Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).
We have some big news this week:
Nandini also spoke to Stiftung Neue Verantwortung, a Berlin-based think tank about the Facebook ad boycott.
For the past few years, we’ve all believed that not funding hate is as easy as blocking bad sites. That you can avoid the risks of being viewed next to terrorist propaganda or hate speech by simply opting out.
But nothing about digital advertising is straightforward.
Last month, Zach Edwards, a data supply researcher, reached out to us with a tip. He told us he had found evidence that Breitbart was continuing to siphon advertising dollars from unsuspecting brands without their knowledge or consent. He told us the average marketer would never know — that you wouldn’t find any clues of this by checking your site list.
This tactic enables vast sums of money to be funnelled towards bad actors mostly without detection, which means that the biggest companies in the world are still funnelling ad dollars towards hate and disinformation. Even if you have blocked Breitbart or use an inclusion list, your brand could still be at risk.
Zach has been our guide to understanding this type of ad fraud, which we find to be so egregious that it should be illegal. We decided to join forces with him for this story.
???????? You can read Zach’s technical version here.
We’re going to walk you through the story and implications in a multi-part series. This is the first issue.
Every website has a number of account IDs to identify them on ad exchanges. Typically, websites that care about quality have just a handful. The New York Times, for instance, has only 12 different account IDs.
There are two types of account IDs: DIRECT and RESELLER.
Sometimes, media conglomerates share the same account ID across their owned websites. If Condé Nast wanted to, they could do this with Vanity Fair, WIRED, and Teen Vogue. To make it clear that they’re sharing account IDs, they label one website with a DIRECT label, and the others with a RESELLER label. This is called pooling, also known as a ‘sales house,’ and it’s generally acceptable because at the end of the day, it’s all done within the same organization — in this case, it’s all Condé Nast inventory and being properly labeled as RESELLER inventory for buyers.
Technical readers will want us to note that DSPs and SSPs can legitimately use RESELLER labels, too. The RESELLER label is generally used by large SSPs and audience companies to pool audiences across all their client websites.
What outlets are not supposed to do, though, is share their DIRECT account ID with websites and companies that are completely unrelated to them. It’s not a direct sale, it mislabels the inventory, and it funnels advertiser money towards shared advertising accounts owned by unknown entities. That’s why we’re calling this dark pooling.
The mislabelling of DIRECT account IDs across websites means that these sites are sharing data (good for retargeting!) and ad revenues. One way to describe this grouping of DIRECT account IDs is a “sales house.” That makes these groupings “dark pool sales houses.”
Sharing DIRECT account IDs does not necessarily mean you’re committing ad fraud. It is possible to share one or two account IDs with Breitbart, for instance, and not be intentionally involved in a shady ad scheme.
For example, we found that Vimeo.com, MSN.com, Upworthy.com, TalkingPointsMemo.com, NBA.com, MLB.com, and AdWeek.com were all sharing DIRECT account IDs with Breitbart. This is hopefully news to these companies.
Saambaa is one of the many sales house companies that seem to be working with Breitbart. On their site, they say that they help curate local content, grow audiences, and provide premium publisher experiences. We think companies like them might be the ones setting up these mislabeled DIRECT account ID records, or looking the other way as it happens.
We think (because of a reddit thread that talked about this) that companies like Saambaa might send their publisher clients a list of account IDs and tell them to put the code into their ads.txt file.
We don’t know, because we haven’t seen a Saambaa email (or emails from other sales houses), whether their instructions also educate the publisher about the difference between the DIRECT and RESELLER labels. Any of the organizations with these overlapping DIRECT account IDs may be surprised to know they’re in a dark pool sales house with Breitbart and other companies.
That’s not good. That could mean that even if they blocked Breitbart.com, they’re revenue sharing with Breitbart without knowing it.
Every account ID is linked to an advertising account, which is linked to a bank account. That gives us some clues as to where the money goes, but there’s no transparency beyond the shared account IDs.
These are generally backroom deals. We don’t know what the ad revenue split is here. These deals almost certainly include complex contracts and revenue sharing agreements, and we don’t know much Breitbart might be making. What are the cuts to manage these pools of mislabeled inventory? Is there some kind of a bonus associated with taking this risk? We don’t know.
The story got crazy when Zach visited RT.com’s ads.txt file. He found that RT are really, really organized with their sales houses. They code them as Block 1, Block 2, Block 3, etc. In the RT.com ads.txt file, there are 13 blocks (sales houses). In many of these blocks, he found DIRECT bidding IDs shared across multiple websites. This work is blatant and out in the open. And even more surprising? Some of their ads.txt DIRECT account IDs match Breitbart’s.
