Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Presentation at UK Direct Marketing Association Data Protection Conference 2019

458 views

Published on

Real Time Bidding hurts worthy publishers, and enables a business model for untrustworthy sites, and enables the profiling of every single online person, and steals marketers money, and exposes them to risk. This can be easily fixed, if we demand it. RTB needs reform.

Published in: Marketing
  • Be the first to comment

Presentation at UK Direct Marketing Association Data Protection Conference 2019

  1. 1. How “real-time bidding” (RTB) ad auctions work.
  2. 2. /// Visitor Site Marketer $
  3. 3. /// Visitor Site SSP DSP DMP Marketer $ “Demand side”“Supply side” Ad Exchange
  4. 4. serve page request page request bid request segment request bid cookie to SSP deliver ad sync deliver segment sync ad request store data /// Visitor Site SSP DSP DMP Marketer $ “Demand side”“Supply side” Ad Exchange
  5. 5. The Daily Bugle
  6. 6. The Daily Bugle ExchangeExchange Exchange Exchange
  7. 7. The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP
  8. 8. The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ADVERTISEMENT
  9. 9. ? ? The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ? ? ? ? ADVERTISEMENT ?
  10. 10. ? ? The Daily Bugle ExchangeExchange Exchange Exchange DSP DSP DSP DSP DSP DSP DSP DSP DSPDSP DSP DSP DSP ? ? ? ? ADVERTISEMENT ?
  11. 11. French regulator caught it with 68 million illegal RTB records. Example Vectaury: a small DSP/DMP/ trading desk in France. €3.5M annual turnover in 2017 (though subsequently won a €20M investment). DSP
  12. 12. Is 68 million just 30%? Then this small company was sent personal data ¼ BILLION times via RTB (in just one year)
  13. 13. website.com This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  14. 14. Ad server website.com Ad server javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  15. 15. Ad server SSP Step 2. Ad server selects an SSP website.com Ad server javascript SSP javascript Step 1. User requests webpage This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  16. 16. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange website.com Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  17. 17. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money
  18. 18. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  19. 19. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  20. 20. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Step 6. Exchange serves winning bid Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  21. 21. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative MARKETERS website.com Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  22. 22. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Agency ad server Winning DSP Step 1. User requests webpage Ad exchange Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING Channel of data leakage Legend Money DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  23. 23. Ad server SSP Step 2. Ad server selects an SSP Step 3. SSP selects an exchange Step 7. DSP serves agency creative Step 8. Assets load from CDN Step 9. Agency ad server loads verification vendor MARKETERS website.com AD Winningbid Ad server javascript SSP javascript DMP DMP DMP DMP DSP DSP DSP DSP DSP DSP javascript Ad server javascript Step 6. Exchange serves winning bid Verification javascript Agency ad server Verification vendor Winning DSP Step 1. User requests webpage Ad exchange Channel of data leakage Legend Step 4. Exchange sends bid requests to hundreds of partners Step 5. Exchange lets some DMPs/ DSPs to refresh cookie sync CDN Money This is the current process of real-time bidding that is used in online behavioural advertising. DATA LEAKAGE IN ONLINE ADVERTISING DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP DSP
  24. 24. PROBLEMS
  25. 25. • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. Personal data in bid requests *Depending on the version of “real time bidding” system
  26. 26. • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. Personal data in bid requests *Depending on the version of “real time bidding” system
  27. 27. “broadcast”
  28. 28. HUNDREDS OF BILLIONS OF RTB BID REQUESTS, EVERY DAY. Index Exchange 50 billionii OpenX 60 billion+i Rubicon Project Unknown. Claims to reach 1 billion people’s devices.iii PubMatic 70 billion+iv Oath/AOL 90 billionv AppNexus 131 billionvi Smaato 214 billionvii Google DoubleClick Unknown. DoubleClick is the dominant exchange. i. "OpenX Ad Exchange", OpenX (URL: https://www.openx.com/uk_en/products/ad-exchange/). ii. “Tour IX’s Amsterdam and Frankfurt Data Centers”, Index Exchange, 2 July 2018 (URL: https:// www.indexexchange.com/tour-ix-amsterdam-frankfurt-data-centers/). iii. “Buyers”, Rubicon Project, (URL: https://rubiconproject.com/buyers/). iv. "How PubMatic Is Learning Machine Learning", PubMatic, 25 January 2019 (URL: https://pubmatic.com/ blog/learning-machine-learning/) v. "Maximize yield with Oath's publisher offerings", Oath, 3 April 2018 (URL: https://www.oath.com/insights/ maximize-yield-with-oath-s-publisher-offerings/) vi. 500 Billion / 29.6 = 18.6 billion impressions per day. Using AppNexus 1:11.5 ratio, this is 214 auctions per day. 500+ impressions figure cited in “Optimize your mobile strategy”, Smaato, (URL: https:// www.smaato.com/). vii. “Transacting at a peak of 11.4 billion daily impressions, our marketplace handles more traffic each day than Visa, Nasdaq, and the NYSE combined” at https://www.appnexus.com/sell. Note that in 2017, AppNexus said in “AppNexus Scales with DriveScale”, 2017, (URL: http://go.drivescale.com/rs/451-ESR-800/images/ DRV_Case_Study_AppNexus-final.v1.pdf) that 10.7 billion "impressions transacted" came as a result of running 123 billion auctions. The impressions transacted to auctions ratio appears to be roughly 1:11.5. Therefore, the 11.4 daily impressions reported in 2018 equates to 131 billion auctions per day. Leading RTB exchanges, daily bid request estimates
  29. 29. EVERY ONLINE PERSON CAN BE PROFILED
  30. 30. MARKETER RISK
  31. 31. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; -GDPR, Article 4 (7)
  32. 32. European Court of Justice 5 JUNE 2018
  33. 33. Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller. -GDPR, Article 82 (2)
  34. 34. Data protection-free zone PublishersSSPsDSPDMPMarketer Ad Exchanges A Agency Personal data are widely broadcast in “RTB” bid requests Shared liability under GDPR Article 82Legend Money Channel of data leakage $ MARKETER RISK FROM PROGRAMMATIC ADVERTISING Insurer and Reinsurer Risk
  35. 35. DATA PROTECTION IMPACT ASSESSMENTS
  36. 36. Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks. -GDPR, Article 35 (1)
  37. 37. -GDPR, Article 35 (3) …shall in particular be required in the case of: (a)a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person; (b)processing on a large scale of special categories of data referred to in Article 9(1), or of personal data relating to criminal convictions and offences referred to in Article 10; or …
  38. 38. The controller shall consult the supervisory authority prior to processing where a data protection impact assessment under Article 35 indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk. -GDPR, Article 36 (1)
  39. 39. MARKET CRISIS
  40. 40. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle
  41. 41. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John
  42. 42. How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle Step 2. Bid request broadcasts personal data about John John
  43. 43. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle /// Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about John John
  44. 44. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
  45. 45. Step 4. The Daily Bugle is paid €1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com /// Step 2. Bid request broadcasts personal data about John John
  46. 46. Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John John
  47. 47. Step 4. The Daily Bugle is paid €1 to show ad to John Step 7. De5troyTru5t.com is paid €0.1 to show ad to John How RTB data leakage supports untrustworthy websites The Daily Bugle Step 5. Later, John visits a low quality website Step 6. Bid request announces John is here Step 3. 100s of companies in the ad auction can now re-identify John as a Daily Bugle reader Step 1. User “John” visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement /// Step 2. Bid request broadcasts personal data about John Worthy sites lose their unique audience, and feed a business model for the bottom of the Web. John
  48. 48. The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  49. 49. The Daily Bugle Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot/// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  50. 50. The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  51. 51. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  52. 52. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  53. 53. Step 4. The Daily Bugle is paid €1 to show ad The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  54. 54. Step 4. The Daily Bugle is paid €1 to show ad Step 7. De5troyTru5t.com is paid €0.1 to show ad to Bot The Daily Bugle Step 5. Later, an untrustworthy website buts bot traffic Step 6. Bid request announces Bot is here Step 3. 100s of companies in the ad auction can now re-identify Bot as a Daily Bugle reader Step 1. A bot masquerading as a human visits The Daily Bugle €1 advertisement De5troyTru5t.com €0.01 advertisement Step 2. Bid request broadcasts personal data about Bot Bot /// Fake /// Fake How RTB enables to steal from publishers and advertisers. fraudsters
  55. 55. serve page request page request bid request segment request bid cookie to SSP deliver ad sync deliver segment sync ad request store data /// Visitor Site SSP DSP DMP Marketer $ “Demand side”“Supply side” Ad Exchange
  56. 56. Buyer SellerDistribution Marketer $ DMP DSP Ad Exchange SSP Site MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB Extracts 70-55% of buyer’s media budget. Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. Victims of massive fraud.
