Thanks to several Internet Outsider readers (and journalists) who pointed me toward Harvard PhD candidate Ben Edelman's recent work on spyware click-fraud at Yahoo! Edelman articulates his research and findings in extraordinary detail, and provides screen shots, video, and packet logs as proof.
As Edelman describes (see below), the click fraud he observes is different than the usual kind (competitors clicking on links, bogus AdSense sites, etc.). This fraud is spyware-driven: PCs are infected with spyware that serves up Yahoo! ads and, in so doing, generates clicks. Importantly, in these cases, the PC users do not actually click the ads--the spyware produces the clicks automatically.
Edelman's videos, packet logs, and cookie logs are enough to make even the most ad-hardened online user feel sick about what is going on inside his or her machine, and advertisers who pay real dollars for such activity will, at best, be infuriated.
In one particularly sleazy instance, Edelman clicked on a text link within a New York Times story to find that the link had been inserted by a spyware program on his PC and launched an ad. In other words, a NYT reader who thought he or she was clicking through to additional detail within an NYT story was actually clicking on a non-NYT advertisement. The click, meanwhile, generated revenue for Yahoo! and the spyware vendor at the advertiser's (and the NYT's) expense.
This kind of actiivity has got to go, and if Eliot Spitzer doesn't take care of it, someone else will. In the meantime, along with other types of click fraud, it is artificially puffing up online ad revenue and market statistics.
Unfortunately, Edelman does not--and presumably cannot--say how widespread such activity is. He also doesn't say whether Yahoo! already offers advertisers refunds on such behavior (although he implies that it is so hard to control that they probably don't). So, once again, we are left to conclude that click fraud is real and is a problem--and left to wonder whether how big a real problem it is.
Many others have alleged click fraud at Yahoo. (1, 2, 3) But others generally infer click fraud based on otherwise-inexplicable entries in their web server log files -- traffic clearly coming from competitors, from countries where advertisers do no business, or from particular users in excessive volume (i.e. many clicks from a single user). In contrast, my proof of click fraud is direct: As documented and linked above, I have captured click fraud on video and in packet logs. Yahoo may argue about advertisers' inferences in other instances, i.e. disputing that advertisers have really found click fraud. But it's far harder to deny the click fraud shown in my examples.
In the examples I show above and previously, Yahoo's problem results from bad partners within its network. Yahoo syndicates ads to numerous partners, many of whom syndicate ads to others, some of whom then syndicate ads still further. The net effect is that Yahoo does not know who it's dealing with, and therefore cannot exercise meaningful supervision over how its ads are displayed. I consider this a bad idea -- bad business, bad for quality, bad for accountability. But Yahoo need not listen to me. Instead, consider instructions from New York Attorney General staff member Ken Dreifach: "Advertisers and marketers must be wary of fraud or deceptive practices committed by their affiliates, even [affiliates] that they have no working relationships with." (Quote from MediaPost, summarizing Dreifach's remarks.)...
The many bad partners in Yahoo's network make fraud particularly hard to block: When Yahoo terminates one fraudster, that fraudster's partners find another way to continue operations...