Thursday, January 18, 2018

Web Advertising and the Shark, revisited (and updated)

There's a lot to add to Has Web Advertising Jumped The Shark? (which is a violation of  Betteridge's Law). Follow me below the fold for some of it.

First, I should acknowledge that, as usual, Maciej Cegłowski was ahead of the game. He spotted this more than two years ago and described it in The Advertising Bubble, based on a talk he gave in Sydney. The short version is:
There's an ad bubble. It's gonna blow.
Money flows in ad ecosystem
The longer version is worth reading, but here is a taste:
Right now, all the ad profits flow into the pockets of a few companies like Facebook, Yahoo, and Google. ... You'll notice that the incoming and outgoing arrows in this diagram aren't equal. There's more money being made from advertising than consumers are putting in.

The balance comes out of the pockets of investors, who are all gambling that their pet company or technology will come out a winner. They provide a massive subsidy to the adtech sector. ... The only way to make the arrows balance at this point will be to divert more of each consumer dollar into advertising (raise the ad tax), or persuade people to buy more stuff. ... The problem is not that these companies will fail (may they all die in agony), but that the survivors will take desperate measures to stay alive as the failure spiral tightens. ... The only way I see to avert disaster is to reduce the number of entities in the swamp and find a way back to the status quo ante, preferably through onerous regulation. But nobody will consider this.
What Doc Searls Saw
What Ev Williams Saw
Cegłowski was right that things would get bad. Last December Doc Searls, in After Peak Marketing, reported about the ads he and Ev Williams saw on Facebook when they read this post from one Mark Zuckerberg:
“Of all the content on Facebook, more than 99% of what people see is authentic. Only a very small amount is fake news and hoaxes. The hoaxes that do exist are not limited to one partisan view, or even to politics. Overall, this makes it extremely unlikely hoaxes changed the outcome of this election in one direction or the other.”
Searls points out that, despite Zuckerberg's "99% authentic" claim:
All four ads are flat-out frauds, in up to four ways apiece:
  1. All are lies (Tiger isn’t gone from Golf, Trump isn’t disqualified, Kaepernick is still with the Niners, Tom Brady is still playing), violating Truth in Advertising law.
  2. They were surely not placed by ESPN and CNN. This is fraud.
  3. All four of them violate copyright or trademark laws by using another company’s name or logo. (One falsely uses another’s logo. Three falsely use another company’s Web address.)
  4. All four stories are bait-and-switch scams, which are also illegal. (Both of mine were actually ads for diet supplements.)
Mark Zuckerberg announced changes to Facebook's News Feed to de-prioritize paid content, but Roger McNamee is skeptical of the effect:
Zuckerberg’s announcement on Wednesday that he would be changing the Facebook News Feed to make it promote “meaningful interactions” does little to address the concerns I have with the platform.
So am I. Note that the changes:
will de-prioritize videos, photos, and posts shared by businesses and media outlets, which Zuckerberg dubbed “public content”, in favor of content produced by a user’s friends and family.
They don't address the ads that Searls and Williams saw. But they do have the effect of decreasing traffic to publisher's content:
Publishers, on the other hand, were generally freaked out. Many have spent the past 5 years or so desperately trying to "play the Facebook game." And, for many, it gave them a decent boost in traffic (if not much revenue). But, in the process, they proceeded to lose their direct connection to many readers. People coming to news sites from Facebook don't tend to be loyal readers. They're drive-bys.
And thus divert advertising dollars to Facebook from other sites. The other sites have been hit by another of the FAANGs:
advertising firms are losing hundreds of millions of dollars following the introduction of a new privacy feature from Apple that prevents users from being tracked around the web.

Advertising technology firm Criteo, one of the largest in the industry, says that the Intelligent Tracking Prevention (ITP) feature for Safari, which holds 15% of the global browser market, is likely to cut its 2018 revenue by more than a fifth compared to projections made before ITP was announced.
AdBlock trending
Apple is responding to its customers. Back in 2015 Doc Searls wrote Beyond ad blocking — the biggest boycott in human history:
Ad blocking didn’t happen in a vacuum. It had causes. We start to see those when we look at how interest hockey-sticked in 2012. That was when ad-supported commercial websites, en masse, declined to respect Do Not Track messages from users ... As we see, interest in Do Not Track fell, while interest in ad blocking rose. (As did ad blocking itself.)
As blissex wrote in this comment, we are living:
In an age in which every browser gifts a free-to-use, unlimited-usage, fast VM to every visited web site, and these VMs can boot and run quite responsive 3D games or Linux distributions
This means that, as Brannon Dorsey demonstrated, ad blockers have become an essential way to defend against cryptojacking and botnets:
Anyone can make an account, create an ad with god-knows-what Javascript in it, then pay to have the network serve that ad up to thousands of browser.

