Malvertising Defense for Platforms FAQ
General
What is your false positive rate?
False positives aren't an issue for HUMAN malvertising defense. A false positive in our world doesn't impact revenue since we never block the delivery of the purchased ads; rather, we only block the malicious code that negatively impacts users.
Does HUMAN perform post-delivery behavioral analysis?
No. All behavior analysis is done at runtime so post-delivery analysis duplicates the work.
Are you using a blocklist?
Unlike our competitors, our solution doesn't rely on a blocklist. Our solution is predominantly a behavioral analysis solution. We don't blocklist or block auctions from completing like the various other market solutions do. We allow the auctions to complete and the original creative that was approved to render (usually a stolen brand ad)—we simply neutralize the malicious behavior.
This allows the publishers to get paid, the user experience to be preserved, and the bad actor to get zero engagement from their buy. We actually make the malicious activity unprofitable for bad actors.
Is your solution server-side or client-side?
Our primary solution is client-side, where a JavaScript tag is added to a sample of traffic to flag malicious ads. This solution monitors the execution of JavaScript in runtime when ads are rendering. We also utilize other components, such as out-of-band scanning, to perform deeper analysis on landing pages to help build markers for client-side real-time detection.
Script integration
Does the HUMAN script affect latency?
There is negligible latency added by the HUMAN script. We use a globally distributed content delivery network (CDN) and Edge computing to deliver the script to the page. Once loaded, the script performs real time behavioral analysis to catch malicious ads which takes milliseconds to perform.
For publishers, where does the HUMAN script go on the page?
The optimal location for the HUMAN script is in the <head> HTML tag as a synchronous <script> tag that is placed above any ad calling code (e.g., GPT, Prebid).
This ensures that the script is loaded into memory and available before any ad calls are made, allowing it to inspect each ad for malicious code and ensuring maximum effectiveness.
For publishers, can I implement the HUMAN script asynchronously?
Implementing the HUMAN script asynchronously can impact its ability to block malicious threats.
If you would prefer to implement the script asynchronously, please reach out to HUMAN Support.
For publishers, does the HUMAN script work with ReactJS?
Yes, the HUMAN script has undergone extensive integration testing with the ReactJS front-end framework to ensure compatibility with the framework.
Additionally, we perform quarterly integration testing with the ReactJS framework to ensure compatibility with new versions of ReactJS.
For publishers, can we put the HUMAN script in Google Tag Manager (GTM)?
We don't recommend integrating the HUMAN script within GTM. The reason is the we don't have any control over when our script loads on the page, so we could load after pre-bid or other ad-related code that is delivered to your site.
When the HUMAN script is loaded after ad-related code, it hurts our ability to effectively block and report on threats.
However, we're happy to review and give you feedback on a test page with your desired setup.
For publishers, do we need to use a unique script for each site we want to protect?
Mapping is based on a domain name, so you can certainly use one script if that's easier for you. We would display threat statistics in your dashboard for all domains protected by the script.
We recommend multiple scripts only for organization and ease of use for our publishers. For example, a script can be turned off within the dashboard for one site without removing protection on other sites.
How does the script affect viewability?
The HUMAN script has a negligible impact on advertisement viewability. We partner with the top MRC-accredited viewability vendors to validate that the HUMAN script doesn't impact advertisement viewability metrics. Additionally, we perform quarterly validations with these vendors to ensure continued compliance with viewability standards.
Dashboard
What are the violation type definitions?
- Redirect Threat: Repeatedly occurring attempts to redirect users to malicious landing pages using public or widely used malicious code.
- Malicious Landing Page: Ad that clicks through to a landing page that's malicious or deceptive, usually includes some form of cloaking and/or fake content.
- Prohibited Ad: Ad that violates generally accepted ad policies in an extreme manner, including graphic content, false functionality or intentionally deceptive ads.
- Video Stuffing: Legitimate banner that has invisible video ad calls in the HTML5, usually hidden on the page.
- Autoplay: Display ad that plays video or audio with full sound and that hasn't been interacted with. Pre-roll video ads don't apply.
- Pixel Stuffing: Excessive data-collecting pixels inside an ad.
- Crypto Mining: A display ad that performs client-side cryptocurrency mining.
How frequent are deployments/updates to the script?
We're regularly enhancing our offensive technology to ensure our clients are protected. Our deployments are scheduled based on the release type. Deployments are executed on a multi-tier basis to ensure our team can properly monitor, QA, and confirm each successful deployment. Our tiered approach allows us to partner with trusted publishers to ensure everything is working as expected before moving to the next tier. Our engineering team has a strict pre-release and post-release test plan that validates multiple data sets in real time. Our customers are our most valued asset, and protecting them flawlessly is our number one priority.
What does “Pending Verification” for SSP or DSP mean?
The threat network grows with each attack we see. There may be times when tying threats to the ad source may not be immediately possible based on threat architecture and ad path. Our team is continually working to attribute threats where possible.
What do the browsers mean?
There are many different browsers across both desktop and mobile devices. In order to provide you with the most useful information, we classify each browser uniquely and avoid roll ups where possible. For example, Safari Mobile would be the Safari app on your iOS device. But Safari Mobile In-App would be the webview of that browser being used if you opened a link while you were using another iOS app—like a game.
Support
For publishers, why would a user still see a redirect if you're protecting our site?
While we strive for 100% protection, the bad actors are constantly developing new, innovative methods of attack. We take a real-time, behavioral approach to protecting sites (not just a blocklist), but even this requires tweaking to stop attacks at the root of the problem.
If a redirect was reported on my site, what should I do?
If a user has reported an issue, please capture as much information as possible and send a message to [email protected]. Ideally, user info should include:
- URL of site where attack found
- date/time
- device/OS (e.g., iPhone, Android, Windows, MacOS)
- browser (e.g., Chrome, Internet Explorer, Safari, in Snapchat, in Facebook)
- location (e.g., US, Canada, UK)
Also, if a screenshot and/or network log (e.g. Charles .har log) is available, please collect this as well.
You can also submit tickets via the dashboard by selecting Need Help in the left-hand navigation.
Updated 9 days ago