Category Archive: news

  1. Nipping Viewability in the Bud

    Leave a Comment

    We know that not all online advertisements are watched by users (advertisers themselves probably don’t even watch them). But did you know that some ads are still not even viewable? As reported by MediaPost, despite viewability gains being made by the advertising industry, the issue has not gone away. Its a lot like plucking off the head off of a dandelion, or in our case ad fraud. When we forget to pull up the weeds/hackers as well, the problem is just going to grow back in a more creative, and likely problematic way.

    Photo courtesy of WoollyGreen

    According to Kevin Lenane, ad viewability is plagued by a number of issues–multiple videos appearing per page, video partial appearance, inconsistencies with video autoplay and audibility. Engaging with online ads is already a limited sensory experience, and by eliminating sight and sound, users are left abandoned by advertisements. It’s not like we can taste an ad, even though that would be awesome.

    The larger problem though, is that most often neither advertisers nor users know that any of this is happening. As MediaPost prompts, it’s time for the industry to try something new–knowledge. We need to know the issues of viewability “BEFORE the campaign runs at the media plan stage, DURING the campaign as a blacklisting/whitelisting opportunity, and AFTER the campaign as an analytics and optimization check.” It’s time to pull some weeds.

  2. CPM: Confused, Pissed Off, and Moronic

    Leave a Comment

    “We all know CPM stands for ‘cost per thousand,’” alleged MediaPost, but if some of my friends are any indication, that claim is far from the truth. When asked what CPM stood for, albeit at 9A.M. and before a solid cup of coffee, real people responded–

    • Certified something
    • Crunchy Peanut Butter Muffin
    • A protein used in lab
    • Cost Per Monkey

    Photo Courtesy of ButtonPushingMonkey.Wordpress

    With ‘Cost Per Monkey’ probably being the best answer I got, things aren’t looking good for advertisers who depend upon CPMs to make profit. And I know that the acronym has something to do with Latin, but thousand doesn’t even start with an ‘M’…

    It’s abundantly clear that CPMs are not easily understood by everyone. And if the term itself is not well known, how can we be expect people to further understand its purpose? Although impressions and viewability are hot topics in the advertising industry, this general lack of understanding poses a major threat to the generation of authentic interactions between users and brands. It’s not even an issue of transparency. The information is available, but advertisers and consumers just don’t understand it.

    “In reality, when you talk about ‘impression”;in the CPM sense, you are actually getting a potential impression,” MediaPost writes, however “an impression should mean an engaged consumer.” An engaged consumer is more likely to remember a product, and hopefully buy it, too. But engagement comes from understanding, and as one particularly confused friends wrote, CPMs leave many of us feeling distinctly “OMG what?” OMG, or perhaps Confused, Pissed Off and Moronic, indeed.

  3. Soon, Only Bots Will Be Able to Complete CAPTCHA

    1 Comment

    Vicarious reCAPTCHA crack

    In the ongoing saga of CAPTCHA cracks, progress tends to be incremental: cracks are released with success rates of one or two percent, and CAPTCHA products are quickly patched to defeat them. Not so with Monday’s news that AI startup Vicarious claims to have cracked most popular CAPTCHAs—including reCAPTCHA—with a success rate of over 90%. Since CAPTCHA-solving computer networks can make thousands of attempts per minute, even a success rate as low as 1% is considered a functional crack!

    In Vicarious’ video (shown below), their software scans various CAPTCHAs and identifies the letters they contain, often getting most or all of the letters correct on the first try. (And since many CAPTCHAs, including reCAPTCHA, only require that users get one of the two words correct, partial accuracy is often enough.)

    Were Vicarious’ tool to be released into the wild, it could enable hackers and other nefarious actors to bring CAPTCHA systems worldwide to their knees. Luckily, that’s not going to happen here—Vicarious developed their CAPTCHA crack as part of a broader artificial intelligence system, and they have no plans to make it publicly available. But if a small company like Vicarious was able to crack CAPTCHA so effectively, how long before the spammers and scammers are able to as well?

    email scam
    The latest scam: creepy stock photo people who pop directly out of your monitor!

    Of course, in all likelihood this crack won’t work for long: the CAPTCHA creators will update their CAPTCHAs to make them more difficult, and all will be well—or so they’ll claim. But in the war between the CAPTCHA-makers and the CAPTCHA-crackers, it’s us, the regular humans, who suffer. Every time CAPTCHAs are updated to become more effective at stopping bots and cracks, they become harder for humans1. What do we do once bots are able to solve CAPTCHAs that look like this?

    unreadable CAPTCHA

    This humans vs. bots arms race is just one of the reasons we designed PlayThru to be different. Since PlayThru determines humanity by analyzing user interaction, we can increase (or decrease) security without making the games any more difficult to play. In fact, we develop our humanness-scoring algorithm using the same types of machine learning that Vicarious uses. Essentially, we’re letting the bots fight it out, while the humans go on with their lives unscathed.

    Score one for Team Humans!

     

    1. Yes, we know about the recently-announced reCAPTCHA update that uses other kinds of analysis to give likely humans easier CAPTCHAs. But this only begs the question: if they know we’re most likely human, why are they showing us a CAPTCHA at all? Besides, it’s only a matter of time before the bots figure out how to exploit these techniques and we’re back to badly distorted text.

    In fact, some other CAPTCHA companies have had a similar systems for a while. They attempt to guess whether or not you’re a human before they show you a CAPTCHA, and to show easier CAPTCHAs to suspected humans. And it sort of works, sometimes… but when it doesn’t, you get gobbledygook like this:

    bad CAPTCHA gobbledygook

  4. CAPTCHA-Solving Tools Are Facilitating Russian Cybercrime

    Leave a Comment

    We like to joke that CAPTCHA provides a criminally bad user experience, but here’s a report about insecure CAPTCHAs enabling actual crime. From security researcher Dancho Danchev at the Webroot Threat Blog:

    Just how challenged are cybercriminals when they’re being exposed to CAPTCHAs in 2013? Not even bothering to “solve the problem” by themselves anymore, thanks to…an automatic registration tool which undermines the credibility of Russia’s major free email service providers by allowing cybercriminals to register tens of thousands of bogus email accounts.

    Danchev goes on to explain how this easily-available tool uses a relay attack, in which each CAPTCHA’s image is passed along to a human solver, to enable Russian cybercriminals to register thousands of fraudulent accounts. They can then use those accounts to send spam or register malicious domains.

    CAPTCHA-solving tool
    Screenshot of one CAPTCHA-solving tool

    This is just one more area in which PlayThru puts CAPTCHA to shame. Unlike traditional text CAPTCHAs, PlayThru isn’t just a test that’s looking for a correct answer. Our games require direct user interaction, so they can’t be passed off over the internet for someone else to “solve” via a relay attack.

    Read more on the Webroot Threat Blog.