Canadian explorer and ethnologist
What is the difference between unethical and ethical advertising? Unethical advertising uses falsehoods to deceive the public; ethical advertising uses truth to deceive the public.
Nothing is really free. When you listen to the radio or watch TV, advertising covers the expenses and pays for the sponsors’ right to broadcast their messages during your viewing time. Most people tolerate radio and television advertising and have grown accustomed to its constant interruptions.
However, in the world of the Internet, people don’t have so much patience for advertising. While advertisements underwrite many websites and hosting services, there’s a fine line between product promotion and invasion of privacy. Ideally, an Internet ad would pop up once and give you the option of making it go away. Instead, not only do online ads pop up (and keep popping up repeatedly), but they may also track which web pages you visit. That would be like having a TV that could peek into your living room to see which brand of potato chips you’re eating and then could target you for commercials for a competitor’s chips.
To attract your attention, Internet advertisers use a variety of formats, including banner ads and pop-up/pop-under ads. Any of these ads, however, can be an opportunity for abuse.
The simplest online ads are banner ads, which can appear in different places on a web page and typically display some sort of animation to catch your attention. Clicking on the banner ad will take you to the advertiser’s website. Figure 19-1 shows a web page with three different banner ads.
Advertisers place their banner ad on a web page and then pay a fee to the website operator each time someone clicks on it, an arrangement known as pay-per-click (PPC). For greater flexibility, many website operators partner with Google (www.google.com/ads), Yahoo!, and other search engines to provide different advertisements targeted to their specific audience. Every time someone clicks on an ad, the advertiser pays both the website operator and the search engine. Each click can cost the advertiser anywhere from a nickel to $50.
Theoretically, the more times a banner ad gets clicked, the more effective it is at reaching potential customers. The problem for the advertiser is that the pay-per-click method can only confirm that someone clicked on the ad, not whether he or she is really interested in the ad. Even worse, the advertiser has to pay the website operator (and any search engine partner) for every click, regardless of the outcome.
This loophole has attracted dishonest website operators interested in making easy money at the advertisers’ expense. One such company, called Auctions Expert International LLC, launched a website and signed up with Google AdWords in 2003. According to a lawsuit filed by Google, Auctions Expert hired approximately 50 people to sit at computers and click ads, artificially inflating the click-through rate and driving up the bills sent to advertisers. By engaging in such click fraud, Google’s lawsuit claims, Auction Experts International generated $50,000 in revenue for itself, which Google then had to refund to the scammed advertisers.
An article in the May 3, 2004, edition of The Times of India reported that click fraud is even driving one of the fast-growing areas for outsourcing. According to the newspaper, many companies are hiring Indian housewives, urban professionals, and college students to sit around and click ads, earning 18 to 25 cents per click, which can add up to $200 a month.
Rather than hire hordes of people to click banner ads, some website operators run automated programs known as autoclick software. According to a US Department of Justice press release, in March 2005, the Secret Service arrested Michael Anthony Bradley, a 32-year-old programmer from California, who threatened to release an automated clicking program dubbed Google Clique, unless Google paid him $100,000 (www.usdoj.gov/usao/can/press/html/2004_03_19_bradley.html).
If you look to buy autoclick software, however, you’ll find it’s marketed as a tool to test your website to see how many users it can support, not as something to artificially boost your site’s click rate. Some popular autoclick programs include Internet Macros (www.iopus.com) and CT AutoClick (http://camtech2000.net). One such program, I-Faker (www.i-faker.com), shown in Figure 19-2, even claims the following on its website:
DOES THE SCRIPT GIVE IMPRESSIONS TO MY BANNERS?
To put it simply, YES. Although not a practice we condone, our software can help you gain profits from your advertisers banner impressions. Although we are not aware of any advertising companies that can enforce a rule on this they may in the future come up with a method to prevent it.