  57. 57. THE STARVATION OF THE WORTHY PUBLISHER.
  58. 58. THE FIX(an easy fix)
  59. 59. IAB OpenRTB Google Authorized Buyers
  60. 60. Personal data in bid requests • What you are reading, or watching, or listening to. • Categories of the content. • Unique pseudonymous ID. • Unique ID matched to ad buyer’s existing profile of you. • Your location (can be your exact latitude and longitude). • Granular description of your device. • Unique tracking IDs / cookie match. • Your IP address.* • Data broker segment ID* when available. *Depending on the version of “real time bidding” system
  61. 61. • What you are reading, or watching, or listening to. • Categories of the content. • Your approximate location. • General description of your device. • Your approximate IP address. Non-Personal data in bid requests Person is in Camden in London, UK. Reading an article about Tesla motors on TechCrunch. Using Safari on a Mac.
  62. 62. This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system. -GDPR, Article 2 (1)
  63. 63. id ext value tagid event ext maxseq ext ext live osv utcoffset 4 (Audit Status Codes) 1 (Creative Attributes) 12 ( Creative Subtypes - Audio/Video) 3 (Display Placement Types) 28 (DOOH Venue Types) 500+ (DOOH Venue Types) 1 (Native Data Asset Types) 14 (Operating Systems) 3 (Playback Cessation Modes) adomain img len ssai ext type linear id venue srcrel hwv ext 5 (Audit Status Codes) 2 (Creative Attributes) 1 (Creative Subtypes - Display) 4 (Display Placement Types) 29 (DOOH Venue Types) 1 (Event Tracking Methods) 2 (Native Data Asset Types) 15 (Operating Systems) 1 (Playback Methods) bundle link type sdk w method boxing name fixed len h id 6 (Audit Status Codes) 3 (Creative Attributes) 2 (Creative Subtypes - Display) 500+ (Display Placement Types) 30 (DOOH Venue Types) 2 (Event Tracking Methods) 3 (Native Data Asset Types) 16 (Operating Systems) 2 (Playback Methods) iurl ext ext sdkver h api comp pub etime lang w name 500+ (Audit Status Codes) 4 (Creative Attributes) 3 (Creative Subtypes - Display) 1 (DOOH Venue Types) 31 (DOOH Venue Types) 500+ (Event Tracking Methods) 4 (Native Data Asset Types) 17 (Operating Systems) 3 (Playback Methods) cat link type reward wratio jstrk comptype content dpi embed ppi segment 1 (Category Taxonomies) 5 (Creative Attributes) 4 (Creative Subtypes - Display) 2 (DOOH Venue Types) 32 (DOOH Venue Types) 1 (Event Types) 5 (Native Data Asset Types) 18 (Operating Systems) 4 (Playback Methods) cattax asset method wlang hratio wjs ext domain ext producer pxratio ext 2 (Category Taxonomies) 6 (Creative Attributes) 1 (Delivery Methods) 3 (DOOH Venue Types) 33 (DOOH Venue Types) 2 (Event Types) 6 (Native Data Asset Types) 19 (Operating Systems) 5 (Playback Methods) lang ext api secure expdir pxtrk delay cat id data js id 3 (Category Taxonomies) 7 (Creative Attributes) 2 (Delivery Methods) 4 (DOOH Venue Types) 34 (DOOH Venue Types) 3 (Event Types) 7 (Native Data Asset Types) 20 (Operating Systems) 6 (Playback Methods) attr id url admx ext wpx skip sectcat name ext lang name 500+ (Category Taxonomies) 8 (Creative Attributes) 3 (Delivery Methods) 5 (DOOH Venue Types) 35 (DOOH Venue Types) 4 (Event Types) 8 (Native Data Asset Types) 21 (Operating Systems) 1 (Production Qualities) secure req cdata curlx asset ext skipmin pagecat domain id ip value 0 (Click Types) 9 (Creative Attributes) 1 (Device Types) 6 (DOOH Venue Types) 36 (DOOH Venue Types) 5 (Event Types) 9 (Native Data Asset Types) 22 (Operating Systems) 2 (Production Qualities) mrating title ext display ext ptype skipafter cattax cat name ipv6 ext 1 (Click Types) 10 (Creative Attributes) 2 (Device Types) 7 (DOOH Venue Types) 37 (DOOH Venue Types) 500+ (Event Types) 10 (Native Data Asset Types) 23 (Operating Systems) 3 (Production Qualities) init image mime video id pos playmethod privpolicy cattax domain xff coppa 2 (Click Types) 11 (Creative Attributes) 3 (Device Types) 8 (DOOH Venue Types) 38 (DOOH Venue Types) 1 (Expandable Directions) 11 (Native Data Asset Types) 24 (Operating Systems) 1 ( Size Units) lastmod video api audio req delay playend keywords ext cat iptr gdpr 3 (Click Types) 12 (Creative Attributes) 4 (Device Types) 9 (DOOH Venue Types) 39 (DOOH Venue Types) 2 (Expandable Directions) 12 (Native Data Asset Types) 25 (Operating Systems) 2 ( Size Units) display data ctype ext title skip feed page id cattax carrier ext 4 (Click Types) 13 (Creative Attributes) 5 (Device Types) 10 (DOOH Venue Types) 40 (DOOH Venue Types) 3 (Expandable Directions) 500+ (Native Data Asset Types) 26 (Operating Systems) 3 ( Size Units) video link dur pos img skipmin nvol ref episode ext mccmnc bcat 1 (Companion Types) 14 (Creative Attributes) 6 (Device Types) 11 (DOOH Venue Types) 41 (DOOH Venue Types) 4 (Expandable Directions) 1 ( Native Image Asset Types) 27 (Operating Systems) >0 (Start Delay Modes) audio ext adm instl video skipafter mime search title id mccmncsim cattax 2 (Companion Types) 15 (Creative Attributes) 7 (Device Types) 12 (DOOH Venue Types) 42 (DOOH Venue Types) 5 (Expandable Directions) 3 ( Native Image Asset Types) 28 (Operating Systems) 0 (Start Delay Modes) audit url curl topframe data playmethod api mobile series buyeruid contype badv 3 (Companion Types) 16 (Creative Attributes) 10 (Display Context Types) 13 (DOOH Venue Types) 43 (DOOH Venue Types) 1 (Feed Types) 500+ ( Native Image Asset Types) 500+ (Operating Systems) -1 (Start Delay Modes) ext urlfb ext ifrbust ext playend ctype amp season gender geofetch bapp 1 (Connection Types) 17 (Creative Attributes) 11 (Display Context Types) 14 (DOOH Venue Types) 44 (DOOH Venue Types) 2 (Feed Types) 0 (Operating Systems) 1 (Placement Positions) -2 (Start Delay Modes) mime trkr mime clktype len clktype mindur ext artist keywords geo battr 2 (Connection Types) 18 (Creative Attributes) 12 (Display Context Types) 15 (DOOH Venue Types) 45 (DOOH Venue Types) 3 (Feed Types) 1 (Operating Systems) 2 (Placement Positions) 0 (Volume Normalization Modes) api ext api ampren ext mime maxdur domain genre consent ext ext 3 (Connection Types) 500+ (Creative Attributes) 13 (Display Context Types) 16 (DOOH Venue Types) 46 (DOOH Venue Types) 1 (IP Location Services) 2 (Operating Systems) 3 (Placement Positions) 1 (Volume Normalization Modes) ctype text ctype ptype type api maxext cat album geo type 1 (API Frameworks) 4 (Connection Types) 1 ( Creative Subtypes - Audio/Video) 14 (Display Context Types) 17 (DOOH Venue Types) 47 (DOOH Venue Types) 2 (IP Location Services) 3 (Operating Systems) 4 (Placement Positions) 2 (Volume Normalization Modes) w len dur context mime ctype minbitr sectcat isrc data lat 2 (API Frameworks) 5 (Connection Types) 2 ( Creative Subtypes - Audio/Video) 15 (Display Context Types) 18 (DOOH Venue Types) 48 (DOOH Venue Types) 3 (IP Location Services) 4 (Operating Systems) 5 (Placement Positions) 3 (Volume Normalization Modes) h ext adm mime w w maxbitr pagecat url ext lon 3 (API Frameworks) 6 (Connection Types) 3 ( Creative Subtypes - Audio/Video) 20 (Display Context Types) 19 (DOOH Venue Types) 49 (DOOH Venue Types) 4 (IP Location Services) 5 (Operating Systems) 6 (Placement Positions) 4 (Volume Normalization Modes) wratio url curl