Product guides

Malvertising Defense FAQ

Suggest Edits

General

What is your false positive rate?

False positives are not an issue for HUMAN malvertising defense. A false positive in our world does not impact revenue since we never block the delivery of the purchased ads; rather, we only block the malicious code that negatively impacts users.

Does HUMAN perform post-delivery behavioral analysis?

No, all behavior analysis is done at runtime so post-delivery analysis duplicates the work.

Are you using a blacklist?

Unlike our competitors, our solution does not rely on a blacklist. Our solution is predominantly a behavioral analysis solution. We do not blacklist or block auctions from completing like the various other market solutions do. We allow the auctions to complete and the original creative that was approved to render (usually a stolen brand ad) - we simply neutralize the malicious behavior.

This allows the publishers to get paid, the user experience to be preserved, and the bad actor to get zero engagement from their buy. We actually make the malicious activity unprofitable for the bad actors. 

Is your solution server-side or client-side?

Our primary solution for publishers is a CLIENT-SIDE solution where a single line of java-script sits on their page. This solution monitors the execution of JavaScript in runtime when ads are rendering. We also have a solution for SSPs that allows you to inject our script into your ad delivery on a sampled basis.

Script Integration

Does the HUMAN script affect latency?

There is negligible latency added by the HUMAN script. We utilize a globally distributed content delivery network (CDN) and Edge computing  to deliver the script to the page. Once loaded, the script performs real time behavioral analysis to catch malicious ads which takes milliseconds to perform.

Where does the HUMAN script go on the page?

The optimal location for the HUMAN script is placed in the HTML tag as a synchronous

This ensures that the script is loaded into memory and available before any ad calls are made, allowing the HUMAN script to inspect each ad for malicious code and ensuring the maximum effectiveness of the script.

Can I implement the HUMAN script asynchronously?

Implementing the HUMAN script asynchronously can impact the effectiveness of the HUMAN script's ability to block malicious threats.

If you would prefer to implement the script asynchronously, please reach out to the  Support Team.

Does the HUMAN script work with ReactJS?

Yes, the HUMAN script has undergone extensive integration testing with the ReactJS front-end framework to ensure compatibility with the framework.

Additionally, we perform quarterly integration testing with the ReactJS framework to ensure compatibility with new versions of ReactJS.

Can we put the HUMAN script in Google Tag Manager (GTM)?

We do not recommend integrating the HUMAN script within GTM. The reason is because we do not have any control over when our script loads on the page and we could load after prebid or other ad related code that is delivered to your site.

When the HUMAN script is loaded after ad related code, it hurts our ability to effectively block and report on threats.

However, we are happy to review and give you feedback on a test page with your desired setup.

Do we need to use a unique script for each site we want to protect?

Mapping is based on a domain name so you can certainly use one script if that is easier for you.  We would display threat statistics in your dashboard for all domains protected by the script.

We recommend multiple scripts only for organization and ease of use for our publishers. For example, a script can be turned off within the dashboard for one site without removing protection on other sites.

How does the script affect viewability?

The HUMANo script has a negligible impact on advertisement viewability. We partner with the top MRC accredited viewability vendors to validate that the HUMAN script does not impact advertisement viewability metrics. Additionally, we perform quarterly validations with these vendors to ensure continued compliance with viewability standards.

Dashboard

When should I worry about the number of heavy ads?

Mitigation should not be necessary unless the dashboard percentage grows larger than 2%. Users are protected by the browser and revenue isn’t impacted, so even above average levels are acceptable.

Over 2% is an indication of a possible site issue, problem with a custom ad format, or site content erroneously blocked because it's being classified as an ad. This should be investigated and we’re here to support those efforts.

What are heavy ads?

Using a 10% sample rate, we collect and report when Chrome browsers block an ad as heavy. Based on the criteria set by Google, an ad is considered heavy and blocked by Chrome-family browsers, if it has not been interacted with (e.g. click or tap) and meets 1 of the following:

  • Uses the main CPU thread for more than 60s in total (cpu violation)
  • Uses the main CPU thread for more than 15s in any 30s window (cpu violation)
  • Uses more than 4 megabytes of network bandwidth (network violation)
  • VAST/VPAID ads are mostly exempt from this, as this only applies to banner and native formats.

