is far less valuable than reporting systems suggest.

Traffic source How users are found What would have happened had Google and its partners not interceded
WhenU – adware User requests advertiser’s site. Adware covers advertiser’s site with pay-per-click listings. Advertiser’s site displays as usual, with no covering popup. User stays at advertiser’s site, and advertiser pays no PPC fee.
SmileyCentral – toolbar Reconfigured browser tricks user into running a “search” for a site’s domain name. User’s browser retains its ordinary configuration. User runs a direct navigation, and advertiser pays no PPC fee.
Typosquatting User misspells advertiser’s domain name. User’s browser shows a list of alternatives, and user selects one — reaching advertiser’s site at no charge. Or, user sees an error page, notices the misspelling, and corrects the spelling to reach the advertiser’s site without a PPC fee.
Chrome – browser suggestions User typing a web address is encouraged to run a search instead. User finishes typing the site’s web address and reaches the advertiser’s site without a PPC fee.

WhenU Covers Advertisers’ Sites with Advertisers’ Own Google Ads

WhenU covers RCN with its own Google ads -- charging ad fees for traffic RCN would otherwise have received for free.
WhenU covers RCN with its own Google ads — chargingad fees for traffic RCN would otherwise have received for free.

PPC advertisers (e.g. RCN)
money viewers
   Google   
money viewers
InfoSpace
money viewers
Nbcsearch
money viewers
LocalPages
money viewers
WhenU

The money trail – how funds flow from advertisers
to Google to WhenU.

Through popups shown to users already at advertisers’ sites, WhenU (and its partners) charge advertisers for traffic they would have otherwise received for free. Google passes along these clicks through its advertising platform, and Google charges advertisers as if these were genuine leads, even though in fact these users were already on advertisers’ sites.

In testing of May 9, 2009, I browsed the web site RCN.com. Advertising software (generously, “adware”) from WhenU popped open the window shown at right — covering more than 80% of the RCN site with a list of pay-per-click ads, among them a prominent ad for RCN. I clicked the RCN ad, and I was taken back to RCN. See screenshots detailing the full sequence, or a screen-capture video.

As a provider of high-speed Internet access (with attendant concerns for user security, PC reliability, and tech support expense), RCN is unlikely to advertise with a notorious adware program like WhenU. Nor is RCN likely to want to show its ads to users already at rcn.com — users who RCN has already managed to reach. So how did RCN’s ads end up in this unfortunate placement? Using a network monitor, I confirmed the full sequence of intermediaries: WhenU and its MediaTraffic ad system sent traffic to LocalPages, which redirected to Nbcsearch, which forwarded the traffic to Infospace, which finally passed the traffic to Google. Google in turn paid Infospace, which paid Nbcsearch, which paid LocalPages, which paid WhenU. See the diagram at right and the full packet log.

For RCN, this placement is a rotten deal. RCN has already paid to get a user to its site — perhaps via a postcard, TV advertisement, display ad, or other paid search activity. But then WhenU intercedes and puts a roadblock in front of that user, in the form of the popup at right. A typical user presented with that popup will click the RCN entry to get back to RCN and continue the signup process. But then RCN pays twice to reach a single user.

Meanwhile, if RCN is tracking conversion rates, it will notice that this WhenU/Google placement seems to have a high conversion rate — reflecting that this ad was shown to users already on the verge of signing up with RCN. So in all likelihood, RCN will increase its Google bid to attempt to obtain more traffic of similar (apparent) quality. But the supposed high conversion rate is misleading at best: Since these are users who were already at the RCN site, without any intervention by Google or WhenU, it is nonsense to credit Google or WhenU for resulting sales.

This ad placement also lacks the labeling required by FTC policy and precedent. For one, all sponsored search ads are to be labeled as such, pursuant to the FTC ‘s 2002 instructions. But look closely at the popup screenshot. On my ordinary 800×600 screen, no such label appears. Furthermore, the FTC’s Direct Revenue and Zango complaints, decisions, and orders reveal an additional duty that adware vendors specifically and clearly label each popup with, among other information, a statement that the popup is an advertisement. (See Direct Revenue Decision and Order, provision VI.(1), and Zango Decision and Order, provision VI.(1).) Here, the popup bears the WhenU icon and even a phone number, but it lacks any disclosure that the window’s listings are advertisements. I gather the required label would ordinarily appear on a sufficiently large screen, but the FTC’s policies make no exceptions for users with small screens. Indeed, as netbooks gain popularity, small screens are increasingly common.

