Beyond Firefighting: Takeaways From the Digital Trust & Safety Summits

Beyond Firefighting: Takeaways From the Digital Trust & Safety Summits
featured image

Product Marketing Lead Gavin Dunaway summarizes some of the discussion at recent conferences focused on exceptional ad quality, privacy, and protecting digital consumers.

Overlooking Alcatraz and the San Francisco Bay at large, The Firehouse at Fort Mason was an unfortunately apt venue for the first Digital Trust & Safety Summit in May 2022. As I explained in my speech opening the summit (after some inspired dancing to “Danger! High Voltage” by Electric Six), too often the platform marketplace quality specialists sitting in attendance are viewed as firefighters.

Not the hot half-naked, ripped firefighters of (fiery) wall calendars, but the soiled and sooty firefighters decked out with gas masks battling neverending wildfires. The same goes for the publisher revenue specialists that joined us for the sister Digital Trust & Safety Summit in NYC: weary firefighters hopping from one inferno to the next, well aware that as soon one goes out, another will soon appear.

And worse, these brave souls rarely get the recognition they deserve for keeping consumers safe. Often firefighting bad ads is a thankless job, and the professionals hard at work can be viewed as a nuisance in the quest for more revenue.

From the outset, I made it clear that Digital Trust & Safety isn’t about firefighting—it’s about putting the tools and processes in place to prevent fire from breaking out. But what’s all this Digital Trust & Safety jazz anyway? It’s the practices that ensure the digital well-being of consumers. As the digital ecosystem evolves, the pendulum of power has switched back to the consumer—successful companies must demonstrate their dedication to earning consumer trust and protecting them from the host of digital dangers.

Just how to manage that seemingly Herculean task took dominated the conversations at the Digital Trust & Safety Summits in San Francisco and NYC, as we discussed the overall digital threat landscape; specific malware hazards circulating in the ad pipes; managing ads in sensitive content categories; and ensuring exceptional ad quality.

Privacy, Safety, and Quality Are Intricately Intertwined

The three critical components of Digital Trust & Safety are privacy, security, and quality. And although digital privacy conversations seem to suck up all the air in the ecosystem right now, you can’t build trust with consumers just by promising to respect preferences, PrivacyCode CEO Michelle Dennedy explained in her San Francisco keynote.

Consumers are expecting safe environments as well as quality content alongside privacy compliance. Dennedy, who served as Chief Privacy Officer for both Sun Microsystems and Cisco, further explained how privacy isn’t about checking boxes (“Are we GDPR compliant? Are we steering clear of COPPA?”), and trying to chase after the latest privacy regulation.

Digital privacy is a top-down company initiative that requires a great deal corporate soul-searching—Do we actually need that consumer data point? Would you personally be OK with a company collecting this data? Once you’ve established this baseline, you can build a framework that can be adjusted to meet new regulatory requirements. All of this can also be applied to quality—once you’ve set your foundation, the policies become apparent, and adding nuance becomes straightforward.

Consumer Expectations Reset

In his NYC keynote that was very complementary to Dennedy’s talk, Marketecture CEO Ari Paparo dove into the results of an informal survey he conducted on post-third-party cookie tracking and data collection.

The industry veteran and former CEO of Beeswax had broken down ascending data targeting and tracking mechanisms like identity and clean rooms into incredibly blunt descriptions of their behavior, and then asked his Twitter followers to decide if they were “Always Wrong,” a “Gray Area,” or “Totally OK.” Tools like device graphs and email-based identifiers had very frigid receptions.

Two in-depth questions from a survey conducted by Marketecture CEO Ari Paparo.

Paparo had two big takeaways: “First, does it undermine the data security of the end user or otherwise risk real harm to that user? Selling precise geo data is an example. Second, does it disrespect the user’s common understanding of the relationship they have with you, the publisher?”

These are two important questions publishers and platforms should ask themselves—not just with data tracking and targeting, but also the ad content, quality, and unit types they push forward.

Overlooking the Malvertising Path to Ransomware

Massive ransomware attacks in 2021 hit consumers at the gas pump and in the grocery store. But cybersecurity professionals are still too focused on protecting against email threats, specifically phishing. On the advertising front, some (like the US government) think mandatory consumer ad blockers are enough to stop the malvertising menace, but these can be easily surmounted by seasoned digital predators.

Serious threat actors are looking for new entry points, and digital advertising’s incredible scale (typically at a low cost) makes it extremely attractive. In addition, information scored from successful malvertising campaigns is sold on the dark web to fiends with bolder plans. In addition, hybrid workforces (in the office behind firewalls and remote with or without VPNs) open up further vulnerabilities ripe for exploitation.

Threat actors have yet to truly tap the malevolent potential of the digital advertising ecosystem—and it’s not clear whether the cybersecurity community is prepared for their wrath.

More Quick Takeaways

  • Many malvertisers and malware slingers are state actors—they work in cyber espionage and other bad digital deeds for a government paycheck, and then push malvertising campaigns as a side hustle.
  • One publisher described the “Justice League” team of stakeholders they have from revenue, product, editorial, marketing, etc. that convenes whenever there’s a user experience disaster. The team quickly works together to identify the culprit. Other publishers have shared they have a Slack channel specifically to expeditiously solve these kind of issues.
  • Bad actors often work both sides of the fence: pushing malvertising like phishing and backdoors while also running bot traffic through bogus sites to commit ad fraud. Identify a bad actor on one side of the fence, and most likely you will find them on the other side as well.
  • Advertiser brand safety solutions like Oracle and supply-side brand safety solutions like The Media Trust are not adversarial—they’re complementary. These two types of providers work together to find overlaps that can ensure better experiences for advertisers while ensuring the safety and goodwill of consumers.
  • Named digital treats Fizzcore and GhostCat are terrorizing the digital advertising space because they are damn hard to pin down. Fizzcore uses cloaking to hide its malicious intent (often bitcoin-related scams) and only serves malicious content when serving into a target environment—otherwise a consumer will see innocuous creative that was possibly stolen from another ad campaign. Fizzcore doesn’t even bother with creatives or landing pages—it too uses fingerprinting to only serve its malicious wares in a target environment (most often a mobile device). Thus identifying these campaigns requires a lot of sweat and tears—especially as many will lay dormant for months at a time.
  • No surprise then, publishers get stuck playing whac-a-mole when reports of bad ads come their way. Often ad ops teams are stuck hitting refresh again and again on the site hoping to recreate the experience—as mentioned above, that won’t work if ad ops isn’t using the target device. A veteran malware desk that has seen things, man, can hunt down the culprit, particularly if they have an arsenal of real devices at their disposal. When it comes to offensive ad content, though, a creative gallery tool like The Media Trust’s Ad Sentry can save time and refreshes by offering the publisher ads seen on their site in more than 40 sensitive categories.

This is really only a taste of all that was discussed—the conversations could have gone on all night (well, some did at the happy hour). We’re really only beginning to wrap our heads around Digital Trust & Safety—including how to communicate our commitment to consumers. It’s a long road ahead, but it’s inspiring to know that so many in the digital advertising industry recognize that Digital Trust & Safety is a key component of success.