The first tech company to ban the Trump campaign

Banning the GOP & Trump 2020 for promoting racism is uncharted territory. Here’s why Hotjar did it anyway.

Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).

Here’s what’s new with us:

Hotjar is a popular behavior analytics platform that you’ve probably only heard of if you work in product or marketing. It’s by no means a household name. But last week, Hotjar made software history. 

They became the first tech company to openly suspend the accounts of the Trump 2020 campaign and the GOP. In an industry where banning hate groups rarely happens, banning a political party is unthinkable. What were they thinking?

We had a front seat ticket to this story in more ways than one: Nandini kicked off the Twitter firestorm that first alerted Hotjar to their ties with the Trump campaign.

This week, we spoke to Hotjar’s Mohannad Ali about what made this decision the right move for them, and what happened behind the scenes in their unprecedented move to terminate the account of a sitting president’s re-election campaign.

Hotjar had a problem

On August 17, Nandini called attention to Hotjar for claiming to be antiracist and providing services for the Trump campaign. Her tweet created a flurry of attention and caught the eye of Twitter user @CarterD, who sent an email to Hotjar’s customer support team.

This is the reply he received back:

Talk about making things worse. Mohannad says they initially decided to play it low-key and neutral, but neither the team nor the leadership was happy about it.  

“In the beginning, we tried to take a bit of a neutral approach to the situation and our response was a “business as usual” thing. We didn’t really spend a lot of time with leadership to work on this. The result was unfortunately that the people involved in this. Particularly, the customer support rep who responded to the ticket, felt very uncomfortable with the message we had suggested. This isn’t how we wanted to show up and we certainly didn’t want to put [our rep] in that kind of position.

But their response received universally negative feedback — and the situation was starting to slip out of control. 

After catching heat both in public and internally, they decided they needed to step back and try again. 

We thought, “Hey let’s take a second to think about how we want to act as an organization, as a team, and as individuals. This is when we started to have a more organized response and leadership discussion.”

“We want to be able to act quickly on our values”

Mohannad admits they were clueless about where to start. He and Hotjar’s CEO David Darmanin had a vision, but weren’t yet sure how to translate it into a company-wide policy:

We all land on different parts of the ideological spectrum, but there is a consensus on core values at our company. So we started thinking about how we can word our Acceptable Use Policy in a way that really maps to our values.

We realized that adding a statement like this opens up room for abuse. People might end up bombarding us with all kinds of websites. But the way we thought about it is: What’s the worst that can happen? We just want to have enough ammunition to make a strong case for why we’re taking a website down. For example, a merchandise shop that benefits a white supremacist group. 

We want to have the right policy to be able to take accounts like this down quickly, even if the merchandise itself isn’t hateful.”

There is no known way to be objective

The team needed a way to think about this issue. Two tech companies inspired them and helped them hone their thinking:

  1. Patreon’s approach to content moderation called Manifest Observable Behavior

  2. Shopify’s Acceptable Use Policy, which Shopify updated in 2018 to ban products that were not explicitly illegal, but “intended to harm.” 

These companies had both initially tried to be neutral, but found the position to be untenable.

In their search for a new policy, Mohannad realized it would be fruitless to try and achieve objectivity or universal consensus. They would have to bring their own values to the table.

If you ask people whether they think certain things Trump said are racist or a certain executive order is racist, many of us might agree that it’s unequivocally racist, but there will never be universal consensus. 

At the end of the day, there’s a degree of human arbitration that will have to happen. There are certain individuals who will have to make a decision on whether they think this is hateful or not.

In the end, they decided to implement an Acceptable Use Policy that gives them the right to suspend accounts that promote hate, division and discrimination both directly and indirectly.

You can read their full statement here.

“The most important thing: the trust of our team”

Hotjar leadership opened up a discussion in Discourse for their employees, who work remotely from 24 countries. 

The biggest responsibility you have as a leader is to your team, even before your customers. Our risk was losing confidence or our team. Of admitting that we are falsely advertising who we are. Backlash is something you might get over, but breaking the trust of your team is not. 

