Thursday, January 18, 2018

Web Advertising and the Shark, revisited (and updated)

There's a lot to add to Has Web Advertising Jumped The Shark? (which is a violation of  Betteridge's Law). Follow me below the fold for some of it.

First, I should acknowledge that, as usual, Maciej Cegłowski was ahead of the game. He spotted this more than two years ago and described it in The Advertising Bubble, based on a talk he gave in Sydney. The short version is:
There's an ad bubble. It's gonna blow.
Money flows in ad ecosystem
The longer version is worth reading, but here is a taste:
Right now, all the ad profits flow into the pockets of a few companies like Facebook, Yahoo, and Google. ... You'll notice that the incoming and outgoing arrows in this diagram aren't equal. There's more money being made from advertising than consumers are putting in.

The balance comes out of the pockets of investors, who are all gambling that their pet company or technology will come out a winner. They provide a massive subsidy to the adtech sector. ... The only way to make the arrows balance at this point will be to divert more of each consumer dollar into advertising (raise the ad tax), or persuade people to buy more stuff. ... The problem is not that these companies will fail (may they all die in agony), but that the survivors will take desperate measures to stay alive as the failure spiral tightens. ... The only way I see to avert disaster is to reduce the number of entities in the swamp and find a way back to the status quo ante, preferably through onerous regulation. But nobody will consider this.
What Doc Searls Saw
What Ev Williams Saw
Cegłowski was right that things would get bad. Last December Doc Searls, in After Peak Marketing, reported about the ads he and Ev Williams saw on Facebook when they read this post from one Mark Zuckerberg:
“Of all the content on Facebook, more than 99% of what people see is authentic. Only a very small amount is fake news and hoaxes. The hoaxes that do exist are not limited to one partisan view, or even to politics. Overall, this makes it extremely unlikely hoaxes changed the outcome of this election in one direction or the other.”
Searls points out that, despite Zuckerberg's "99% authentic" claim:
All four ads are flat-out frauds, in up to four ways apiece:
  1. All are lies (Tiger isn’t gone from Golf, Trump isn’t disqualified, Kaepernick is still with the Niners, Tom Brady is still playing), violating Truth in Advertising law.
  2. They were surely not placed by ESPN and CNN. This is fraud.
  3. All four of them violate copyright or trademark laws by using another company’s name or logo. (One falsely uses another’s logo. Three falsely use another company’s Web address.)
  4. All four stories are bait-and-switch scams, which are also illegal. (Both of mine were actually ads for diet supplements.)
Mark Zuckerberg announced changes to Facebook's News Feed to de-prioritize paid content, but Roger McNamee is skeptical of the effect:
Zuckerberg’s announcement on Wednesday that he would be changing the Facebook News Feed to make it promote “meaningful interactions” does little to address the concerns I have with the platform.
So am I. Note that the changes:
will de-prioritize videos, photos, and posts shared by businesses and media outlets, which Zuckerberg dubbed “public content”, in favor of content produced by a user’s friends and family.
They don't address the ads that Searls and Williams saw. But they do have the effect of decreasing traffic to publisher's content:
Publishers, on the other hand, were generally freaked out. Many have spent the past 5 years or so desperately trying to "play the Facebook game." And, for many, it gave them a decent boost in traffic (if not much revenue). But, in the process, they proceeded to lose their direct connection to many readers. People coming to news sites from Facebook don't tend to be loyal readers. They're drive-bys.
And thus divert advertising dollars to Facebook from other sites. The other sites have been hit by another of the FAANGs:
advertising firms are losing hundreds of millions of dollars following the introduction of a new privacy feature from Apple that prevents users from being tracked around the web.

Advertising technology firm Criteo, one of the largest in the industry, says that the Intelligent Tracking Prevention (ITP) feature for Safari, which holds 15% of the global browser market, is likely to cut its 2018 revenue by more than a fifth compared to projections made before ITP was announced.
AdBlock trending
Apple is responding to its customers. Back in 2015 Doc Searls wrote Beyond ad blocking — the biggest boycott in human history:
Ad blocking didn’t happen in a vacuum. It had causes. We start to see those when we look at how interest hockey-sticked in 2012. That was when ad-supported commercial websites, en masse, declined to respect Do Not Track messages from users ... As we see, interest in Do Not Track fell, while interest in ad blocking rose. (As did ad blocking itself.)
As blissex wrote in this comment, we are living:
In an age in which every browser gifts a free-to-use, unlimited-usage, fast VM to every visited web site, and these VMs can boot and run quite responsive 3D games or Linux distributions
This means that, as Brannon Dorsey demonstrated, ad blockers have become an essential way to defend against cryptojacking and botnets:
Anyone can make an account, create an ad with god-knows-what Javascript in it, then pay to have the network serve that ad up to thousands of browser.

