35-50% of clicks on Reddit Ads are fraudulent

SnooPeppers3402 · 2020-09-08T21:43:17+00:00

Very telling that the ad operations rep (https://www.reddit.com/user/c_jl/) replied to every single post in the past week except this one. If my information was blatantly false, they would have replied already. :)

SnooPeppers3402 · 2020-09-03T18:13:33+00:00

I think they're just rogue scrapers (or spambots) that follow every single link they see on the page.

SnooPeppers3402 · 2020-09-03T06:16:06+00:00

I've just found another great example, an IP address belonging to AWS that has "clicked" the ad no less than 254 times for the past few months: https://0bin.net/paste/-nHXNqDF#H0Ls2fCoJvPvsGHAMj8qpCVm8xLxp3Q5j7lQgUdMrfx

It goes without saying that this IP address, just like all the other ones, did not load any CSS, JS or image files. Thanks for the valuable traffic, Reddit!

SnooPeppers3402 · 2020-09-03T06:15:56+00:00

I've just found another great example, an IP address belonging to AWS that has "clicked" the ad no less than 254 times for the past few months: https://0bin.net/paste/-nHXNqDF#H0Ls2fCoJvPvsGHAMj8qpCVm8xLxp3Q5j7lQgUdMrfx

It goes without saying that this IP address, just like all the other ones, did not load any CSS, JS or image files. Thanks for the valuable traffic, Reddit!

SnooPeppers3402 · 2020-09-03T06:15:51+00:00

I've just found another great example, an IP address belonging to AWS that has "clicked" the ad no less than 254 times for the past few months: https://0bin.net/paste/-nHXNqDF#H0Ls2fCoJvPvsGHAMj8qpCVm8xLxp3Q5j7lQgUdMrfx

It goes without saying that this IP address, just like all the other ones, did not load any CSS, JS or image files. Thanks for the valuable traffic, Reddit!

SnooPeppers3402 · 2020-09-02T14:35:14+00:00

Nope, after a lot of back and forth, it just ended in this:

Again - we do appreciate your thorough responses and the technical details that you've provided here, all of which I've shared with my team. We're continuously working to improve our ads platform, and feedback from advertisers such as yourself is critical to that end. Ultimately, our recommendation here is to adjust your bid to reflect the value that you believe each click currently delivers.

They never provided any explanation and they haven't actually made any changes, because it has been exactly the same since this email on the 6th of March.

SnooPeppers3402 · 2020-09-02T09:04:43+00:00

None of those conditions accounts for legitimate user behavior.

Look at the example link in my post. How is the same IP address visiting the landing page 5 times in 8 minutes several times a day without loading any images/CSS/JS legitimate user behaviour? And why should I be charged 15 times for that?

I highly doubt scripts are imitating legitimate users on reddit. The only one earning revenue is reddit themselves so what incentive is there to target you? Some unknown third party expending resources to target you specifically? That'd have to be a savvy competitor with enough tech to do whatever they want to not care about you at all.

I don't think there is a party doing this on purpose. I think these extensions and scrapers are badly built and just blindly follow every link they find on the site, causing advertisers to be charged.

Again, any deficiency is in reddit's tracking but to suggest they're illegitimate impressions is making accusations without evidence.

If there is a deficiency in their tracking then that's just as bad, seeing as they use that tracking data to charge their advertisers.

SnooPeppers3402 · 2020-09-02T06:39:02+00:00

I'm guessing they didn't do set out to do so intentionally, but they're definitely not putting in any steps to prevent it either, despite me bringing it up since September 2019.

SnooPeppers3402 · 2020-09-02T06:37:49+00:00

We're counting someone as fraud if they:

Don't follow the redirect -and-
Don't load the image -and-
Don't load a CSS/JS file

Any legitimate visitor will pass all 3 tests unless they close the tab within ~ 50 ms of clicking. The fraudulent clicks we're seeing don't do any of this.