The maker of another program, called FakeZilla (www.fakezilla.com), makes the following claim:
Web page requests are routed through a massive list of anonymous proxy servers which can be defined by you. Counters and banners “see” these fake hits just as if a real user was browsing your site. When used with the Web Server Log extractor the fake hits and traffic appear 100% realistic—you can’t tell the difference between FakeZilla traffic and real traffic! The most powerful and sophisticated software of its kind, FakeZilla is not only a “fake” or “virtual” hit generator, but in conjunction with your web and marketing resources it can improve your site profits.
One way advertisers can spot bogus traffic is by identifying the IP address of each click and how long that IP address remains on the website. If 1,000 clicks come from the same IP address, which only stays at the advertiser’s website for two seconds at a time, chances are good that those clicks were faked. That’s why FakeZilla boasts that it can route your clicks through “a massive list of anonymous proxy servers.”
There’s even a plug-in for the Mozilla Firefox browser called SwitchProxy (www.roundtwo.com/product/switchproxy), which lets you switch rapidly to different proxy servers so that each activity you perform on the Internet will appear to come from a different IP address.
Besides worrying about unscrupulous website operators, advertisers also have to worry about unscrupulous competitors. Some companies will hire people to click their competitor’s ads on different websites or run autoclick software, forcing their rivals to waste money on phony clicks.
To prevent click fraud, many advertisers would like to change the current “pay-per-click” model to a “cost-per-action” arrangement, meaning they’d only pay for clicks that turn into actual sales.
Until websites can verify the legitimacy of all clicks, advertisers can try enlisting one of the various click auditing services. To learn more about click fraud services, such as the one shown in Figure 19-3, visit Click Auditor (www.keywordmax.com), Who’s Clicking Who (www.whosclickingwho.com), or Click Defense (www.clickfraudservices.com).
Banner ads are easy to see, which also means they’re easy to ignore. Advertisers designed pop-up ads to get right in your face. Since a pop-up ad opens a new window that covers the web page you really want to see, you can’t ignore it. This is like having an advertiser rush into your house, grab your head, and shove your face in front of the TV when a commercial plays.
Many websites, especially those offering pornography, pirated music and software, or hacker tools, may bombard you with multiple pop-up ads, as shown in Figure 19-4. Sometimes, if you shut down one pop-up ad, three more appear in its place, so that the only way you can disable all the pop-up ads is to shut down your browser completely. If you don’t shut down all these pop-up ads, they can often flood your browser and freeze or crash your computer.
Pop-under ads are a bit more subtle. They also appear in little windows all over your screen, but they hide under—not on top of—your currently displayed web page. The moment you close your browser, those pop-under ads seem to appear magically, cluttering up your screen, and you probably won’t have any idea which website opened them. Since pop-under ads don’t intrude upon your browsing activities, advertisers believe they’re more effective than pop-ups, which people swat away like pesky mosquitoes every time one appears.
Either way, the intrusive nature of both pop-up and pop-under ads can annoy people who might have been customers otherwise.
Advertisers create pop-up and pop-under ads using JavaScript, Dynamic HyperText Markup Language (DHTML), or Flash. To see how to create a simple pop-up ad in JavaScript, use an ordinary text editor (such as Windows Notepad), type the following in a new file, and save it under the name “home.htm”:
<html> <head> <title>A pop-up and pop-under example</title> </head> <body> <script language = "JavaScript"> <!-- PopUp = window.open('ad.htm','ADVERTISEMENT','height=400,width=325,toolbar=no,direc tories=no,status=no,menubar=no,scrollbars=no,resizable=no'), //--> </script> <P> This is an example of a pop-up ad created using JavaScript. This is the HTML code that created this web page. </P> <IMG SRC = "HTML.gif"> </body> </html>
The above HTML code uses the window.open()
JavaScript command to load a second HTML file called ad.htm as a pop-up window, which appears as soon as someone loads the home.htm file in a browser. (You may have to turn off your browser’s built-in pop-up blocker to view the sample ad.)