I think one of the good moves we made was to ask for everyone’s opinions. We didn’t intend to have a majority vote kind of thing. We just wanted to explore different opinions and surface all the arguments and bring the team with us on our journey. They need to be part of the exercise and discourse.”

While the final decision was up to them, Mohannad and David still worked hard to present their decision to their team, because buy-in was important to them.

Our internal message was different than the one we shared with the public. We went a lot more in-depth, showed our methodology, and a long list of evidence. 

In the internal statement we made to the team, we explained our identity and values. We started talking about some of the behavior we saw Trump demonstrate. The point we were trying to make: It’s not about the person. It’s not about Trump. We’re not here to be a judge of character. But it’s clear this particular statement was racist. This particular action did target marginalized groups and so on. And we believe that these are credible threats to the community.

We presented this to the team. We said we expect it might lead to some backlash, we acknowledge this might happen on our team as well, but this is what we’re going to stand by.

“I was always more worried than I should have been”

We asked Mohannad if he had concerns before he took the message public. He said he was worried the whole time — about employees, about the GOP and the potential ways this could go wrong for them.

At every step of the way, I was always more worried than I should have been. Nothing happened. The team took it extremely well. A lot of people who initially suggested we don’t suspend anyone, after we explained it, they said “You know what? You’re right.” What you’re saying makes a lot of sense, and I stand by you.

It crossed our minds that we could be sued. We worked with lawyers and confirmed that our terms of service are legal. Especially in the US, the law is liberal for denial of service.

But the point isn’t to hold yourself to an impossible standard of perfection. It’s to improve, be transparent and keep building trust over time.

We are now holding ourselves to a new standard of how we enforce our policy. This will continue to be the biggest challenge we have now as a self-serve business. The fact remains we still don’t know everyone who is using our tool and script.

We’re going to try to improve the ways we enforce our policy, but for the time being, we’re going to rely on our community and team to flag things.

We plan to create more transparency for the community on what happens after you submit a violation report. Soon, we’re going to publish a page that explains what our internal processes are, how we investigate and who will be making these judgment calls.

Mohannad’s advice for tech executives

What advice does Mohannad have for a tech executive who might find themselves in the same position as him? He says:

  1. Take it seriously, take the time to respond. It’s a good thing when someone is holding you accountable. Embrace it rather than ignore it.

  2. Ignore the temptation to try to be objective. People think standing by the sideline is an objective standpoint, but being neutral is still a subjective opinion of how you’re dealing with a certain situation. So don’t be afraid to bring yourself into the conversation. This is where we got paralyzed in the beginning: “What’s the ‘right’ objective way to do this?”

  3. Everything is intersectional. At the end of the day, companies don’t exist in a vacuum. Companies are the people within the company. It’s impossible to ask people to disconnect who they are outside of work. Ultimately you’ll make a decision based on personal convictions and that’s not a bad thing. 

That is definitely some hard-won advice. “We came THAT close to making the wrong decision,” says Mohannad. “Sometimes you need a slap on the face to remind you who you are.

Thanks for reading,

Nandini and Claire

Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin.

Thank you for destroying the free press

Inside the brand safety tech that’s keeping ad revenues away from the news media

Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).

Here’s what’s new with us:

  • Nandini will be on Resource Alliance’s panel “The ethics of Facebook for nonprofits” on September 3rd (tomorrow) at 10am EST/3pm GMT. Sign up here!

  • Nandini will also be on Media Rumble’s panel on September 4th discussing hate speech in Indian media along with Stop Funding Hate’s Richard Wilson and News Laundry’s Manisha Pande. Sign up here!

For a brief and glorious window of time last week, we received a rare glimpse into the secret algorithm that determines who on the internet gets to receive advertising dollars and who gets blocked.

Every year, brand safety technology companies block about $3 billion from reaching news organizations based on a single myth: that placing your ads on negative news stories is unsafe for your brand.

There is not a shred of evidence that this is true, but that hasn’t stopped them from providing at least two half-baked ways to do it: 

  1. Keyword blocklists — a list of “bad words” brands don’t want their ads placed near (which we’ve previously covered here)

  2. Contextual intelligence — AI that “reads” a page and classifies its topic, category, and overall sentiment rating as positive, negative or neutral.