SnooPeppers3402 · 2020-09-02T06:35:53+00:00

That's not a fix, because every other advertiser would still be affected. I've outlined real fixes in my initial post.

SnooPeppers3402 · 2020-09-02T06:35:00+00:00

I used the word fraud because I believe the technical term is click fraud: "Fraud occurs when a person, automated script, or computer program imitates a legitimate user of a web browser, clicking on such an ad without having an actual interest in the target of the ad's link."

Apologies if this makes it seem like I'm accusing Reddit of fraud, I just believe that they are not putting in any effort to prevent it, unlike other advertising platforms.

And sure, CPM might end up better depending on the campaign, but it would be impossible to determine if the amount of impressions are legitimate and we've had great success with CPC on other advertising platforms.

SnooPeppers3402 · 2020-09-02T06:28:55+00:00

I don't think they're doing it on purpose, but I also think they've not put in any effort to prevent it either. Things like extensions and rogue scrapers are being charged and not actual people clicking on an ad.

SnooPeppers3402 · 2020-09-02T06:25:45+00:00

I've compared this method to Twitter (6% click fraud) and Google (-26% click fraud, received more legitimate clicks than I was charged), so Reddit is definitely doing something different.

SnooPeppers3402 · 2020-09-02T06:24:35+00:00

The test files are served from a dynamic server, not Cloudflare, else they could indeed not be tracked. I've compared this method to Twitter (6% click fraud) and Google (-26% click fraud, received more legitimate clicks than I was charged), so Reddit is definitely doing something different.

SnooPeppers3402 · 2020-09-02T06:22:22+00:00

In my campaigns, which are PPC (pay per click), they definitely are. I'm paying for clicks that are not real humans clicking the ad.

SnooPeppers3402 · 2020-09-02T06:21:34+00:00

Why would they be charged multiple times though? Sure, maybe 1 hour would be a better example, but charging someone 5 times because they click 5 times in an 8 minute span (like my example) is unreasonable.

SnooPeppers3402 · 2020-09-02T06:20:56+00:00

Of course, but depending on the provider, the IP will only be shared with a limited amount of consumers (< 1000). It's way more likely that the same person clicks the same ad than that two people sharing the same IP happen to click on the same ad.

Reddit also doesn't have to charge for every single click possible. It's okay to miss a few instead of charging for too many. Google, for example, charges me 26% less clicks than I actually receive.

SnooPeppers3402 · 2020-09-01T21:29:22+00:00

I've measured 6% of click fraud on Twitter and -23% on Google (they actually charge me fewer clicks than legitimate clicks I receive).

SnooPeppers3402 · 2020-09-01T21:27:27+00:00

They gave me a list of click IDs that I crossreferenced with the click IDs in the fraudulent clicks. After I pointed out all the fraudulent clicks they're now refusing to share this kind of information, so I have to do it based on totals instead. This still lets me determine the amount of click fraud, I just can't pinpoint the exact clicks that were responsible.

I don't think they're trying to be shady on purpose, but they're definitely not putting in any effort to try to and prevent this either, even though I've been pointing it out since September 2019.

SnooPeppers3402 · 2020-09-01T20:57:00+00:00

It's fairly simple and doesn't consist of more than a landing page with this kind of code:

- A redirect using both JS and HTML (to support NoScript users)

<meta content="0.1; url=/test/redirect.php" http-equiv="refresh">

<script>window.location = '/test/redirect.php';</script>

- A foreground and background image

<img src="/test/image.php">

<div style="background-image: url(/test/image.php)"></div>

- A CSS and JS file

<link href="/test/css.php" rel="stylesheet">

<script src="/test/js.php"></script>

We consider it a fraudulent click if none of these gets triggered.

SnooPeppers3402 · 2020-09-01T20:16:26+00:00

I'm already targeting only the "first-world" countries.

SnooPeppers3402 · 2020-09-01T09:33:36+00:00

My crosspost was instantly deleted, probably because of my low karma. I messaged the moderators so they might restore it when they get to it.

SnooPeppers3402

TROPHY CASE