api h h delivery cattax cat type accur 4 (API Frameworks) 7 (Connection Types) 4 ( Creative Subtypes - Audio/Video) 21 (Display Context Types) 20 (DOOH Venue Types) 50 (DOOH Venue Types) 1 (Linearity Modes) 6 (Operating Systems) 7 (Placement Positions) hratio w ext ctype wmin unit maxseq privpolicy cattax ua lastfix 5 (API Frameworks) 1 (Content Contexts) 5 ( Creative Subtypes - Audio/Video) 22 (Display Context Types) 21 (DOOH Venue Types) 51 (DOOH Venue Types) 2 (Linearity Modes) 7 (Operating Systems) 1 ( Placement Subtypes - Video) priv h status w hmin mindur comp keywords prodq ifa ipserv 6 (API Frameworks) 2 (Content Contexts) 6 ( Creative Subtypes - Audio/Video) 30 (Display Context Types) 22 (DOOH Venue Types) 52 (DOOH Venue Types) 1 (Location Types) 8 (Operating Systems) 2 ( Placement Subtypes - Video) adm type feedback h wratio maxdur comptype bundle context dnt country 7 (API Frameworks) 3 (Content Contexts) 7 ( Creative Subtypes - Audio/Video) 31 (Display Context Types) 23 (DOOH Venue Types) 53 (DOOH Venue Types) 2 (Location Types) 9 (Operating Systems) 3 ( Placement Subtypes - Video) curl ext init unit hratio maxext ext storeid rating lmt region 500+ (API Frameworks) 4 (Content Contexts) 8 ( Creative Subtypes - Audio/Video) 32 (Display Context Types) 24 (DOOH Venue Types) 54 (DOOH Venue Types) 3 (Location Types) 10 (Operating Systems) 4 ( Placement Subtypes - Video) banner adm lastmod priv ext minbitr id storeurl urating make metro 1 (Audit Status Codes) 5 (Content Contexts) 9 ( Creative Subtypes - Audio/Video) 500+ (Display Context Types) 25 (DOOH Venue Types) 55 (DOOH Venue Types) 1 (Media Ratings) 11 (Operating Systems) 5 ( Placement Subtypes - Video) native curl corr displayfmt type maxbitr vcm ver mrating model city 2 (Audit Status Codes) 6 (Content Contexts) 10 ( Creative Subtypes - Audio/Video) 1 (Display Placement Types) 26 (DOOH Venue Types) 56 (DOOH Venue Types) 2 (Media Ratings) 12 (Operating Systems) 1 (Playback Cessation Modes) event ext ext nativefmt len delivery display paid keywords os zip 3 (Audit Status Codes) 7 (Content Contexts) 11 ( Creative Subtypes - Audio/Video) 2 (Display Placement Types) 27 (DOOH Venue Types) 57 (DOOH Venue Types) 3 (Media Ratings) 13 (Operating Systems) 2 (Playback Cessation Modes) 4%
  64. 64. Buyer Seller Extracts 70-55% of buyer’s media budget. Distribution Marketer $ DMP DSP Ad Exchange SSP Site Unique audience commodified and arbitraged. Untrustworthy sites business model enabled. Bot fraud boosted. 70% figure from the Guardian and Rubicon case in 2017. 55% figure from “The Programmatic Supply Chain: Deconstructing the Anatomy of a Programmatic CPM”, IAB, March 2016. Victims of massive fraud. MARKET OVERVIEW (NOW) PERSONAL DATA IN IAB / GOOGLE RTB
  65. 65. Buyer Seller Extracts much lower% of buyer’s media budget. Distribution Unique audience become immune to commodification and arbitrage. No opportunity for untrustworthy sites. Bot fraud reduced. Bot fraud opportunity reduced. MARKET OVERVIEW (POST-FIX) NON-PERSONAL DATA IN IAB / GOOGLE RTB Marketer $ DMP DSP Ad Exchange SSP Site
  66. 66. Real Time Bidding hurts worthy publishers, and enables a business model for untrustworthy sites, and enables the profiling of every single online person, and steals marketers money, and exposes them to risk. This can be easily fixed, if we demand it. RTB needs reform.
  67. 67. johnny@brave.com @johnnyryan For updates, sign up to Brave Insights, a mailing list for analysts, researchers, and regulators at https://brave.us18.list-manage.com/subscribe?u=e38d85b519352e2b40c9b899e&id=4384bd4cba

×