These ad placements are particularly troubling because they have continued for months on end. I first observed substantially similar placements on February 7, 2009, though I have reason to think the placements began well before then. Furthermore, Google has been on actual notice of these practices for 3+ months: I first reported these placements to the public in my lunch keynote at the INTA Trademark Law and the Internet conference on February 10, 2009. I posted my slides that very day, and slides 23-24 show substantially this same set of relationships. Importantly, Google’s Rose Hagan, Senior Trademark Counsel, was present in the audience, and she responded to this portion of the talk by promising to investigate. But despite her presence, my clear posting of the parties responsible, and a three month opportunity to act, Google has nonetheless failed to sever these relationships.

Plenty more could be said about WhenU. I have personally observed a wide variety of deceptive WhenU installations, including even WhenU installations via security exploits. (I never had occasion to post those videos to my public site, but I have them on file.) The Google-funded StopBadware declared multiple WhenU-bundlers to be “badware” (1, 2, 3) based on WhenU’s automatic startup, disruptive pop-ups, and other “bad or undisclosed” behaviors. But I doubt Google will defend its WhenU placements, so I’ll save full critique of WhenU for another day.

IAC’s SmileyCentral Grabs Advertisers’ Organic Traffic to Show Google Ads

Standard web browsers place a search bar at top-left. Click that box, type an address, and press enter to reach a site.
Standard web browsers place a search bar at top-left. Click that box, type an address, and press enter to reach a site.

With SmileyCentral installed, a 'direct navigation' request for www.verizon.com yields search results, not the Verizon site. With SmileyCentral installed, a “direct navigation” request for www.verizon.com yields search results, not the Verizon site.

PPC advertisers (e.g. Verizon)
money viewers
   Google   
money viewers
IAC/SmileyCentral

The money trail – how funds flow from advertisers
to Google to IAC/SmileyCentral.

By reconfiguring users’ web browsers, IAC’s SmileyCentral toolbars charge advertisers for traffic they would otherwise have received for free. Google passes along these clicks through its advertising platform, and Google charges advertisers as if these were genuine leads, even though in fact these are users who were specifically and unambiguously trying to reach advertisers’ sites directly.

Since the earliest web browsers, a user seeking a particular web site clicks in the browser’s upper-left text box, types the desired address, and presses Enter. See the first inset image at right — standard Internet Explorer 6, offering exactly this layout to request a site.

But suppose a user installs the “SmileyCentral” toolbar from IAC (the advertising powerhouse that also owns Ask.com, Match.com, and more). SmileyCentral modifies longstanding browser layout by pushing a user’s Address Bar to the right, and inserting at left a search box where users naturally expect the Address Bar to appear. Then, when a user goes to the top-left box and enters a domain name, seeking a direct navigation to the specified site, SmileyCentral runs a search instead. See the second inset image at right — the result of typing www.verizon.com, then pressing Enter, into the top-left box. Notice that the user receives a list of search ads for Verizon, even though the user asked for Verizon by its correct web address.

IAC/SmileyCentral’s search results increase advertisers’ costs. Consider user behavior upon reaching the listings shown at right. In all likelihood, a user facing these listings will click one of the top links — perhaps the first listed (to verizonwireless.com) or the second (which specifically indicates it is the “Verizon Official Site”). But these are sponsored links. Every time a user clicks one of these links, Verizon pays a fee to Google, which in turn pays IAC/SmileyCentral. (To confirm Google’s role, see the packet log.)

As in the WhenU example above, this placement is a bad deal for advertisers. Had it not been for IAC/SmileyCentral’s tricky toolbar, these users would have directly reached the sites they requested. Instead, IAC/SmileyCentral grabs the users and sends them to lists of ads — saddling advertisers with unnecessary advertising expense.

Here too, advertisers are likely to be tricked if they attempt to assess the value of this traffic based on its conversion rate. The conversion rate may well be high — for these users asked for advertisers by name, suggesting that the users are nearly ready to make purchases. But the traffic is still a bad deal for advertisers: By all rights, this is still traffic advertisers should have gotten for free.

This placement is all the worse for advertisers because IAC makes ad clicks excessively easy. Even a click 230 pixels to the right of a Verizon Wireless ad would be treated as a paid click “on” that ad. See video at 0:23, and accompanying screenshot, showing that the hyperlink area extends far beyond the text of the ad.

IAC may claim that users understand that, with MyWebSearch installed, the top-left box no longer allows direct navigations by domain name or URL. But IAC often sneaks its toolbars onto users’ computers in ways that don’t obtain meaningful consent: I previously demonstrated nonconsensual installations through security exploits and undisclosed bundles. IAC’s installations often target kids (as I have repeatedly documented). And even a direct installation from Smileycentral.com places a picture of the post-installation browser layout in a bottom-of-page image, below the fold on 800×600 screens and easily overlooked on larger screens. IAC’s use of the generic “My Web Search” label (just as in “My Documents”, “My Computer”, etc.) further compounds users’ sense that this box is part of Internet Explorer. Combining IAC’s user focus with its choice of labeling and positioning, IAC creates conditions in which users are bound to be confused.

