Dismantling marketing attribution, ad fraud controls, and the business case for third party cookies
The following is a transcript of our recent interview with Dr. Augustine Fou on Masters of Privacy. The original recording can be found on the podcast’s website, as well as on your favorite podcasting feed.
Sergio Maldonado: Dr. Fou, Thanks for joining me again.
Dr. Augustine Fou: Thank you, Sergio, great to be here again.
S.M. Let me start warming up with this: How did we or why did we go into programmatic in the first place, some ten, twelve years ago, whenever it happened?
A.F. Well, basically, you know, when we started doing digital advertising, say twenty years ago, the advertisers were buying media from the largest of sites. So for example, Yahoo, where millions and millions of people went to get their news, their weather, sports scores, stock quotes, and things like that. So in those times, you could buy from very large portals or big publishers. But since then, you know, we’ve heard of the long tail of sites, right? So now there are millions upon millions of very tiny websites. So the advertisers could not go to each one of them and negotiate advertising contracts, they were just too small and there were too many of them. So it really gave rise to the need for programmatic advertising, which is basically a set of technologies that automated the buying and selling and the placement of the ads.
So now, instead of going direct to the websites themselves, these tiny websites, advertisers and or their media agencies would buy from programmatic exchanges. So just like Wall Street is a stock exchange for stock, shares of stock, the programmatic exchanges brought together hundreds, if not thousands of websites, aggregated all their inventory, and became the central place where the large advertisers could just buy large quantities of ads. So it’s really the evolution of the internet and the kind of the proliferation of smaller websites that gave rise to the need for programmatic as we call it, right, which is the automated way of buying and selling ads.
S.M. Very good. So there was this abundance, it’s not anything that per se is evil, as we perceive in the legal community sometimes, but the fact that there was so much supply that we needed to have a system. Why did we believe or why did advertisers and agencies think things were working?
A.F. Yeah, so once we saw the advertisers start buying their media from the exchanges instead of directly with the publishers, that became a giant loophole that allowed fraudsters to get into the system, right? So basically, when they started buying from the exchanges, there were simply too many websites that their ads were going to, and most of the advertisers didn’t spend the time to analyze where their ads were going.
So the loophole that was created is that now, you know, the fraudsters could set up tens of thousands of fake websites, right, just using WordPress templates, and just add them to an exchange, and then all of a sudden, they could start getting the ad budgets from the largest of advertisers. Before programmatic exchanges, if the advertisers saw, okay, well, this website’s one day old, how is it possible that it’s selling a million impressions, right? They would be very suspicious and they would never do a deal with that website. But now when those websites become part of a larger exchange, and the advertisers are just buying tens of millions of impressions from the exchange, it became a lot easier for the bad guys to add those fake sites into the exchange.
And because those fake sites had no human visitors, they would also use bot traffic to create the page views and create the ad impressions. And those same bots would be clicking on the ads as well. So not only did the bots create the fake ad impressions, they would also click on them.
And so the advertisers started to believe that these were working well because they saw higher click-through rates. And so for the past ten years, a lot of the advertisers have been focusing on what I’m going to call quantity metrics, not quality metrics, right? So they would say, oh, wow, we’re getting so many clicks. It must be working really well.
So it led them to just pour more and more money into programmatic exchanges, because not only were they getting very large quantities of impressions, they were getting the appearance of performance because they were looking at click-through rates and higher click-through rates they thought were meaning better performance.
S.M. And everyone is participating. Everyone wins. Let’s say everyone is in on the joke. No one has an incentive to look closer. Whoever reports the metric to their boss is looking really good. Whoever is buying from the agency looks great. Everybody looks good.
A.F. Yes.
S.M. So why have we never been able to map it to proper business results? Even though we have been talking for years about the fact that it being digital, it’s more measurable. And I’ve put a lot of time into this myself. We’ve been building all of these dashboards and trying to correlate it with actual business outcomes. But there was always some attribution model that would somehow make it make sense.
