Cookie Stuffing - Thanksgiving Special

Cookie Stuffing

You probably think my above dish looks delicious. You’ll like it even more when I tell you it earns dollars whilst you sleep!

Cookie Stuffing in a nutshell: The filthy art of forcing “clicks” such as to gain a good chance of winning any attribution. (note this doesn’t just work with Last Click, it works on pretty much all attribution models).

So who does it? Generally the people that take the laws of attribution into their own hands are affiliates. Luckily this kind of activity is rare, so we can safely say that most affiliates are Kosher. I should also point out that the odd premium publisher has been caught with their hand in the cookie stuffers jar.

Why do they do it? Cash reward, simple. Cookie stuffing occurs on CPA and CPC campaigns far more frequently than CPM campaigns since the rewards are instant. Again, this is rare, most CPA campaigns are harmless, so don’t go rushing to cancel any just yet.

How do they do it? The methods range from plain sight to sly. Some people include popunders in their filth-bucket list, although most agree that if it’s not tracked as a click then it’s ok.
The middle level includes hidden iframes on pages and images that are in fact tracking links (look for extension-less images, i.e. <img src=”http://track.com”> ).
Top tier filth includes moody CSS,  JavaScript asynchronous loading of tracked elements, and even using Flash as a vehicle for faking a click. Most of these can be spotted with our trusty HTTPwatch, so don’t dispair if you suspect. The hardest thing is suspecting in the first place.

How do i protect myself? Keep an eye on referring URLs and ask for more information on any partner who seems to be generating “too many” clicks/leads/conversions. Too many doesn’t mean the majority, but a number that’s too high for the source. Look out for ambiguous partner names such as “Intelligent SEO Reach Plc”. I made that one up, but you get the point. Know your traffic source.

You wouldn’t bake a cake without knowing what each of the ingredients were, so take the same approach with your campaigns. Traffic that comes from well sourced and researched supplies carries much less risk, I call it campaign karma.


The stupid EU cookie law in 2½ minutes


WTF is Cachebusting?

The web is full of stuff we see everyday, maybe multiple times in a single day. The Google Homepage, the Facebook logo and layout being 2 prime examples. Question is, do you think your browser always loads everything fresh from the servers on every single page load? Answer, of course not.

If your browser realizes that it has already downloaded a webpage or image, it will normally refer back to is stored version (known as the cache). This helps speed up your internet as only the dynamic content is retrieved from servers, whilst files already on your computer fill in the regular parts.

Facebook Cache

Here we assume this is the users second visit to Facebook. The logo, Sign Up button and Login widget are the same each time, so these are loaded from the browser cache. The large image on the left is different each time, so this needs to be dynamic and load fresh from the web with every visit.

So why do marketeers care about cache so much, and why is it usually to blame for everything? 
In order to count properly (impressions and to some degree clicks), the 3rd party (publisher, adserver, affiliate network, exchange etc.) must be contacted in some way by the user. If the file is retrieved from the cache and not the 3rd party’s servers, then they will have no idea that the event occurred. Cue naughty cache comments. Cached inventory causes differences in reporting volumes (which is what people care about), but more importantly it removes control of what is delivered (the thing people should care more about). A cached banner will never rotate, effectively spoiling any sequencing or retargeting. We can get over counting discrepancies, but poor media performance cannot be rectified with a handshake.

How can a defeat this pesky Cache Monster?
Simply adding a random/changing part to the url is enough to trick the browser into thinking the content is “new”.   

Any tag you generate from an adserver or affiliate network should come with some instructions or an indication of where to put a cache-buster. If it doesn’t call your rep straight away, and if they don’t know, permission from me to slap them round the face with a freshly caught salmon (I believe line caught is the best these days from an ecological stand point). Cache-busting is the single most important thing for your publishers to take care of, so the same punishment applies to them if they neglect to implement it.

If we look at a DoubleClick Ad tag:

<SCRIPT language=’JavaScript1.1’ SRC=”http://ad.uk.doubleclick.net/adj/N137./
<A HREF=”http://ad.uk.doubleclick.net/jump/N137./
  <IMG SRC=”http://ad.uk.doubleclick.net/ad/N137./
BXXXXXXX.2;ord=[timestamp]?” BORDER=0 WIDTH=728 HEIGHT=90 ALT=”Click Here”></A>

Here I’ve highlighted the 3 instances that need a cache buster. DoubleClick indicate where a cache-buster is required with [timestamp]. Other companies may use {TIME}, {RANDOM} or [CACHEBUSTER], but it’s all the same thing. The reason Time is bought into this, is because it’s an easy random number to generate, since the time is ever changing.

If you are a publisher and using DFP (DART for Publishers) then you will use %n as your cache-buster value. Publishers using the wonderful OpenX platform should use {random} and refer to the Magic Macros list here.

That’s right, 99.9% of publisher tools have a cache busting macro built in, so no excuses!