Typosquatting: Cmcast.com, MediaLogik, and Thousands More Intercept Users’ Misspellings to Show Google Ads

Requesting Cmcast.com (s.i.c.) yields a page of Google ads.
Requesting cmcast.com (s.i.c.) yields a page of Google ads.

If no typosquatter had registered Cmcast.com, a user would have reached this page and reached Comcast without charge. If no typosquatter had registered cmcast.com, a user would have reached this page and found Comcast without charge.

PPC advertisers (e.g. Comcast)
money viewers
   Google   
money viewers
Typosquatters & brokers (e.g. MediaLogik)

The money trail – how funds flow from advertisers
to Google to typosquatters.

By paying partners to register typosquatting sites and to send the resulting clicks to Google’s ad platform, Google charges advertisers for traffic they would otherwise have received for free. Google charges advertisers as if these were genuine leads. Yet had typosquatters not registered these domains, ordinary web browsers would have assisted users in reaching advertisers’ sites without charge.

A staggering number of typosquatting web sites target users who misspell the domain names of famous web sites. For example, in my INTA presentation this spring, I showed 200+ typosquatting sites all targeting variations of “cartoonnetwork.com.” I’ll have further thoughts on typosquatting in a future article. But for present purposes, two facts are most important: Typosquatting sites are overwhelmingly funded through pay-per-click ads, and these days Google is the advertising provider of choice for most typosquatters. (My preliminary analysis indicates that Google funds more than 75% of those typosquatting sites that show Google ads.)

Consider a user who misspells comcast.com, instead typing cmcast.com (s.i.c.). Such a user will receive the first screen shown at right, presenting a series of pay-per-click links for Comcast. In all likelihood, such a user will then click a paid link to Comcast — meaning Comcast has to pay Google an advertising fee. Google in turn pays the typosquatter which had the foresight to register a domain. See the packet log.

(In some instances, traffic flows from a typosquatter to one or more brokers or intermediaries, then to Google and finally to the advertiser. As to cmcast.com: The packet log confirms that Google pays MediaLogik of Hong Kong. I cannot readily determine whether MediaLogik registered this domain for its own account, or whether MediaLogik brokers ads for some other registrant. Based on the domain’s hosting in the Bahamas, its monetization through a Hong Kong service provider, and its display of Google PPC ads, it is highly unlikely that this domain was authorized by Comcast.)

Although these typosquatting sites ultimately direct users where the users were trying to go, typosquatters leave targeted advertisers importantly worse-off. Had it not been for the typosquatter, the user would have received a standard browser page identifying the typo and, in general, referring the user to the requested site without charge. See the second screenshot at right, showing a request for cmcast.com in a standard installation of Internet Explorer 6. So, even if no typosquatter had registered cmcast.com, the user would still reach Comcast with equal ease; the typosquatter does not actually make it easier for the user to reach Comcast. But notice that a standard IE6 error page shows few ads — here, just one small ad, at far right — whereas the MediaLogik page showed all ads, front and center. So passing the user’s misspelled request to a standard IE landing page, rather than to a typosquatter, would spare Comcast an expensive Google pay-per-click fee.

Notably, typosquatting exactly fits the traffic pattern detailed in preceding examples. First, Google and its partners identify users who are already trying to reach a given advertiser. Then Google and its partners intercede — here, by registering a typosquatting domain. The user thus stumbles into Google’s ad listings and clicks through to the advertiser’s site — letting Google charge the advertiser a fee, even though the user would have reached the advertiser even without Google’s assistance.

Google Chrome Suggestions Divert Users from Direct Navigation to Search

Typing 'expedia' yields a suggestion that users search Google (simply by pressing 'Enter') rather than visiting Expedia.com directly (third entry -- requiring a mouse-click or multiple keystrokes). Meanwhile, the second link ('expedia/') yields an error -- discouraging future exploration of green direct-navigation listings.
Typing “expedia” yields a suggestion that users search Google (just press “Enter”) rather than visit Expedia.com directly (third entry — requiring a mouse-click or multiple keystrokes). The second link (“expedia/”) yields an error — discouraging future exploration of green direct-navigation listings.

