Read on Twitter
new @adexchanger sell side column is about the IAB's attempts to fix ads.txt / app-ads.txt + sellers.json via their ads.cert standards.
Ads.cert requires changes to open RTB standards BUT, this standard "fixes ad fraud" by proposing massive user data collection...
Ads.cert requires changes to open RTB standards BUT, this standard "fixes ad fraud" by proposing massive user data collection...
Ads.cert is basically "signed bid requests" - for folks playing at home, this is basically a text/json file that contains all the publisher + bidding + user information....... and current standards include user IP address and IPv6 addresses...
Read it @ https://github.com/InteractiveAdvertisingBureau/openrtb/blob/master/ads.cert:%20Signed%20Bid%20Requests%201.0%20BETA.md#supported
Read it @ https://github.com/InteractiveAdvertisingBureau/openrtb/blob/master/ads.cert:%20Signed%20Bid%20Requests%201.0%20BETA.md#supported
It's absolutely hilarious that the IAB's Ads.cert standard required publishers & ad tech share/store/collaborate on user IPv6 addresses, since all privacy standards / legal frameworks count this as "personal data" / PII // Google's IP-anon docs cover it @ https://support.google.com/analytics/answer/2763052?hl=en
Ads.cert also has a stupid public / private key scenario that does nothing to stop user data privacy violations -- it merely protects from basic interloper sniffing of user data, but does nothing to prevent portability of that user data for the organizations ingesting/sharing it.
The IAB over the last 3 years has struggled to come up with any *real standards* other than the Transparency & Consent Frameworks they deployed for GDPR, which still are horribly deployed by most orgs who don't stop data flows prior to user consent.
The IAB deployed ads.txt, which has mislabeling loopholes where inventory is labeled as DIRECT across numerous websites, creating dark pool sales houses that are "allowed" to exist because sellers.json approves an org for "intermediary" & no crosschecks prevent shared accounts.
& when ad tech organizations violate DSP seller protocols, or when publishers / pseudo-SSPs are caught sharing account IDs creating dark pool sales houses, there are *minimal repercussions* for those orgs, & no transparency about orgs who violate this & are banned from networks.
The sellers.json "backstop" to ads.txt fraud is also totally worthless due to Google, the largest advertising broker in the world, having 10-20% of their file complete (most folks allege less coverage), & they allow orgs to hide their legal business name + domain.
Totally nuts.
Totally nuts.
The ads.txt + sellers.json standards have huge problems, they don't work between each other, and organizations violating these standards (and creating likely an illegal form of arbitrage that purposefully mislabels securities to sell as advertising inventory) are rarely named.
At some point, the IAB will need to recognize that both ads.txt + sellers.json are broken, & the ads.cert / Supply Chain Objects are NOT the solution, due to ads.cert being a user data breach on steroids.
The future RTB bid stream can NOT contain IPV6 or IP addresses. PERIOD.
The future RTB bid stream can NOT contain IPV6 or IP addresses. PERIOD.
Final comments, there are many ad tech orgs who claim they can "find ads.txt / sellers.json problems" & claim their tech avoids Dark Pool Sales Houses -- but if Google doesn't provide basically any transparency, and they are the largest seller, how can you make that claim??
/fin
/fin