This HTML code also displays a graphic image called HTML.gif, which opens the NotePad window with the HTML source code, as shown in Figure 19-5.
The HTML code to create the ad.htm pop-up ad appears below:
<html> <head> <title>ADVERTISEMENT</title> </head> <body bgcolor="#FFFFFF" text="#000000"> <img src="fileshare.jpg" width="301" height="337"> <text> Buy a copy now! </text> <a href="http://www.nostarch.com"> No Starch Press</a> </body> </html>
This HTML code displays a graphic file called fileshare.jpg in the pop-up window with the title ADVERTISEMENT, along with the text No Starch Press as a hyperlink that points to the www.nostarch.com domain.
This JavaScript example will get stopped by most pop-up blockers. For another example of creating pop-up ads with JavaScript, visit http://icant.co.uk/articles/how-to-create-popunders or www.hypergurl.com/generators/popupads.html.
If you want to create a pop-up ad that can slip past pop-up blockers, but you don’t want to bother writing JavaScript code yourself, you can try the JavaScript Coder (www.javascript-coder.com) program or the Pop-Up Maker (www.jvwinc.com/popupmaker.html) program, shown in Figure 19-6. The publisher of Pop-Up Maker, Jimmy’s Value World, even claims that its program “was one of the first popup [sic] makers that could create popups which will bypass XP service pack 2 Internet explorer popup blocking utility.”
Almost every browser can be set to block all pop-up/pop-under ads by default, although you may want to configure your browser to allow them on certain trusted sites. Figure 19-7 shows the dialog box options for blocking pop-up ads in Internet Explorer 6.
To avoid seeing banner ads, you can buy a program that will automatically refuse to load graphic images that link to other websites. Not only do these special ad-cleaning programs keep you from seeing annoying ads, but they can also speed up your browsing by eliminating the time it would take to load the graphic images associated with banners. Some popular banner ad-stripping and pop-up blocking programs include AdsCleaner (www.adscleaner.com), SuperAdBlocker (www.superadblocker.com), Ad Annihilator (http://adannihilator.com), Privoxy (www.privoxy.org), and Norton Internet Security (www.symantec.com).
Advertisers always want to measure the effectiveness of their marketing campaigns. Since the Internet spans the world, it’s very difficult to track how many people look at a particular ad and who they are. To meet these two needs, advertisers created a special tracking device called a web bug.
When you visit a website, your browser asks it to send all the text and graphic images contained on that page. Thus, a webserver needs to know the IP address of the visitor’s computer in order to send the reply to his or her browser.
When a webserver sends a web page to your browser, it is encoded as HyperText Markup Language (HTML) instructions that tell your browser how to display and position text and graphics, the name of the different graphic files in the page, and other data about the page, such as the name of the server that sent it to your computer. In the following example of an HTML graphics statement, the graphic file is called dotclear.gif, its width and height are both one pixel, and the server that sent it is located at http://ad.doubleclick.net (it’s this server that uses the web bug to retrieve information about your computer).
<IMG SRC=http://ad.doubleclick.net/dotclear.gif width=1" height="1">
The example above is actually a web bug, so tiny in size that it’s essentially invisible. When the server sends the web bug to a browser, the DoubleClick.net server can immediately identify the following:
Web bugs typically appear on web pages, but they can also appear inside banner ads, pop-up/pop-under ads, or HTML files send through email or posted in newsgroups. In their simplest usage, web bugs help advertisers determine how many people have visited a particular website and viewed a particular web page. On a more insidious level, web bugs can be used with browser cookies to track which websites a particular person visits and tailor advertisements specific to that individual’s interests.
Cookies are small text files that contain unique information about you and your last visit to a specific website. For example, a cookie from Amazon.com can store a user ID to match your computer to its database that lists the last 20 items you browsed, along with any recent purchases.
Normally, cookies can only be used by the website that created and placed them on your computer. So a cookie placed on your computer by Amazon.com can’t be read or used by any other websites, such as Barnes & Noble or Borders bookstores.
