There Are Not Enough Humans in All of History

You've heard me say over the years that the quantities seen in programmatic media have been insanely out of whack for years -- "there are not enough humans on earth." The chart in the masthead includes the full year 2021 numbers from the IAB -- digital ad spend in the U.S. jumped to $189 billion, a 35% jump from the year before. For the last ten years the blue line (digital ad spend) has been diverging more and more from the yellow and green lines (humans' usage of the Internet, mobile, and social media). What drove this? The rise of programmatic media buying. Before ad exchanges became the dominant way of buying digital media, the largest advertisers would buy media from the largest publishers. Once ad exchanges intermediated themselves in between buyers and sellers, the advertisers paid the exchanges instead of the publishers. And that's when digital media went to hell.

Ad fraud has been a 90+% problem, since at least 2015

The exchanges wanted to grow as fast as possible to please their investors and to justify the "hockey stick" growth charts they showed in their investor decks. So they happily looked the other way and let everyone who had a website, or ten thousand sites, into the exchange. These tiny sites that were less than a month old could now sell to the largest advertisers, because they simply hid amongst millions of other sites. The exchanges also happily looked the other way when those websites used bot traffic to manufacture billions of ad impressions out of thin air, because brand new websites that no humans had heard of don't have human audiences. The more volume that passes through the exchange, the more money they made, because they were simply toll-takers. They didn't even have to operate the bots themselves.

The slide above from 2016 shows charts from an AdExchanger article . AppNexus issued a press release trying to claim they were a good citizen by purging their exchange of some 240 billion ad impressions per month, a 92% decrease. This shows "they had let everyone in" previously and it shows the magnitude of the fraud problem even in 2015 -- a greater than 90% problem, not the 1% fraud the ANA and TAG keep parroting. Oh, did any of the advertisers that bought ads from AppNexus before the purge get any of their money back? Did AppNexus voluntarily give any money back? Not that I am aware of. The purge was for publicity, not for doing the right thing.

The other exchanges didn't do such drastic purges of fake inventory, so there's a lot of fraud still going. How do they get away with it? They use fraud verification, otherwise known as "fraud protection." Those vendors that provide protection are not providing "protection" in the way advertisers assume; their real purpose is not actually detecting the bots and fraud and helping to remove fraud. Those protection services protect the exchanges by providing plausible deniability. The exchanges happily pay for protection as a cost of doing business so they can say "we didn't know there was fraud; the IVT vendor said it was '99.998% fraud free' so we kept selling it." This way, they don't have to give money back and they can wiggle their way out of lawsuits. But AppNexus can't claim they didn't know it was fraud, because they could see the fraud themselves and purged the 92% by kicking out the sites that were obviously bad. Advertisers still didn't get their money back, and now it's far past the statutes of limitation and AppNexus has been sold twice already. They got away with it.

Protection money for the protection

What if the fraud is so obvious that advertisers question the fraud protection vendors' numbers -- why are the fraud numbers so low? Every fraud detection vendor then resorts to their protection -- MRC accreditation -- by saying "trust us, we're MRC accredited." Like I said before, paying the MRC fee is paying for protection. And the MRC is "protection for the protection." Advertisers had assumed that having MRC accreditation means the vendors measured fraud correctly. It does not. MRC accreditation only means the vendor measured what they said they would measure. Let me be clear, Vendor A submits a spreadsheet to MRC during the accreditation process that says they measure 3 things to detect fraud. An Ernst & Young accountant interviews the vendor and verifies they measure those 3 things. They get accreditation, after paying the fee, of course. Vendor B submits a spreadsheet that says they measure 500 things to detect fraud. They show that they do to the EY accountant, and they too get accreditation, after paying the fee. Both Vendor A and Vendor B are now "MRC accredited."

But they measure entirely different things. And this explains why different MRC accredited vendors measuring the same campaigns come up with entirely different fraud numbers. And the MRC itself has no idea whether they measured the fraud correctly. The MRC has no tech of their own, no data to review, and no "truth sets" -- otherwise known as "answer key" -- to know if the fraud detections are correct. So like I said MRC accreditation is strictly for protection, so the fraud vendors can push off responsibility to someone else "trust us, we're MRC accredited." The costs of all this protection is ultimately borne by the advertisers. Not only are advertisers paying more to the fraud vendors, they are also absorbing the costs of wasted ad spend because they continue to purchase fake ads that these vendors could not detect to be fake. And some of these vendors are double-paid. The fees borne by the exchange are passed along blended into the "media CPM." Advertisers pay a second time for the same vendor on the same campaign, this time under "verification costs." Advertisers are paying twice for tech that doesn't protect them, it protects the middlemen selling them crap.

Have you purchased a billion ads? I have.

As part of my ongoing experiments, I have paid for 1 cent CPM campaigns out of my own pocket for years. I have purchased over 1 billion ads, recently, and measured all of it with FouAnalytics so I can compare to the DSP reports and data from the ad server, which I also operate. Why do I do this? I am constantly looking for "bottom of barrel" sites and apps. No real publisher can afford to sell ads at 1 cent CPMs, because they have real costs of content. Fake sites and apps, however, can still be profitable because they have no incremental costs and no costs of content. By deliberately buying 1 cent CPM ads I can see the bad guys and how they evolve the tech and techniques used for ad fraud. I then tune the algorithms used in FouAnalytics to detect fraud as it evolves. I have done this personally for the last ten years. Note the 1.2 million clicks I got, and the zero conversions. I didn't expect any/many "request an invite" on the FouAnalytics.com site from these click-throughs. But that's OK.

How many trillions did you say?

Let me show you some of the numbers observed in the bid request firehose, for ballparking purposes. The first grid shows the largest countries by number of bid requests ("potential impressions") and unique cookies (a rough approximation of the number of users). I have not independently verified the accuracy of the numbers, but the absolute numbers are not relevant. Just use them to get a sense of the RELATIVE sizes. For example the U.S. represents 34% of all the bid requests observable, while India represents 9% and Japan 4%. In relative terms the U.S. sees 3X more bid requests than India and about 8X more than Japan.

The numbers are from the "last 30 days." The 3.1 billion unique cookies observed in the U.S. is about 10X the number of persons online, last estimated to be 300 million out of the 350 million people in the U.S. The grid below shows the top 15 largest exchanges in the U.S. It is useful to look at the unique cookies column. For Google, 945 million unique cookies in the 30 day period means they are seeing 3X the number of online humans in the U.S. (approx. 300 million). So Google sees every online human in the U.S. This seems plausible. Gut check the other exchanges for yourself.

Let me leave you with a grid of the top largest sites and apps in the U.S. based on last 30 day volumes of bid requests. Keep in mind look at RELATIVE quantities, not absolute numbers. I have highlighted a few sites in yellow, as "anchor points." Their numbers are fairly reliable. For example, if you look at the unique cookies for usatoday.com you will see 59 million unique cookies. That gives you a sense of how many unique persons they see in a month. Weather.com sees a bit more, at 80 million per month. This is plausible because humans do check the weather regularly. These are unique cookies, which means they are properly de-duplicated for the time period of 30 days. CNN sees 44 million, ESPN sees 32 million unique cookies per month. If I have any of this wrong, publishers with more realistic numbers, please contact me. Everyone else can use the RELATIVE numbers for gut-checking purposes. Let me know if you find anything curious ;-) I'm sure you will.