Product guides

Malvertising Defense for Platforms FAQ

Suggest Edits

General

What is your false positive rate?

False positives are not an issue for HUMAN malvertising defense. A false positive in our world does not impact revenue since we never block the delivery of the purchased ads; rather, we only block the malicious code that negatively impacts users.

Does HUMAN perform post-delivery behavioral analysis?

No, all behavior analysis is done at runtime so post-delivery analysis duplicates the work.

Are you using a blacklist?

Unlike our competitors, our solution does not rely on a blacklist. Our solution is predominantly a behavioral analysis solution. We do not blacklist or block auctions from completing like the various other market solutions do. We allow the auctions to complete and the original creative that was approved to render (usually a stolen brand ad) - we simply neutralize the malicious behavior.

This allows the publishers to get paid, the user experience to be preserved, and the bad actor to get zero engagement from their buy. We actually make the malicious activity unprofitable for the bad actors. 

Is your solution server-side or client-side?

Our primary solution is CLIENT-SIDE, where a JavaScript tags is added to a sample of traffic to flag malicious ads. This solution monitors the execution of JavaScript in runtime when ads are rendering. We also utilize other components, such as out-of-band scanning to perform deeper analysis on landing pages to help build markers for client-side realtime detection.

Script Integration

Does the HUMAN script affect latency?

There is negligible latency added by the HUMAN script. We utilize a globally distributed content delivery network (CDN) and Edge computing  to deliver the script to the page. Once loaded, the script performs real time behavioral analysis to catch malicious ads which takes milliseconds to perform.

For Publishers, where does the HUMAN script go on the page?

The optimal location for the HUMAN script is placed in the HTML tag as a synchronous

This ensures that the script is loaded into memory and available before any ad calls are made, allowing the HUMAN script to inspect each ad for malicious code and ensuring the maximum effectiveness of the script.

For Publishers, can I implement the HUMAN script asynchronously?

Implementing the HUMAN script asynchronously can impact the effectiveness of the HUMAN script's ability to block malicious threats.

If you would prefer to implement the script asynchronously, please reach out to the  Support Team.

For Publishers, does the HUMAN script work with ReactJS?

Yes, the HUMAN script has undergone extensive integration testing with the ReactJS front-end framework to ensure compatibility with the framework.

Additionally, we perform quarterly integration testing with the ReactJS framework to ensure compatibility with new versions of ReactJS.

For Publishers, can we put the HUMAN script in Google Tag Manager (GTM)?

We do not recommend integrating the HUMAN script within GTM. The reason is because we do not have any control over when our script loads on the page and we could load after prebid or other ad related code that is delivered to your site.

When the HUMAN script is loaded after ad related code, it hurts our ability to effectively block and report on threats.

However, we are happy to review and give you feedback on a test page with your desired setup.

For Publishers, do we need to use a unique script for each site we want to protect?

Mapping is based on a domain name so you can certainly use one script if that is easier for you.  We would display threat statistics in your dashboard for all domains protected by the script.

We recommend multiple scripts only for organization and ease of use for our publishers. For example, a script can be turned off within the dashboard for one site without removing protection on other sites.

How does the script affect viewability?

The HUMAN script has a negligible impact on advertisement viewability. We partner with the top MRC accredited viewability vendors to validate that the HUMAN script does not impact advertisement viewability metrics. Additionally, we perform quarterly validations with these vendors to ensure continued compliance with viewability standards.

Dashboard

What are the Violation Type definitions?

  • Redirect Threat: Repeatedly occurring attempts to redirect users to malicious landing pages using public or widely used malicious code.
  • Malicious Landing Page: Ad that clicks through to a landing page that is malicious or deceptive, usually includes some form of cloaking and/or fake content.
  • Prohibited Ads: Ad that violates generally accepted ad policies in an extreme manner, including graphic content, false functionality or intentionally deceptive ads.
  • Video Stuffing: Legitimate banner that has invisible video ad calls in the HTML5, usually hidden on the page.
  • Autoplay: Display ads that play video or audio with full sound, that have not been interacted with. Pre-roll video ads do not apply.
  • Pixel Stuffing: Excessive data collecting pixels inside of an ad.
  • Crypto Mining: A display ad that performs client-side cryptocurrency mining.

How frequent are deployments/updates to the script?

As we are regularly enhancing our offensive technology to ensure our clients are protected. Our deployments are scheduled based on the release type. Deployments are executed in a multi-tier basis to ensure our team can properly monitor, QA and confirm each successful deployment. Our tiered approach allows us to partner with trusted publishers to ensure everything is working as expected before moving to the next tier. Our engineering team has a strict pre release and post release test plan which validates multiple data sets in real time. Our customers are our most valued asset and protecting them flawlessly is our #1 priority.

What does “Pending Verification” mean for  SSP or DSP mean?

The Threat Network grows with each attack we see. There may be times when tieing threats to the ad source may not be immediately possible based on threat architecture and ad path. Our team is  consistently working to attribute threats where possible. 

What do the browsers mean?

There are many different browsers across both desktop and mobile devices. In order to provide you with the most useful  information, we classify each browser uniquely and avoid roll ups where possible. For example, Safari Mobile would be the Safari app on your iOS device. But Safari Mobile In-App would be the webview of that browser being used if you opened a link while you were using another iOS app - like a game.

Support

For Publishers, why would a user still see a redirect if you're protecting our site?

While we strive for 100% protection, the bad actors are constantly developing new, innovative methods for attack. We take a real-time, behavioral approach to protecting sites (not just a blacklist), but even this requires tweaking to stop attacks at the root of the problem.

If a redirect was reported on my site, what should I do?

If a user has reported an issue, please capture as much information as possible and send a message to [email protected]. Ideally, user info would include:

  • URL of site where attack found
  • date/time
  • device/os (iPhone, Android, Windows, MacOS)
  • browser (Chrome, Internet Explorer, Safari, in Snapchat, in Facebook, etc.)
  • location (US, Canada, UK, etc.).

Also, if a screenshot and/or network log (e.g. Charles .har log) is available, please collect as well. 

You can also submit tickets via the Dashboard by clicking on the Need Help link in the left hand navigation.

Updated 4 months ago