So that's what Dorsey did -- very successfully. Within about three hours, his code (experimental, not malicious, apart from surreptitiously chewing up processing resources) was running on 117,852 web browsers, on 30,234 unique IP addresses. Adtech, it turns out, is a superb vector for injecting malware around the planet.

Some other fun details: Dorsey found that when people loaded his ad, they left the tab open an average of 15 minutes. That gave him huge amounts of compute time -- 327 full days, in fact, for about $15 in ad purchase. To see what such a botnet could do, he created one to run a denial-of-service attack (against his own site, just to see if it worked: It did pretty well). He got another to mine the cryptocurrency Monero, at rates that will be profitable if Monero goes much higher.

The most interesting experiment was in writing an adtech-botnet to store and serve Bittorrent files, via Webtorrent. That worked pretty well too: He got 180,175 browsers to run his torrent file in 24 hours, with a 702 Mbps upload speed for the entire network.
What Google could steal
Brannon Dorsey's post describing his experiments is a must-read. He computes that, for example, Google could limit itself to 10% CPU utilization and still have about 3 million cores for free, continuously. He concludes:
please, please, please BLOCK ADS. If you’ve somehow made it all the way to 2018 without using an ad blocker, 1) wtf… and 2) start today. In all seriousness, I don’t mean to be patronizing. An ad blocker is a necessary tool to preserve your privacy and security on the web and there is no shame in using one. Advertising networks have overstepped their bounds and its time to show them that we won’t stand for it.
If that isn't shark-jumped, I don't know what is.

Update

The sub-head of this week's Schumpeter column in The Economist is Stockmarket investors are wrong to expect an enormous surge in advertising revenues. The stockmarket is predicting huge growth in the huge revenues of the huge firms that dominate Web advertising:
The total market value of a basket of a dozen American firms that depend on ad revenue, or are devising their strategies around it, has risen by 126% to $2.1trn over the past five years. The part of America’s economy that is ad-centric has become systemically important, with a market value that is larger than the banking industry.

The biggest firms are Facebook and Alphabet (Google’s parent), which rely on advertising for, respectively, 97% and 88% of their sales. But the chunky valuations of America’s giant TV broadcasters imply that their ad revenues will fall very slowly, or not at all. Startups that rely on advertising, such Snap, are floating their shares at prices that suggest huge growth. Large deals, too, are being justified by potential ad revenues. Microsoft’s $26bn acquisition of LinkedIn in 2016 was partly premised on “monetising” its user base through adverts. The main reason AT&T says it wants to buy Time Warner for $109bn is to create a digital ad platform linking AT&T’s data to Time Warner’s TV content.

... A back-of-the-envelope calculation by Schumpeter suggests that stock prices currently imply that American advertising revenues will rise from 1% of GDP today, to as much as 1.8% of GDP by 2027—a massive jump. Since 1980 the average has been 1.3%, according to Jonathan Barnard of Zenith, a media agency, and in the past few years the advertising market relative to GDP has been shrinking.
The column describes two factors that make an 80% rise in ad spending in the next decade unlikely. First, the victims wouldn't tolerate it:
More people are using ad-blocking software. Tech brands that eschew bombarding customers with ads, such as Apple and Netflix, are wildly popular. ... Time spent online by the typical American is growing at about 10% a year, less than the 15-20% ad-sales growth that many digital firms expect.
Second, the advertisers can't afford it:
Imagine if advertising spending really did rise to 1.8% of GDP in America by 2027. Most firms’ costs would have to rise, cutting total corporate profits (excluding those of ad platforms) from about 6.5% to 5.7% of GDP, the kind of drop normally associated with a recession. Alternatively, imagine if the firms in the S&P 500 index (excluding ad platforms) bore all the additional cost of the advertising boom. Their combined return on capital would drop from the present 10% to 8%, at or just below their cost of capital.

11 comments:

David. said...

"researchers have uncovered one of the forces driving that spike—a consortium of 28 fake ad agencies. The consortium displayed an estimated 1 billion ad impressions last year that pushed malicious antivirus software, tech support scams, and other fraudulent schemes. By carefully developing relationships with legitimate ad platforms, the ads reached 62 percent of the Internet's ad-monetized websites on a weekly basis" reports Dan Goodin at Ars Technica:

"The ads were delivered on so-called "forced redirects," in which a site displaying editorial content or an ad suddenly opened a new page on a different domain."

David. said...