Thanks to the war on “negative” news, the sentiment rating has become one of the most critical factors behind whether a news article gets monetized. It’s also one of the shadiest, because no one knows how the machine works.

But last week, Integral Ad Science launched its “Context Control” demo, inviting users to test its version of the tool, which allegedly reads “like a human” and spits out a real-time decision of whether it makes readers feel overall good (positive) or bad (negative). 

We took the tool for a spin, testing it on (what else?) hate outlets. The next day, the demo had vanished.

We can guess why. The demo reveals a machine that is actually alarmingly and dangerously mixed up. It does not understand North from South or up from down. It is a college student’s computer science project, which she turns in to the professor at the end of the semester and says, “Good thing no one’s ever going to use this in real-life haha.”

Except IAS does use this machine in real-life and at scale, to control billions of impressions and ultimately, the fate of newsrooms around the world. 

IAS’s ‘context control’ demo: The results

Here’s what we found: 

First, we looked up a handful of extremist and extremist-adjacent sites. The sentiment machine didn’t seem to catch on:

  • American Renaissance (amren[dot]org) is a white nationalist site run by Jared Taylor. It was rated neutral.

  • Liberty Hangout (libertyhangout[dot]org) is the website of Kaitlin Bennett, the Kent State grad who harasses students on college campuses about homophobia and guns. It was rated positive. 

  • Drudge Report (drudgereport[dot]com) is the aggregation and disinformation site run by Matt Drudge. It had no rating.

Then we tested an article about “lesbian bed death.” We’ve long hypothesized that this socially accepted topic would be unfairly dinged because it contains two “bad words” (guess which ones?). It turns out we were right: 

We also looked at Kenosha’s local newspaper covering Jacob Blake’s story: 

Then we looked at coverage of Jacob Blake’s story from The Root, which provides an unflinching analysis of issues in the Black community:

  • The Root’s coverage was categorized as “sensitive social issues.” It was rated negative. 

IAS’s demo was removed before we could investigate further. But we saw enough to confirm that if you’re taking IAS’s advice to avoid negative content and using their technology to do it, you’re actually keeping your brand dollars away from some of the most responsible media coverage out there today. And probably still funding white nationalism.

They’re not against the news, just the negative news

Why are we measuring negative sentiment to begin with? If you’re not in the adtech bubble, let’s catch you up. For years, the adtech industry has coalesced around the myth that placing ads on negative news could harm your brand.

It’s a fabrication that is as bold as it is bonkers. The fact is, no brand has faced a brand safety crisis for placing their ads on the news. In fact, any brand that takes this advice is forfeiting its spot on the most highly trafficked, highly reputable domains in the world.

It’s ridiculous and it’s coming from the top. At the start of the global pandemic, the CEO of IAS urged clients to use their technology to target “positive hero-related content.” What she didn’t mention was that there is precious little good news to go around in 2020, and that following this advice means withholding revenues from news organizations that are producing the essential coronavirus reporting we all depend on.

The anti-bad-news campaign worked, too. Buzzfeed reported in March that one major brand blocked 2.2 million ads from appearing next to “coronavirus-related keywords,” which resulted in up to 56% of impressions being blocked from the Washington Post, New York Times, and Buzzfeed News. 

jonathon springs @JonathonSprings
@nandoodles @integralads @TheRoot @FDRLST This is a contributing factor to why we don't have anymore :/ we were asking questions in 2016 and all they could say is it inputs and results of the model are proprietary 🙃Think Progress Header Logo

“But Nandini and Claire, they’re still getting the money”

Do publishers still receive the revenues if the ad is blocked? No one can say for sure. Ad tech folks will tell you that blocking the news happens so quickly on a page-by-page basis that it often has to happen after the “bid” has taken place on ad exchanges — after the budget has already been spent. This is somehow meant to defend this type of blocking, as if to say “it’s harmless anyway, so why complain?” Here are some reasons:

  • Because no one outside brand safety companies can tell when the block is pre-bid or post-bid. 

  • Because publishers are definitely getting blocked from collecting revenues, but we don’t know by how much.

