Click Fraud: Greg Boser to Test the Market

30 comments

Unless you have been under a rock for the last few years you know click fraud is a huge issue. Greg Boser is collecting test data to find out how big of a problem click fraud really is.

The only practical thing to do would be to try and collect some objective data that would shed some light on how big of a potential problem click fraud may be. By that I mean auditing the performance of the various fraud detection systems being used by each of the PPC engines.

And that’s exactly what we are going to do.

Matt Cutts already commented, pointing out test flaws before it even starts! I am sure he is just trying to help Greg get more accurate data ;)

Comments

Yah Cutts was being a bit of

Yah Cutts was being a bit of a wanker there.

"Your data is flawed."

"Exactly how is it flawed?"

"Because I own gobs of Google stock!"

"Buld a Click Bot"

Forget the click bot, spend your time "Buld"ing a spell checker for your blog dude!

The truth is PPC is a flawed model and PPA (aka Affiliates) is just about the only thing publishers can't scam or end up being the victim of a click attack or other fraud assuming you trust the advertisers not to wash cookies.

We know fraud is out there, we know it's not that hard to disquise, and we all know the dirty little secret is that the only way to fix the problem would be to retool the entire internet starting from the protocol up to fix the security holes in this internet mess and solve the issue permanently.

However, that won't happen in my lifetime so there's little that can be done above trapping the obvious blatant click fraud attempts, but people will continue beating this dead horse with a stick until they drive the advertisers away and put a permanent end to webmaster welfare.

I spent hours looking around

I spent hours looking around for proof of the existence of widespread click fraud and am wondering if people are getting themelves all worked up about nothing. This is why I find Greg Boser's "idea" extremely interesting, but Matt Cutts does have a point. How could one do a fair/non bias test? I notice Clicktracks has mobilized...but can you conclude that a "click" from India is click fraud? Excuse me for my lack of knowledge, I haven't been paying much attention to what is going on.

IncrediBilly Correct

Quote:
the only way to fix the problem would be to retool the entire internet starting from the protocol up to fix the security holes in this internet mess and solve the issue permanently.

That's the way to do it. For spam too.

We need more spotlights on this problem

One problem I have noticed is the number of advertisers that don't believe that click fraud exists, or that they don't want to do anything about it, or they don't think they can detect it. So they do nothing. I have said more than once that Google is fairly good at detecting repeated clicks and not charging the advertiser - to the point of not even charging for the first click.

How good is good?

Google is fairly good at detecting repeated clicks and not charging the advertiser

Detecting the novice click attacker or click frauder is child's play as it's typically only a few IPs involved.

What becomes more interesting is when you get some massive AdSense ponzi scheme or conspiracy to comment fraud with Click Rings that have hundreds or thousands of random people that target just a single web site for a click or two one day, then a click or two on the next site, etc. The bigger the Click Ring the more it looks like random traffic especially if they're all smart enough not to go the same web site at the same time.

Or worse yet, the clever hacker who has trojan click programs on thousands of PCs just waiting to execute a click on the web site of his choice at his command. Something on this scale could even be lucrative enough to even have criminals behind it.

criminals

Or worse yet, the clever hacker who has trojan click programs on thousands of PCs just waiting to execute a click on the web site of his choice at his command. Something on this scale could even be lucrative enough to even have criminals behind it.

By definition anyone doing this would be a criminal.

Incredibly correct

Quote:
What becomes more interesting is when you get some massive AdSense ponzi scheme or conspiracy to comment fraud with Click Rings that have hundreds or thousands of random people that target just a single web site for a click or two one day, then a click or two on the next site, etc. The bigger the Click Ring the more it looks like random traffic especially if they're all smart enough not to go the same web site at the same time.

Agreed. Someone with a huge data set of click traffic (AOL, the search engines, portals) is in a good position to identify suspicious clicks, particularly the case where the first and only click of an ad is suspicious.

Google is obviously in the best position to do so but I am not sure this degree of refinement would have top (or any) priority in their hierarchy. Giving the benefit of doubt to a single (only) click is easy to defend for any PPCSE, so such refinement may need to come from the outside. At least one such project is under way.