A.F. Yes. So I think some advertisers do that. Some advertisers have the data scientists and the analytics professionals on staff to be able to really translate the digital marketing activities into actual business outcomes. But there are also many challenges to that. And if you imagine the largest of advertisers, say a P&G or Unilever, they typically sell soup and soda and small ticket items like grocery items to grocery stores. And so when you’re doing digital advertising online, you really don’t actually get to directly see the sales because those sales happen in offline stores. So what they started to use was what we call these attribution models. And some of them are based on probability. Some of them are based on statistics. And you can imagine not every marketer is a statistics person or a mathematician. So they trusted the models.
And conveniently, a lot of the attribution models that the ad tech companies created in the meantime to kind of say, oh, yeah, we can attribute the sales to the digital marketing activity or the digital ads became assumptions layered on top of assumptions layered on top of assumptions. So a lot of times what we have seen over the past decade is that the sales would have occurred anyway, right? People are going to buy the soda, the soup, the milk, the whatever things, the cereal anyway. It wasn’t caused by the digital advertising.
But the attribution models made it appear that digital marketing caused it. But the way advertisers should think about it is that they had digital marketing running while the sales were occurring. So it should be thought of as a correlation, not a causation. So it’s a very key difference.
S.M. I’ve seen that in so many industries. I can think of banking, insurance, where there’s a very strong, powerful brand and running plenty of offline ads. But of course, because there is a digital marketing team that needs to justify their existence and investments, in the end, everyone is incentivized to not look closer. Yeah. But then we’ve seen that spread to mobile apps and it’s totally out of control, I guess, still in mobile apps, is it?
A.F. Yeah. Basically, you know, we talk about MFA websites like those Made For Advertising websites. That’s kind of a euphemistic term, meaning it’s too kind. Some of these websites are literally out to commit as much fraud as they can because a lot of the advertisers, they’re just looking for as many ad impressions to buy, as low cost as possible, and as many clicks as possible. So those are the exact things that these frauds do deliver to the ad buyers. So they think they’re getting what they want.
And the same thing is happening in mobile apps. Right. So, you know, in the evolution of where the ad spend goes in the last ten years, ten years ago, fifteen years ago, most of the ad spend went to websites, right, that carried ads. But during the course of the last ten years, more and more of the spend is actually going into mobile web, mobile apps and things like that. And so there are countless flashlight apps, alarm clock apps, keyboard apps, right, that are just continuously loading ads in the background. And no one seems to care because they’re not looking closely enough.
And when you just get end of the month Excel spreadsheets that tell you how much you bought and what cost you paid, you lose all the details. Right. You don’t see those flashlight apps. Or here’s a funny one. Goat feeding simulator apps: It basically, you play the app all day long to pretend you’re feeding a goat. Okay. How many humans actually play that? But yet there are tens of thousands of those kinds of simulator apps that just make no sense whatsoever that are selling hundreds of millions of ad impressions. So that’s part of the ecosystem that we still need to clean up.
S.M. So now we’re getting closer to the privacy overlap. Cookies going away if the CMA, the Competition and Markets Authority in the UK allows it. And so if they go away, what’s your perception in terms of privacy and also our ability to measure since some people are saying in the app tech space primarily that without third party cookies, it’d be very hard to measure fraud.
A.F. Yeah. So third party cookies are used for measuring fraud by the legacy vendors. We don’t use cookies at all for measuring fraud because it’s not reliable. But also cookies were used for targeting as well as attribution. So I’ll sum it up by saying cookies going away will actually be better for privacy and also better for marketing outcomes.
Now that may be counterintuitive to a lot of the people who are buying and selling in the current ad tech ecosystem right now. But let me explain. So cookies were used to track individuals, right? So whenever they visit a website, in addition to the publisher setting a cookie like New York Times will set a cookie, there’s going to be hundreds of other ad tech vendors that could set third party cookies, right? Third party cookies are different than first party cookies because it’s set by someone other than the publisher that the person’s visiting.
So those third party cookies are what we’re talking about right now. So when they set those cookies, whenever that person or that cookie shows up again, they’re going to use that for ad targeting purposes. So then over the last 10 years, we’ve seen an entire crop of ad tech companies built on looking at those third party cookies, not only for targeting of the ads, but also for attributing, right? To say, oh, well, this cookie saw the ad and they went on to buy something, right? So that’s where some of the assumptions upon assumptions that we talked about before.
