Mmm... some light weekend reading. While I don't hope for this article to reveal any deep secrets I think that just getting a good background on things as such as this goes a long way towards a better understanding of the whole AdSense/AdWords ecosystem.

There are sections that provide a good overview of the process Google uses to identify and ban publishers which are involved with invalid clicks -- and a history of when the different measures have been implemented.

Wow, they really do automatically terminate publishers without human intervention! That tells me termination is much more common than I thought. I love the quote:

Currently it is a mixture of manual and automated terminations, with the auto-termination rates growing steadily.

That also changes the risk model for publishers. When you combine the fact that a machine can terminate your account with no Google human intervention with the fact that there is no defined mechanism for getting reinstated, then that means it is likely trivial for any technically sophisticated bad actor to get almost any small AdSense publisher terminated.

Of course, that last statement could be false. It could be that fully automated termination is only for the most obvious dumb perpetrator, such as a large volume of invalid clicks from a single IP address that is identical or geographically near the address(es) used by the registered publisher. But it is probably only a matter of degree. Anyone who knows the exact criteria (or is willing to experiment to find it) should be able to get any non-special AdSense publisher terminated in an automated fashion, if you have the funds and knowledge needed to rent a bot-net for a week or two.

It is possible to infer from this paper that bot-based fraud requires hand inspection by a human to detect -- if it is detected at all.

Interesting that "small reinstatement rates" are cited as evidence that the system works well, discounting the other possible explanation for having small rates despite the obvious psychological pressure to deny reinstatement. Also interesting that "terminated AdSense publishers can appeal to Google", though AFAIK, Google does not publicly admit that it is possible to appeal (am I wrong about that?).

Another interesting quote:

[Google] classifies publishers as possible spammers or "clean" publishers. If a publisher is classified as a spammer, that publisher is subsequently being <sic> investigated.

it is likely trivial for any technically sophisticated bad actor to get almost any small AdSense publisher terminated.

Arguably, but.... since I first came across AdSense, and started reading people state how easy that type of sabotage would be, I don't recall seeing even one credible report of this happening. I would venture that Google already had decent technology in place to respond to "click attacks" on competitors' ads, even before AdSense began, and that their technology has improved considerably over the past few years, and translates into the identification and discounting of click attacks on publisher websites.

I wonder if Google will eventually offer advertisers a "clean <--> spam" scale which they can use to concentrate their ads at one end of the spectrum (or perhaps the other).

It was also interesting that he did not entertain the notion of risk from a terrorist or enemy nation. If government estimates of a few hundred thousand zombie PCs are true, it should be possible to bring the entire AdSense/AdWords network to its knees for a cost of perhaps $50,000. I wonder if Google would try to stick to their policy of refunding both valid and invalid clicks from terminated publishers if they found their system auto-terminating 50% of their publishers.

Because that would largely affect small business, it wouldn't appear to have the visibility that terrorists usually seek. However, I would not be willing to bet that the total economic damage would be less than that caused by 9/11. I wonder if anybody has studied just how many small businesses are economically dependent on Google at this point. If you can punch enough small businesses in the stomach at the same time, you can put a helluva dent in the economy.

At this point, the computer biz is treating massive attacks by nut-jobs exactly the way the airline biz did before 9/11. Hope it won't happen because you know you aren't going to invest the resources it would require to be ready for it.

[Google] classifies publishers as possible spammers or "clean" publishers.

That stands to reason, and the automatic- or semi-automatic termination threshold for a "spam publisher" is probably lower than for a "clean" publisher.

I've often said that Google probably uses a "sniff test" when deciding whether to ban publishers who have had invalid clicks, and that sniff test may have been automated for sites that don't rank high enough on the quality or cleanliness scale to warrant manual reviews.

The expert has no expertise in fraud, just listened to stories from google engineers, the black box is still black. I doubt the judge will be fooled.

The expert has no expertise in fraud

His CV looks pretty impressive to me. And he's obviously spent a lot more time studying Google's fraud-detection processes than any member of this forum has (unless there's a member of this forum who has spent a considerable amount of time with the Click Fraud Team at the Googleplex).

My only complaint about his paper is that it's about twice as long as it needed to be. :-)

I don't recall seeing even one credible report of this happening.

What would it look like if it did happen? Google would terminate a publisher. The publisher would swear s/he did nothing wrong. The publisher would be unable to prove a negative ("It wasn't me generating those invalid clicks."), and Google would maintain silence.

"I would not be willing to bet that the total economic damage would be less than that caused by 9/11."

You might want to rethink that statement. It's either the most wildly exaggerated estimate of the risk of click fraud I've ever seen, or the most wildly understated estimate of the costs of the 9/11 attacks I've ever seen. I think I get what you're trying to say, that a hit on Google's business could wipe billions off their paper value, but come on.

Yahoo! is running a page on it:
[news.yahoo.com ]

The expert has no expertise in fraud.

A fraud expert would have looked at the other end, who is getting checks, looking at clicks is pretty much a head fake, the glaring omission is ZERO due diligence on the publisher network, anyone can "sign up" and tap credit cards.

