The honor system
How online advertising runs on faith
(Disclaimer: This is usually the spot where I'd enumerate my potential conflicts of interest, as a sort of caveat emptor warning the reader not to presume that I'm a disinterested, objective third party. But given my long career in the field and my (at times significant) engagement with many, if not all, of the product types and companies mentioned here, it's probably easier to say that you should assume I have various degrees of conflicts of interest with almost everyone and everything I mention below. Except for Le Creuset, which is just a good company whose products I enjoy and occasionally set fire to inadvertently.)
You open the mail and find the shiny new credit card you’d signed up for.
You start using it immediately, connecting it to Apple Pay and ordering from Starbucks, buying groceries at the store in town, going out to dinner with your partner.
A month later, your phone rings. (I know, everyone uses silent mode now, but the parable is more dramatic with audio.) It’s an account manager calling from your credit card company.
“Hi there,” she says. “Do you have 15 minutes to chat?”
“Uh, sure,” you reply. “What’s up?”
“It’s that time of the month again,” she says. “We need you to list out everything you bought and how much it cost, so we can send you your bill.”
Excuse me?
This is how online advertising works.
No, really!
That’s right: large swathes of the digital ad industry, a nearly $200 billion annual market in the US alone, effectively run on faith. Company A delivers a product to Company B, Company B reports back on how much of the product it consumed, and Company A then charges them for that consumption.
Stranger still, another variation of this happens too: Company A pays for a product from Company B, and Company B simply tells Company A it's delivered the product.
Why does this happen?
Intuitively, it makes no sense and doesn't really match up with the behavior of almost any other marketplace the average person participates in. Think of a typical example:
You visit Amazon.com and find a book you want to buy.
You buy the book, which is immediately charged to your credit or debit card.
Hours or days later, you receive the book you ordered.
This is how most transactions work. This is how most transactions should work. You pay for a product, and then that product is delivered to you. Both sides of the transaction have full transparency into what took place. So why don't ad tech transactions work this way?
It gets a bit technical, but the short answer is: advertisers pay money to have a product (their advertising) delivered to someone else. And that turns out to cause all kinds of problems.
In fact, a better analogy for how digital advertising works isn't buying yourself a book from Amazon.com but instead donating to a charity, or buying a gift on a wedding registry:
You visit the Amazon.com wedding registry of a friend of yours and find a Le Creuset they want.
You buy the Creuset, which is immediately charged to your credit or debit card.
Hours or days later, your friend receives the Creuset you ordered.
Now, in practice this still isn't that opaque: sooner or later, your friend will likely send you a card, or give you a call, and say, "Hey! I really love that Creuset you got me! Thanks!" Or: "Hey, just wondering and no worries either way, and this question is purely theoretical, but do you happen to have the gift receipt?"
But at least for a little while, you paid for a product and the merchant (Amazon.com) told you they delivered that product, but you don't really know whether they did or not.
Online advertising is just like that, except your friend never calls you to say thank you. In fact, they never call you at all.
An example: you own an online store that sells mobile phone cases, and you're looking to find new customers. So you call up the ad sales team at various tech sites, places like Wired and Ars Technica, and ask them to place your ad on their site. You send them the image you want to use as your ad, and they charge you, say, a $10 cost per mille, or CPM: the price for showing your ad 1,000 times on their site.
A month later, they send you an invoice for $10,000, claiming that they showed your ad 1,000,000 times.
But...did they?
Well, the ad industry has sort of figured out how to answer that question. Instead of sending your ad image (or creative) directly to Wired, you send them a link that loads the image from a server you control. That way, every time your server gets a request, it knows someone is about to see the ad, so you can verify that you're getting what you paid for.1
Here's the problem: that model I just described — hosting your ads on a site you control, rather than the publisher2, so you can keep tabs on what they actually did — generally only applies on what is called "the open web." What is the open web, you ask? It's a euphemism for "all of the Internet that's not Facebook or YouTube or Twitter or Snapchat or Pinterest or any of the other walled gardens."
If "walled garden" conjures up images of, say, exclusive Gramercy Park — the one that's visible to the public behind wrought-iron fencing but is only accessible to key-holding neighborhood residents, club members, and hotel guests — well, that's exactly what Facebook (and YouTube, and several others) is. It looks nice from the outside, but you have to pay to get in.
But unlike Gramercy Park, once you're inside you still can't see what's going on. Facebook doesn't allow you to host your ad on a site you control3: all ads live on Facebook's servers, and only Facebook knows how many times they've shown the ad, and you then pay them for all those times even though you don't have any actual way of knowing for certain that's what they did.
Now you might think this is pretty sketchy, but keep in mind this would only be a serious problem if Facebook and the other walled gardens had a major chunk of market share —
Hold on. *checks earpiece* Okay, I'm hearing that Facebook and Google alone comprise half of the entire digital ad ecosystem.
Sure, you say, this all sounds a bit wobbly, but Facebook is a public company, one of the largest and most scrutinized entities in the world. What are the chances they've reported numbers incorrectly even once, never mind multiple times?
How about a 100% chance?
Most recently, whistleblower Frances Haugen has also filed an SEC complaint alleging that Facebook misled advertisers and investors by touting reach and frequency metrics that were artificially inflated by duplicate user accounts.
All of the above is just one of the two types of transparency risk I mentioned at the start. Remember the other one? The example of your credit card company calling you to ask how much they should charge you?
