simplereach.com

Facebook Bots Are NOT Stealing Your Ad Spend!

Bender Bot

In a recent Facebook post a rather frustrated individual was noticing that the number of referrals (as measured by his analytics software) wasn’t matching the number of ad clicks that facebook was reporting.  This led the person to do an expansive investigation, including writing his own analytics software, to find out why this was happening. His conclusion was that dirty nasty bots were clicking the ads and therefore, the analytics software wouldn’t pick the referrals up.

There were a few false assumptions made in the post. The first is that the traffic coming in had JavaScript disabled.  If this was the case then the JavaScript analytics software would not detect the incoming traffic and therefore would not be able to log the result at all.  The second false assumption is that bots can not execute JavaScript, or that bots can not pass the referrer. Bots can do anything your browser can do, and can hide it just as easily.  I’m sure that if this individual looks at their analytics again, they will see a disproportionately high amount of direct traffic.

So if it’s not evil bots, then what’s happening?

My best guess is that there is a data loss due to protocol transfer. Facebook gives you the option of secure browsing, just click on “Security -> Secure Browsing” in your Facebook “Account Settings” area.  This will enable you to keep the communication between you and Facebook secure so that others can not see what you are doing.  Other social networks like Twitter also offer this. Google Plus even forces it and makes you browse securely.

When you browse a secure site (as shown by the https in the url), you can remain confident that what you do on this site is secure.  Here is where it gets tricky, when you browse from a secure site to a non-secure site (known as protocol transfer) all information stored about your session is lost.  This includes the place you came from (known as the referrer).  When you click on an article from Facebook while having secure browsing turned on, the fact that you came from Facebook is lost.  This is how things are intended to work as according to the rules of the internet.

What’s the solution?  Well there is no 100% solution. Some social networks such as Twitter internally transfer you to the correct protocol before redirecting you to the intended site. This method preserves the referrer.  Others like Google Plus have stated that they will not be doing that.  Publishers have several different workarounds; though none of them will get all of the information.  One option is that you could add a tag to your links, such as http://simplereach.com/blog/better-than-real-time?ref=facebook.  Another option is to make sure all your content is hosted on a secure site. The main issue with both of these is when people cross link the article on a different social network or site, which can give you misleading results.

I’d be willing to bet that the only Facebook referrals this individual sees are users that have not enabled secure browsing on their Facebook accounts.  While secure browsing is a necessary part of the internet, there’s still a number of people who don’t understand it’s implications which often results in a misattribution of traffic.

About Russ Bradberry

Russell Bradberry is the Principal Architect at SimpleReach where he is responsible for architecting and building out highly scalable data solutions. He has put into market a wide range of products including a real time bidding ad server, a rich media ad management tool, a content recommendation system and most recently a real time social intelligence platform. He is also the author of the NodeJS Cassandra driver Helenus.

View all posts by Russ Bradberry »
15 comments
ronmartin05
ronmartin05

As an advertiser, one of the coolest features now available on PPC ads to mobile devices is the Click-to-Call feature. Now you can generate inbound lead calls to your business and all prospects have to do is click one button on their phone when they see your ad. Once you've got it setup, all you have to do is optimize your ads to generate increasingly more calls. You can actually even track calls, but that's technical. If you're interested in that, I recommend you call Simon who will at least get you a free audit on your PPC campaign to help you improve results. His number is 256-398-3835.

JohnCo
JohnCo

Facebook bots don't steal your money - Facebook team does. They have bugs in their billing software which allows them to take small amounts of money. When I wrote to their support - they just didn't answer. Yeah, really, why bother answering?

TrafficCake
TrafficCake

The issue of fraud traffic – and in particular bots – within the media buying business is staggering.

Our experiences at TrafficCake.com showed even reputable ad-networks delivering 30%+ fraud traffic, whilst some of the smaller traffic sellers, particularly those targeting small affiliates and internet marketers unashamedly send 100% bot traffic. They continue to operate with impunity, often from territories beyond the grasp of authorities. When their website or Pay-Pal account is shut down they simply open up new identities.

 

Traffic buying needs to be more safe and transparent. Knowledge is important – traffic buyers need to know what steps they can take to protect themselves.

 

And don’t forget if 30%+ of all online marketing ad spend is fake – that’s a lot of money going missing from legitimate parts of our economy.

 

Terrance2120
Terrance2120

I don't think you really understand the post the concerned business owner made, nor do I think you have a grasp of the things you are discussing. Saying that a bot can do anything your browser can do and hide it as easily is a misleading statement at its very best. You are forgetting to mention that botting is used by companies and individuals everywhere for legitimate reasons, but that it is also used for VERY illegitimate reasons as well, not the least of which is faking hits and driving up revenue. I know that it is tempting to presume everyone is on your side, especially people who have their hands so far down your pants. The fact of the matter is botting happens and it happens a lot on social media. 

devdazed
devdazed

 @Terrance2120 Yes, I totally agree. But I am offering an alternative to the assumption that facebook is using bots to steal money from a startup, which sounds a lot more far-fetched than the idea that referrer data is getting lost by switching from a secure to a non-secure site.

Brandon Morales
Brandon Morales

 @devdazed  @Terrance2120 If you read the post you know he specifically said he did not think it was Facebook using bots to steal money from a startup. He suspected it came from a competitor. Additionally, Facebook has admitted in their investor calls that this is a problem that they are aware of (competitor's using bots) and they estimate about 5-6% of their accounts are fake bot accounts (that would represent more than 50 million fake bot accounts). I think his argument, and others have stated the same, is that Facebook's customer support seems to not care about looking into or helping individuals to stop these type of attacks. And until Facebook can do more to support individuals who are paying for a service, he is not going to use the service.

devdazed
devdazed

@Terrance2120

That's very fair and I clearly missed his point wrt to Facebook's position. The goal of the post was to cast light on a specific issue given referrer tracking on FB is a bit of a blackbox. There was nothing to suggest he hadn't ruled this out as the cause in seeing large discrepancies

 

Terrance2120
Terrance2120

 @devdazed Also not to mention that PROVING that your traffic is from bots is also problematic.

Terrance2120
Terrance2120

 @devdazed Now I understand what you're saying a little better, I totally agree with you that more data is needed to make an accusation like the one made in the post. That 80% of their traffic via Facebook was or is bot traffic is certainly an overestimate at least. Thank you for responding.

hoopz
hoopz

"You're willing to bet" yet you don't seem to have read the original problem closely. First of all, anyone worth their salt would already be tagging the ad link with campaign specific variables... especially if discrepancies show up. So the entire point about referrers and secure browsing is moot: referrers are not required to identify clicks on campaigns that you yourself control, and adding utm_source variables is part of Self-Serve Ads 101.

 

Second, you seem to equate analytics with Javascript analytics, when again obviously, they would've cross referenced with server-side logs of raw hits when investigating.

 

Protocol transfer and JavaScript are entirely unrelated, and this post adds nothing useful to the discussion.

 

devdazed
devdazed

If he did in fact tag the link properly then I would agree that Protocol Transfer is not the issue.  There is no evidence to suggest that he did.  Therefore there is still a possibility of this having been the issue.

devdazed
devdazed

I'd have to say that the article quotes "The Blank Ad was trafficked on Ad Networks, as reported in the Ad Age Story, not in Facebook."

Contact
  • 122 W. 27th St, 7th Floor
  • New York, NY 10001
  • info@simplereach.com

Privacy Policy