A fraud expert would have looked at the other end, who is getting checks, looking at clicks is pretty much a head fake, the glaring omission is ZERO due diligence on the publisher network, anyone can "sign up" and tap credit cards.

Zero diligence, eh? Dang! I wish people would stop posting those phony "I've been banned" threads. :-)

Zero diligence, eh? Dang! I wish people would stop posting those phony "I've been banned" threads. :-)

Thats the point, how did they ever become a google agent to begin with, again ZERO due diligence just a reactive process to advertsiser complaints, the ones who don't get banned aren't posting their "earnings" and I'm sure thats a much larger group than the boneheads who put up a blogger site and click on the ads all day.

If google did a simple credit check on the publisher network you wouldn't need to look on this forum for the outcries, you'd hear it from your living room. Fraudsters fit a profile that clicks will NEVER reveal.

>> The expert has no expertise in fraud

is there a Masters in fraud? Did you read his bio?

TypicalSurfer, I don't pretend to have an expert opinion on Dr. Tuzhilin's paper, but he clearly has more knowledge than either you or I do. (In another thread, you stated--before we became aware of Dr. Tulzhilin's paper--that "No one outside of google knows what they are doing to combat fraud.")

Just as important, unlike anyone posting an opinion about his study on Webmaster World, he meets several tests:

- We know who he is.

- He has a long and impressive CV.

- He's impartial. (He court-approved study was commissioned by the plaintiff in a click-fraud lawsuit against Google, so there's no reason to believe that he's biased in Google's favor.)

- The paper itself is analytical and written in careful, objective language.

Can those who pooh-pooh the paper's methodology and conclusions meet those same tests of accountability, impartiality, and freedom from hyperbole?

is there a Masters in fraud? Did you read his bio?

is there a Masters in fraud?

Yes, there are career criminologists with Masters degree specializing in fraud examination, it's a large field.

Did you read his bio?

Yes, I read his bio. , excerpt:

My current research interests include knowledge discovery in databases (data mining), personalization, Customer Relationship Management (CRM) and Internet marketing.

Again, he has no expertise in the area of fraud.

Without getting into a war about the merit's of the author, he can't be that bad otherwise both sides and the court would not have accepted his evidence, it is a very interesting, but lengthy, read.

I felt I was reading my entire Internet education with the historical background to all the various aspects of search, advertising etc. I've kept this to settle any arguments that may occur!

It should be a reassurring document for anyone concerned with invalid clicks/fraud to learn what is actually happening and also what is not, acknowledged by the author, being divulged to combat this problem.

Without getting into a war about the merit's of the author, he can't be that bad otherwise both sides and the court would not have accepted his evidence

Gotcha on the war thing but remember both sides of the lawsuit are looking to SETTLE so its not surprising that they would get an expert that would steer in that direction (right down the middle conclusion), pretty standard stuff for class action lawsuits.

pretty standard stuff for class action lawsuits.

I would agree, both want a quick settlement.

For anyone interested in reading the findings without having to wade through it all, then go to page 36 and start with section 9.3 where a little further on it also refers to account terminations and how this occurs, section 9.6 is the bit that I guess most may be interested in...you never know, you may then decide to read it all:-)

One thing I conclude from this paper is that there is no such thing as a click-dump: Clicks that are hold in a queue for manual investigation until they are credited to the AdSense publisher. Periodically people in this forum report click-dumps, but they are probably nothing more than stastistical variations.

The whole paper only talks about clicks that are marked invalid, either by on-line filters, or by off-line investigation. There is no mentioning of clicks marked valid by either on-line or off-line methods.

Okay, so what I want to know is:

If a good-looking woman is sick in bed, would that make her an invalid chick?

I say yes. In some circles, at least.

Carry on.

no such thing as a click-dump

I guess I never saw the implication that click-dumps had anything to do with fraud detection. And I don't see anything in this paper that precludes the possibility that there can be pauses between the process that records clicks and the process that reports clicks to AdSense publishers.

The fact that there's no mention of it in the paper isn't evidence that it doesn't exist anyway.

The fact that there's no mention of it in the paper isn't evidence that it doesn't exist anyway.

This is not just a paper. It is a document used in a court case. If Google had any form of delayed click analysis before granting the revenues to the AdSense publisher, this would have been mentioned because it would mean an extra line of defense against click fraud and strengthen Google's position in the court case.

Click-dumps because of slow database synchronisation can occur, but click-dumps because of marking invalid clicks later in the process to be valid would have been mentioned in this paper.

A "click dump" could be implicit in the report (clicks intercepted by computer, but later cleared on manual review), even if not explicit.

Click-dumps because of slow database synchronisation can occur

That's what I've always assumed was behind so-called "click dumps." And for what it's worth, reports of impressions and clicks seem to be more in sync these days than they used to be. So do the reports for "today" and "this month," which used to be out of whack more often than not.

A "click dump" could be implicit in the report (clicks intercepted by computer, but later cleared on manual review), even if not explicit.

I agree. I don't see how they could avoid a "click dump" if valid clicks were delayed by being sent to the investigative team for checking.

On another note, I doubt that every "click dump" or instance of out of synch reporting is the result of invalid clicks investigations.