What Happens if a CacheBuster has not been used?
In this scenario the 3rd party will undercount by anything from 1%-99.9%. Usually this figure is around the 10% mark, but it depends on the number of unique users (since the first ad a user sees can’t be cached, as their cache is empty). There is nothing you can do about cache in the past, but you can in the future, so insist your publisher implements straight away. It’s not just about bad counting, ad rotations and retargeting are ruined, so it’s a serious issue. Not knowing about cache is no excuse. If a company is technical enough to sell media, it is more than qualified to implement a cache buster. Make sure cache-busting is in your IO, and check using HTTPWatch to look out for an ever changing random number in your ad urls. This way you can sleep tight, knowing your discrepancies will have nothing to do with cache! 


Not the brightest in New Media

AOL had a party in London last night, and had a photo booth in it… some turnip thought that going in and popping out his coke was a good idea, especially when the photos were automatic and uploaded this morning (this one was quickly removed).

"Hello Job Centre Plus. How may I help you today?"

via an insider at OMD.


Media Acronyms will make You Cool

In this media world of wonder 1 object appeals to the masses more than most; the 3 letter acronym.

Originally invented by Herbert Acronym (an ancient Greek who combined the letters alpha and beta to make alphabetos - today used as alphabet), Online Media has officially adopted Herbert and his lineage as honorary mascots to the cause.

In order to stay afloat in this business, it’s important to understand as many as you can. In order to succeed, you must say as many as you can in every meeting (there is a direct correlation between success and acronym usage). As such, please refer to the glossary below.

Note: Acronyms (according to most dictionaries) are where you pronounce the letters as a word (AWOL, NATO, Scuba, Laser). Initialism is the abbreviation of a phrase using the initial letter of each word. To blend in with the crowd, we will refer to everything as an acronym.


  • CPM - Cost per Thousand (Impressions)
  • CPC - Cost per Click
  • CPA - Cost per Acquisition (e.g. Sale)
  • CPL - Cost per Lead (e.g. Registration)
  • eCPM, eCPC, eCPA… Effective Cost per X. (if you buy on a CPM you can work out you effective CPC and vice-versa.
  • I.O. - Insertion Order - like a contract for a Media Buy.
  • Exit Traffic - not an acronym, but code for Popunders.

Onsite Analytics:

  • UV - Unique Visitors
  • PV - Page Views
  • CR - Conversion Rate
  • CTR - Click-Through Rate
  • CTL - Click(s) to Lead (Clicks divided by Leads)
  • PC - Post Click
  • PI/PV - Post Impression/Post View (same thing)


  • DSP - Demand Side Platform
  • RTB - Real Time Bidding
  • PPC - Pay Per Click
  • API – Application Program Interface
  • Ezine – Electronic Magazine


  • AJAX – Asynchronous Java Script and XML
  • HTML - Hypertext Markup Language
  • CSS – Cascading Style Sheets
  • PHP - Hypertext Pre-Processor

Video streaming by Ustream

Conflict? What Conflict?

Hi, my name is Mac Delaney and I work at VivaKi. If I don’t have an argument, I’ll insult your staff count, call you a 24 year old, or repeatedly shout ‘bullshit’ whilst you are talking.


An epic battle between opaque agency group trading desks (read evil arbitrage) and trendy independent DSPs (many of which will be acquired by next week). 


What are people saying on twitter?

Why you should never trust big agency trading desks. Watch the poor logic and arrogance of Vivaki.

This panel/battle royale btw Zach and Mac is a black eye for all of us in the digital media/internet biz

One of the nastiests panels I’ve ever seen - FF to minute 11 - thanks RT@digitalshields

Zach is 100 pct right - clients have no clue about ad tech spend. Totally foreign to CMOs. The Trading Desk Dilemma.

Been meaning to share this. The Trading Desk Dilemma. Gets preeetty tense!
(via @BlackPlastic) cc.@tomguinness


The conclusion?

Regardless how filthy a product may perceived to be, if you act like a douche on a panel, it won’t do you any good. My advice for VivaKi? Politely ask Mac to learn some manners!


Who’s Tracking?

Sometimes you can see tracking in a URL (maybe its a click through URL, or an ad delivery URL) and you just can’t figure which company is behind it. Sometimes it’s obvious, but others can be a bit tricky to spot. Below is a self updating list of URLs/Markers that reveal what tracking looks like. Simply look for these text fragments within a URL and all will be revealed. Note that URL’s may contain multiple tracking vendor fragments, i.e. DFA and Google Analytics. 