So that's what Dorsey did -- very successfully. Within about three hours, his code (experimental, not malicious, apart from surreptitiously chewing up processing resources) was running on 117,852 web browsers, on 30,234 unique IP addresses. Adtech, it turns out, is a superb vector for injecting malware around the planet.

Some other fun details: Dorsey found that when people loaded his ad, they left the tab open an average of 15 minutes. That gave him huge amounts of compute time -- 327 full days, in fact, for about $15 in ad purchase. To see what such a botnet could do, he created one to run a denial-of-service attack (against his own site, just to see if it worked: It did pretty well). He got another to mine the cryptocurrency Monero, at rates that will be profitable if Monero goes much higher.

The most interesting experiment was in writing an adtech-botnet to store and serve Bittorrent files, via Webtorrent. That worked pretty well too: He got 180,175 browsers to run his torrent file in 24 hours, with a 702 Mbps upload speed for the entire network.
What Google could steal
Brannon Dorsey's post describing his experiments is a must-read. He computes that, for example, Google could limit itself to 10% CPU utilization and still have about 3 million cores for free, continuously. He concludes:
please, please, please BLOCK ADS. If you’ve somehow made it all the way to 2018 without using an ad blocker, 1) wtf… and 2) start today. In all seriousness, I don’t mean to be patronizing. An ad blocker is a necessary tool to preserve your privacy and security on the web and there is no shame in using one. Advertising networks have overstepped their bounds and its time to show them that we won’t stand for it.
If that isn't shark-jumped, I don't know what is.

Update

The sub-head of this week's Schumpeter column in The Economist is Stockmarket investors are wrong to expect an enormous surge in advertising revenues. The stockmarket is predicting huge growth in the huge revenues of the huge firms that dominate Web advertising:
The total market value of a basket of a dozen American firms that depend on ad revenue, or are devising their strategies around it, has risen by 126% to $2.1trn over the past five years. The part of America’s economy that is ad-centric has become systemically important, with a market value that is larger than the banking industry.

The biggest firms are Facebook and Alphabet (Google’s parent), which rely on advertising for, respectively, 97% and 88% of their sales. But the chunky valuations of America’s giant TV broadcasters imply that their ad revenues will fall very slowly, or not at all. Startups that rely on advertising, such Snap, are floating their shares at prices that suggest huge growth. Large deals, too, are being justified by potential ad revenues. Microsoft’s $26bn acquisition of LinkedIn in 2016 was partly premised on “monetising” its user base through adverts. The main reason AT&T says it wants to buy Time Warner for $109bn is to create a digital ad platform linking AT&T’s data to Time Warner’s TV content.

... A back-of-the-envelope calculation by Schumpeter suggests that stock prices currently imply that American advertising revenues will rise from 1% of GDP today, to as much as 1.8% of GDP by 2027—a massive jump. Since 1980 the average has been 1.3%, according to Jonathan Barnard of Zenith, a media agency, and in the past few years the advertising market relative to GDP has been shrinking.
The column describes two factors that make an 80% rise in ad spending in the next decade unlikely. First, the victims wouldn't tolerate it:
More people are using ad-blocking software. Tech brands that eschew bombarding customers with ads, such as Apple and Netflix, are wildly popular. ... Time spent online by the typical American is growing at about 10% a year, less than the 15-20% ad-sales growth that many digital firms expect.
Second, the advertisers can't afford it:
Imagine if advertising spending really did rise to 1.8% of GDP in America by 2027. Most firms’ costs would have to rise, cutting total corporate profits (excluding those of ad platforms) from about 6.5% to 5.7% of GDP, the kind of drop normally associated with a recession. Alternatively, imagine if the firms in the S&P 500 index (excluding ad platforms) bore all the additional cost of the advertising boom. Their combined return on capital would drop from the present 10% to 8%, at or just below their cost of capital.
Update 12th May 2018: Barry Ritholtz points to the graphs in Peter Kafka's These two charts tell you everything you need to know about Google’s and Facebook’s domination of the ad business. This shows ad revenues from 2013 to 2017. Simply because they already have so much of the market, Google and Facebook cannot continue to grow revenues at their historic rate without a massive and continuing increase in ad spending by companies.

