Google’s Walled Garden

Why Fraud Never Stops?

Today talks about the urgly side of the “humanity” in ad industry from the perspective of the Interest Parties


– Fraudersters(beneficiary)

1. highly profitable, think of it as drug dealing, but low risk
2. no defination of fraud, government and regulations
3. easy to do


– Advertisers(political, reputation)

1. wrong KPI, and care too much of KPI, and want the KPI to be better and better
2. turn blind eye or cover their blunders, just leave the shit to successors
3. (not aware of applicable technology to measure and forestall)


– intermediataries – agencies, DSPs, AdEx, AdNetworks(beneficiary)

1. business interest – who has issues with money?
2. can not balance the beneficiaries – advertisers aims to high, intermediataries can not control A’s expectation in case of losing the orders
3. to reach a goal that both advertiser and them “feel good”

– ad tech providers(beneficiary)

1. tech limitation, or “挤牙膏” a way to always leave some tricks for next show
2. digital fraud would hurt their biz in the long run as advertiser would spend budget elsewhere, besides, these tech providers earn their biz from fraud industry
3. (some are good players, but still wanna earn from it)

bot detection

Various different tricks are used by specialised vendors to identify fraud, for example, whether a certain browser acts as expected under different scenarios

fraud types ( from publisher side to client side)
– tracking pixel calling
– ads automatic refresh
– page automatic refresh
– referrer cheating
– ad stacking/ hidden ad/ inactive tabs
– serve instream in display placement
– iframe embedding / pixel stuffing
– browser spoofing
– ad injection/ toolbar / malware / ad hijacking
– click/impression farms

It is extremely hard, compounded by further difficulties around some cases that rely on big data analyses by the vendors (e.g. cross-campaign analysis), which make it hard to simulate behaviour in a closed environment.

A way to quickly check over of a fraud activity on site is to install ghostry, a chrome extention, which can monitor the Ad tags visually. When you see a lot ad tags loading behind without actually seeing the ads. It must be a indication of fraud.

AlphaGo在围棋上战胜人类 – 在数字广告业的思考


反观中国广告业,程序化投放已经在这两年渗透中国广告生态。根据Adbug这个搜索引擎不完全统计,至少有200家DSP(包括mobile, desktop),而各大媒介广告集团的Trading Desk也建立了一定的市场影响力。看出程序化购买这种自动、高效的广告购买方式是大势所趋。

但观察实际的情况,最终还是得服从商业利益。目测Advertising Arbitrage充斥整个市场,也就是说即使是TD、DSP背后仍然是类Ad Network模式的售卖,从媒体“签约”流量,加上人群数据标签大数据算法,口头上承诺品牌安全包装成一个完美的程序化产品概念以提供增值服务从中赚取利润。但只要在商业上存在利益,势必会有偏见,甚至会产生广告盈利利益大于广告主营销效果利益的情况(如,media planing阶段推荐和自己有关系的媒体、过分承诺KPI、对广告作弊的不作为)。最终“劣币驱逐良币”,马太效应加剧,市场被一种不良的环境主导,无法净化纠正。




Types of Fraud


Crowdsourcing (Cyclops): Thousands of users are recruited and paid just to view an article, providing page views (and extra cash) to the hacker. In these cases, the users are unaware that they are performing fraudulent activities.

Incentivised Ad Networks (Voldemorts): Individuals are given incentives like reward points, gift cards or Bitcoins to read an article or to view/click on an ad. They may know they are doing something wrong but abide by a “don’t ask, don’t tell” policy.

Click Farms (Zergs): These are organised groups of individuals who are paid to click. They use a combination of mobile devices and SIM cards to perform fraud online and repeatedly change their devices and networks to evade detection. They are called Zergs (just like in StarCraft) and operate in big groups with a malicious intent.

Computer Malware (VaderBots): Highly sophisticated and difficult to catch, VaderBots are masters of disguise. Thousands of PCs infected with malware (also known as bot slaves) work in conjunction with a bot master to perform smart fraud online. The bot master decides which sites the slave accesses and which ads it views and clicks so its actions appear to be random and to come from the computer of a “real person.”

Sophisticated Fraud (PhantomBots): This type of bot travels around the web to visit websites, view ads and click using a fairly sophisticated algorithm. Think of it as a digital ghost that is always boosting numbers.

Retargeting Fraud (DeceptiBots): This bot can mimic a human’s intentions, such as an interest in a specific brand of car. Ads targeted to a particular niche result in a higher CPM than untargeted ads. DeceptiBots deceive advertisers into believing they are receiving valuable, targeted clicks.

