As I have read blogs around the internet, there are a number that say that Click Fraud is adversly affecting Google and Yahoo! They are saying that Google's wallet is getting fattened by click fraud, while the little guys, the advertisers, are spending more and more money on clicks depreciating in value. Or they are saying that advertisers are slowly decreasing their ad spending due to the fear of click fraud.
No one can say with absolute certainty how much click fraud is taking place on the internet. No one can say how many clicks go unfiltered and are charged to advertisers. What we see though are that according to Google <10% of clicks are invalid (only some of these clicks are considered fraudulent) and are filtered, while according to Click Forensics click fraud is in the range of 28.1%. Each of these two companies benefit from opposite perceptions about click fraud. Google would like us to think that it is for the most part under control, and rarely would one be charged for invalid clicks. Click Forensics and others like them would like to sell their services to people that believe click fraud is rampant. As a side note Google only refunds about 0.02% of clicks that go unfiltered.
I believe that the real enemy of the PPC (pay-per-click) model of advertising is the perception that click fraud is rampant as it is spread by 3rd parties and the media. I would like to know how many advertisers cut back their budgets based on fears, while not inspecting their ROI.
I do not suspect that the fear of click fraud in advertisers will bring about the ruin of Google. However, I would suspect that it is hurting Google and advertisers more than actual click fraud.
Wednesday, January 23, 2008
Tuesday, January 22, 2008
Click Fraud Antics
I have begun to read into the area of click fraud. In doing so I have come across several blogs in which the owner of the blog complains that their Adsense account has been disabled due to click fraud, which they of course did not perpetrate. I would suspect some of these bloggers are not as innocent as their story claims. However, I am certain that there are some innocent victims in this crime. There is no way to tell whether the click fraud identified by Google originates from the author of the blog or not. In every case the author complains that Google will not level with them and divulge what exactly was detected as click fraud, so that the author can rectify the situation.
I understand that Google is worried that the more that a fraudster knows about how they detect click spam, the easier it will be for a fraudster to go undetected. That is why they cannot share any of their secrets with the authors of blogs, who would certainly share any information they learned on their blog. However, any actions that Google takes against fraud gives away some small details about what they do.
There are two sources of information that could potentially be used against Google. The first is that Google reports to Adsense users the number of clicks that they were given credit for. The second being either warnings or the disabling of accounts. In the first case if a fraudster were able to make an Adsense account for a website not exposed to the general public, then they could generate any number of attacks, with each attack having a different number of clicks associated with it in such a way that when the final number of clicks reported on that page would tell the attacker exactly which attacks failed and which attacks succeeded. Of course, such attacks would very quickly result in the suspension of their account. The attacker would necessarily need to make several accounts and perform fraud in such a small amount as to not be noticeable so quickly. The question then arises how easily could a fraudster generate several accounts without any of these new accounts traceable back to the fraudster?
This question leads to the second source of information which could be used by fraudsters to discover Google's fraud detection suite. Since accounts are being disabled for fraudulent behavior, then an attacker could use the feedback from a number of unsuspecting bloggers. An attacker would choose a number of blogs to carry out their attack. The attacker would generate fraudulent clicks on a particular blog until their clicks were detected and the blogger's Adsense account disabled. The attacker would fashion a new attack and repeat the whole process on another bloggers account. If successful, the attacker would not make any money on the attack, but would have a working prototype to use for their own purposes in the future. In this way an attacker receives a certain amount of feedback from Google without risking their own identity, shuts down a number of Adsense accounts that they may have competed with, and if it is their purpose creates a number of enemies for Google.
In the last attack, how could Google detect fraudulent clicks authorized by the author of a blog or website versus those attacks originating from outside sources. One cannot assume that click fraud would only be performed by the owner of the Adsense account or an accomplice to that owner. One could perhaps from Google's side compare similar click fraud attacks among websites for similarities and perhaps find a common signature among a number of attacks. This would not prove any of the Adsense account holders innocent, but may point to some of them being innocent. I am not sure that there is an easy answer to protecting the innocent in this last case.
I understand that Google is worried that the more that a fraudster knows about how they detect click spam, the easier it will be for a fraudster to go undetected. That is why they cannot share any of their secrets with the authors of blogs, who would certainly share any information they learned on their blog. However, any actions that Google takes against fraud gives away some small details about what they do.
There are two sources of information that could potentially be used against Google. The first is that Google reports to Adsense users the number of clicks that they were given credit for. The second being either warnings or the disabling of accounts. In the first case if a fraudster were able to make an Adsense account for a website not exposed to the general public, then they could generate any number of attacks, with each attack having a different number of clicks associated with it in such a way that when the final number of clicks reported on that page would tell the attacker exactly which attacks failed and which attacks succeeded. Of course, such attacks would very quickly result in the suspension of their account. The attacker would necessarily need to make several accounts and perform fraud in such a small amount as to not be noticeable so quickly. The question then arises how easily could a fraudster generate several accounts without any of these new accounts traceable back to the fraudster?
