Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: advertising

  • Crypto Mining on Websites Isn’t Evil

    Crypto Mining on Websites Isn’t Evil

    A recent hot button topic in WordPress has been Crypto Mining.

    What is Crypto Mining?

    Mining is a way to use your computer hardware to ‘mine’ for Bitcoin (or whatever cryptocurrency). Cryptocurrency is a digital currency, generated by performing computationally expensive tasks that use a lot of your computer’s processing power. Basically a computer is paid for solving math numbers. This math solving verifies transitions, and effectively runs the cryptocurrency Wall Street.

    Mining is earning money.

    Why is it bad?

    The problem is that you can’t actually do any profitable mining on your laptop. It’s not powerful enough. People have to build out crazy computers dedicated to mining, and those use a lot of power, which means you’ll end up paying more for electricity than it’s worth. Somewhere along the line, people decided to use the power of the crowd to make the money for them, and started to bundle mining tools in their software. uTorrent, for example, did that so every time you used their app, you made them a few thousandths of a penny. With millions of users, they make money and you pay more for electricity.

    Isn’t that illegal?

    Well. No. You agreed to their Terms of Use and guess what got buried in those EULA’s you clicked “I Accept” on? Surprise! Technically this means its legal. Ethical is, of course, a different matter. Mining without reporting your income on your taxes is illegal (surprise again), but the actual mining itself isn’t. But the reason why people say this is unethical is less that people are using your computer to mine, but that you don’t get any of the money from it!

    How did websites get involved?

    People figured out how to embed, via javascript, a mining program in websites as an alternative to those ads no one clicks. While most (if not all) web hosts will kick you off their services for using their servers to mine, this instead uses the computers of site visitors to mine. Which brings us back to the part where your laptop (or worse – phone) is being used to mine without your knowledge or real permission. Because in the case of the javascript, most aren’t asking you to opt in. All the visitors make thousandths of a coin for the website, all without knowing (except maybe wondering why the website is a little slow).

    It’s THAT illegal?

    Apparently not. Which is why I recommend you install and use an adblocker. I currently use Ghostery, which is an add-on for your browsers. It stops most bad actors from being loaded if they’re tracking you, but it doesn’t block all javascript. Which yeah, it shouldn’t! You need javascript for the modern web to run.

    Instead, you could block bad javascript, which I do via jsBlacklist – a Safari extension. I’m sure it exists for other things, and my friend Jason has a Javascript Blacklist of all the naughty miners and services he knows.

    Amusingly, Showtime’s website was mining, and we’re not yet sure how or why. It was removed quickly.

    Is there a good way to use this on my website?

    If you absolutely must, I recommend an approach like AuthedMine. This legit enforces opt in. But check with your web host first to make sure it doesn’t violate their terms. And above all, make sure people know what they’re agreeing to.

  • Dynamic Amazon Associates

    Dynamic Amazon Associates

    I preface this with a note that there are actually a lot of WordPress plugins that purport to do this.

    Stable, Topical, Content

    Sometimes a blog is just a blog, and you write what you write. Other times you have a site that covers an ever expanding, diverse plethora of topics. When you have topical content that can be easily identified and codified, the game changes. You no longer are forced to rely on generic ads, you can pick and chose what works best for your specific content.

    There are two general ways to achieve this. The first way is adding a specific ad to each page, manually, and the second is figuring out how to automate it.

    Using an API

    Amazon has a Product Advertising API which gives developers access to the entire product catalog, which can let you programmatically determine what links to call and when. Like a lot of Amazon APIs, it’s not exactly written in low-geek levels of usage. This is my constant complaint about Amazon and their services: they were not written to be easily understood.

    Thankfully, unlike my experience with making a custom Alexa skill, I did not actually have to invent the wheel. This time there is a fully functional, if poorly documented, Amazon Product Adverstising Library based on PHP REST and SOAP using the Product Advertising API..

    A ‘Simple’ Application

    The API is best installed via composer, which isn’t my favorite method. Nothing against composer, it’s great to pull down a library and it’s dependancies. My issues with it are that people don’t properly flag their archives so even if you use --prefer-dist on your build, you still get all the tests and documentation and that annoys me.

    Anyway. Use composer, get the files, and then you can use it to call Amazon searches and build links:

    <?php
    include_once( 'vendor/autoload.php' );
    
    use ApaiIO\Configuration\GenericConfiguration;
    use ApaiIO\Operations\Search;
    use ApaiIO\ApaiIO;
    
    $conf = new GenericConfiguration();
    $client = new \GuzzleHttp\Client();
    $request = new \ApaiIO\Request\GuzzleRequest($client);
    
    $conf
        ->setCountry( 'com' )
        ->setAccessKey( AWS_API_KEY )
        ->setSecretKey( AWS_API_SECRET_KEY )
        ->setAssociateTag( AWS_ASSOCIATE_TAG )
        ->setRequest( $request );
    $apaiIO = new ApaiIO( $conf );
    
