The taxonomy of technology: new vendor categories

As we’ve added thousands of companies to Mezzobit’s technology vendor database, our analysts continue to find subtle variation in exactly what defines specific verticals and subverticals.

It’s not enough to classify a vendor as an ad, marketing or pub tech company. For a site operator to better understand how visitors, data, and performance are affected, they often need to know exactly what a vendor does and how that compares against its peers. For our data scientists, fine-grained classification of vendors and tags helps us to more easily detect anomalies as well as automatically analyze never-before-seen code.

To this end, we’re pleased today to unveil the industry’s most comprehensive taxonomy of Internet technology companies, consisting of more than 300 categories and subcategories. We’ve used a three-level structure that lets users easily drill into greater detail. For example, a company may be classified as ad tech -> ad exchange -> video or pub tech -> content syndication -> podcasts.

One area where this will be immediately valuable is in Mezzobit’s competitive intelligence features, which provide lists of other locations where tags and companies have been spotted. Our scanners crawl millions of sites each month, in addition to anonymized data from customer sites. Because we’re executing pages and fully plumbing tag chains, Mezzobit is able to see page technology that competitive listing services overlook. We hope to soon use our new categories to provide better reporting to customers who are evaluating new vendors or sales and marketing executives assessing competitive positioning.

As you navigate the new structure and discover categories that you’d like for us to add, drop us a line.

How much do ad-tech vendors screen out cloud-based browsers?

A recent survey by Distil Networks highlighted where their analysis saw the largest originators of bot traffic that contributes to traffic fraud. On their top 20 list for bad bots were cloud computing providers such as Amazon Web Services (#4) and SoftLayer (#16).

The ad-tech industry has dramatically increased its focus on reducing both traffic and inventory fraud. Mezzobit has seen the impact of this in our tag-scanning platform, which monitors the situation in two ways. Our customers embed Mezzobit’s scanning technology within their websites, which permits us to both analyze visitor patterns (using anonymized data with no tracking) as well as tags that are loaded in “chains” or waterfalls (where one tag loads another). Our Instant Scan platform does this from the outside for a smaller number of pageviews.

In the early days of Instant Scan, we noticed a marked difference in page tag populations when we scanned from cloud-based browsers versus browsers that were using normal desktop machines on non-data-center ISP connections. This makes sense, as other than legitimate proxies, VPNs, and a few other limited applications, human traffic should not originate from the cloud. This caused Mezzobit to move exclusively to non-cloud machines for Instant Scan.

We did a quick study this week to revisit the topic and found that cloud browsers saw 20-25% fewer tags and vendors, but still loaded a fair number of ad-tech calls. Full results can be found here.

Video Privacy Protection Act (VPPA): Beware GPS data.

Media companies have been trying to make sense of the seemingly inconsistent rulings interpreting the Video Privacy Protection Act (VPPA) and whether anonymous identifiers – like IP addresses – are considered personally identifiable information (PII).

Anonymous IDs Are PII?

Most courts have ruled that anonymous identifiers are not PII. But in late April, in Yershov v. Gannett, the Federal Court of Appeals for the First Circuit in Boston raised the possibility that anonymous identifiers may amount to PII for purposes of the VPPA.

Now the Third Circuit in Philadelphia has weighed in: In In Re: Nickelodeon Consumer Privacy Litigation, the Court followed the majority trend and, ruling in favor of Nickelodeon (and parent company Viacom), found that anonymous identifiers like IP addresses, the “browser fingerprint” of various browser settings, and the computer’s unique device identifier are not “personally identifiable information” under the VPPA.

Read more>

COPPA and geographic data: InMobi got lost

On June 22, the Federal Trade Commission (FTC) entered into a settlementincluding a $950,000 fine – with InMobi, a mobile advertising network that had mishandled consumer data  They had improperly tracked children’s personal information in violation of COPPA (the Children’s Online Privacy Protection Act) and they had gathered geolocation data about people who had not consented to be tracked.

This is a perfect example of a company putting out statements – including in its privacy policy and its communications to application developers – about its data usage practices, but then in fact doing something quite different:  InMobi asked about Children’s data, but then ignored what they learned, and InMobi stated that consent was required to provide geo-targeted advertising, when in fact it was not. Read more>

Privacy and COPPA: Rules cover mobile apps, too

The Digital Advertising Alliance (DAA), a self-regulatory organization that has established and enforces responsible privacy practices across industry for relevant digital advertising, has begun to enforce its Principals applicable to “interest-based” advertising in the mobile context.

Independent oversight of the DAA Principals is conducted by The Council of Better Business Bureaus (CBBB) and the Direct Marketing Association (DMA) through the Online Interest-Based Advertising Accountability Program (the Accountability Program).

The recent decisions of the Accountability Program are a helpful roadmap for best practices to avoid unwanted scrutiny on how a mobile app should comply with DAA Principals – and privacy rules generally applicable in the United States. Read more>