  • Because post-bid blocking would mean that marketers are spending money on ads that don’t even appear. 

If the block happens pre-bid, it’s bad for publishers. If it happens post-bid, it’s bad for marketers. Folks, this would all be a lot easier if we just didn’t block the news. 

Who built this program anyway?

Our Twitter thread made its way to the adops subreddit, where one user had a message for Nandini (“leftist psycho”) and all the other idiots:

“If you think any ‘machine learning’ or other bullshit is going to fit into your subjective interpretation of all pages, think again.”

They nailed it. How is a machine supposed to be subjective?

Interpreting what we read is a human thing. We decide how we feel about an article based on our knowledge, values, cultural identity, and the sum of our experiences as sentient creatures. The only thing that matters in brand safety is what humans think. 

Machines don’t have any of those. They only know what the humans who built them taught them. And that’s where we hit a wall. The algorithms are built by a team of people that Integral Ad Science (and DoubleVerify and Oracle) prefer to keep under wraps.

We don’t know who made it. We don’t know their backgrounds, their cultural experiences, whether they are a diverse group. We do not know whether the developers understand that racism and white nationalism is bad and whether they have a baseline understanding of how to identify hate speech and disinformation.

And that means we are handing over one of our most critical brand safety decisions — where our brand appears — to a group of unknown people and the black box they built. Both publishers and brands are left in the dark. 

If you’re uncomfortable about censorship, how about these advertising decisions that we never even see? You couldn’t find a more dystopian way to kill the free press. 

A product looking for a problem to solve

We’ve covered this before, but let’s reiterate: Brand safety is not about a page-by-page analysis. No social media crisis will come from an awkward ad placement. What will create a brand safety crisis, though, is funding organizations that peddle dangerous rhetoric (hate speech, conspiracy theories, dangerous disinformation). 

Brand safety is about ensuring that your ad spend aligns with your brand values. When the technology doesn’t fit the goal, it does more bad than good. You don’t need to scan every page on The Boston Globe. It should be on your inclusion list.

What can you do?

If you use brand safety technology, here’s what you should do:

  • Review your keyword blocklist. Ask for a copy of it and send it back with heavy edits. This list should be short. 

  • Review your inclusion list. When Chase Bank reduced their inclusion list from 400,000 to 5,000 websites, their performance stayed the same. What websites would you include in your list of 5,000?

  • Finally, and you probably saw this coming… check your ads! If you’re curious about what’s happening in your ad spend, the very first place to start is your site list of placements. 

Thanks for reading!

Nandini and Claire

Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin.

The secret way they collect ad revenues

Google’s secrecy around sales houses is the gift that keeps on giving — to global propaganda rings.

Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).

Here’s what’s new with us (we’ve been BUSY!):

Last BRANDED, we revealed an undercover(ish) scheme that enables unrelated groups of publishers to quietly share account IDs meant for only one of them, pool the collective ad revenues and then split it up amongst themselves. 

We’ve always understood Breitbart’s business model as a classic programmatic play: they publish hateful content and earn $$ through impressions and clicks. The logic behind the Sleeping Giants campaign was: block their website and they won’t get your money.

And yes, that shut them out of earning ad revenue the normal way. But we’ve now identified another lucrative way for them to continue collecting within the same ad tech ecosystem: by sharing DIRECT account IDs and cashing out through unknown entities called dark pool sales houses.

(This is roughly equivalent to one restaurant sharing its liquor license and card reader with a bunch of other bars in your city and then splitting the cash at the end of the night — it’s both a zany potential episode of It’s Always Sunny In Philadelphia and illegal.)

One company — the world’s biggest ad exchange — could help us end this practice overnight. But they’re holding out on us. 

Today, we’re going to explore how unknown entities around the world are extracting unlimited sums of money from unsuspecting advertisers because Google is holding onto key data like it’s a state secret, in order to maintain its own competitive advantage.

This goes beyond a standard brand safety issue. It’s a privacy issue, an antitrust issue, and because of the international money laundering implications, an issue of national security. 