    $search = new Search();
    $search->setCategory( 'DVD' );
    $search->setActor( 'Lucy Lawless' );
    $search->setKeywords( 'Xena' );
    
    $formattedResponse = $apaiIO->runOperation( $search );
    
    var_dump( $formattedResponse );
    

    Obviously you don’t ‘var_dump’ for real, but it’s a good way to get an idea of what kind of data you’ll be getting back. You can also reformat the output by changing the response transformer. For example, if you want an array, you can add this to your $conf setting:

      ->setResponseTransformer( new \ApaiIO\ResponseTransformer\XmlToArray() )
    

    Customizing Keywords

    Of course not everyone wants every search result to be about a warrior princess. Pity, but that’s the world for you. These three aspects are the ones most people will care about:

    $search->setCategory( 'DVD' );
    $search->setActor( 'Lucy Lawless' );
    $search->setKeywords( 'Xena' );
    

    All of that data was actually saved in the post, so I wrote my code to extract it. That is the actual magic, though. On pages for characters, we had their actors. On pages for shows, we had the show title and genre. Using that, we were able to logically extract the information to generate the appropriate ads.

    Why Not a Plugin?

    I did mention there were plugins that do this. The problem was that I needed to mess with that customization so much. I had to hand code in the logic (which was not perfect) to show the ‘right’ links on the right pages. No plugin met all my needs nor permitted enough customization in the right ways.

  • Targeting Ads

    Targeting Ads

    Selling things on your website isn’t a strange concept. A lot of people have sites where they want to do that if only to break even. And most people do it with generic ads. When, for whatever reason, Google and such aren’t a viable option, it’s time to consider targeting your advertising a little pragmatically. Or rather, more specifically.

    Take Aim At Your Content

    One of the reasons Google Adsense is so popular is that it claims to target your readers for you. It does the hard work and you can just walk away. But the reality is that it’s targeting your readers based on their search patterns, not necessarily based on your content.

    Now. Google does target ads based on content. However it’s not the way I felt would make the most sense. You see, when I think about content targeted ads, I would think “this post is about bicycles, I should have ads about bicycles.” What actually happens is you get some bicycle ads and then some ads for table wax, because you were shopping for that earlier in the week.

    Advertisers over Content

    The problem arises in prioritizing advertisers over readers. It’s one of those peculiar paradoxes. Ads are made by people to make money. They pay you to put them on your website. But that only works if the people who visit your website click on their ads and buy their things. That means it’s more beneficial for advertisers to aim at the visitor directly than via your website’s content.

    Most people don’t actually go to their ad preferences on Google and fiddle with their personal preferences, so the default ads are always going to be based on everything. Since some people have weird interests, the ads on your site might be geared towards beds instead of bicycles.

    Taking Control

    If your goal is to have fewer generic ads then the only solution is to take charge of what ads are on your site. And that’s work. Not many of us have the time to pick our ads every single day, and even if we did, we’d be set with the ones offered to us. I’ve used Project Wonderful before, and it lets you pick what ads you show. But only from the ones that submit to your site.

    The next choice is cherry picking ads from what’s available on a service like Amazon’s Associate Program. That shows you all of Amazon’s available bounties and promotions, which you can put on your site and leave them alone. Some even last ‘forever’ so you don’t have to worry about expirations.

    More Control?

    Of course, there’s also the work of adding individualized ads on each page, for the product you’re talking about. But that is another post.

  • Chronic Infections: Blacklisted

    Chronic Infections: Blacklisted

    If you use Chrome, you may be used to those warnings about how a site is dangerous (or hacked) and maybe you shouldn’t visit it. If that happened to your site, you’d get an email if you use Google Webmasters (which I recommend you do), and then after you clean it up you can ask for a rescan. Or if you don’t, Google will rescan the site after a while and if it’s clean, carry on.

    That ends.

    Google found out something we’ve all known for a while, and that’s people can be evil and malicious. And what they’ve done is created a ‘repeat offenders’ blacklist, for sites that clean up only to allow themselves to be reinfected. As they say, “Sites that repeatedly switch between compliant and noncompliant behavior within a short window of time will be classified as Repeat Offenders.”.

    This is dangerous for users when a hack is outside their control.

    The number one cause of reinfections is not plugging the hole. In the case of things like WordPress, it’s down to upgrading everything, deleting anything with a known hack or backdoor, and locking down users. Hacks like Pharma, where the database becomes vulnerable and repeatedly re-infects a site, are thankfully rare for WordPress, but the same cannot be said of other CMS applications.

    And far worse than that is this. By which I mean what happens when your ad network is the cause of a hack?

    Recently, a friend of mine was hacked and got upset that his webhost’s scan of his site said it was clean, while Google did not. In looking at the site, I pointed out the hack was from his ads and not the files on the webhost. His webhost’s scanner didn’t hook into Google’s Safe Browsing service so of course it didn’t come up. He was pissed off about the host missing it, but once I explained why, he realized the magnitude of the issue.

