Unraveling header bidding’s problems with user data
Ad tech is all about tradeoffs.
Although header bidding has been heralded for its ability to increase revenue for publishers, an overlooked downside is that it can expose user data by allowing all bidders to access audience data. Header bidding also makes it easier for fraudsters to hide in the noise created by the vast amount of data points that come from multiple parties bidding on all available impressions.
“There are some real security concerns about header bidding that aren’t being talked about,” said an ad-fraud researcher requesting anonymity.
Because waterfalling — a technique where publishers move inventory from one market to the next — is inefficient at driving revenue, many publishers adopted header bidding, which simultaneously offers inventory to multiple exchanges before making calls to their ad servers. While waterfalling is clunky, one benefit of this technique is that it limits how much user data the bidders could harvest, said Todd Garland, CEO of digital ad network BuySellAds.
For example, if the highest-bidding network in the waterfall wins 50 percent of the impressions in the auction, then subsequently, half of the impressions for sale won’t get passed along to other networks. With this approach, each network only obtains user data from whoever they sell impressions to, which is only a fraction of the total audience that the total impressions in the auction are sold to, Garland said.
But with header bidding having all calls go out simultaneously, each bidder can get access to data from all the users who were served impressions from the auction. A Rubicon Project spokesperson said, on average, the top 100 publishers in terms of comScore traffic have four header bidding partners. But it also isn’t unheard of for publishers to near double digits with their bidders.
“Many exchanges allow demand-side platforms to take bid requests and basically just ‘listen’ for data without spending money,” said independent ad tech consultant Brad Holcenberg. “So the more [bidding partners] you work with, the more likely the data gets to their customers and can leak out further from there.”
While sources did not share any first-hand experiences, data leaking can be problematic for both publishers and users. When data leaks, it can devalue publisher inventory because retargeters use audience data from premium publishers to target their users while they’re visiting websites that have lower CPMs. Hyper-targeting can also irritate users and turn them onto ad blocking. And in the most extreme cases, leaks of personal data can allow bad actors to hack people’s personal accounts and devices.
Jeremy Hlavacek, vp of programmatic at The Weather Company, said that while header bidding does make it easier for programmatic platforms to obtain user data, this effect is mitigated by the fact that data aggregators are connected to most supply-side platforms, so they can find indirect ways to obtain and sell user data even if waterfalling limits direct access to user data. But Hlavacek pointed out that with multiple partners bidding on all impressions available in the auction, header bidding significantly increases the amount of data points in the exchanges. Other sources said it’s this data deluge that is most problematic when it comes to security.
“Header bidding generates as much as 10 times the amount of calls to get the same result,” said Tom Kershaw, chief technology officer of Rubicon Project. “Whenever you generate that much noise, it is much harder to track [fraudulent activity] because it becomes easier for people to hide.”
Speaking on the condition of anonymity, an exec from an ad tracking firm said that data leakage is not affected by whether a header bidding product is browser-based or server-side. However, moving the auction to direct server connections could theoretically give publishers more control over who is bidding on their inventory.
“Regardless of the setup, it’s about your governance and having control over which vendors are involved with bidding,” the exec said. “It can get out of control if it is not managed properly.”
How publishers are handling the Juneteenth holiday this year
A number of publishers are observing Juneteenth this year, but not in the same way, with some making it an official holiday and others encouraging employees to use their PTO to take the day off.
Member ExclusiveMedia Briefing: How media companies’ DE&I efforts, office return statuses are affecting hiring
This week's Media Briefing looks at how issues like diversity, equity and inclusion and office return statuses are factoring into media companies' ability to hire people.
Cheat Sheet: How new antitrust bills could force more data access from Facebook and Google (and stop them from favoring their own services)
A set of bills proposed recently could force platforms to stop favoring their own services and give more data access and tech connectivity to others.
SponsoredIdentity solution fatigue is setting in: How to keep moving
By Kristina Prokop, CEO and co-founder, Eyeota As we move deeper into 2021, the desperate search for identity solutions that can smooth marketing organizations’ transitions to a cookieless world is reaching a fever pitch. There’s no shortage of new identifiers and identity technologies vying for attention — and that’s a big part of the problem. […]
Single-source panel measurement is key to optimizing social media planning, says DISQO report
New study is based on responses from 166,000 U.S. consumers in February and March, each of whom voluntarily allowed to have their digital behaviors observed.
BuzzFeed will finally monetarily reward its Community users for their viral quizzes, lists
BuzzFeed is testing to see if user-generated content could identify new areas of coverage for its staff, and bring in niche audiences, with a new summer program that could pay a contributor up to $10,000 for a viral post.