“This [forced redirects] comes up each year — and this is the worst case [we have seen in] the past several years.”
In adtech, we have to confront a lot of pitfalls. As we grow our technology, fraudsters grow theirs to spam the web. But, in the end, publishers are held accountable by the readers. Forced redirect ads are on their way to make the condition worse. So, here is the guide to cope with it.
Before we start with anything, let’s have a fast refresh of the basics.
What are’forced redirect advertisements’?
When a user tries to access a page (known), he/she will be redirected to the unknown site(s) and infected with malware or shown a bogus advertisement to collect private information.
The redirect could be via hyperlinks, disturbing pop-ups or via a webpage overloaded with display ads. In fact, fraudsters develop trust with publishers by posing as a legitimate ad network for a specific length of time and then begin dropping in malware via ad creative to be able to forcibly redirect destinations for the users.
“This comes up every year — and this is the worst case [we have seen in] the last several years”
— Dave Pond, GM of screen and programmatic in Vox Media.
How is it done?
There are generally three main ways to insert forced redirect advertisements on the advertising network or internet path:
1. At ad request level
2. At post click degree
3. Implementing malicious code
At advertisement request Level
An advertisement request always goes through a number of different levels such as third parties, ad networks, etc. prior to reaching its target. During this journey from begin to end of an ad request, the bad actor infuses the code that sends the user to an undesirable destination.
At Post Click Level
Whenever a user clicks on an ad, the click petition is seized and the user is redirected to an unintended destination.
Malicious Code Implementation
This is one of the most widespread reasons for forced redirects. While creating the ad inventories or designing an advertisement creative, the malicious code is planted. Its effect can be seen only when an advertisement appears and gets clicked.
For instance, last year Vogue came to know that its readers are being bombarded with redirect ads. It pursued the problem and ended up warning one of the partners about the malicious ad code functioned from the stage.
Meta Refresh Tag
Aside from these mentioned ways, another frequent method is meta refresh tag, that takes the user from one web page to another web page. In this, the terrible actor sets the countdown usually invisible to the consumer, and after the countdown ends the user is forced to go to a web page which could contain a virus or some other malware. But the great thing is almost all the most-used used browsers block the automatic redirect.
Dealing with the forced redirect advertisements
Start by monitoring your web traffic by using programs like Charles Proxy that dwell between the internet and your browser so as to trace the interactions as a page is loaded. Such programs are valuable as they permit you to record the interaction between user and the page load event together with tracing the third parties and other page redirects which are involved.
Manual On & Off
The technique is quite tedious and exhaustive. For those who have several header bidder partners, consider turning off each of them one at a time and track if the redirect ads still pop up. This would help out with knowing which header bidding spouse is the main reason for redirect ads. Once you have found the header bidding partner contributing to forced redirect ads, you can email them informing the situation and ask them to immediately block the advertisers delivering redirect ads.
You can even make use of the ad redirects detection services. In this, the service provider executes a complete automated search daily on customer’s site to inspect for potential redirects. Such services assist in catching the redirects and also identifying the motives or fraudsters behind them.
As an example, Confiant, a redirect/malware prevention company scans ad units on your website and determines whether the advertisements are made to divert users or not. But to scan an ad unit, it takes 50ms. So, it might make your pages load a bit slow (depending on the amount of ad units.) .
Trusted Exchanges and SSPs
The root is from the demand and if you cut the bad actors from the distribution, the volume of redirect ads will reduce to a wonderful extent. Partner with reliable ad exchanges and ensure that your SSP is also after the same. After all, your SSPs are managing your demand partners.
That’s why at Automatad, we test, confirm, and partner with reliable ad exchanges and DSPs to guarantee quality ads. In fact, our publishers have never experienced calculable redirects before.
What about SafeFrames?
In case you’re wondering, if SafeFrames could fix the redirecting issues, it could. However, the adoption is not that great among the publishers.
Because SafeFrames could be troublesome for third-party vendors (for example, viewability and brand safety vendors) as they can’t see what is happening on the page when there are SafeFrames. Some older browser versions do not render SafeFrames and there will be discrepancies as the rendering will take time to complete.
But there are workarounds available to attack the complications.
IAB said SafeFrames are updated to transact viewability data and Prebid, most-used open source wrapper supports SafeFrames. Google Ad Exchange will automatically enable SafeFrames whenever it can. So, SafeFrames are widely in use, however, publishers are looking for a middle ground. Fox Media developed its own sandboxing code to prevent redirects and let other third-parties to quantify without any discrepancies.
Google is already blocking the ad redirects on its own browser and it’ll continue to release updates to improve the user experience. In addition, users who’re frustrated with the redirects have set up ad blockers. The more we wait, the worse it gets. Once we start screening and blocking the forced redirect ads from the buy-side, users will eventually give up on ad blockers (obviously, with the right messages and quality ads).