Here’s Zach’s take:
If you compare the Breitbart.com/ads.txt file against the RT.com/ads.txt file, you will find at least 4 identical account-bidding IDs that share the “DIRECT” label on both sites, which is mislabeled RESELLER inventory being sold as DIRECT inventory to advertising buyers.
Financially tied like this, RT and Breitbart look to be in cahoots.
RT isn’t the only disinformation site Zach saw in Breitbart’s ads.txt records (available here).
He did a Google search of each of their DIRECT account IDs to find more. If you want to try this yourself, open a tab and search for this DIRECT account ID:
“33across.com, 0010b00001shFQpAAM, DIRECT, bbea06d9c4d2853c”
He found lots of associated sites. For instance, this DIRECT account ID is shared across 34 websites including...
Remember, only one site can have a DIRECT account ID, so this means that the rest of these sites are mislabeling their inventory. If you see a DIRECT account ID that is linked to more than one website it is likely linked to a dark pool sales house.
Here’s what Zach says:
Many of the Breitbart.com dark pool sales houses are labeled on ads.txt files hosted on other websites — so the names of the companies can be found, parsed and flagged. Some of these organizations are violating ethical standards, industry protocols endorsed by the IAB and Google, and likely legal frameworks in numerous jurisdictions, particularly due to their work as data amalgamators without registering as data brokers.
The account ID above appears to be linked to a dark pool sales house owned by Saambaa, which we mentioned earlier.
This type of ad fraud is almost too brazen to believe. It’s taking place in broad daylight, through the same piping that ad industry associations have told us will safeguard our brands.
One of the reasons that this is still legal, or not explicitly known to be illegal, is that ads.txt is only three years old and there hasn’t been, to our knowledge, any major investigative research into the consequences of its design. But even though it is new, its risks are already severe. Ads.txt is a global standard, used in international markets. This giant security hole opens markets and mediascapes around the world to foreign propaganda, hate groups, money laundering, and, of course, fraud. If trade commissions aren't interested in this vulnerability, national security organizations should be.
That’s a good question! Ads.txt was developed by the adtech industry to bring transparency and accountability to the advertising supply chain. It was supposed to make it easier to verify that our ads were appearing on the correct inventory. However, because anyone can make up their ads.txt records, schemes like this one are incredibly easy to get away with.
What we need to combat this is free access to a universal ads.txt directory, so we can quickly query account IDs, and block any account IDs that don’t meet our quality thresholds (aka account IDs participating in dark pool sales houses).
A universal directory is essential to finding ad fraud like this. But the records are maintained by a handful of organizations — and it costs $10,000 a year to access them from the IAB Tech Lab. That makes it prohibitively expensive for most businesses as well as researchers like us to get our hands on the data.
We took a shot anyway, and asked three organizations - Google, Facebook and IAB Tech Lab - for a free copy of their ads.txt directory for research purposes. Google and IAB Tech Lab declined (Google said that they wanted to support their industry partners at IAB Tech Lab and TAG). Facebook didn’t respond. IAB Tech Lab told us the ads.txt directory is a source of revenue for their organization.
This raises some interesting questions about conflict of interest. What’s more important, brand safety or their organization’s money-making ventures?
So for now, we have done the tedious, manual and time-consuming work of going through ads.txt without access to a directory. It took Zach over a month to work through the information he presents in his detailed post, and there’s tons more information out there.
We believe there should be a free and easily accessible ads.txt directory across all domains in the global advertising inventory available to the public.
But for now, consider blocking all of the account IDs in this Breitbart ads.txt list. Otherwise Breitbart will continue receiving your ad dollars. There are over 230 DIRECT mislabeled publisher IDs in there.
Then, contact your ad exchanges to ask them if they’re giving you a refund for the budget you spent with those account IDs.
That’s it for now. We’ll have more for you next time.
Thanks for reading!
Nandini and Claire
UPDATE (July 22, 10:00pm EST): Saambaa CEO Matt Voigt reached out to us with the following statement:
“Specifically on the ads.txt Direct issue: We run an events discovery module which renders itself on the page as a Javescript widget. The module is our own content and own experience, which is why we represent the inventory as our own inventory. We do not manage inventory for publishers, or run any kind of publisher ad network. We don't work with Breitbart, but since any publisher can copy and paste our ads.txt up, we don't control what they have up. It's an unfortunate reality of ads.txt that there is no control of it for us. The Breitbart ad inventory is managed by a third party ad management company. We work with them on other sites and they have grouped our ads.txt as part of their larger assembly of ad buyers on Breitbart."
Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin. And send all the kudos to @thezedwards.
Check My Ads Institute is a non-profit 501(c)3 organization.