Cory Doctorow reports on new rules in South Korea:

"Under these rules, online service providers are banned from installing or recommending software that "is not critical to the primary functions of telecom equipment" (that's all the shovelware your phone comes with); from "Imposing unfair terms or limitations on service providers seeking to use another telecom service provider" (no net neutrality violations, no search-rank twiddling); from "Misleading consumers by unfairly commingling advertisements with other information" (native advertising, advertorial, etc); and from "Unfairly limiting the ability to delete certain advertisements" (anti-adblock). "

There's a reason South Korea is the #1 economy for innovation and the US is no longer in the top 10.

David. said...

"YouTube was recently caught displaying ads that covertly leach off visitors' CPUs and electricity to generate digital currency on behalf of anonymous attackers, it was widely reported." reports Dan Goodin at Ars Technica:

"On Friday, researchers with antivirus provider Trend Micro said the ads helped drive a more than three-fold spike in Web miner detections. They said the attackers behind the ads were abusing Google's DoubleClick ad platform to display them to YouTube visitors in select countries, including Japan, France, Taiwan, Italy, and Spain."

David. said...

The Follower Factory by Nicholas Confessore et al is a fascinating read. It's a deep dive into the market for social media bots, another aspect of the fraud-ridden advertising ecosystem. TL;DR is that any kind of count about social media probably includes a large proportion of bots, and Facebook, Twitter and others have little motivation to stamp them out even though they're easy to detect.

David. said...

"Facebook, which has more than 2 billion people logging in monthly, has never failed to grow its user base. To beat investors’ expectations consistently on user numbers, it’s just as important for the company to retain people like Gorantala as it is to recruit new members. People who are logging into Facebook less often—but aren’t fully disconnected—are noticing more and more frequent prompts to come back, sometimes multiple times a day, via emails or text messages reminding them what they’re missing out on, according to screenshots and reports from users around the world." writes Sarah Frier at Bloomberg in Facebook Really Wants You to Come Back.

David. said...

"Security researcher Scott Helme has spotted a third-party exploit that injects a script that mines cryptocurrency on over 4,200 sites, from the UK NHS to the US Courts' official site to the sites of other esteemed security researchers." writes Cory Doctorow.

David. said...

"The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud's source code – to silently inject Coinhive's Monero miner into every webpage offering Browsealoud." reports Chris Williams at The Register.

Alan Woodward points out what sites should have been doing to prevent this:

"This is what happens when you use third party content & don’t ensure its integrity. Just look at all those public sector sites affected. If you wanna know how to stop it read these:
https://scotthelme.co.uk/subresource-integrity/ …
https://scotthelme.co.uk/content-security-policy-an-introduction/ …
And use @reporturi"

Reporturi is here.

David. said...

"Unilever's chief marketing officer Keith Weed used his keynote speech to blast the Mark Zuckerberg-run Facebook, and other social media companies, for what he said was an "erosion of trust."

"We are a million miles from the internet we envisioned," said Weed. "Without trust, there is no data and without data there is no brand." This erosion transcends other issues, he warned, adding: "We need to redefine what is responsible business in the digital age. We will only do business with companies that have responsible infrastructure."

Although Weed did not name Facebook, the comments were so obviously aimed squarely at the social media giant, particular a comment about how there needs to be "one measurement system across all media, including walled gardens."

Facebook is notorious for using the fact it is a self-contained universe to provide its own metrics and reports on ads, their reach, and their effectiveness. In perhaps the most obvious example, Facebook pushes advertisers to pay to promote their own Facebook page; an extraordinary online circle jerk." writes Kieren McCarthy at The Register.

P&G and Unilever are Facebook's biggest customers, and they're not happy.

David. said...

A year or so ago I bought a great pair of Merino wool pants from Icebreaker's store in Santana Row. In fact, I'm wearing them now. A few weeks ago I bought what I thought was a similar pair from their online store, but they were nothing like the previous pair. I returned them. The entire transaction worked perfectly.

Now, everywhere I go on the Web I'm bombarded by ads for Icebreaker pants. You'd think they would take the hint. If the best they can do is to try to sell you the stuff you just bought its no wonder that the advertisers are unhappy at the waste of their dollars.

David. said...

"It’s Salon.com this time — if you go with an ad blocker, you get this notice, giving you the option to switch off your ad-blocker, or waste your electricity mining Monero." David Gerard shreds Salon.com's attempt to fight ad-blockers with Monero mining.

David. said...

The Browsealoud hack netted all of $24, according to Jordan Pearson at Motherboard:

"Sunday, hackers orchestrated what’s likely the largest cryptocurrency mining hack to date by compromising an accessibility plugin used by thousands of websites. This made any visitor to the many affected UK, US, and Canadian government sites (among others) mine cryptocurrency with their computer before the attack was shut off after four hours. According to spokespeople for the mining service used by the hackers, Coinhive, the result of this effort was $24 USD worth of Monero."