Back at the end of 2020, Google announced they were ready to drop third party cookies in Chrome, in-keeping with the growing trend of privacy based web initiatives. As part of the announcement, they also announced they would be changing how they track and filter ad fraud.
In general, the announcements were not well received by the industry as a whole. FLoC, the replacement for third party cookies, has been widely seen as a privacy fail.
And questions around the filtering of the rampant click fraud on Google Ads have not been answered by these impending changes.
Google were scheduled to roll out these changes in early 2022, but as of June 2021, the date was rolled back. But what about the announcements made in the Google Marketing Livestream, held back in May 2021?
Changes coming to Google
For those not in the know, Google is changing more than just third party cookies.
From partnerships with Shopify to enable checkout from within Google Shopping results; to new ways of forecasting user behaviour for Google Ads advertisers, the times they are most definitely a changin’.
Most of these changes announced in May 2021 are still on the launchpad and are being rolled out as scheduled.
But the delay to the launch of FLoC gives Google time to fix some of the issues that have not sat well with the industry.
One of these is trust tokens, which were supposed to be the new method for tackling ad fraud.
Tracking ad fraud with trust?
When Google announced these changes, tackling ad fraud was mentioned explicitly. And the way it was going to be tackled was a novel approach called trust tokens.
These trust tokens are snippets of code, served by trusted websites, stored on your browser for other sites to validate your existence. Sounds familiar?
Unquestionably, the similarities with cookies are glaring.
Trusted websites can issue trust tokens by storing code on your browser. The issuance of tokens is based on your interactions, for example the completion of captchas, engagement such as commenting, or possibly even regular visits or purchases.
This verifiable activity is designed to create distinctions between genuine human web users and other sources of non-human traffic (NHT), specifically bots, malware or click farms.
What could possibly be wrong with his picture?
Of course, the problem comes down to how trustworthy the site that is issuing the token is.
The online advertising industry has been calling out for years for more effective in-built tools to tackle click fraud, so are trust tokens the answer?
As Dr Augustine Fou, an independent ad fraud investigator says, “These changes to Google’s tracking methods won’t affect ad fraud. They certainly won’t decrease it.
“Although they’re experimenting with new trust tokens, success depends totally on the honesty of the trust token issuer.”
Ilan Missulawin, co-founder and CMO of ClickCease, says, “Although the idea of trust tokens being issued to genuine internet users seems like it could offer some relief in the short term, creating AI or even leveraging click farms to work around the filters is going to be child’s play for fraudsters.
“The trust tokens initiative also does nothing to stop repetitive clicks from business rivals, which is a large part of the click fraud problem that we see.
“Although there does need to be a wholesale change by the major ad platforms in the way they manage fraud filtering, I don’t think trust tokens will be as effective as they hope.”
The resourcefulness of ad fraud
Since digital advertising began, there has been a whole industry built around inflating fraudulent payouts to website owners and bot developers.
A relatively recent attempt to verify the authenticity of publishers, ads.txt, was mooted as a way to root out shady publishers and eliminate fake inventory. There have been some success stories, and indeed some ads.txt is better than no ads.txt.
However, this relatively simple solution of popping a text file on publishers sites has been gamed by fraudsters and spawned a whole new type of ad fraud. One of the most infamous ad fraud networks ever, Methbot, used ads.txt to generate impressions on spoofed inventory.
Even today 404 Bot is still out there spoofing domains from ads.txt and collecting millions in ad revenue.
Google also introduced Play Protect for the Google Play app store, designed to root out dodgy apps and malware. Although it has worked to a degree, and app verification on Play Store has pushed the bad apps off the platform, the problem of malware fraud has not gone away.
In fact, Android apps are still plagued by an alarming amount of malware. In 2020 there were a number of malware apps that were responsible for huge volumes of click fraud, the best known of which was Hydra which was thought to have cost advertisers around $130 million.
On top of this we’ve also seen fraud bots such as Tekya and DrainerBot further impacting the reputation and ad budgets of display marketers via Android.
Apple isn’t immune to ad fraud malware either. In 2020 it was alleged that thousands of apps were affected by the SourMint malware delivered via a fraudulent SDK. Despite the protestations of Mintegral and Apple that there is no fraud happening, the company that uncovered the problem, Snyk, continues to stand by the claims.
The bottom line here is that ad fraud and click fraud continue to proliferate regardless of multiple attempts to stem the tide. So can Google’s trust tokens make a difference?
The fraud forecast
As Ilan Missulawin from ClickCease points out, “None of the industry attempts to stop ad fraud or to identify click fraud have added up to more than just a sticking plaster on a very big wound. From the data we see, attempts to stop click fraud by the big players aren’t filtering out the right types of behaviour, or it is just not keeping up with the trends.
“The technology in the marketing sector is moving at a blistering pace, and so is the tech behind fraud. Look at the shift to mobile malware and how hard that has been to identify.
“The uncomfortable truth is that, at the moment, third party fraud filters are a necessity for programmatic marketers. And I don’t think that will be changing with the switch to FLoC and trust tokens.”