W3C home > Mailing lists > Public > public-tracking@w3.org > August 2012

Re: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"

From: Tamir Israel <tisrael@cippic.ca>
Date: Tue, 21 Aug 2012 17:40:05 -0400
Message-ID: <50340035.2060309@cippic.ca>
To: Shane Wiley <wileys@yahoo-inc.com>
CC: "Dobbs, Brooks" <Brooks.Dobbs@kbmg.com>, Lee Tien <tien@eff.org>, Craig Spiezle <craigs@otalliance.org>, 'Chris Mejia' <chris.mejia@iab.net>, 'David Wainberg' <david@networkadvertising.org>, 'Jonathan Mayer' <jmayer@stanford.edu>, "public-tracking@w3.org" <public-tracking@w3.org>, 'Nicholas Doty' <npdoty@w3.org>
Shane,

OK. Maybe on the fraud detection (as opposed to SOX) it's too detailed a 
discussion. It'll come down to the added utility of each, but to assess 
that, you'd need to have Brooks' special sauce recipe....

Best,
Tamir

On 8/21/2012 5:16 PM, Shane Wiley wrote:
> Tamir,
>
> I don't want to say too much here but please understand inconsistency in standard signals such as UID/IP address and other factors in themselves can help distinguish fraudulent activity.
>
> - Shane
>
> -----Original Message-----
> From: Tamir Israel [mailto:tisrael@cippic.ca]
> Sent: Tuesday, August 21, 2012 2:12 PM
> To: Dobbs, Brooks
> Cc: Shane Wiley; Lee Tien; Craig Spiezle; 'Chris Mejia'; 'David Wainberg'; 'Jonathan Mayer'; public-tracking@w3.org; 'Nicholas Doty'
> Subject: Re: SOX Requirements RE: ACTION-216 - Financial Reporting "Exceptions"
>
> OK, thanks again, Brooks (and Chris). And I understand why perhaps it isn't wise to discuss in too great details on a public forum.
>
> I'll just ask that you folks think about the added utility of UID/IP addresses, given that a determined fraudster can delete the first and proxy the 2nd.
>
> And with respect to IP addresses, I think this is one that remains in the 'to be decided' pile of the DNT definition .....
>
> On 8/21/2012 5:01 PM, Dobbs, Brooks wrote:
>> Tamir,
>>
>> So to be clear people don't publish there "secret sauce" on how they
>> identify and remove click fraud, or to be more politically correct
>> "low quality" clicks.  So your question is - do UIDs fix his problem.
>> Obviously not knowing the secret sauce I can't specifically answer HOW
>> they help, but I can say they are part of the solution.  With clicks
>> selling for real values in whole dollars and even upwards of tens of
>> dollars, you need to make sure that, for instance, the same user can't
>> create a charge for more than one click.  This presupposes that you
>> can identify "same user".  You may also need to know who someone
>> isn't, as you wouldn't want someone who financially benefits from the
>> click to do the clicking.  The more data you have, the better job of
>> determining the quality of the click.  Now I use click here as an
>> example, but the same really holds true for ad views as well; it is just a question of scale.
>> So yes cookies are deleted and some folks have no cookies, but all
>> this can be used to create heuristics that build confidence.  If you
>> don't log IP and you don't log cookies this confidence is pretty hard to come by.
>>
>> -Brooks
>>
>>
>>
Received on Tuesday, 21 August 2012 21:40:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:54 UTC