Unfortunately, circumventing this restriction is what webservers like DoubleClick do when they place web bugs (and cookies) on your computer. Only DoubleClick’s servers can read its own cookies, but since DoubleClick’s web bugs appear on so many websites, they can effectively track what you do across multiple websites. Visit sites like Amazon.com, Best Buy, and CompUSA and DoubleClick’s web bug/cookie combination can track what you’ve done on each site and thus create a more detailed profile of your browsing habits than any single website could do on its own. Armed with this information, DoubleClick can create unique customer profiles linked to specific IP addresses, essentially spying on your buying habits without your approval (or knowledge).
To learn more about what type of information web bugs can retrieve off your computer, visit the Analyze Your Internet Privacy site (http://network-tools.com/analyze) and Cookie Central (www.cookiecentral.com).
The next time you receive spam, there’s a good chance that it will contain HTML code (where a web bug can hide). The reason is simple. As soon as you view spam (such as in the Preview pane of an email program like Thunderbird or Outlook Express), your computer retrieves the text and graphic images defined by that HTML code. As soon as your computer requests the web bug, the web bug’s server can identify not only your IP address and operating system, but also when you viewed the spam. This information can be particularly important because it tells the spammer that someone actually viewed the spam so the email address is valid (and can be sold to other spammers too).
Many email programs let you block graphics from being viewed, but you may want to test your email program by taking the web bug test at www.nthelp.com/OEtest/oe.htm. This test will send you an email and after you open it in your email program, you can return to the website to see if the server managed to determine if you opened the “spam” or not.
Even if you’re using a supposedly “secure” email program like Thunderbird, you may find yourself being victimized by web bug spam if you rely on the program’s default settings. Thunderbird will only strip away HTML graphics or web bugs if it properly identifies the message as spam. Since Thunderbird won’t identify the web bug test message from the nthelp.com site as spam, it will let the test message’s web bug slip through, which also means that any spam that can slip past Thunderbird’s spam filters will also be able to verify your email address, too. (In my limited testing with different email programs, both Outlook Express and Thunderbird failed to block the nthelp.com’s test message, but Microsoft Entourage on Mac OS X did block the test message web bug.)
If a recipient doesn’t view the web bug in his email, it could mean that the email address isn’t valid or that this particular person didn’t bother to read it. In either case, the advertiser will likely remove that person’s email address from its distribution list and avoid sending advertisements that will be ignored.
Some companies accused of planting web bugs in email marketing messages include Experian (www.experian.com), Digital Impact (www.digitalimpact.com), and Responsys (www.responsys.com). By browsing their websites, you can get a better idea how email marketing firms work and how spam (better known by businesses by its euphemism of “email marketing”) has now become a profitable and legitimate business model that includes clients such as Victoria’s Secret, Microsoft, Marriott, and New York Life. Like it or not, spam, in one form or another, has become just another marketing strategy.
Newsgroups are another area where web bugs have started to appear. If you leave a message on a newsgroup as plain text, anybody can read the message anonymously. But if your newsgroup message contains HTML code, viewing that HTML newsgroup message causes the viewer’s computer to request the HTML text and graphics from a server; this server must then identify the computer’s IP address to send the requested HTML text and graphics.
By itself, HTML code can be harmless—except it allows a server to identify the IP address of the person reading the message and the time and date they read it. The extremely paranoid believe that HTML code (and web bugs) can identify people who subscribe to politically incorrect newsgroups, while others believe that governments might use web bugs to track down anyone trading child pornography or illegal MP3 files. By reading HTML code in newsgroup messages, you are no longer anonymous in a newsgroup, which is one major advantage of newsgroups in the first place.
Since web bugs often work with cookies to track your browsing habits, your first line of defense is to make sure your browser refuses all cookies. Since this won’t always be practical, especially when you visit online shopping sites which need the user to have cookies enabled, you should download the free Bugnosis tool (www.bugnosis.org).