Greg's sample might be skewed, but he is keeping the topic alive.

criminals

I mean like organized crime - when you can make thousands a day with little risk of getting caught ripping people off it gets the attention of the right audience.

>How could one do a fair/non

>How could one do a fair/non bias test?

As I understand it Greg will "defraud" his own adwords/overture et al accounts, he will know the minimum level of the false clicks and will compare this against the number of false clicks that they trap. That seems a pretty fair effort to me.

To me the real story that will emerge from this exercise will not be the answer to the question "does click fraud exsist?", that is already known to be a yes, not a single PPC provider claims 100% of fraud is stopped. The real teaser is if anti-click fraud measures are applied evenly across the keyword/spend space. I think it is the answer to that question that has the PPC peeps somewhat sweating.

Everyone knows it exists, yes...

...but to date nobody has really been prepared to say how big it is - either they don't know or they are not saying

Anybody ever heard anything further of the Start-Ups referred to in this July WSJ feature

Hmm..

"As I understand it Greg will "defraud" his own adwords/overture et al accounts"

It sounded like he wasn't just going to click on his own accounts, but was calling for other accounts too ("volunteers, anyone?" was the quote that made me think that). Given that his CNET comments have been about data recovery and the run-ins that I've had with Greg in the past were in pharmacy, plus the demographic of folks that read his blog (i.e. *not* your average advertiser/publisher who would opt into a study), that's why I'm worried about skew in Greg's sample set, NFFC.

Andy, sorry if that comes across as wankerish..

Wankerish

I actually Googled it and people have used it before. It is a totally new word for me. However if I used it here in a pub here in Edinburgh, I think I would be called a wanker - actually it's Scotland - probably a fucking wanker.

My suggestion would be "Andy, sorry if that came across as words of a wanker". However to really put the boot in you could say "Andy, sorry if that came across as words of a wanker but cunts like you really piss me off"

OK, I hear ya. I'd be

OK, I hear ya.

I'd be happier if all the activity was confined to Gregs domains/accounts, I trust him to be open and honest about the results. I don't think that the keywords chosen should really matter, click fraud is click fraud.

just sounded like a smear campaign

Matt,

Your reply isn't nearly as wankerish.

But you can't blame me for feeling like you were discrediting a study which *needs to be done* *before it even began*--the same study which your company has an interest in discrediting--whether it has valid results or not. We call this a smear campaign, no?

>*not* your average advertiser/publisher who would opt into a study

So click fraud is dealt with differently with different publishers and advertisers?

Andy andy andy...

I don't think Matt was discrediting the premise of doing the study as much as the methodology described on Boser's blog as I think the resulting data set would be too limited in scope [and self-serving] to draw any serious real world conclusions.

If you want to do a serious study pick 100 or maybe 1,000 (10,000?) sites at random and ask them to install an AdSense click tracking script and collate that data and see if you get a lot of suspicious patterns.

Better yet, how about some real world CPC issues beyond Click Fraud hysteria.

> I don't think Matt was

> I don't think Matt was discrediting the premise of doing the study as much as the methodology described on Boser's blog as I think the resulting data set would be too limited in scope [and self-serving] to draw any serious read world conclusions.

As far as I know, Boser isn't a statistician, and you're right that the sample size is too small for us to take the results of the study and use them as a "bible".

But ALL studies are flawed. AFAIK part of Greg's POINT was to even do A study -- people throw around these figures like "30%" and back it up with absolutely NOTHING. Even ONE flawed, small study (provided it was done with a reasonable and precise methodology) would take us a fair bit ahead of where we are now, no?

It's pretty crazy how many millions are spent on clicks and no one outside of the major search engines have any clue how the auditing works! And who audits the search engines?

For anyone calling bullshit on Boser--I call bullshit.

Smells to me

Matt mentioning the 'need' for a clean sample is concerning as a paying advertiser of Google's. I think it is obvious for a click fraud campaign to be successful it is not set up targeting a representative sample but instead focused only on a very small sample - your competition. Its often referred to as flying under the radar, and I'd be very suprised if those doing click fraud don't consider this. I would have thought Google would - but evidently not. To me Greg's experiment is more real world than the suggestions/comments made discrediting his methodology and the resulting sample size. Note, at this point no one even knows the composition of the sample or size.