This shows the percentage of the total ad revenue for each medium from 1996 to 2017. Online passed TV in 2016 to grab 44% of the total.

Even if they could afford it (see Schumpeter above), given companies increasing skepticism as to the effectiveness of spending on online advertising, a massive increase in ad spending is not going to happen. This seems like an instance of Stein's Law:  "If something cannot go on forever, it will stop".

25 comments:

David. said...

"researchers have uncovered one of the forces driving that spike—a consortium of 28 fake ad agencies. The consortium displayed an estimated 1 billion ad impressions last year that pushed malicious antivirus software, tech support scams, and other fraudulent schemes. By carefully developing relationships with legitimate ad platforms, the ads reached 62 percent of the Internet's ad-monetized websites on a weekly basis" reports Dan Goodin at Ars Technica:

"The ads were delivered on so-called "forced redirects," in which a site displaying editorial content or an ad suddenly opened a new page on a different domain."

David. said...

Cory Doctorow reports on new rules in South Korea:

"Under these rules, online service providers are banned from installing or recommending software that "is not critical to the primary functions of telecom equipment" (that's all the shovelware your phone comes with); from "Imposing unfair terms or limitations on service providers seeking to use another telecom service provider" (no net neutrality violations, no search-rank twiddling); from "Misleading consumers by unfairly commingling advertisements with other information" (native advertising, advertorial, etc); and from "Unfairly limiting the ability to delete certain advertisements" (anti-adblock). "

There's a reason South Korea is the #1 economy for innovation and the US is no longer in the top 10.

David. said...

"YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported." reports Dan Goodin at Ars Technica:

"On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain."

David. said...

The Follower Factory by Nicholas Confessore et al is a fascinating read. It's a deep dive into the market for social media bots, another aspect of the fraud-ridden advertising ecosystem. TL;DR is that any kind of count about social media probably includes a large proportion of bots, and Facebook, Twitter and others have little motivation to stamp them out even though they're easy to detect.

David. said...

"Facebook, which has more than 2 billion people logging in monthly, has never failed to grow its user base. To beat investors’ expectations consistently on user numbers, it’s just as important for the company to retain people like Gorantala as it is to recruit new members. People who are logging into Facebook less often—but aren’t fully disconnected—are noticing more and more frequent prompts to come back, sometimes multiple times a day, via emails or text messages reminding them what they’re missing out on, according to screenshots and reports from users around the world." writes Sarah Frier at Bloomberg in Facebook Really Wants You to Come Back.

David. said...

"Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers." writes Cory Doctorow.

David. said...

"The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud." reports Chris Williams at The Register.

Alan Woodward points out what sites should have been doing to prevent this:

"This is what happens when you use third party content & don’t ensure its integrity. Just look at all those public sector sites affected. If you wanna know how to stop it read these:
https://scotthelme.co.uk/subresource-integrity/ …
https://scotthelme.co.uk/content-security-policy-an-introduction/ …
And use @reporturi"

Reporturi is here.

David. said...

"Unilever's chief marketing officer Keith Weed used his keynote speech to blast the Mark Zuckerberg-run Facebook, and other social media companies, for what he said was an "erosion of trust."

"We are a million miles from the internet we envisioned," said Weed. "Without trust, there is no data and without data there is no brand." This erosion transcends other issues, he warned, adding: "We need to redefine what is responsible business in the digital age. We will only do business with companies that have responsible infrastructure."

Although Weed did not name Facebook, the comments were so obviously aimed squarely at the social media giant, particular a comment about how there needs to be "one measurement system across all media, including walled gardens."

Facebook is notorious for using the fact it is a self-contained universe to provide its own metrics and reports on ads, their reach, and their effectiveness. In perhaps the most obvious example, Facebook pushes advertisers to pay to promote their own Facebook page; an extraordinary online circle jerk." writes Kieren McCarthy at The Register.

P&G and Unilever are Facebook's biggest customers, and they're not happy.

David. said...