As you browse different websites, Bugnosis scans each page, gives an audible warning, and highlights suspicious web bugs. By using Bugnosis with Internet Explorer, you can see how prevalent web bugs are, especially if Bugnosis finds suspicious GIF images on favorite websites such as the New York Times (www.nytimes.com), the Detroit News (www.detnews.com), or the Direct Marketing News site (www.dmnews.com) as shown in Figure 19-8. Despite Bugnosis’s help, there’s still no fool-proof way to determine if you’re browsing a web page with a web bug hidden on it.
One of the largest email and Internet marketing companies is DoubleClick (www.doubleclick.com), which offers Internet users a way to store a special cookie on their browser that prevents your computer from receiving any advertisements from DoubleClick.
Just visit the DoubleClick site, click the link for “Privacy at this Website,” and scroll down to find the directions to opt out from DoubleClick’s advertising. To opt out of other Internet marketing companies, visit the Network Advertising Initiative (NAI) site (www.networkadvertising.org/optout_nonppii.asp).
Even if you decide to opt out from DoubleClick’s ads, you may still find yourself bombarded by pop-up and pop-under advertisements from other marketers. So to learn how to stop pop-up and pop-under ads from wrecking your Internet experience, visit the Web Ad Blocking site (www.ecst.csuchico.edu/~atman/spam/adblock.shtml).
If you only visit a handful of sites on a regular basis, you can configure your browser to let you choose to accept or reject all cookies from every site you visit. If you visit different sites on a regular basis, this can be a nuisance, but if you only visit a few sites, this might be one acceptable way to block cookies and keep others from spying on your browsing habits.
When most people use a search engine like Google or Yahoo!, they often click the first results listed at the top of the page. For example, type Apple in a search engine like Google and the top result will be for the Apple Computer website. Two pages of search results later, you’ll find a travel agency called Apple Vacations. Google, like most search engines, assumes that more people are likely to want to visit Apple Computer than Apple Vacations and ranks its results accordingly. Companies actually vie with one another to be at the top of the results returned by search engines.
To determine which companies appear as the top results, search engines use algorithms to estimate which sites are most relevant to any given search term. Companies can also pay to get their websites ranked higher up in the results by using Yahoo!’s sponsored search marketing (http://searchmarketing.yahoo.com), Google’s AdWords (https://adwords.google.com/select), or MSN’s Keywords (http://advertising.msn.com.sg).
Paying for additional exposure is nothing new or unethical. The problem comes when companies try to scam their way to the top of the search engine results. This is known as spamdexing (spamming and indexing). Spamdexing involves the use of several techniques to fool search engine algorithms and improve search result rankings.
The simplest way that search engines rank websites is by the number of times keywords appear on each page. A website that uses the word computer multiple times on many pages is more likely to be relevant to someone searching for information about computers than a website that discusses computer-controlled sewage disposal and has only a single use of the word computer on its pages.
So in its simplest form, keyword stuffing simply fills a web page with the words that people are most likely to search for. For example, if you’re in the pool cleaning business, you could fill your web page with words like pool, pool cleaning, pool chemistry, and pool safety. Of course, this could clutter up the appearance of your web page and ruin its readability. Instead, the keywords are hidden using tiny fonts in text that appears as the same color as the page background. In this way, the text isn’t visible to ordinary users, but search engines still find multiple instances of the embedded keywords and will rank the website higher than a competitor’s website with the same keywords mentioned only three or four times.
To limit the success of keyword stuffers, most search engines now analyze how the website uses keywords and not just how often.
Since search engines examine the content (text) of your web pages, another way to trick search engines is like keyword stuffing but involves copying text and rewriting it slightly so that it appears differently to the search engine. This tricks the search engine into thinking the website has twice as much relevant content as it really does. While you could rewrite a single chunk of text to make it appear as two or more different chunks, it’s much easier to let the computer do it for you. Strike Saturday Inc. sells a program called ArticleBot (www.articlebot.com), shown in Figure 19-9, that can rewrite text automatically.