Mobile Simulator (CryptoBots): A mobile simulator on a computer that mimics a smartphone running mobile apps, CryptoBots are used to perform fraud on in-app mobile ads while their real identities remain hidden.

Ad Stacking: This is the practice of placing multiple ads on top of each other in a single ad placement. Even though the “stacked” ads are invisible to the person visiting the page, they often reported as viewable to the advertiser, so the fraudster gets paid.

Toolbars: While browser toolbars have legitimate uses, they are sometimes exploited by fraudsters. Bad actors distribute branded toolbars as part of software bundles that are often times installed without the user’s knowledge. They hijack the user’s browser, reset the default search engine and enable a platform for serving ads. The new default search, will usually mimic a well known search engine and can be extremely difficult to uninstall.

Ad injection: Usually masked as “deal finders” for online shoppers, these programs will inject unauthorised ads on legitimate web pages. Like toolbars, this software is usually distributed in software bundles and will install without the user’s knowledge.

Domain Identity Theft: A fraudulent seller hard codes a publisher domain into an ad unit. The ad runs on different publisher that commands a lower price. The buyer thinks their ad ran on the intended domain and somehow they got a deal (i.e., got the ad below market value) Neither the publisher or advertiser know that they’ve been defrauded.
– via



X – Y Problem

Find X – Y problem can be easily applied in business. When the client(in counterpart to the sales) is not buying your product or thought, and the topic goes from east to west without touching the final goal, it is a dangerous predicament.

To solve this, both need to face the origal nesscity of bussiness needs and see if the product hit the nil on the head.

About X-Y Problem

The X-Y Problem, as it is sometimes called, is a mental block which leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help. It often goes something like this

  • User wants to do X.
  • User doesn’t know how to do X, but thinks they can fumble their way to a solution if they can just manage to do Y.
  • User doesn’t know how to do Y either.
  • User asks for help with Y.
  • Others try to help user with Y, but are confused because Y seems like a strange problem to want to solve.
  • After much interaction and wasted time, it finally becomes clear that the user really wants help with X, and that Y wasn’t even a suitable solution for X.

The problem occurs when people get their train of thought stuck on one approach and become unable to take a step back. Remaining open to having a new look at the bigger picture, these people might find their way back to X and continue searching for alternative solutions.
via –

X-Y Problem
2013年12月16日陈皓发表评论阅读评论 36,322 人阅读    
X-Y Problem
对于X-Y Problem的意思如下:




X-Y Problem最大的严重的问题就是:在一个根本错误的方向上浪费他人大量的时间和精力!


Q) 我怎么用Shell取得一个字符串的后3位字符?
A1) 如果这个字符的变量是$foo,你可以这样来 echo ${foo:-3}
A2) 为什么你要取后3位?你想干什么?
Q) 其实我就想取文件的扩展名
A1) 我靠,原来你要干这事,那我的方法不对,文件的扩展名并不保证一定有3位啊。
A1) 如果你的文件必然有扩展名的话,你可以这来样来:echo ${foo##*.}


A1)  size = `ls -l $file  | awk ‘{print $5}’`
Q) 哦,要是这个文件名是个目录呢?
A2) 用du吧
A3) 不好意思,你到底是要文件的大小还是目录的大小?你到底要干什么?
Q)  我想把一个目录下的每个文件的每个块(第一个块有512个字节)拿出来做md5,并且计算他们的大小 ……
A1) 哦,你可以使用dd吧。
A2) dd不行吧。
A3) 你用md5来计算这些块的目的是什么?你究竟想干什么啊?
Q) 其实,我想写一个网盘,对于小文件就直接传输了,对于大文件我想分块做增量同步。
A2) 用rsync啊,你妹!