Yeah, that happens too.
The online ad ecosystem runs on data. Lots and lots of it.4 Billions of times a day, virtually anytime anyone anywhere opens a web page, ad tech companies kick off a mini-auction specifically to determine which advertiser will win the right to show their ad to you, on that page, in that specific moment.
To make these auctions more efficient, the auction participants — primarily demand-side platforms, or DSPs — want to know as much about the situation as possible. Who is the user we're about to show the ad to? Is it a man or a woman? How old are they? What is their household income? What page is the ad about to appear on? What type of content does it have, and is the topic of that content suitable for my ad to show up next to?
Keep in mind that the DSP needs answers to all of these questions within about 50 milliseconds or less, so they can choose an ad, win an auction, and show it to you, all in the amount of time it takes for a web page to load.
Much of that data comes from other companies, who sell it to the DSPs. The business model these vendors generally use with DSPs is either CPM (again, cost per thousand ad impressions, or loads) or "percent of media" — that is, if the advertiser is paying the DSP a $10 CPM to show their ads, and the data vendor and DSP agreed to a 10% of media deal, the vendor is paid $1 for every 1,000 ad impressions that uses their data.
But how do they know how much the DSP is using their data? Why, the DSP tells them, of course.5 And then they charge the DSP based on how much the DSP told them they used.6
But what about independent measurement and verification, you ask?
Now, I happen to work for a company that does this, so let me just say - regardless of the specific question you're asking - you are definitely on the right track here.
It is unquestionably a good idea to use a third-party measurement company to independently validate that the things you're buying and selling in the online ad ecosystem are actually on the up-and-up.
Now, this doesn't technically give you — the advertiser — any more direct transparency into the ads than you had before. You're still trusting someone else — the measurement company — to tell you that you're not being cheated. But in my experience, it's generally helpful to place that trust in someone other than the entity you're worried might be cheating you.
So where does this leave us? A century or more ago, legendary marketer John Wanamaker declared: "Half the money I spend on advertising is wasted; the trouble is I don't know which half." The ad industry in 2021 is armed with the most cutting-edge technology, impression-level analysis, and global software infrastructure ever assembled.
And John Wanamaker might still have no idea which half.
Ha! I lied, actually. You still don't know if you got what you paid for. It's quite common that the site that's loading your ads realizes they don't have nearly enough people visiting their site to show your ads as many times as you asked them to. So instead they purchase "traffic," which is a nice way of saying they send money to other companies to send a firehose of, ahem, "people" to their site. Each time one of those "people" visits their site, your ad server gets a request, which makes you think a person has seen your ad. But in reality it's just an automated script loading your page so the site can make more money. "But surely fraudulent schemes like this can't be that widespread," you ask? Oh, only to the tune of $35 billion dollars per year.
Speaking of conflicts of interest, the "ad server you control" is most likely owned by the same company that runs the ad auction and/or represents the publisher in the first place. (It's rude to name names, but it rhymes with "googol.")
For simplicity's sake, I'm referring here to standard Facebook newsfeed ads, not Audience Network, Instant Articles, etc. I'm also ignoring their non-CPM bidding models, such as cost per acquisition (or CPA), which do provide at least some level of transparency to the buyer into what they received in exchange for their payments (via Facebook conversion pixels fired at the time of sale).
You may have read about some of this data in the endless stream of articles about privacy concerns, and outed Catholic priests, and large-scale breaches. Those concerns are out of scope for this piece, but as a general rule, the following two narratives can't both be true:
Big Tech is recreating Foucault's panopticon, an all-seeing surveillance apparatus with finely-tuned, laser-like insights into your most intimate wishes and desires.
Why is this goddamn Peloton ad following me all over the Internet two months after I already bought one?
(But yes, it should still be regulated.)
Adobe’s documentation, for example, helpfully reminds its data buyers: “Important: As a buyer, all reported impression totals must be true and accurate.”
Oracle: “Each partner must provide us with the data required to allocate revenue back to each data category and to our data providers accurately, efficiently, and in a timely manner.”
And Salesforce: “In order to calculate the payment owed for each data provider that contributed to a segment, Salesforce must receive reporting back that includes the actual impressions that ran against each segment on a monthly basis. This enables Salesforce to properly invoice customers for the data they use as well as pass through those data costs to data provider.”
Fun thought experiment: what happens if a DSP uses data from two different companies to inform their auction decision? Say, one company provided them income data for the user and another company provided age and gender data. (This happens all the time.) How would the DSP know how much money to attribute to each vendor for the value they provided to that single impression?
Ha! Ha. Ha ha ha. No one knows, basically. Ha!
But good question.
So true! When I used to work in the Adwords org of Google, what exactly "invalid clicks" were came up in discussions regularly with clients. The problem is that there is no transparency. It leaves you in complete reliance on your trust of Google. However, there are some forces that keep them honest. I'd say cost-per-acquisition (CPA) was the only truth that mattered for clients that had good tracking in place. For them, if they could connect a purchase directly from an ad click, they were willing to spend an unlimited amount of money as long as the CPAs were favorable. And secondly, Google has own incentive to get measurement right. A bad reputation for cheating hurts them in the eyes of their big clients and politicians waiting to publicly dunk on them.
All that said, my ad blocker is on right now. I feel it's a business model that is not as interesting as substack-like subscriptions, twitch-like tipping, and NFTs.