New Instant Scan features: Custom code injection and ad-blocking simulation

Mezzobit’s Instant Scan tool enables digital enterprises to analyze all first- and third-party code and pixels on their websites. We’ve just added two new features that customers have been asking for:

  • Custom code injection: Sometimes you want to see how a page responds to a certain series of user actions, a new tag, or different environmental variables. You can now insert JavaScript into the scan either by pasting in code or providing a URL to an external tag. This code can be run either synchronously or asynchronously.
  • Ad-blocking simulation: Publishers are concerned about the impact of ad blocking on their sites. Brand marketers also have issues, as ad blockers shut down a lot of ad and marketing tech instrumentation that drive customer insights and conversion optimization. Instant Scan lets users enable AdBlock Plus during the scan to show exactly how tags are affected. By comparing tag chaining diagrams for blocked and unblocked impressions, site operators can understand exactly what’s getting shut down.

Instant Scan is already the most powerful site scanner available, with a database of 10,000+ code fragments and companies to identify even the most obscure ad/marketing-tech companies, the ability to spider multiple pages on sites, last-mile scanners in multiple locations in the US and Europe that can simulate many browsers and devices, and the collection of more than 100 metadata elements about each tag. The tool also visualizes tag chains, parent/child relationships, and performance waterfalls, with JSON and CSV data exports. Our quick start guide shows a full listing of all features.

We offer a seven-day free trial, as well as long-term free usage of the platform by privacy researchers, academics, and journalists.

For site operators who want to see every transaction, Mezzobit’s full Audience Value Platform enables scanning from the inside out, uncovering even more insights about how third-party data collectors interact with visitors.

How much do ad-tech vendors screen out cloud-based browsers?

A recent survey by Distil Networks highlighted where their analysis saw the largest originators of bot traffic that contributes to traffic fraud. On their top 20 list for bad bots were cloud computing providers such as Amazon Web Services (#4) and SoftLayer (#16).

The ad-tech industry has dramatically increased its focus on reducing both traffic and inventory fraud. Mezzobit has seen the impact of this in our tag-scanning platform, which monitors the situation in two ways. Our customers embed Mezzobit’s scanning technology within their websites, which permits us to both analyze visitor patterns (using anonymized data with no tracking) as well as tags that are loaded in “chains” or waterfalls (where one tag loads another). Our Instant Scan platform does this from the outside for a smaller number of pageviews.

In the early days of Instant Scan, we noticed a marked difference in page tag populations when we scanned from cloud-based browsers versus browsers that were using normal desktop machines on non-data-center ISP connections. This makes sense, as other than legitimate proxies, VPNs, and a few other limited applications, human traffic should not originate from the cloud. This caused Mezzobit to move exclusively to non-cloud machines for Instant Scan.

We did a quick study this week to revisit the topic and found that cloud browsers saw 20-25% fewer tags and vendors, but still loaded a fair number of ad-tech calls. Full results can be found here.

Rise of programmatic and header bidding: Survey of ad-tech on top 100 media sites

It’s no surprise that display ad transactions are becoming increasingly automated — with 72% of US digital ad spend projected to be handled through programmatic channels in 2017.

We used Mezzobit’s powerful Instant Scan, coupled with our database of thousands of ad- and marketing-tech companies and tens of thousands of tags, to find out exactly what’s going on.

Our researchers scanned pages from the top 100 ad-supported media sites as ranked by Quantcast and catalogued all of the ad tech that we found there. We specifically examined ad waterfalls and bidding transactions to understand which vendors were doing what where. No customer data was used in this survey — only scans available from the public internet.

Some quick findings:

  • The average site had 185 JavaScript tags, pixels and other calls from third parties from the ad-, marketing-, and pub-tech industries, representing 46 different companies. In total, we saw 463 companies on these sites.
  • Seventy-six percent of sites used direct programmatic, real-time bidding, and /or private marketplaces.
  • Thirty-eight percent used header bidding, with the average of six bidders. Nearly a third had more than one header bidding wrapper, with some using nested wrappers (wrappers in wrappers).
  • The same number — 38% — also used a data management platform, with an average of eight data collection tags. We also saw many DMP tags riding in with social media and pub-tech vendors, oftentimes without the knowledge of the publisher.

A full listing of stats and vendors can be found in the infographics after the link.

Research assistance for this project was led by Alex Eisert with help from Gabe Orlanski and Erik Rosenblum.

Read more>

Video Privacy Protection Act (VPPA): Beware GPS data.

Media companies have been trying to make sense of the seemingly inconsistent rulings interpreting the Video Privacy Protection Act (VPPA) and whether anonymous identifiers – like IP addresses – are considered personally identifiable information (PII).

Anonymous IDs Are PII?

Most courts have ruled that anonymous identifiers are not PII. But in late April, in Yershov v. Gannett, the Federal Court of Appeals for the First Circuit in Boston raised the possibility that anonymous identifiers may amount to PII for purposes of the VPPA.

Now the Third Circuit in Philadelphia has weighed in: In In Re: Nickelodeon Consumer Privacy Litigation, the Court followed the majority trend and, ruling in favor of Nickelodeon (and parent company Viacom), found that anonymous identifiers like IP addresses, the “browser fingerprint” of various browser settings, and the computer’s unique device identifier are not “personally identifiable information” under the VPPA.

Read more>

COPPA and geographic data: InMobi got lost

On June 22, the Federal Trade Commission (FTC) entered into a settlementincluding a $950,000 fine – with InMobi, a mobile advertising network that had mishandled consumer data  They had improperly tracked children’s personal information in violation of COPPA (the Children’s Online Privacy Protection Act) and they had gathered geolocation data about people who had not consented to be tracked.

This is a perfect example of a company putting out statements – including in its privacy policy and its communications to application developers – about its data usage practices, but then in fact doing something quite different:  InMobi asked about Children’s data, but then ignored what they learned, and InMobi stated that consent was required to provide geo-targeted advertising, when in fact it was not. Read more>