Closed Bug 983717 Opened 11 years ago Closed 10 years ago

Implement "click authenticity" code

Categories

(Firefox Affiliates Graveyard :: affiliates.mozilla.org, defect)

Product:
Firefox Affiliates Graveyard
Component:
affiliates.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: hoosteeno, Assigned: osmose)

Details

(Whiteboard: [2.0 post-launch])

We've seen a few instances of online services or even wget causing massive traffic, presumably in an effort to inflate affiliate banner click counts -- to the tune of millions of clicks per week. We should implement additional features that will flag activity that might be the result of artificial clicks. A couple ideas: * In the most recent incident, we saw 4 IPs generating 9,818 to 848,831 clicks in a two-day period. We could flag any banner that got more than X clicks in a period, where X and the period are derived from an analysis of organic traffic levels. * We could increase the sophistication of this algorithm by deriving X from some equation, such as deviation from a mean. * We could watch for some magnitude of change in clicks-per-period. * We could probably flag any significant traffic from wget. * We could blacklist IPs such as those used by online click generators. * Lots of other ideas too, including variations on the tracking we already have in place. Note, this bug doesn't specify what to do after we flag an instance of artificial inflation. For now the response is case-by-case.
Whiteboard: [2.0 post-launch]
So I spent some time talking with lorchard about this during our mentor meeting, and he had dealt with similar issues from fraudulent likes on MDN. Then bottom line is that we have to accept up-front that fraudulent data is already making our click counts inaccurate, so we can't expect to get super-accurate click counts with fraud protection. But, there are a few speed bumps we can put in the way that help. The two biggest ones that seem worth implementing immediately are: - Checking for odd-looking user agents (a piece of text that says what browser the user is using). Some of the fraudulent clicks we've seen in the past had "curl" in the user agent. (ಠ_ಠ) - Checking for high click counts coming from IP blocks or individual IPs (meaning that one person or a small group of people are sending a bunch of clicks at once). I believe we should change Affiliates to log individual clicks along with the IP and user agent sending them, and then having a daily job that analyzes these clicks, removes suspicious ones, and then bundles the remaining clicks into per-day chunks. jessosorio: Are you okay with me moving forward with these two fraud checks? We can check the click growth rate after adding them to figure out what our next steps are.
Assignee: nobody → mkelly
Flags: needinfo?(josorio)
Awesome - really happy to hear this. Just talked with Jessica and these two fraud checks sound perfect. Very in favor of moving forward with them. Do you need anything from us?
Flags: needinfo?(josorio)
Nothing but time. :D
All work on Firefox Affiliates is on hold as the Affiliates program is slated to be phased out in 2015.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Product: Firefox Affiliates → Firefox Affiliates Graveyard
You need to log in before you can comment on or make changes to this bug.