    By adding an ad service to your site, you’re effectively trusting their behavior. And some ads are pretty scummy. While Google Adsense (and others) are usually pretty quick to kick-ban those idiots, the damage will be pretty hardcode. It takes but a small moment for a high-traffic site to serve up enough malware to make that attacker’s plan worthwhile. And worse, if the same kind of person get in again and again (which happens) and your site is infected multiple times, you will end of on the shit-list.

    Thats enough FUD on it. Let’s talk about mitigations.

    We’re all going to need to get better at figuring out where the malware is from. All of us. Security companies are going to lose money if they can’t stop repeat attacks, and since even the best firewall can’t stop shitty ads, all our scanner tools are going to need to be better about detecting what the cause is and where it’s from. This is going to be hard, since the ad may be gone by the time the site scan runs.

    Google will need to tell us what they know a lot better. I don’t know if they will, but they’ll need to figure something out. At the same time, I get why they may not want to. It tips the hand to tell malicious people exactly how you caught on to them, but at the same time telling people “Your ads are serving up malware” would be impactful and hopefully not too harmful. I’m on the fence there.

    Finally, we all know ads on the internet are shit. We’re all barely making money off them. So if you get infected by an ad vendor twice, it’s time to turn those ads off and look for something new. If that ad vendor is Google, open a ticket with them and provide evidence that they’re hurting your SEO and could cause you to get on that repeat offender list.

    Yes, this is making a hard decision, but it’s one you must make. If you’re being betrayed by your ads, you need to quit them.

  • Google Advertising Experiments

    Google Advertising Experiments

    In the time since I’ve gone back to Google Adsense, I’ve had issues with some of their ads. Mostly religion and politics. Big shocker, right? Every once in a while, Google suggest I allow those ads:

    Consider allowing ads from sensitive categories to increase auction pressure and improve performance.

    I usually discard the suggestion, but this time they tried something new to me.

    … you can allow these ads now, or run an experiment to help you decide.

    Experiment?

    There are only two types of experiments right now. One is ad units, where you can adjust templates and ad sizes. The other is what I’m doing, allowing and blocking ads. I clicked on the experiment button, and it set up an A/B test for me, tracking the clicks of each version of my site, to see if anyone actually clicks on those ads.

    Screenshot of the experiment page, showing nothing since it just started

    Initially there was an option to automatically pick the best one, but I don’t know if I want to. I do know that I want to actually see if anyone who reads my sites wants to see political ads.

    The reason I’d blocked them is they were showing right-wing crazy people on my sites, and I’m not that person. They were showing ads I would deem offensive (and you have to work hard to offend me) so instead of reading every single ad, I decided to block all of them, assuming I wasn’t hurting my income too much.

    After this experiment, I’ll circle back and make a more informed decision. I wish there were more things I could experiment on, like specific ads in specific locations, but this ability to just see if the ads are clicked at all is a nice start for a free product.

  • An Ad Network You Can’t Use

    An Ad Network You Can’t Use

    Amidst the kerfluffle of Peace being pulled from the App Store after a couple days, there was a mention of how it also blocked the Deck Network ads.

    Most people in tech have seen Deck ads, but few outside the ‘hard core’ geeks know of it, and it’s for good reason. It’s an invite only ad system that makes ads that don’t slow your site down.

    Manually curating ads, they restrict users to show one and only one ad on the site, perhaps not on all pages of a site, but just the one ad.

    In essence, buying a month on The Deck gives you an exclusive showing on three percent of all the pages viewed for that month across all fifty-two sites and services. And there won’t be Google or other third-party ads diluting your exposure. The Deck ad is the only ad on the page.

    It’s a phenomenal amount of work. And that would be why only fifty-odd sites are in. Peace happens to be on that network. But let’s put aside the whole ethics and morality of ad-blocking for a day.

    The idea behind the Deck Network is everything I want an ad network to be. They pride themselves of relevancy to their network and only show ads relevant to the network. They only show ads they’re okay with seeing. As mentioned before, it’s an incredible amount of work, but it’s exactly what you’d want to see in an ad network. Ads that people would rather be relevant than, nessecarily, make money.

    That’s really kind of the same reason as my I like Project Wonderful so much. With Project Wonderful, though, the quality of the ads is a little crowd sourced. If enough of us report an ad, it will likely get pulled but it will always be reviewed. With The Deck, it’s the other way. Nothing gets in that isn’t vetted first.

    The amount of work that goes into that is exactly why, every time anyone says “I’ll pay you to put my ad on your site” I say “No thanks.” The whole mess of running my own ads, having them expire and rotate and change, is a hassle I don’t want to mess with. I don’t want to spend my time running ads, and I’m a one-woman-show here, folks.

    The balance between making money and having relevant ads is tricky. I think, for the tech world, The Deck gets it right. But I doubt any of us will ever be on it.