The more rewritten text you post on your website, the more keywords a search engine will find and the higher your website’s ranking will be. Two other content creator programs include Webspinner (www.webspinnersoftware.com), Article Equalizer (www.articleequalizer.com), and Traffic Equalizer (www.trafficequalizer.com), which boasts:
Traffic Equalizer will do all the work FOR you!
In a nutshell.
You import a list of keywords
You fill in a few form fields
The program automatically creates optimized pages
Another company called Hot Nacho (http://hotnacho.com) sells a program called ArticleWriter, a “custom word processor” that guides a human writer through the process of using the keywords most likely to get noticed by search engines. (To discourage people from crafting text solely to boost their rankings in a search engine, Google refuses to list Hot Nacho’s website at all, essentially making the site invisible to anyone looking for it using Google. According to the owner of HotNacho.com, Google has punished him further by refusing to list any of his other websites, a dispute you can read about at http://hotnacho.com/wordpress-fracas.)
Many search engines assume that if other websites link to a certain domain, that domain must be popular enough to merit a higher ranking. As a result, many websites artificially boost the number of sites linking back to them by creating bogus websites called link farms, which contain nothing but links to the site whose rankings they want to improve.
Another trick is to post website links on the many blogs scattered all over the Internet, known as blog comment spamming. As far as search engines are concerned, blogs are websites and links on blogs are as valid as any other.
To combat link farms and blog comment spamming, many search engines now rank links based on their source, so a link to your website from a major site, such as www.cnn.com or www.microsoft.com, is weighted more heavily than a link from a blog or site on a free web hosting service like Geocities or AngelFire.
When search engines examine websites, they scan the HTML code to analyze the content. However, some sites rely exclusively on displaying information through Flash animation. A search engine can detect a Flash movie on a website, but it can’t determine its content, so Flash-heavy websites send a description to the search engine. Of course, nothing prevents a dishonest website operator from sending anything to the search engine in his quest for inflated search rankings. This is known as cloaking. Search engines often threaten to ban websites that use cloaking.
Another technique is to create a temporary web page full of keywords and then, once it achieves a high ranking, to replace it with the original web page, a process known as code swapping. Code swapping is harder to prevent because a dishonest website operator can claim that he legitimately updated the site after the search engine examined the original web page.
Sometimes websites use an opening web page called a doorway that displays animation or graphics before asking visitors to click a link to access the rest of the site. On legit-imate websites, doorway pages offer a fancy way to grab a viewer’s attention. On pornographic websites, doorway pages often also contain keywords that people are likely to type when searching for something else. So when people search for something like warez or hacker tools, the search engine lists the doorway page, and when people click the link in the search results, they find themselves on a porn site.
If these different spamdexing practices sound too complicated for you to learn, relax. You can hire someone else to do it for you. Such consultants call their work search engine optimization (SEO), and a quick search for SEO will reveal hundreds of companies offering to help boost your website’s rankings for a fee.
Some of these companies use legitimate techniques, but others use shadier tactics that could actually get your site banned by Google and other search engines. If you’re curious to see these banned websites for yourself but don’t know how to find them, you can visit Search Engine Watch (http://searchenginewatch.com), which suggests alternate search engines to use. Search Engine Watch also explains how the various search engines rank sites for their results.
The more advertising you see on the Internet, the more money somebody’s making off the content there. Somebody’s paying to place their ads, someone else is getting paid to distribute those ads, and other people are getting paid to defraud the advertisers with fake clicks or phony search engine rankings (while still more people are getting paid to stop and catch the people defrauding the advertisers).
With all this going on, you should always keep in mind that search engines do nothing more than filter what you can and can’t see on the Internet. Considering how much money is put into advertising and advertiser fraud, it’s possible that advertisers are costing honest people more money than hackers ever could.