Google and Yahoo in separate announcements said they will individually encrypt ad network connections to reduce bot traffic and other types of ad fraud. The news coincides with the release of Malwarebytes Labs findings last week. Researchers found malvertising in Flash ads involving the DoubleClick ad network.
The two companies have support. The Interactive Advertising Bureau (IAB) continues to push the adoption of HTTPS ads and support encryption. In March, the IAB put out a call for the industry to adopt encryption. The industry trade group said many ad systems support HTTPS, but a member survey suggests that only 80% support the protocol. They called on the entire advertising supply chain to adopt practices, from ad servers and beacons to data partners and brand safety and verification tools.
Google said the majority of mobile, video, and desktop display ads on its Google Display Network, AdMob, and DoubleClick networks will become encrypted by June 30. Search on google.com is encrypted for a vast majority of users and the copany continues to work toward encrypting search ads across its systems.
YouTube ads have been encrypted since the end of last year, along with all searches, Gmail, and Drive. By the end of June, advertisers using AdWords and DoubleClick will serve HTTPS-encrypted display ads to all HTTPS-enabled inventory.
Yahoo VP of Revenue Management and Ad Policy James Deaker describes in a blog post what he calls "perhaps the largest-ever transition to SSL encryption for any publisher with display ads." Yahoo recently implemented an end-to-end encryption extension for Yahoo Mail," and strengthening security everywhere else along the advertising supply chain will help to create a safer Internet.
Next week, Yahoo will host a Trust UnConference in San Francisco, bringing together industry experts to discuss how to build safe products.
While I certainly understand the need to encrypt information to and from the public; I fail to see how this will help in anyway with stopping bot traffic.
HTTPS encryption ensures our privacy with what we are searching for, what information we are getting and keeps those large Privacy Policy's in check. That makes total sense and should be have been thay way for years. I am glad to see that everyone is making a push to get this completed for those reasons.
However, using HTTPS encryption to stop bots...how? Maybe I am missing something here. The way I understand bot traffic to happen is that the fraudsters need to establish accounts in order to get paid. When they send bot traffic through, their account earns money and that is how they get paid.
If they intercept an un-encrypted connection what can they do? Maybe flood someone else's account with bot traffic, but what is the benefit in doing so? Hurting the competitors...maybe, but they won't make any money so why go through the expense.
Can someone fill me in?
My guess is Google is running all the cookies through a algorithm of every ad and website to find out whether they are super cookies or normal. If they are super cookies or the domain is forwarded, then cookie will investigate more.
One thing for sure, every publisher benefits if junk ads are eliminated. So my opinion is I don't care how they do it as long as they can get rid of the junk and fraud.
It would prevent competitive intelligence services from scraping the ad units' creative (e.g. iSpionage)...
The encryption may also stop interception of data - which does improve privacy (since many data providers pass data directly in the URL or data stream)
I agree with Craig and Augustine. Like I said, privacy is a good thing, but this update will not have any affect on eliminating bot traffic.