No advertiser wants to support piracy, and every ad exchange has policies against monetizing stolen content.
But domain blocking, the industry’s go-to approach for demonetizing sites that host pirated content, “is set up to fail,” said Chris Kane, founder of Jounce Media.
Ad exchanges often continue to monetize publishers that violate copyright law until a third party brings the issue to their attention. And pirates can stay one step ahead by using alias domain names in RTB requests or by masking URLs via link cloaking, which makes it harder to audit offending inventory.
The only real, scalable solution, Kane says, is to block sellers that regularly work with content thieves from the bidstream.
The piracy problem
According to Jounce, historically, about 1% of all bid requests in a given month come from sites that appear on DeepSee’s list of ad-supported piracy domains. That number crept up throughout the first three quarters of 2022 before spiking to 3.5% in August.
After August 2022, the rate dropped off. As of February 2023, only about 0.2% of bid requests are tied to a domain on DeepSee’s list.
“Piracy got big enough last summer that people started noticing,” Kane said. “Exchanges have been progressively trying to clean up and limit their exposure.”
There was a particularly sharp drop last December, which coincided with a report published by ProPublica shedding light on Google’s role in monetizing sites that publish pirated material. One such ad network was PapayAds, which primarily sells placements alongside stolen copyrighted content.
ProPublica found that, over the course of several months, Google placed more than 49 million ads on PapayAds sites on behalf of a single, unnamed company that had purchased more than 1.3 trillion ads through Google’s DV360 DSP.
Following the report, Google Ad Manager kicked PapayAds out and terminated its account, setting a precedent for the rest of the programmatic ecosystem, Kane said.
“Google made a decision that very rarely happens in the ad tech space,” he said. “If PapayAds is losing its exchange accounts because of copyright-infringing content, we can find a whole bunch of other accounts that meet that same profile.”
How they get away with it
DSPs and SSPs routinely fail to update their blocked domain lists with information from registries of takedown complaints, such as the Lumen database. This puts them at risk of continuing to monetize stolen content even after it has been identified.
Pirates can also avoid detection through domain rotation, which involves monetizing a single site through a rotating assortment of domain name aliases. For example, over the course of 2022, a publisher known for posting stolen IP, Dramacool, used more than 100 variations of its domain name, such as dramacool.sk and dramacool.fo, in auctions.
“It’s easier to spin up a new domain than it is to spot a domain and block it,” Kane said.
Pirates also rely on link cloaking or URL masking to fool media quality control checks. Directories might link to pages of stolen content, and when users click those links, they are sent to an external website with a different domain name.
If an advertiser notices it’s serving ads on that external domain and attempts to audit the site by visiting it directly, they will have a completely different site experience that features no stolen content. That’s because the stolen content is only accessible by following a link from the original directory. Link cloaking can even fool automated brand safety crawlers.
Walk the plank
So what recourse is there? Rather than blocking individual domains, Jounce recommends blocking the resellers who sell pirated inventory.
If a buyer suspects a seller is monetizing stolen content, it should notify the seller, Kane says. If the seller is acting in good faith, odds are they’ll stop monetizing that content. In the majority of cases, when Jounce flags pirated content to sellers, they stop monetizing it.
But if the seller has a track record of chronically monetizing pirated content, they should be cut off entirely.
For example, Jounce highlighted 17 piracy domains in a recent report, which found that 11 sellers regularly monetized these domains, including BidGear, PubFuture, PapayAds, Atlas Media, AdMaven, PurpleAds, Upzyde, VidCrunch, Ad+, FatChilli and Z1 Media.
In addition, piracy monetization occurs most commonly within multihop supply chains, in which intermediary sellers purchase and resell publisher inventory to buyers. Roughly 0.33% of all bid requests sent from multihop sellers monetize piracy domains.
“The most generous interpretation is that these sellers have poor quality control,” Kane said.
Sea change
Ad exchanges have mostly cut ties with the 11 aforementioned resellers. But although Google terminated its relationship with PapayAds and reduced the number of bid requests it honors from Ad+, FatChilli, VidCrunch and Z1 Media, Google still stands out as a major source of the bidstream’s remaining piracy monetization.
It’s not so easy, however, as simply cutting ties with sellers that traffic in pirated content because some sellers, including Z1, also have partnerships with legit publishers.
Kane recommends that publishers do research to better understand the sellers they’re working with so they aren’t inadvertently demonetized themselves when buyers cut off sellers that also monetize piracy.
But, fortunately for all parties harmed by these schemes, piracy doesn’t actually pay all that well.
It’s unclear why, but one reason could be because bad actors set lower pricing floors to attract more business to junk inventory.
The piracy domains flagged by DeepSee received 70% to 90% less revenue per bid request when compared to the rest of the internet, according to Jounce. In all, about $50 million of spending on DSPs, or between 0.1% and 0.3% of total DSP spend, went to piracy domains in 2022.
So, it’s likely not worth a buyer’s trouble to attempt to claw back spend from the pirates, Kane said.
Instead, advertisers should be more proactive about evaluating their seller relationships going forward.
Correction 3/9/23: This article originally said piracy domains flagged by DeepSee received 10% to 30% less revenue per bid request when compared to the rest of the internet. They actually received 70% to 90% less revenue per bid request compared to the rest of the internet.