This question leads to the second source of information which could be used by fraudsters to discover Google's fraud detection suite. Since accounts are being disabled for fraudulent behavior, then an attacker could use the feedback from a number of unsuspecting bloggers. An attacker would choose a number of blogs to carry out their attack. The attacker would generate fraudulent clicks on a particular blog until their clicks were detected and the blogger's Adsense account disabled. The attacker would fashion a new attack and repeat the whole process on another bloggers account. If successful, the attacker would not make any money on the attack, but would have a working prototype to use for their own purposes in the future. In this way an attacker receives a certain amount of feedback from Google without risking their own identity, shuts down a number of Adsense accounts that they may have competed with, and if it is their purpose creates a number of enemies for Google.
In the last attack, how could Google detect fraudulent clicks authorized by the author of a blog or website versus those attacks originating from outside sources. One cannot assume that click fraud would only be performed by the owner of the Adsense account or an accomplice to that owner. One could perhaps from Google's side compare similar click fraud attacks among websites for similarities and perhaps find a common signature among a number of attacks. This would not prove any of the Adsense account holders innocent, but may point to some of them being innocent. I am not sure that there is an easy answer to protecting the innocent in this last case.
Wednesday, January 16, 2008
Choice to Attend U of Louisville for a Ph.D. in CECS
This is my second semester at the University of Louisville as a Ph.D. student. Before coming here a had a choice to make. I received acceptance letters from both the University of Minnesota and the University of Louisville. I am quite certain that I made the right decision considering my circumstances. The following paragraphs will seek to persuade potential students considering a Computer Science degree to attend the University of Louisville.
First let me state that I have only attended two universities in my day BYU and the U of L (as it is referred to here in Kentucky). I have nothing against any other university including the University of Minnesota (which I never was able to visit). I will not focus on the reasons not to attend other schools, instead I will only focus on the reasons one would pick to come to the University of Louisville.
The main reason I have for maintaining my choice of schools is personal attention. I have made a very weak attempt at getting to know any of the professors here at the U of L in the CECS (Computer Engineering and Computer Science) department. However, with such small class sizes and a small number of students working towards Ph.D.'s in my department, it is difficult to not be known on a first name basis. For example, the department chair, Dr. Elmaghraby, from whom I have never taken a class and who should perhaps be to busy to get to know me personally, I have talked with several times, including spending more than an hour in his office with only a simple question on my mind.
The second reason which has been very amenable to my wife is more affordable living than we previously had. I moved to Kentucky with my wife and two kids. We were able to find an apartment for cheaper than we were renting in Utah with more space, and Utah is not one of the more expensive places to live in my understanding.
Lastly, I have enjoyed my brief stay in Kentucky. People are more friendly and more patient here than what I have experienced in other parts of the country. Certainly there are drivers that prefer to double the speed limit, and some who are dishonest. Find me a state where this is not true. We have also come to love the large numbers of trees that we find in this area. There are states just as green or greener in terms of landscape than in Kentucky, but this has to be one of those things that quickly jumps out at you coming from the West (not including coastal states).
If you are interested in applying to the University of Louisville and still have doubts (how could you not considering the time investment of getting a Ph.D.) please leave a question in the comments section, and I can tell you specifics as they relate to your questions.
First let me state that I have only attended two universities in my day BYU and the U of L (as it is referred to here in Kentucky). I have nothing against any other university including the University of Minnesota (which I never was able to visit). I will not focus on the reasons not to attend other schools, instead I will only focus on the reasons one would pick to come to the University of Louisville.
The main reason I have for maintaining my choice of schools is personal attention. I have made a very weak attempt at getting to know any of the professors here at the U of L in the CECS (Computer Engineering and Computer Science) department. However, with such small class sizes and a small number of students working towards Ph.D.'s in my department, it is difficult to not be known on a first name basis. For example, the department chair, Dr. Elmaghraby, from whom I have never taken a class and who should perhaps be to busy to get to know me personally, I have talked with several times, including spending more than an hour in his office with only a simple question on my mind.
The second reason which has been very amenable to my wife is more affordable living than we previously had. I moved to Kentucky with my wife and two kids. We were able to find an apartment for cheaper than we were renting in Utah with more space, and Utah is not one of the more expensive places to live in my understanding.
Lastly, I have enjoyed my brief stay in Kentucky. People are more friendly and more patient here than what I have experienced in other parts of the country. Certainly there are drivers that prefer to double the speed limit, and some who are dishonest. Find me a state where this is not true. We have also come to love the large numbers of trees that we find in this area. There are states just as green or greener in terms of landscape than in Kentucky, but this has to be one of those things that quickly jumps out at you coming from the West (not including coastal states).
If you are interested in applying to the University of Louisville and still have doubts (how could you not considering the time investment of getting a Ph.D.) please leave a question in the comments section, and I can tell you specifics as they relate to your questions.
Subscribe to:
Posts (Atom)