« Software Design: Always Always Save | Main | MyStickies, FireDoodle, and the Future! »

Make Omniture Really Mad At You

Okay. Lots of big companies use Omniture's SiteCatalyst to track their websites. Omniture charges the companies a certain price for page views, companies rely on accurate reporting of page views to understand what's happening on their sites. And right now, Omniture's tracking system is quite unsecure. If you were the wrong sort of person, you might want to exploit this to totally mess with Omniture and their customers.

This tracking works by Javascript code that's plugged into every page they want to track. So every time that code is run, Omniture records a page view for the client identified in the code. But there's nothing to really validate where that code is being run from. (And even if there were, it would be by HTTP referrer codes, which are easily altered.)

So let's say I wanted to make Ford think that two hundred million people clicked on one of their recent campaign pages. I would copy the code off one of Ford's pages, stick it on my own site, and run it like mad.

Now, people have been actually doing this with Google's PPC program. But there was lots of money involved, so Google got active (or vocal, at least) about fighting click fraud.

With SiteCatalyst, it's not nearly so visible. Clients would end up paying Omniture a little more. Not much -- tracking individual clicks is vastly cheaper than Google's PPC. So a handful of people actively playing this game could get away with a great deal of manipulation without ever being noticed.

And the resulting skew in data could send competitors off in really weird tangents, or undermine their faith in their entire reporting system. What if Ford started seeing large surges of traffic to all of its Vietnamese pages? If it were handled subtly enough, I bet somebody could trick Ford into launching all kinds of Vietnamese advertising content. Even more significant would be the impact this type of activity could have on media companies -- CBS, CNN, Times...

In fact, this could lead to a whole new type of PPC manipulation. Playing with the PPC market from the backend -- manipulating advertisers directly, rather than just messing with clicks and all the Google controls that are already in place. Wow.

A force so powerful, it can only be used for good or evil.

But I'd a lot rather just edit my highscores in Flash games. Breaking actual laws has never held much appeal to me.

(Except as intellectual exercise, of which I suppose I get rather too much.)

Posted by Tom Dalton on March 21, 2007 3:29 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on March 21, 2007 3:29 PM.

The previous post in this blog was Software Design: Always Always Save.

The next post in this blog is MyStickies, FireDoodle, and the Future!.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Publishing Platform 4.01