A few updates about what happened after the last issue

The following companies issued responses to our last issue

33Across (the SSP we highlighted in our last issue) issued a response saying: 

“We have reached out to our supply partners and the sites who list the 33Across Ads.txt line on either and to have them removed.” 

Since publication, the 33Across records have been removed from Breitbart’s ads.txt file.

Saambaa (a self-described ‘event discovery platform’) reached out to us to point the finger at a ‘3rd party ad management company’:

“The Breitbart ad inventory is managed by a 3rd party ad management company. We work with them on other sites and they have grouped our ads.txt as part of their larger assembly of ad buyers on Breitbart.”

The company that Saambaa is talking about here is Granite Cubed, the exclusive advertising broker for Drudge Report, which has been extensively covered by Craig Silverman at Buzzfeed. Drudge Report and Breitbart have numerous overlapping ads.txt records, a potentially telltale sign of dark pool sales houses at work.

Microsoft updated nearly 100% of their ads.txt files on Bing and MSN using their own schema. All their sales houses (and any dark pool sales houses) are now labeled, and even include schema that identifies business names and countries. See for yourself!

The IAB (the ad industry association) defended ads.txt (which they created) in a blog post titled “Don’t blame the tools; Learn how to use them”. Here’s Zach’s response to that letter. We thank the IAB for their attention, and look forward to seeing how they help marketers protect their ad budgets. 

We’re also thrilled that our research inspired a handful of new products to help advertisers cross-check their ads.txt records. Like this one, which found “a handful of sellers misclassify nearly all their sources as a direct relationship (publisher), when the sources are, in fact, intermediaries.”

Could this be Breitbart’s “back door” business model?

When Breitbart was shut out of 90% of its ad revenues, it was because thousands of advertisers blocked their domain (www.breitbart[.]com). That closed up one revenue stream — we’ll call it “the front door.” 

But there would still be another way for Breitbart to cash out: they could enter into partnership agreements with other publishers, use those publishers’ DIRECT IDs, direct the ad dollars to dark pool sales houses — a name we came up with because they can operate as untraceable shell corps — and split the cash from there. 

We call this “the back door.”

When Breitbart became the subject of the Sleeping Giants campaign, they only lost “front door” access. But the back door is still open: there’s nothing stopping them from using other account IDs or partnering with other publishers who agree to mislabel DIRECT inventory with them. 

What does it mean to go through the back door? It means you can cash out from the other end: 

  1. Set up revenue-share agreements with your friends 

  2. Buy up tons of websites together (even random ones — it doesn’t matter)

  3. Place the same DIRECT account IDs on all of them 

  4. Link them to the same sales house

  5. Divvy up the cash 

Advertisers would never know who the money actually ends up with, because there is no publicly available directory of sales houses for them to check on.

If you were, say, part of a global fascist propaganda effort, you might partner up with alt-right organizations around the world, set up a common shell corp and use this back door to fund your activities. The added bonus? You can use all that user data you’re collecting together to target citizens more efficiently ahead of important elections. ¯\_(ツ)_/¯

Let’s work backwards together to look at how the adtech ecosystem makes high-stakes fraud possible.

Breitbart as a data broker

After our last issue, a lot of folks asked us why it matters if publishers are sharing DIRECT IDs. You can technically make up anything you want on an ads.txt file. Maybe they just copy/pasted more records in so it looks like they’re popular with vendors? 

That surface-level understanding of mislabeling is why it has not generally been policed by DSPs and why marketers aren’t aware of what’s going on.

There are actually two financially sound reasons the bad guys would share DIRECT IDs:

  1. They can spin up new sites with higher CPMs quickly — DIRECT IDs generate more revenue than RESELLER labels because RESELLER IDs are more often blocked by buyers. This makes it easier to pool user data across partner sites, allowing them to offer more targeted audience profiles on newly minted websites. . 

  2. More targeted ads (which are worth more $$) — Advertisers are obviously willing to pay more for better targeting, so these impressions are worth more. Pooling user data means they can offer more targeted audience profiles across all their partner sites. A rising tide of audience profiles lifts all publisher boats.