As users type web addresses into Google’s Chrome web browser, Chrome’s “Omnibox” address bar suggests that users run searches instead of direct navigation. See the screenshot at right, showing the Omnibox’s suggestion after I typed “Expedia” and before I typed the final “.com”.

If a user accepts Chrome’s suggestion — by clicking the “Search for …” drop-down, or by merely pressing Enter — the user is taken to a page of Google search results for the specified term. See screenshot and screen-capture video. As usual, Google’s most prominent search result is an advertisement. If the user clicks the ad, the advertiser pays a pay-per-click fee — even though the user was nearly at the advertiser’s site, for free, before Chrome interceded with its “Search for…” suggestion.

To complete a direct navigation to the Expedia site, without passing through Google search results, a user must ignore Google’s suggestion and continue typing (“.com”), click the “expedia.com” entry (third on Google’s autocomplete list), or use the keyboard (down-down-enter) to navigate manually. In principle these steps are straightforward — just a few extra seconds. But by pushing default behavior from direct navigation to search, Google makes searches that much more frequent — yielding that many more ad-clicks, that much more revenue to Google, and that much more expense for advertisers.

Chrome further encourages searching by mixing useful autocomplete direct navigation listings (e.g. “www.expedia.com/”) with nonfunctional listings. Notice that the second entry on Chrome’s autocomplete drop-down is “expedia/” (s.i.c.) — not a valid domain name. If a user clicks that entry, the user suffers a delay followed by a DNS error — hardly a good user experience. (video) By placing this nonfunctional result prominently in the autocomplete drop-down, above the one working direct link to Expedia, and in the same distinctive green font as the working direct link, Chrome discourages users from exploring direct links. After all, if the prominently-listed “expedia/” link did not work, users are less likely to try the similar-looking link Google ranked lower.

Although competing browsers also perform searches if users enter malformed text into the Address Bar, competing browsers are less pushy in suggesting and encouraging searches in lieu of direct navigation. Chrome thus extends browser norms through its increasingly forceful suggestion of search, not direct navigation, as the default way to reach a site.

Beyond its effects on advertisers’ costs, Chrome’s Omnibox raises other serious concerns too. For example, Chrome transmits users’ every navigation keystroke to Google — including what users search for, what addresses users request by name, and what addresses users begin to request but ultimately decline to visit. CNET reports EFF and EPIC staff concerned about Omnibox’s privacy implications, and I share their discomfort.

Fair Play and a Way Forward

Notice similarities across all four examples:

  • In all four examples, Google and its partners intercede to divert traffic that, but for their intervention, would reach advertisers’ sites directly — without advertisers incurring any advertising expense.
  • In all four examples, Google and its partners ultimately pass the traffic back to the advertisers users were trying to reach — but only after collecting pay-per-click advertising fees.
  • In all four examples, if an advertiser attempts to measure its conversion rate, it will conclude that it receives traffic at attractive prices — at effective cost-per-acquisition consistent with its objectives. Standard conversion rate measurements will overlook the fact that, were it not for the intervention of Google and its partners, the advertiser would have received this traffic for free.

Not all advertisers measure conversion rates. For one, some advertisers may take Google at its word, rather than attempting detailed and rigorous monitoring of Google’s effectiveness. Furthermore, for some advertisers, conversion rates are unmeasurable. (Advertisers may have offline sales process, rather than online sales. Certain advertisers may seek brand awareness rather than immediate purchases.) But for advertisers that measure conversion rates and adjust bids accordingly, inflated conversion rates are of grave concern. In particular, inflated conversion rates yield records that seem to indicate that campaigns are working well and delivering fair value, when the truth might be exactly the opposite.

Aggrieved advertisers could sue Google over these placements. But Google imposes terms and conditions that discourage advertisers from pursuing such claims. Google’s Advertising Program Terms purport to “disclaim[] all warranties … [and] guarantees regarding positioning, levels, quality, or timing of costs per click, … clicks, conversions, or any other results” (internal numbering omitted). Google further claims that “Any refunds for suspected invalid impressions or clicks are within Google’s sole discretion.” Google also insists that advertisers’ sole remedy is advertising credits (never refunds), and Google says advertisers must complain within 60 days of a disputed charge (even if advertisers did not know about the improper charges because the charges were concealed through, e.g., inflated conversion rates). I doubt whether all these harsh provisions are enforceable. But if these provisions are enforceable, they would tightly limit advertisers’ ability to obtain redress from Google. Even if these provisions are unenforceable, their mere presence serves to discourage advertisers from filing complaints, whether informal (through Google’s customer service staff) or in court.

