What a great year! Un-be-lie-va-ble!
With only a few days left in 2022 it is already clear that all previous records will be smashed! On behalf of all bots, botnets, click farms and many other players in this ecosystem: “A big thank you to all digital media buyers for doing great business! We hope and trust that 2023 will be an even better year!”
For 2022, the total ad fraud has been estimated somewhere between $60 billion and $80 billion. Some even claimed a number well over $100 billion. It is hard to estimate and verify these numbers because in this ecosystem nobody files their annual numbers. But, we surely know based on the BFF (Bot Friends Forever) data: This business is very lucrative and nearly risk free.
To celebrate this year’s great results and the 10-year anniversary of BFF (Bot Friends Forever) a three day BFF festival was organized by IAF (Inflated Ad Figures) with all big industry players present. During the daytime all kinds of festivities were organized for parents and their kids, with complimentary food and drinks. The parade was a great success. As bots don’t like rain and humidity, we were lucky to have sunny and dry weather. The crowds went crazy on the performing artists (eg. The android sisters, Compressorhead, Fingers & Stickboy) and yes, yes, yes, their musical performances were great! Their shows are absolutely stunning!
After the introduction we’ll interview some of the leaders in this ecosystem, which are also sponsors of this event. They are responsible for designing and developing the individual components of the ecosystem, which can be bought or are deployed as SaaS. Combining these components enables you to scale quickly, without hassle, without difficult questions, and thus continue to keep on making large profits. But, first, some BFF pictures!
The pictures will give a good impression on how this event has been enjoyed and received by so many different types and kinds of bots all working with digital media. Because not everybody is able to attend this festival, a request was made to all invitees to provide one or more pictures introducing themselves. This gives a face to these good and trustful services.
The first company is run by the family Button. Before they started in the digital media their business was sewing on buttons. They realized that much more money could be made by clicking buttons and clicking ads, and the rest is history. Using their long fingers they are able to click 1000s times an hour and as they have quite a big family and an even bigger extended family they are really able to scale.
We’re talking with Archie, founder and CEO of a business attracting visitors to websites. As he tells, “The business is built on a VaaS service, which stands for Visitors as a Service. This means you’ll pay a few dollars a month and your website, or whatever URL you provided will get 1000s of visitors each day. Not real visitors, but that’s not important. Some clients don’t want to think about traffic quality, they just want visitors and that’s what their VaaS service provides, at a low price. We also offer premium traffic, aka bot-free human traffic, which comes at a higher price. And of course a bot is only a bot if it is a detected bot, so premium technology offers premium bot quality traffic at scale, sold as the real thing. That’s what I love about this business.
Our goals for 2023 are to add an additional service which sells ‘warm traffic’. This means that traffic arriving at your landing page has a rich profile, a large browsing history, lots of cookies have been set, and the best of all you can pick what type of visitors you want. Medical blogs? Reading automotive sites? Interested in tropical destinations? Sneakerfreaks? Handbags? Wine connoisseur? And many more. We will include them all, for a good price. “
But, how do they keep their ‘visitors’ up to date? And how do they get ‘visitors’ from any desired country, with a certain interest? That’s where all the players in the ecosystem come in play. It’s like a marketplace where you can rent a specific service to improve your own service. Let’s introduce some business owners providing these services, and let them talk how they run their business and what challenges they have.
A company called 4N-sick started their business only a few years ago. Their main business is to gather fingerprints, which will be bundled and sold.
For generations the family behind this business was working in a recycling facility sorting waste. But, as always opportunities present themselves and you just have to pursue them. So, now they scrape fingerprints. Not the real human ones but fingerprints of the devices humans use to access the Internet. These fingerprints are the configuration settings of both hardware (screen, CPU, memory, touch points) and software (languages, timezone, browser extensions, plug-ins) of your iPhone, Android phone or personal computer.
Because this information is free to grab, their business grew astronomical and with that also their revenue. They named their business after the four Ns (no name, no nothing), because they collect their fingerprints without any names associated with them. The only extras are metadata.