Whether a publisher like Breitbart partners with their friends around the world or just buys up a bunch of websites on their own, sharing DIRECT IDs is a fast track to racking up high value impressions and clicks.

That would give Breitbart a new lease on life as a data broker. 

Breitbart as a sales house

Now, once you have the money, you need to get it out, right? So where do those ad revenues actually go? To the sales house. Lucky for Breitbart, anyone can form their own dark pool sales house — easy to do because you can legally link it to an anonymous LLC — and serve themselves and their friends.

This structure is how most SSPs operate, except without the sketchiness and anonymity. That’s why you can think of a dark pool sales house as a “pseudo-SSP.” It works like any other SSP, but you don’t know who owns it. 

Breitbart as a vertical integration scheme???

Sure, that’s one way to put it. You could also call it “rampant money laundering.” If you’re able to be a data broker (which you can) and control a sales house (also very simple), you can effectively control your own secret supply chain.

Where the hell are the ad tech cops?

The IAB (the Interactive Advertising Bureau) says they’ve built the tools and architecture to check on these things. Together, the following two standards are meant to bring a level of transparency to ad buying: 

  • Ads.txt = a directory of account IDs

  • Sellers.json= a directory of sellers (incl. company name, address, location, etc.)

But there are some glaring holes: 

  • There’s no way to know when bad actors are removed from sellers.json. There is no “sellers removed” schema or standard to alert us to trouble.

  • Organizations have permission in sellers.json to use both DIRECT and RESELLER labels in ads.txt. They don’t get in trouble when they use DIRECT across more than one website.

  • Sellers.json is applied inconsistently. Sellers.json has been largely ignored by Google and haphazardly applied by other ad tech vendors. 

  • Google only just released a“beta” version of a sellers.json. In June 2020, 2+ years after pushing the ads.txt standard, they’ve released an extremely limited sellers.json directory. It’s still not enough to do a basic fraud check.

And then there’s this dealbreaker:

  • There’s no official global ads.txt directory. You can’t cross check for mislabeled DIRECT inventory across multiple domains because the IAB hasn’t made it publicly available!

In other words, there is no process that documents bad actors for advertisers. There’s really no one in the ecosystem holding anyone accountable for anything.

This is a major antitrust issue for Google

Google has God’s dashboard to ads. But even their records contain hundreds of mislabeled domains. (And we only looked at a tiny fraction of Google’s total inventory).

So how is anyone in the industry supposed to properly conduct their ads.txt-sellers.json checks when not buying through Google?

We tried to find out for you. Before we released the last issue, we reached out to Google with a list of account IDs from the Breitbart dark pool sales houses, which were from Google’s own advertising system. We still haven’t heard back. Most of those records are still active. 

As of now, Google’s policy still allows for shell corporations to create seller accounts, get approved as both publisher and intermediary (aka DIRECT vs. RESELLER), and then label those account IDs as DIRECT across hundreds of unique websites. 

Google does offer more information if you use their ad exchange instead of their competitors. In other words, you can reduce fraud only if you advertise through Google, because they haven’t made those tools available to anyone else.  

If Google is the only safe place to buy ads because they own all the data, that seems like an antitrust issue to us. 

The seller.json directory they released a couple months ago has two problems:

  1. It was just 5% of the records. Google has only released about 5% of their sellers.json records. They’ve kept the other 95% for themselves. You can see the records here

  2. You can completely hide the ownership of an accountID. Google has an optional “make my business confidential” toggle for the Google sellers.json listing, which if you squint, does help maintain privacy. But mostly it just helps dark pool sales houses proliferate.

Bottom line: We should be able to check our ads

What can we do with this information? Two things. First, check out Nandini’s Twitter thread about how to ask your ad exchanges to fix ads.txt labels

Then, send Google an email — here’s a handy template: 

Dear Google, 

I’m writing today to understand how you plan to address ad fraud taking place across the ecosystem. 

  • Why have you allowed clients to hide their ownership through a confidentiality flag? What efforts are you undertaking to stop money laundering through this loophole?

  • Why are you giving organizations permission to append both SELLERS and DIRECT labels without any apparent punishments against organizations who label DIRECT across hundreds of unrelated sites?