A year or so ago I bought a great pair of Merino wool pants from Icebreaker's store in Santana Row. In fact, I'm wearing them now. A few weeks ago I bought what I thought was a similar pair from their online store, but they were nothing like the previous pair. I returned them. The entire transaction worked perfectly.

Now, everywhere I go on the Web I'm bombarded by ads for Icebreaker pants. You'd think they would take the hint. If the best they can do is to try to sell you the stuff you just bought its no wonder that the advertisers are unhappy at the waste of their dollars.

David. said...

"It’s Salon.com this time — if you go with an ad blocker, you get this notice, giving you the option to switch off your ad-blocker, or waste your electricity mining Monero." David Gerard shreds Salon.com's attempt to fight ad-blockers with Monero mining.

David. said...

The Browsealoud hack netted all of $24, according to Jordan Pearson at Motherboard:

"Sunday, hackers orchestrated what’s likely the largest cryptocurrency mining hack to date by compromising an accessibility plugin used by thousands of websites. This made any visitor to the many affected UK, US, and Canadian government sites (among others) mine cryptocurrency with their computer before the attack was shut off after four hours. According to spokespeople for the mining service used by the hackers, Coinhive, the result of this effort was $24 USD worth of Monero."

Ian Adams said...

Stumbled on this article today, which reminded me of your post: https://www.wsj.com/articles/p-g-slashed-digital-ad-spending-by-another-100-million-1519915621?mod=e2tw

David. said...

In YouTube, the Great Radicalizer Zeynep Tufekci writes:

"It seems as if you are never “hard core” enough for YouTube’s recommendation algorithm. It promotes, recommends and disseminates videos in a manner that appears to constantly up the stakes. Given its billion or so users, YouTube may be one of the most powerful radicalizing instruments of the 21st century.

This is not because a cabal of YouTube engineers is plotting to drive the world off a cliff. A more likely explanation has to do with the nexus of artificial intelligence and Google’s business model. (YouTube is owned by Google.) For all its lofty rhetoric, Google is an advertising broker, selling our attention to companies that will pay for it. The longer people stay on YouTube, the more money Google makes."

David. said...

"In recent weeks ... Facebook has had to repeatedly reduce estimates of the “reach” of their ads (how many people actually see them). Since the value of ads is whether and how many people see them, having the reach numbers wrong is a pretty big deal." from Josh Marshall's insightful Data Lords: The Real Story of Big Data, Facebook and the Future of News.

David. said...

Lauren Johnson's The Ad-Tech Industry’s Looming Shakeout Could Finally Happen at AdWeek reports on the impact that GDPR and the Facebook trainwreck will have on the ad biz:

"The EU’s General Data Protection Regulation (GDPR) threatens to wipe out significant portions of data on which marketers have heavily leaned to target online campaigns. At the same time, platforms like Facebook and Google are cutting out third-party vendors while bolstering their own data efforts to avoid potential GDPR snafus, which marketers may see as platforms creating bigger so-called walled gardens that block marketers from getting vetted data."

David. said...

"The GDPR represents a huge legal shift, which is arriving simultaneously with a technical shift (mass adoption of ad-blockers, which Doc Searls calls the biggest boycott in human history) and an emerging normative shift in the form of the #DeleteFacebook movement, which is on its way to treating your friends' insistence that you use Facebook to communicate with them as akin to insisting that you inhale their second-hand smoke as a condition of socializing with them." writes Cory Doctorow in The GDPR might actually create an "attention economy".

It is based on Seth Goodin's GDPR and the marketer's dilemma. Goodin writes:

"Talk to people who want to be talked to.

Market to people who want to be marketed to.

Because anticipated, personal and relevant messages will always outperform spam.

And spam is in the eye of the recipient.

In two simple words: Ask First."

Both posts will repay reading.
"

David. said...

I updated this post to include two graphs from Peter Kafka's These two charts tell you everything you need to know about Google’s and Facebook’s domination of the ad business. It had to be an update because there doesn't seem to be a way to include images in comments.

David. said...

"Because of #GDPR, USA Today decided to run a separate version of their website for EU users, which has all the tracking scripts and ads removed. The site seemed very fast, so I did a performance audit. How fast the internet could be without all the junk! 5.2MB → 500KB

They went from a load time of more than 45 seconds to 3 seconds, from 124 (!) JavaScript files to 0, and from a total of more than 500 requests to 34.