How does their business work? We’ll ask Tony co-founder of 4N-sick. We have a mixed bag of customers. Some use the fingerprints in special browsers able to have a different identity per tab. This is used typically by troll farms, review farms, or people working with multiple social media accounts and don’t like to log out, log in, etc. over and over again. Another large portion of our business goes to bots accessing websites for information. This can be getting flight ticket prices for arbitrage, but also buying tickets for popular artists, sports games. Most of these websites have increased their barriers, which means that if your browser, which is uniquely determined using your fingerprint, looks automated, your are blocked. That’s why having 1000s of fresh fingerprints each day avoids this nonsense. Once you’re blocked you just change the fingerprint, change your IP address, and continue.
One of the jewels in the ecosystem is this very sociable family. Their sophisticated noses and nozzles are key to their success.
We meet with Frida. As chief executive she runs the business that is used widely to analyze the usage of APIs in browsers, using a technique called API Sniffing. As she explains, “The strategy of building this company is to think ‘reverse’. Where everybody writes software with a goal or to perform a task, our business relies on reverse engineering existing software by looking at it as a black box.”. “For example, if you run into a new piece of JavaScript preventing ads or a tracker from being loaded, you’ll need to investigate on a high level: Why and what causes this? That’s where we can help you. Running the obstructing code, which is most of the times heavily obfuscated, encrypted, or even has its own virtual machine with bytecode implemented, will reveal what it does. Based on that you can start a focused detailed investigation. We have based our tech on VisibleV8 and are the best tool to scrutinize hostile JavaScripts and create a structured output of which, what, how, when the JavaScript did in the browser. Then it’s up to you to address these findings one by one.”. She so lovely, I could talk for hours with her. But, unfortunately time is limited. We shake hands and share contact details.
In the highly competitive area of proxies and VPNs we introduce you a business named ‘proxymate’. I’m meeting with the father Charles, founder of the company. He explains “We build a web-proxy that runs on your computer. Your browser on your computer, iPhone or Android is then configured to access the Internet through the web-proxy. The web-proxy is able to record and display all of the information that is sent and received.”
This allows our clients to view, and rewrite the requests (and responses) that are sent by web pages, mostly by JavaScripts, or Apps accessing APIs. Without this visibility it is difficult and time consuming to determine exactly where and what is going on.
It is such a great research tool for anyone who wants to know what and how the invalid traffic, viewability and brand safety data are structured and sent to the mothership for analysis.
Our goals for 2023 are to create a mobile proxy App, we already have a name for it: ‘App-proxy-mate’.This App will enable our clients to test and analyze mobile traffic on real mobile networks. With that in mind we finish our drinks. I thank him for our pleasant conversation and we say our goodbyes.
The next business is Susie and has previously been working in the VPN business for years. Once she realized that VPNs are offering two-way traffic, she started a new business offering VPN apps only a couple of years ago. She tells with a loud laugh “My business runs on giving away free VPN apps. These free Apps are the foundation of our VPN gateway infrastructure. What does this mean in layman’s terms? If you install a free VPN app on your mobile device, not just your traffic is routed to a remote location to enter the Internet. Someone else will use your VPN app and Internet connection to access the Internet. It works both ways! And we’re making money offering residential proxies to whomever wants to access the Internet from residential IP addresses”
That’s interesting, but as you mentioned: the App is free, so “How do you make money?” “You might have thought “How do those residential proxy services acquire millions of IP addresses? It is a mix between offering free VPN apps, renting out your free bandwidth of your gigabit Internet connection, just like you could rent out your apartment on AirBnB, you can do the same for the unused bandwidth of your Internet connection and saving a few bucks each month on your expenses. A win-win!”
But, this doesn’t explain it. So, after a few drinks, I try again. The topic changes to ‘how real profits can be made using free VPN apps’. Her youngest son an two of his fellow students had a great idea. As a parent you have to encourage such entrepreneurial endeavors. They setup a farm of emulated mobile phones, all running specific loading pages, view pages and click tasks. But, to avoid problems with data center IP address ranges, they configured their setup to route the traffic through the VPN Apps on real Android mobile phones. The beauty about this setup is that not only the data center IP addresses are changed to the residential IP addresses, also the TCP/IP network packets have changed. When a Linux server sends a network packet from a browser, or an emulated phone, the network packet shows certain Linux specific settings. For example, the initial TTL (time to live) value differs from OS to OS and thus may reveal that a browsing session is not from a real Android device, but from a Linux server. With residential proxies routed over real devices, this problem is solved.