The following URL’s are all from nice safe NAI or equivalent tracking partners. If you have their cookie, it’s nothing to worry about. If you want to opt out, find out more here.


doubleclick.net: DoubleClick (DFA or DFP)
atdmt.com : Microsoft Atlas
mediaplex.com: Mediaplex
burstingpipe.com: Eyeblaster/MediaMind

Site Tracking (look also for parameters on the client url):

levexis.com: Tagman
utm_source= : Google Analytics
cid= : Adobe Omniture 


yieldmanager: Often used by Yahoo/AND
specificclick: Specific Media
adviva: Specific Media
fastclick.com: ValueClick Media
googleadservices.com: Google Adwords/GDN
tribalfusion.com: Tribal Fusion
unanimis.co.uk: Unanimis
contextweb.com: Context Web
ads.revsci.net: Audience Science
media6degrees.com: Media 6 Degrees
invitemedia.com: Invite Media 
ist-track.com: Ad-Genie 


Beautiful Social Media Landscape via GlennEngler.com

view full size here.


Geo-Targeting - Pass the salt please.


Sometimes in life you need to take things with a pinch of salt. If you are a stickler for the government’s nanny state guidelines of  6 grams per day, then you should steer well clear of Geo/IP targeting!

Firstly, let’s look at some disclaimers:


Please note that geo-targeting accuracy is not guaranteed and may vary depending on various factors, including the level of targeting selected.


Quova states that their IP geolocation data is 99.9% accurate at the country level and up to 98.2% accurate at the US state level.

Digital Envoy:

No other solution provides the accuracy, data depth or feature-richness of NetAcuity.

Digital Element:

With country-level (IP country) targeting that’s more than 99.9 percent accurate and city-level (IP city) targeting that’s more than 95 percent accurate, you will increase the effectiveness of online advertisements, and maximize reach, relevance, and revenues.


So it appears some solutions give broad disclaimers, others give absolute accuracy figures and Digital Envoy just claim to be more accurate than everyone else. The honest answer from all of them would be something like:

Geo-Targeting allows you to pretty accurately deliver and report to specific regions with high statistical significance. Some regions will be falsely labeled, resulting in either incorrect delivery or incorrect reporting. The range of error is low enough to achieve campaign uplift.

So how does it work?

Publishers, Networks, Adservers and Ad Verification companies all offer some kind of Geo-Targeting/Reporting. Most buy IP look-up tables from providers like Digital Envoy and Quova. These providers collate lists of IP addresses and their associated Geo information. This data is usually regularly purchased from ISP’s (AT&T, Comcast, Virgin Media etc).

Some companies produce their own Geo data or make hybrid data sets. For example it’s common 3rd party knowledge that Yahoo fuse IP information with the user’s profile information. If the user has declared that they are in New York via their Email settings, then this may take precedence over IP data. Makes sense if you are on holiday in Spain as you don’t want to see local ads just because you are temporarily abroad.

Why is it inaccurate?

Inaccuracy usually stems from either guessing or dependencies. On the guessing side of things, IP addresses are dished out in big chunks (ranges). Since the entire range will be given to 1 provider it’s safe to assume that the entire range will be in the same country. Assumption being the mother of all…

The dependencies side is more important. Firstly lets assume that IP address information can change. If IP address changes from being in Denver, Colorado to London, UK then how and when does you end product get informed? First the data has to get from the ISP to the Geo/IP provider, let’s say this takes 2 weeks. Secondly the data has to get from the Geo/IP provider to the end product. If the end product might update it’s database once a month, regular enough. This means that for up to 6 weeks the IP address would show as Denver when in fact it’s London. With over 4.3 billion IP addresses, 99% accuracy means 43 million IP addresses have inaccurate Geo/IP data at any time. Coincidentally that’s almost the entire population of Spain (or the population of California plus New York City, whichever statistic floats your boat).

Why Do IP Addresses change?

This is lovely and simple. There simply aren’t enough to go around.

IPv4 is limited to 43 million addresses. This is being replaced with IPv6 which is limited to 340 undecillion (yes that’s 340 with 36 0’s at the end!). This update will be complete at some point in the future, but changing the entire architecture of the Internet isn’t easy.

With a limited pool of IP addresses your Internet provider will only have a limited supply. To make sure they only use what they need, IP addresses will often “Dynamic”. This means each time your router reconnects to the Internet (after reboot for example) you may be given a new IP address. Many ISP’s offer “Static” IP addresses for extra cost, meaning that your regular cheapo Internet package will have a dynamic IP as standard.


IP addresses are a commodity and they are reused and reallocated when required. The updated information takes a while to reach the end products, and not all products get their information from the same place. When you compare 2 “like for like” reports, they probably aren’t “like for like”. If you delivered 10 impressions to Ghana when you targeted US IP’s, they were probably served to a little old lady in Texas… or maybe not! The data is good enough (statistically speaking) and will only get better as time goes on.

IPv6 will help solve everything (including but not limited to fixing the global economy)…. unless you subscribe to the theories that spam-bot’s will reap the dark rewards of a seemingly never ending supply of fresh and untainted IP addresses. But that’s whole other story!