To the people saying they've had the same fast experience for years because they use ad blockers like uBlock Origin: With uBlock enabled, the performance score improves from 3 to 11/100. 37 JS files are still loaded and loading time is 21sec. The main JS file alone is 399KB."

90.4% of the bytes from USA Today is stuff you don't want, so use an ad blocker, people!

From Marcel Freinbichler's Twitter feed, via Rob Bechizza.

David. said...

"Digiday spoke with 10 direct-to-consumer companies, and all of them report their marketing mix has de-emphasized Facebook for other digital alternatives — including Facebook-owned Instagram — but seven of them also say they are expanding into traditional vehicles. The reason: Prices are getting high for audience segments and the feed has become a very cluttered space." reports Ilyse Liffreing in Pivot to traditional: Direct-to-consumer brands sour on Facebook ads.

David. said...

Robin Kurzer's Report: Google and Facebook top advertisers’ list of fears that could impact their businesses in 2018 is interesting. Among the points:

"The State of Digital Advertising 2018 notes that the so-called duopoly prevents advertisers from optimizing their customers’ experience by keeping measurements and performance within its “walled gardens.”

David. said...

YouTube Blocks Blender Videos Worldwide. It is a complex and evolving story but Chuck McManis's explanation is that "Google is trying so hard to make Youtube make money that they are kicking off content they didn't have to pay for, and has attracted millions of views, because the content owner doesn't want to allow ads."

Google's desperation is showing in the increasing number of ads that you can't skip, but their big problem is described in James Bridle's How Peppa Pig became a video nightmare for children.

David. said...

Thomas Claiburn's The cybercriminal's cash cow and the marketer's machine: Inside the mad sad bad web ad world is a good overview of the problem of ad fraud:

"Digital ad fraud can mean many different things. It can involve fake websites, fake online traffic, fake ads, fake ad agencies, fake audiences, fake ad bidding, fake accounts, fake devices, fake apps, and fake data.

It's not just click fraud – bots clicking on ads or loading display ads to get paid. It may involve installation fraud, by which physical or virtual devices download and install apps, cycling through fake device identifiers to collect the installation payment from the app publisher. Or it may involve showing ads that paid to reach a high-value audience to a low-value audience."

David. said...

What is the revenue generation model for DuckDuckGo? by Gabriel Weinberg, the CEO, answers a question that, as a DuckDuckGo user, have often wondered about:

"This keyword-based advertising is our primary business model. When you search on DuckDuckGo, we can show you an ad based on the keywords you type in. That’s it. And it works. Our privacy policy, in a nutshell, is to not collect or share any personal information at all. Every time you search on DuckDuckGo it is as if you were there for the first time – anonymous."

This contrasts with Google and Facebook:

"Google also makes most of their money via this same type of keyword-based advertising that doesn’t require any search-history tracking.

So why do they track it all then? Because Google is not really a search company; they are an advertising company. On Google, your searches are tracked, mined, and packaged up into a data profile for advertisers to follow you around the Internet through intrusive and annoying ever-present banner ads, using Google’s massive ad networks, embedded across millions of sites and apps.
...
Alarmingly, Google now deploys hidden trackers on 76% of websites across the web to monitor your behavior and Facebook has hidden trackers on about 25% of websites, according to the Princeton Web Transparency & Accountability Project. It is likely that Google and/or Facebook are watching you on most sites you visit, in addition to tracking you when using their products."

David. said...

"Nobody seems to likes autoplay videos — not even people I’ve talked to in the ad industry. The indiscreet videos demand your attention while burning through your mobile data plan and sucking up your batteries. Yet they have become a necessary evil for many media publishers trying to survive in the digital age." from Autoplay Videos Are Not Going Away. Here’s How to Fight Them by Brian X. Chen.

David. said...

Digging into Browser-based Crypto Mining by Jan Rüth et al looks interesting. From the abstract:

"We identify and classify mining websites on a large corpus of websites and present a new fingerprinting method which finds up to a factor of 5.7 more miners than publicly available block lists. Our work identifies and dissects Coinhive as the major browser-mining stakeholder. Further, we present a new method to associate mined blocks in the Monero blockchain to mining pools and uncover that Coinhive currently contributes 1.18% of mined blocks turning over Moneros worth a quarter of a million USD per month."

Hat tip David Gerard.