这里有篇文章说明了X-Y Problem的各种案例说明,我从其中摘出三个来让大家看看:


— from Re: How do I keep the command line from eating the backslashes? by revdiablo

有些人问怎么做Y,但其它他想做的是X。他问怎么做Y是因为他觉得Y是最好搞定X的方法。 于是大家不断地回答“试试这个,试试那个”来帮助他,而他总是在说“这个有问题,那个有问题,因为……”。基本不同的情况,其它的方案可能会更好。

— from Re: Re: Re: Re: regex to validate e-mail addresses and phone numbers by Limbic~Region

X-Y Problem又叫“过早下结论”:提问者其实并不非常清楚想要解决的X问题,他猜测用Y可以搞定,于是他问大家如何实现Y。

— from  by Alan J. Flavell

其实这个问题在我之前的《你会问问题吗》里提到的那篇How To Ask Questions the Smart Way中的提到过,你可以移步去看一下。


我们不要以为X-Y Problem就像上面那样的简单,我们不会出现,其实我们生活的这个世界有有各种X-Y Problem的变种。下面我个人觉得非常像XY Problem的总是:

其一、大多数人有时候,非常容易把手段当目的,他们会用自己所喜欢的技术和方法来反推用户的需求,于是很有可能就会出现X-Y Problem – 也许解决用户需求最适合的技术方案是PC,但是我们要让他们用手机。






所有的这些,在我心中都是X-Y Problem的变种,这是不是一种刻舟求剑的表现?

StackOverflow: What is XY Problem?
PerlMonks: XY Problem
Greg’s Wiki
– via 酷 壳 –


电通是全球最大的广告公司品牌,由日本电通(东京:4324;ISIN:JP3551520004)领导,拥有 114 年 创新历史,凭借旗下九大全球性传播品牌 – 凯络、电通、电通传媒、安布思沛、安索帕、麦利博文、MKTG、 博视得和伟视捷,以及其他来自于多市场运作的专业品牌带来以客户为中心的综合品牌服务、整合传播服务、 媒体与数字服务。
电通集团业务遍布五大洲 140 个国家,拥有 47,000 多名专业员工。除日本市场以外的国际市场业务由电通 安吉斯集团负责管理,总部位于伦敦。集团业务还包括在全球范围内制造与推广体育及娱乐内容营销产品。

电通安吉斯集团是日本电通集团的一部分,凭借旗下九大全球性传播品牌 – 凯络、电通、电通传媒、安布思沛、安索帕、麦利博文、MKTG、博视得和伟视捷,以及其他来自于多市场运作的专业品牌,电通安吉斯集 团致力于为客户提供最高水准的媒体、数字和创意传播服务,实现“创新品牌成功之道”的愿景。电通安吉 斯集团总部位于伦敦,业务遍及全球 123 个国家和地区,拥有超过 27,000 名专业人才,为客户提供一系列 独具创新的产品与服务。


plista邑兆提供创新内容格式并融合网页编辑环境, 进行定向数字化广告的先行者。总部位于柏林,始于2008年,主要通过以数据为基础的内容和广告平台连接广告主和媒体。plista邑兆通过特有的实时推荐技术,实现根据用户的不同兴趣,通过所有的媒体渠道及跨设备终端投放相匹配的内容和广告。Plista邑兆通过对内容和广告的优化投放,帮助媒体获得更多流量丶延长用户的停留时间,优化媒体数字化产品的商业价值;plista邑兆能够帮助广告主在用户整个行为过程中都建立无缝丶高效的沟通。Plista邑兆拥有超过180名员工,服务范围达10个国际市场。

邑策是一个全球性的数字媒体平台,以程序化的方式帮助广告主、广告发布商通过所有可访问渠道和受众建立联系。邑策结合了专有技术,独特的数据资产和独家媒体合作关系。邑策在全球32个市场与2,700个客户有合作,这些市场分别分布在北美,欧洲,亚太地区和拉丁美洲。通过公司专有的媒体产品和专业化公司Light Reaction、Bannerconnect以及ActionX,广告主通过邑策的数字营销活动能够实现更高的投资回报率。

One type of Fraud Happened in China

It is fairly straightforward to setup a campaign to distribute ad fraud malware inside ad calls. Every infected device will then, in turn, start to generate fake traffic that goes to spam sites; from where it goes to ad exchanges and may end up for auction on the same platform where the scheme was started earlier. Sometimes the infected device will run the ad fraud malware in a way that makes it very hard to stop it or remove it unless you know exactly what you are looking for. The level of sophistication in ad fraud malware is moving very fast, as a natural result of companies taking action against the most obvious and least sophisticated schemes.
– via

This kind of fraud happened recently in China Market where I found over 97.8% of total impression are coming from IE and the viewable rate around 3%, the so called non-human traffic.


Hello World, this is my first blog here.

The main purpose of this blog is to write down something in Digital Advertising especially in AdTech. There are a lot news about digital happening everyday, while I am reading it, it will digest it and turn into my findings or insights, adding comments or reblog it.

A way to think, interpret and record.