W3C home > Mailing lists > Public > public-tracking@w3.org > August 2012

RE: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"

From: Shane Wiley <wileys@yahoo-inc.com>
Date: Tue, 21 Aug 2012 14:16:56 -0700
To: Tamir Israel <tisrael@cippic.ca>, "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>
CC: Lee Tien <tien@eff.org>, Craig Spiezle <craigs@otalliance.org>, "'Chris Mejia'" <chris.mejia@iab.net>, "'David Wainberg'" <david@networkadvertising.org>, "'Jonathan Mayer'" <jmayer@stanford.edu>, "public-tracking@w3.org" <public-tracking@w3.org>, "'Nicholas Doty'" <npdoty@w3.org>
Message-ID: <63294A1959410048A33AEE161379C8024F8FDD4D2B@SP2-EX07VS02.ds.corp.yahoo.com>
Tamir,

I don't want to say too much here but please understand inconsistency in standard signals such as UID/IP address and other factors in themselves can help distinguish fraudulent activity.

- Shane

-----Original Message-----
From: Tamir Israel [mailto:tisrael@cippic.ca] 
Sent: Tuesday, August 21, 2012 2:12 PM
To: Dobbs, Brooks
Cc: Shane Wiley; Lee Tien; Craig Spiezle; 'Chris Mejia'; 'David Wainberg'; 'Jonathan Mayer'; public-tracking@w3.org; 'Nicholas Doty'
Subject: Re: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"

OK, thanks again, Brooks (and Chris). And I understand why perhaps it isn't wise to discuss in too great details on a public forum.

I'll just ask that you folks think about the added utility of UID/IP addresses, given that a determined fraudster can delete the first and proxy the 2nd.

And with respect to IP addresses, I think this is one that remains in the 'to be decided' pile of the DNT definition .....

On 8/21/2012 5:01 PM, Dobbs, Brooks wrote:
> Tamir,
>
> So to be clear people don't publish there "secret sauce" on how they 
> identify and remove click fraud, or to be more politically correct 
> "low quality" clicks.  So your question is - do UIDs fix his problem.
> Obviously not knowing the secret sauce I can't specifically answer HOW 
> they help, but I can say they are part of the solution.  With clicks 
> selling for real values in whole dollars and even upwards of tens of 
> dollars, you need to make sure that, for instance, the same user can't 
> create a charge for more than one click.  This presupposes that you 
> can identify "same user".  You may also need to know who someone 
> isn't, as you wouldn't want someone who financially benefits from the 
> click to do the clicking.  The more data you have, the better job of 
> determining the quality of the click.  Now I use click here as an 
> example, but the same really holds true for ad views as well; it is just a question of scale.
> So yes cookies are deleted and some folks have no cookies, but all 
> this can be used to create heuristics that build confidence.  If you 
> don't log IP and you don't log cookies this confidence is pretty hard to come by.
>
> -Brooks
>
>
>
Received on Tuesday, 21 August 2012 21:17:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:54 UTC