Measuring the Unmeasurable

In the posting on Forbes last month here, and another post referencing it here we're seeing this continued reference to the Click Fraud Index that Click Forensics (now Adometry) had put out in 2010.  We haven't been able to find a reference to the CFI in some time, which we can only assume means that they either gave up trying to educate the masses, or they realized it's exceedingly difficult to measure click fraud overall. Either way, we're not overly disappointed that the index has disappeared, we're just disappointed to see that it's still being referenced so heavily.

Apples and Oranges - Click Fraud Isn't Globally Comparable

The problem with articles like the one in Forbes, like many others, is that they are stacking up Google against the CFI, even though the CFI is calculated based on 300 different advertising networks and platforms. So if the CFI says that 19% is the number that it is seeing across it's whole advertising platform, this is including networks that could very well have tremendous click fraud rates that can obviously skew the numbers. How do you compare Google's advertising platform to Mom n Pops Big Ol Search Network? You can't. And this is why this comparison just doesn't work.

Google's platform is the largest target, with the most available market penetration for malware authors and clickbot operators. This is no different than vulnerability research that targets Windows more than other operating systems. If you're going to exploit something, you want to go as far and as wide as possible. Microsoft knows this all too well. This is also why Google is going to take the most heat because of it, which is fair when you're king of the search castle. But blanketing Google in with other search providers that can't possibly match the volume of data (and the mining capabilities) isn't fair, and ultimately it's just poor reporting.

Werewolves and Click Fraud

Click fraud doesn't have a silver bullet, and neither does general security of any kind. There never will be. But ultimately it boils down to getting the right data, in the right format, into the right hands (the webmaster/owner). Do some research on intrusion detection systems, you'll see that ultimately they are really good at gathering information, boiling it down, and letting the trained eye make the judgement calls.

I might be a bit biased, but we feel there are a few things click fraud prevention companies can do:

1. Get REALLY good at one search provider and one advertising platform. What works for one, won't work for another.
2. Refine the data so that the webmaster/owner can easily spot deviant behaviour, software will never be as good as the human eye.
3. Double check your numbers. It doesn't make sense to tell a webmaster to go for 1000 refundable clicks when their provider only charged them for 500. It makes you look bad, it makes us all look bad.
4. Stop publishing stats on a problem that is effectively unmeasurable (unless you have access to the search providers advertising logs, at which point I'll shut up).