Who the F*** is That Advertiser?

Industry groups like the IAB continue to fail us all

When I visited adweek.com yesterday (yes, an advertising industry trade publication, of all things), why did I get this ad (below) on my mobile phone? Who placed this ad, via what intermediary ad network or ad exchange or agency or all of the above? Before this obviously-trying-to-fool-you into-thinking-it-is-Facebook.com URL showed up, it redirected through several other “mobile advertising analytics” websites. I contacted Adweek via Twitter, but I’d bet $100 they won’t be able to figure out who this advertiser is and how it got on their mobile website. All they can do is say sorry.

I recently pointed out what is still a gaping hole in mobile and online advertising, namely that it is…

Almost impossible to know the identity of the advertiser.

This seems stupid, trivial, and yet it is a fundamental problem. There needs to be a central registry of advertisers including physical addresses (nobody should be able to run JavaScript on a website from an anonymously-registered domain), and any “agency” relationships need to be documented and binding. Any technology an advertiser/agency is allowed to use to serve videos, ads or pixels needs to be associated with their account. (the full piece is here)

It’s a programmatically-optimized garbage fire

Recently, the industry trade association the IAB (Interactive Advertising Bureau) came out with their ‘solution’, something called the “Trustworthy Accountability Group” or “TAG”, being led by the IAB’s former lead counsel.

The idea is for all advertisers to register and pay a fee to be “certified” by this group. Sounds like a good idea, sounds like it might be along the lines of what I suggested above. I was enthusiastic, so I went to the TAG registration page and saw these statements (bolding mine):

  1. “The TAG Registry creates a closed system including supply chain participants that demonstrate their commitment to higher standards of transparency and disclosure to their partners.”
  2. “TAG Registration is also the gateway to all other TAG certification programs and compliance products. Only companies included in the TAG Registry can access and participate in the following: TAG Inventory Quality Guidelines, TAG Anti-Piracy Program, Anti-Fraud Data Center IP List, Anti-Fraud Threat List, Malware Information Sharing Hub, TAG Leadership Council”
  3. “TAG charges an annual fee of $10,000 per company to participate in the TAG Registry. The TAG Registration Fee covers a renewable, annual Registration participation.”
  4. “This fee is used to run the TAG Registry and support continual improvement in the system. For example, A Payment ID System is being developed to complement the TAG Registry and allow buyers of inventory to limit payments to legitimate actors, thus eliminating payments to criminals”

When I read about the $10k annual fee, I almost fell out of my chair laughing

I don’t understand a system where you plan to create an enormously high barrier that will limit it to all but the companies who can probably be judged a priori to be legitimate anyway. Even still, I would argue a $10,000 annual fee doesn’t make sense for the average advertiser spending $100,000 or even $1 million a year.

Google Adwords probably has over 2.5 million advertisers by this estimate. The top 100 to 1,000 advertisers (likely to be cost-insensitive enough to sign up for a program like this) aren’t the problem for online and mobile advertisers. The problem area is distinguishing between tens of thousands of large but legitimate advertisers, and those with money who are not legitimate or who are fronts for malware, botnets, and schlocky affiliate offers.

The goal shouldn’t be to register the top few thousands advertisers, but make the barriers low enough that we can validate every single advertiser consistently, and then do the kinds of auditing, checks and follow-up necessary to stop problem advertisers from being banned and then popping back up right away under another name or identity. Once you can accurately identify advertisers and have every part of the value chain understand this information, both publishers and consumers should be able to decide what kinds of advertisers they want to block.

If I had to guess, it’s a $10/year fee (ten dollars) and not $10,000, that will be a better incentive to get companies to participate and to create the infrastructure needed to validate this information at enormous scale.

Dirty work: Tracking and controlling affiliate partners

A lot of adware and malware in the wild today (great if unfortunate/scary Android example here) relies upon affiliate relationships with legitimate advertisers. No advertiser should pay for an app install or click unless the affiliate it is working with is legitimately registered with a physical address, bank account and/or additional verifiable characteristics.

I spoke with the ad operations person at a major app advertiser recently who had an affiliate popping up the Apple AppStore on iOS with app install ads, hijacking the mobile web browser. He told me that he “was previously one of the bad guys” which is “probably why [he] was so successful growing our affiliate channel”, though of course he admitted that “there are always the bad actors that ruin it for everyone else.” Don’t underestimate the scale of this problem — follow the money.


Please tweet to me @robleathern (DM or public) if you want to help collaborate to be part of a solution to this problem. It’s going to take more than any one of us, but it’s also going to require breaking away from the sclerotic clutches of dug-in old school industry groups like IAB, TAG, or any other three- or four-letter acronyms and working in the real world.