So the attribution models are also based on the cookies. So as third party cookies go away, because Chrome, the browser that represents two thirds of the browser market share, when they do away with third party cookies, then a lot of these companies that were built on reading those cookies are going to die and go away, right? So there’s a whole big clamor about, you know, Google being mean to all these small companies, okay? But that is not so much the case. It’s really, you know, better for privacy because now the individuals who were tracked via cookies are going to have a little bit more privacy, right? Because they really didn’t understand how those third parties were tracking them when they were visiting a legitimate publisher like New York Times.
So when cookies go away, obviously privacy for the consumers get better. But the second part of what I said earlier, marketing outcomes get better. It’s because a lot of the false attribution that we’ve been seeing, right? We’ve been depending on those cookies for targeting. Oh yeah, we can target all these customers down to the individual, right? People like to believe that’s the right ad to the right person at the right time. And they also believe the attribution models. Oh yeah, this sale was caused by this person, right? This ad showed into this one person.
But you need to realize that one ad doesn’t cause one sale, right? There’s rarely, rarely have you or I or any other consumer saw one ad and just went on to buy something, right? So it’s very difficult or you should not be attributing one sale to one cookie in one ad. So I think when this kind of figment of imagination called cookies and attribution based on cookies starts to go away, then marketers will actually say, oh, well, what sales were actually caused by the digital marketing and ad budgets that we’re spending? So in a sense, we’re just at the starting point of getting to better marketing outcomes because we’re less dependent on this kind of illusion of marketing performance. I love that.
S.M. I love that. So then, how can we optimize then now for humans and not just away from fraud?
A.F. Yeah, so as these marketing cookies and marketing attribution models start to be less stable or start to go away, it may still take a number of years for that to go away. But I’d like to tell the advertisers, right, and this is what I’ve been advising my own clients to do, is instead of optimizing away from fraud, you now have the opportunity to optimize towards humans, right? So it’s a very simple model because if you think about the mainstream publishers, right, ones that you’ve heard of and sites that you’ve actually visited before, they have a lot of human audiences, but humans don’t go to websites that they’ve never heard of.
And humans don’t use mobile apps that they’ve never heard of, right? So the vast majority of those websites and mobile apps have hardly any humans at all, right? So they’ve been using bot traffic. They’ve been using other fraudulent techniques to generate those ad impressions. So in the past ten years, the advertisers have been trying to optimize away from fraud, but the legacy fraud verification vendors that they’ve been using only catch one percent of the fraud, right? They’re missing the majority of it.
So in that sense, they’re not really able to optimize away from the fraud. So now in addition to that, if you kind of think about optimizing towards humans, you will naturally start to buy more ads on legitimate publishers that have human audiences. And you might even be willing to pay higher CPMs because you’re going to actually start getting better outcomes, right? So for a lot of the advertisers over the last ten years, they’ve kind of been misled into spending way, way too much money on fraudulent channels, right? Programmatic is not evil in and of itself.
It’s just a channel for buying ads. But like we said earlier, with the rise of ad exchanges, it just made it so much easier for the bad guys to add so many fake websites into the exchanges and so many fake mobile apps into the exchanges that the advertisers ended up buying the majority of that, right? So if ninety percent of their ads were not really shown to humans, but they didn’t know that, that’s why they kept spending the money there. But now because of this external force, right, cookies, third party cookies going away, the advertisers will need to look more closely and be a lot more strict about their ad spending.
So a very simple way of thinking about it is optimizing towards humans, not just away from fraud. And the legacy fraud verification companies don’t have any indication of humans. They simply detect it for fraud, right? So those tools you can really understand are just not sufficient anymore, right? They’re not able to help you optimize towards humans.
S.M. And they can be circumvented, I guess. Since they can see how they work.
A.F. And easily, easily circumvented. Yeah. So not only do bots block the detection tags, so they have no data. And unfortunately, some of those verification vendors will just assume if they have no data that it’s not fraud. And that’s actually incorrect because when the bots are actively stripping out their tags, no data should actually be thought of as one hundred percent fraud, right? Almost like guaranteed to be fraud.
And then the other issue about data accuracy or lack of accuracy is that human ad blockers also block their tags. So in fact, when you use Adblock Plus or Brave Browser, none of the verification tags are running. They can’t even load.