To me the the test is not about the sites but the search engines and their partners. Greg probably will have a complete universe of search engines to test xyz click fraud bot techiques deployed on sites. The sites used and the various clickbot techniques will be the constant. The various search engines and their ability to detect the clickbot fraud is what is being tested. He will be testing the constants (sites/clickbots) versus the (search engines). That's my understanding of his experiment described, and unless I hear otherwise - I see no reason why the sites used are going to skew if for example AOL does not detect something that Google does. The sites are going to be consistent and testing the variable of different engines.

I'd be happier if all the

I'd be happier if all the activity was confined to Gregs domains/accounts

After announcing his intentions don't you think some of Greg's ads / sites would be monitored a bit more closely? Perhaps Greg was trying to ensure any click fraud he was personally facing got a fine tooth combing over :)

Incredibill incredibill incredibill

>>>If you want to do a serious study pick 100 or maybe 1,000 (10,000?) sites at random and ask them to install an AdSense click tracking script and collate that data and see if you get a lot of suspicious patterns.

Google is certain to have done such a study. So when do they release these results?

OH WAIT!...

"If you want to do a serious

"If you want to do a serious study pick 100 or maybe 1,000 (10,000?) sites at random and ask them to install an AdSense click tracking script and collate that data and see if you get a lot of suspicious patterns."

Why not simply talk to the larger publishers? You're not going to have absolutes, but you should be able to get a handle on behaviour across different market verticals.

2c.

THEY NEVER HAVE

kudos greg

I'm not trying to say Greg

I'm not trying to say Greg shouldn't try his experiment; I'll be curious to see how his data comes out. Andy, I understand why you'd be skeptical of what a search engine says about this subject, but to be fair I've had a few experiences that leave me a little skeptical in the other direction.

Point well taken, eurotrash. But if I said something like that, no one would believe it was me. :)

I have often thought about

I have often thought about how easy it would be to make this. Clickbot loaded with a few 100 proxies.The more the better. Make the botclick click with a random factor, not all at once to mirror a user. Click on a variety of keywords at different times in the day to deplete the victims account. A programmer could make one of these in a day. There is no way that G can detect this unless all the proxies were in a rbl list and google ignores clicks from rbl, which I really doubt. Something else to impliment there for you Matt :) So come on click fruad is a peice of piss to someone with the right mind.

Wasn't there a nutter a few years ago that made one of these and tried to bribe google? I was looking but could not find the story.

Try "google

That is the nut. Thanks

That is the nut. Thanks cornwall. I was using the words "bribe" but yeah.. it was blackmail not a bribe. I still cannot use the English language after speaking it all my life :P

Matt, point taken.

Matt, point taken.

Matt

Ditto Andy above.

I don't get how he'd do this...

What he will be using for a control? I don't know if historical data could accurately be a control for something like this due to seasonal influences etc.

And, unless you were a google or Yahoo employee with access to referring IP addresses, how would you really be able to know if it was click fraud or not?

This Test Is Pointless

Guys, as someone who's worked for engines the bottom line is that you can have the best web analytics in the world and you're still not able to collect the data available on the click that only the engines have access to. That is the data that is needed to determine the advanced forms of click fraud as well as those little script kiddies who think they're smart.

The guys making thousands of dollars per day draining advertisers accounts dry are a hell of a lot more sophisticated. The brightest minds in analyzing traffic data are going to miss catching it all in spreadsheets of traffic logs. Software must be utilized as the most effective weapon against click fraud. This software is remarkably easy to implement and perfect.

Click fraud really is not all that hard to stop!

Most engines have very little in the way of automated mechanisms to detect click fraud. The bottom line is that they profit from it so why stop it. I've said this so many times I sound like a broken record.....

The only way click fraud stops is when the advertisers get pissed off enough that they pull their budgets. Click fraud is a $1 Billion+ industry for 2005.

The problem is that search/context ads are still effective and click fraud is an "acceptable loss".

I'd love to see Google step up to the plate and allow click fraud detection companies to determine what is a valid or invalid click and refund every penny that was determined to be fraudulent. Not that they have perfect software by any means but it's certainly a double check to force the engines into really doing something about the issue and will help to regain the advertiser's trust.

How bout some objective 3rd party verification?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.