In a recent presentation defending its competitive posture and overall approach, Google claimed “advertisers pay what a click is worth to them” (slides 17-21). But does Google have the right to charge such a fee for all traffic, even the traffic advertisers receive without any Google assistance whatsoever? Few advertisers would tolerate such charges, if presented explicitly. Nor does Google ever seek permission to charge advertisers for their existing traffic. Yet in the future Google seems to envision, all manner of ruses intercede to claim Google delivered a customer, when in fact the customer reached the advertiser’s site without bona fide assistance from Google.

More generally, when Google and its partners overstate the effectiveness of the ads they deliver, advertisers cannot make well-informed decisions about which ads to buy or how much to be willing to pay. Danny Sullivan calls AdWords pricing a “black box,” and I certainly share that sentiment. But here, Google’s actions are even worse than opacity: By claiming to have delivered traffic advertisers would have received anyway, Google tricks advertisers into paying for that traffic — and even tricks advertisers into concluding, mistakenly, that the traffic is a good deal.

It’s also hard to reconcile Google’s WhenU and IAC/SmileyCentral placements with Google’s “Software Principles” requirements. With bundled installations disclosing WhenU’s presence only midway through installation, WhenU is anything but “upfront” (contrary to Google’s “upfront disclosure” section heading). Showing the generic “My Web Search” toolbar label after users requested the distinctively-named SmileyCentral, Ask’s offering similarly flunks Google’s call for “clear behavior.” I could continue. But even if these programs satisfied Google’s criteria, they still fall short of advertisers’ reasonable expectations — for they still intercede to claim traffic advertisers they did nothing to deliver.

Looking forward, I see two key principles. First, ad platforms must deliver genuine, incremental traffic — not just intercept and repackage traffic advertisers were already going to receive for free. Second, ad platforms need to stand behind their products — abandoning one-sided attempts to disclaim responsibility, and instead offering meaningful commitments to provide what they promise. In both these respects, Google currently falls short.

Posted on

CPC/CPA Hybrid Bidding in a Second Price Auction

Edelman, Benjamin, and Hoan Lee. “CPC/CPA Hybrid Bidding in a Second Price Auction.” Harvard Business School Working Paper, No. 09-074, December 2008.

We develop a model of online advertising in which each advertiser chooses from multiple advertising measurement metrics–paying either for each click on its ads (CPC), or for each purchase that follows an ad-click (CPA). Our analysis extends classic auction results by allowing players to make bids using two different pricing schemes, while the driving information for bidders’ endogenous selection–the conversion rate–is hidden from the seller. We show that the advertisers with the most productive sites prefer to pay CPC, while advertisers with lower quality sites prefer to pay CPA–a result that may be viewed as counterintuitive since low quality sites cannot proudly tout their conversion rates. This result holds even if an ad platform’s assessment of site quality is correct in expectation. We also show that by offering both CPC and CPA, an ad platform can weakly increase its revenues compared to offering either alternative alone.

Posted on

Competition among Sponsored Search Services

Edelman, Benjamin. “Competition among Sponsored Search Services.” U.S. House of Representatives, Committee on the Judiciary, Task Force on Competition Policy and Antitrust Laws, 2008. (Hearing cancelled.) (Reprinted in Working Knowledge: Google-Yahoo Ad Deal is Bad for Online Advertising.)

Last month I was asked to testify to the United States House of Representatives Committee on the Judiciary Task Force on Competition Policy and Antitrust Laws about competition among paid search providers, particularly the proposed Google-Yahoo partnership.

At the last minute, the hearing was cancelled, and I won’t be able to testify at the rescheduled session. Rather than let my draft written statement languish, I’m taking this opportunity to post the prepared testimony I had planned to offer:

Competition among Sponsored Search Services.

Posted on

On Best-Response Bidding in GSP Auctions

Cary, Matthew, Aparna Das, Benjamin Edelman, Ioannis Giotis, Kurtis Heimerl, Anna R. Karlin, Claire Mathieu, and Michael Schwarz. “On Best-Response Bidding in GSP Auctions.” Harvard Business School Working Paper, No. 08-056, January 2008.

How should players bid in keyword auctions such as those used by Google, Yahoo! and MSN? We model ad auctions as a dynamic game of incomplete information, so we can study the convergence and robustness properties of various strategies. In particular, we consider best-response bidding strategies for a repeated auction on a single keyword, where in each round, each player chooses some optimal bid for the next round, assuming that the other players merely repeat their previous bids. We focus on a strategy we call Balanced Bidding (BB). If all players use the BB strategy, we show that bids converge to a bid vector that obtains in a complete information static model proposed by Edelman, Ostrovsky, and Schwarz. We prove that convergence occurs with probability 1, and we compute the expected time until convergence.