Why is SSP or DSP still pending verification for Heavy Ads?

Ads may not get flagged as heavy until well after being served, making it difficult to trace back to responsible platforms. Also, Chrome sometimes blocks non-ads, with no identifiable ad platform.

What is an acceptable number of heavy ads?

Average dashboard percentage is .01%, but ranges up to .2% are quite common. Percentages are based on page-views and will vary significantly between sites due to differences in # of ads per page,  and page dwell time.

How is the heavy ad reporting helpful?

For publishers that operate their own sites, this gives meaningful insight to changes in heavy ad volumes to understand how often ads are being blocked and possibly from whom.  Not because they don’t want to protect users, but because a page littered with broken ad messaging creates a poor user experience and reflects poorly on the site. Please note that usually, publishers still get paid for these ads so there is not a loss of revenue associated.

What are the Violation Type definitions?

  • Redirect Threat: Repeatedly occurring attempts to redirect users to malicious landing pages using public or widely used malicious code.
  • Malicious Landing Page: Ad that clicks through to a landing page that is malicious or deceptive, usually includes some form of cloaking and/or fake content.
  • Prohibited Ads: Ad that violates generally accepted ad policies in an extreme manner, including graphic content, false functionality or intentionally deceptive ads.
  • Video Stuffing: Legitimate banner that has invisible video ad calls in the HTML5, usually hidden on the page.
  • Autoplay: Display ads that play video or audio with full sound, that have not been interacted with. Pre-roll video ads do not apply.
  • Pixel Stuffing: Excessive data collecting pixels inside of an ad.
  • Crypto Mining: A display ad that performs client-side cryptocurrency mining.

Can I create new script tags on my own?

Yes, this is available in the Deployments tab in the Dashboard.

Can I rename my tags?

Yes, navigate to the Deployments tab in the Dashboard to rename.

How do you determine THREAT LEVEL?

Threat Level Value is calculated by dividing the total number of page views by the number of malvertising attacks prevented, over a period of time.

What info from HUMAN can we take back to our SSP?

This is the beauty of our product, you do not need to reach out to SSPs. Our goal is to provide maximum protection with no ongoing management. Our solution blocks the malicious redirect but does not impact revenue or the user experience. We make it as simple as possible for our partners so you don't have to reach out to SSPs and can focus on your business.

How frequent are deployments/updates to the script?

As we are regularly enhancing our offensive technology to ensure our clients are protected. Our deployments are scheduled based on the release type. Deployments are executed in a multi-tier basis to ensure our team can properly monitor, QA and confirm each successful deployment. Our tiered approach allows us to partner with trusted publishers to ensure everything is working as expected before moving to the next tier. Our engineering team has a strict pre release and post release test plan which validates multiple data sets in real time. Our customers are our most valued asset and protecting them flawlessly is our #1 priority.

What does “Pending Verification” mean for  SSP or DSP mean?

The Threat Network grows with each attack we see. There may be times when tieing threats to the ad source may not be immediately possible based on threat architecture and ad path. Our team is  consistently working to attribute threats where possible. 

What do the browsers mean?

There are many different browsers across both desktop and mobile devices. In order to provide you with the most useful  information, we classify each browser uniquely and avoid roll ups where possible. For example, Safari Mobile would be the Safari app on your iOS device. But Safari Mobile In-App would be the webview of that browser being used if you opened a link while you were using another iOS app - like a game.

Support

Why would a user still see a redirect if you're protecting our site?

While we strive for 100% protection, the bad actors are constantly developing new, innovative methods for attack. We take a real-time, behavioral approach to protecting sites (not just a blacklist), but even this requires tweaking to stop attacks at the root of the problem.

If a redirect was reported on my site, what should I do?

If a user has reported an issue, please capture as much information as possible and send a message to [email protected].. Ideally, user info would include:

  • URL of site where attack found
  • date/time
  • device/os (iPhone, Android, Windows, MacOS)
  • browser (Chrome, Internet Explorer, Safari, in Snapchat, in Facebook, etc.)
  • location (US, Canada, UK, etc.).

Also, if a screenshot and/or network log (e.g. Charles .har log) is available, please collect as well. 

You can also submit tickets via the dashboard by clicking on the Need Help link in the left hand navigation.

Updated 12 days ago