“Just because there’s an Ads.txt file doesn’t mean it’s valid as intended or that it’s actually enforced,” Fou said.
Ads.cert would address this problem by creating a “signature process” that would certify whether a unit of inventory came from a verified publisher, Richter said.
The openRTB stream can’t currently guarantee the validity of inventory as its passed from server to server because, according to Richter, there’s “no way to sign inventory so that it can’t be changed.”
With Ads.cert, publishers could include an encrypted signature on inventory that would match to a public key used by buyers to confirm the inventory source.
“The roots are similar to blockchain,” Richter said, but instead of using a distributed ledger – which guarantees security on a blockchain – the IAB’s solution poaches only the idea of public and private encrypted keys to transmit bids along the supply chain.
“I’m skeptical of some of the claimed usages of blockchain in real-time advertising,” Richter said. “But the question is, would it be useful in other ways to validate content?”
Richter compared Ads.cert to the successful effort to stamp out email fraud in 2004 when signature confirmations were instituted between email servers. Before that protocol change, known as domain keys identified mail, fraudsters could disguise the source of emails.
“If you operate a spam server and now have to sign the headers, bad guys won’t do that because it tracks back to them,” Fou said.
There’s still a good deal of time and effort before Ads.cert is a viable product, however. Later this month, Ads.cert will enter its second phase of public comment and review, and next year the group hopefully will begin coding and validating the technology, Richter said.
“Many of us in ad tech have spent years building systems to look for bad activity, and it’s a game of whack-a-mole where you solve a problem and create a problem,” he said. “After a few cycles of that, you have to try and engineer a better solution.”