This simple but elegant solution was the catalyzer to grow our business and to reinvest this money in CTV network traffic emulation. We did notice that in the last 2 years a lot of marketing dollars have been assigned to CTV and that means: Opportunities! Hence, we started to look for clients who are looking for solutions to reroute CTV traffic over a residential proxy which perfectly emulates the TCP/IP network packets as if they originate from Tizen OS, Android TV, Roku TV, etc. In the second half of 2023 we also hope to announce TLS fingerprint emulation for secure connections. That way both network layers are perfectly invisible for any detection, as they are real CTVs.
So, here’s your answer on the question ‘how do you make money?’. The money is made by clients needing a large number of specific devices at residential IP addresses, and/or devices that are roaming using their 4G connection.
Time to say goodbye and we keep you definitively updated on what their tech brings you next year.
When someone says the word ‘farm’ I do associate it with cows, sheep, chicken, camels and pigs. But, on the Internet a ‘farms’ means a group of organized people performing a single task. For example, troll farms, click farms. Also knows as ‘factories’. I’m sitting here with Angelica one of the leaders at a CAPTCHA solve farm. She’s the oldest daughter and is in charge of the operations.
She explains “The annoyance of CAPTCHAs is prevalent and the reason you have to solve CAPTCHAs is not because these companies only allow humans to access certain content. No, seriously! They want you to teach their AI algorithms to better recognize visual input like crossings, traffic lights, boats, and house numbers which were not clearly readable. Adding proper labels to their dataset will improve the AI object recognition models. It will cost you time, you don’t get paid for and their value goes up.
So, we made our own algorithms to solve CAPTCHAs. The simple ones with a few letters, some lines and some confetti are no match. The muffins vs chihuahua, lions vs domestic cats are a different level. These difficult to automate CAPTCHAs are solved by special farms. Technically we capture the CAPTCHA from the web page, send it over to the Internet to the farm, someone at the farm will pick it from the queue, solve it, and the solution is returned.
We have workers in our farms 24 x 7 and they get a fee for each CAPTCHA they solve. Working from home is allowed if you have a fast and reliable Internet connection, and they have complete freedom in when they work. Our clients don’t have to worry about insoluble CAPTCHAs at pages they want to access.”
It was great to speak to someone solving such an annoyance. I thank her and I’m almost running out of time, so I quickly have to go to my latest meeting.
I’m meeting with Rob and he runs a fraud detection business. As this is my last meeting I order some drinks, and we’ll start to talk. He explains, “See, everybody knows ad fraud exists. But, once a company knows how much fraud they have, they wish that they didn’t know. Because, once you know you have crossed the thin line from plausible deniability to deliberate ignorance. And in many companies at least 20% of the digital marketing budget is thrown away.
In order to prevent any liability you need to get compliance on board. If they set the checkbox, fraud detection in place, then all is ok and everybody can go back to sleep.. errrhm.. their business. That’s why we started to certify our own solution. Let me ask you one thing: What would you think if we reported >40% fraud?” Someone will wake up and starts asking questions, reduce the marketing budget next year. “Exactly, and we lose our client. That’s not what we want! We want happy customers, happy with their compliance checkbox, happy with our certified numbers. And that’s what we deliver. Supply and demand.“.
I don’t think I have anything to add to that, we ordered some extra drinks and continued talking about more important things in life, like how fast the children are growing up, our shared interest in music and half an hour later we shook hands and I had a lot to process.
While writing this article I received a dozen Christmas wishes from the bots I met during this 3-day BFF event. On behalf of the bots, botnets, API sniffers, VPN apps, proxy mates, Alice and Jill at the coffee bar and the click and lead generation farms: A merry Christmas and a Happy new Year!
In addition to this, of course, from the whole Oxford BioChronometrics team to everyone: A merry Christmas and a happy New Year!
Disclaimer
The story, all names, companies, characters, photos, and situations portrayed in this article are fictitious. No identification with actual persons (living or deceased), places, buildings, and products is intended or should be inferred.