So they’re missing out on a large swath, a tremendous swath of the internet. They can’t see it because they have no data on it. And you shouldn’t assume that there’s no fraud.
So when we move to better analytics, when the advertisers move to better analytics for the media, they’ll actually start to see not only where their ads are going, right? So they can monitor for websites that are not brand safe and things like that. They can also see whether bots or other forms of fraud cause their ad to load. So I think in this case, cookie deprecation, the increase of privacy and all that kind of stuff, it’s really helping the pendulum swing back the other way and helping the advertisers break some of these bad habits that they’ve incurred over the last ten years.
And hopefully, we’re going to get to better marketing outcomes in the next couple of years.
S.M. Really good. So a last question. So it seems like quality media could benefit from a few things. One of them, I believe, could be the evolution of the Topics API now. Another one, I’ve seen some companies now, I don’t know if it’s going to be good or bad, but I’ve seen that out there in the news, labeling or pre-qualifying quality media for the demand side to know what they’re buying.
But I understand as well that through privacy compliance and the challenge that we’ve seen for Criteo for example in France, and many others, the fact that they needed consent and it’s so hard to gather when you have no direct relationship with the audience, that supply chains are going to be simplified. How do you see that?
A.F. Yeah. So we really don’t need additional ad tech companies to help with additional new technologies. I mean, I would like the advertisers to really think about going back to buying media directly from legitimate publishers that have been around for more than the last 10 years. So these are, again, the sites that humans have heard of and that visit in large quantities. They’ve always been there, right? It’s just that the advertisers started chasing lower cost CPMs.
And so they started allocating more budgets to programmatic channels and away from legitimate publishers. So Privacy Sandbox might be a good idea, but again, it’s going to take years to really take hold. And there’s a lot of ad tech companies fighting it because they think it’s Google exercising its monopolistic power and being mean to them and all that kind of stuff. So yes, some of that is true, but let me posit a very simple way of thinking about this. Humans are logged into Google, whether it’s Google search, Google Gmail, the Android devices and things like that all day long. They’re also logged into Facebook, Facebook app, Instagram, WhatsApp all day long. So there’s going to be logged in environments where those walled gardens know these are real human visitors, right? And so if you advertise on those walled gardens, it’s not necessarily a bad thing. It’s actually a good thing because Google can confirm, yes, this is a human that’s been using Gmail for the last fifteen years. So finally, you have a way to actually show your ads to humans.
Just make sure you turn off search partners, right? Because there’s a lot of fraud in those outside networks. And then similarly, if you advertise on Facebook, make sure you turn off Facebook audience network, which are all the outside sites and apps that run their ads. So in doing so, think about how simple that is, right? If you show your ads to humans, the ads will have possibly had an effect, right, on your marketing outcomes.
So all this other stuff on the open web, we’re going to be debating that for years and years. And ad tech companies are going to fight against Google. And then CMA is going to fight against Google and so on and so forth. So we don’t really know where that’s going to shake out. But I think some of the smart advertisers are pretty much going to ignore all that noise and just start buying ads from real publishers that have human audiences, and then buying ads from these walled gardens that have logged in users, right, all day long. And in doing so, they would have already simplified their buying, simplified the supply chains.
So for example, I’ve written before, you don’t need forty-nine ad exchanges in your media buy, right? Most of your ads go to one or two. So if you have one or two or three ad exchanges in your media buy, you’ve cut out the other forty-five that were completely unnecessary, right? And when you have so many ad exchanges in your media buy, you now run into a problem of accuracy, right? Or what I’m going to call leakage, where your ads are really not even going to where you want them. So some of the best practices that I’ve seen the more advanced advertisers do in the last couple of years is move away from a block list and move towards an inclusion list, right, just buy from the legitimate publishers, turn off as many of the ad exchangers or supply sources as possible, right? You don’t need forty-nine, you need two or three, and that’s it.
So the more you can simplify, the more you can focus on showing ads to humans, the better your marketing outcomes anyway, right? And you can let everyone else spend all their time debating Privacy Sandbox, other things and whatever, whatever. And you’ll already be doing better digital marketing and getting more outcomes from it yourself.
S.M. Thank you. That’s very good. Thanks again.
A.F. All right. Thank you, Sergio.