  • Does Google have any process to help the industry identify bad actors? 

A suggestion: Seller accounts that are removed from the sellers.json for malicious activity or TOS violations should be listed under a “sellers-removed.json” file instead of just being quietly removed from sellers.json files without notice to other ad tech vendors or buyers.

Google and all DSPs should also ban the use of shared accounts by shell corporations (SSPs/pseudo-SSPs) who are not registered as data brokers in both Vermont and California.

If a seller is found to be cloning DIRECT labels across publisher websites, the seller should get one warning that pauses all their bids and access to the bid stream, and a complete suspension upon a second violation.

I look forward to hearing from you. 


[Your name]

That’s it for us. Thanks for reading, we’ll be back next time with more!

Claire & Nandini

Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin. Big thanks to Zach Edwards (@thezedwards) for making this story possible.

So *that's* how Breitbart is still making money

It turns out Breitbart has continued to collect your ad dollars through a shady ad revenue-sharing ring of propaganda sites.

Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).

We have some big news this week: 

For the past few years, we’ve all believed that not funding hate is as easy as blocking bad sites. That you can avoid the risks of being viewed next to terrorist propaganda or hate speech by simply opting out.

But nothing about digital advertising is straightforward.

Last month, Zach Edwards, a data supply researcher, reached out to us with a tip. He told us he had found evidence that Breitbart was continuing to siphon advertising dollars from unsuspecting brands without their knowledge or consent. He told us the average marketer would never know — that you wouldn’t find any clues of this by checking your site list.

This tactic enables vast sums of money to be funnelled towards bad actors mostly without detection, which means that the biggest companies in the world are still funnelling ad dollars towards hate and disinformation. Even if you have blocked Breitbart or use an inclusion list, your brand could still be at risk.

Zach has been our guide to understanding this type of ad fraud, which we find to be so egregious that it should be illegal. We decided to join forces with him for this story.

👉🏽 You can read Zach’s technical version here.

We’re going to walk you through the story and implications in a multi-part series. This is the first issue.

It starts with account IDs

Every website has a number of account IDs to identify them on ad exchanges. Typically, websites that care about quality have just a handful. The New York Times, for instance, has only 12 different account IDs

There are two types of account IDs: DIRECT and RESELLER

  • DIRECT IDs tell advertisers that they’re bidding directly on one website. 

  • RESELLER IDs tell advertisers that they’re bidding on inventory across multiple websites. 

Sometimes, media conglomerates share the same account ID across their owned websites. If Condé Nast wanted to, they could do this with Vanity Fair, WIRED, and Teen Vogue. To make it clear that they’re sharing account IDs, they label one website with a DIRECT label, and the others with a RESELLER label. This is called pooling, also known as a ‘sales house,’ and it’s generally acceptable because at the end of the day, it’s all done within the same organization — in this case, it’s all Condé Nast inventory and being properly labeled as RESELLER inventory for buyers.

Technical readers will want us to note that DSPs and SSPs can legitimately use RESELLER labels, too. The RESELLER label is generally used by large SSPs and audience companies to pool audiences across all their client websites. 

What outlets are not supposed to do, though, is share their DIRECT account ID with websites and companies that are completely unrelated to them. It’s not a direct sale, it mislabels the inventory, and it funnels advertiser money towards shared advertising accounts owned by unknown entities. That’s why we’re calling this dark pooling.

The mislabelling of DIRECT account IDs across websites means that these sites are sharing data (good for retargeting!) and ad revenues. One way to describe this grouping of DIRECT account IDs is a “sales house.” That makes these groupings “dark pool sales houses.”

That means Breitbart is still getting your ad dollars

Sharing DIRECT account IDs does not necessarily mean you’re committing ad fraud. It is possible to share one or two account IDs with Breitbart, for instance, and not be intentionally involved in a shady ad scheme.

For example, we found that,,,,,, and were all sharing DIRECT account IDs with Breitbart. This is hopefully news to these companies.

Wait, how is this happening?

Saambaa is one of the many sales house companies that seem to be working with Breitbart. On their site, they say that they help curate local content, grow audiences, and provide premium publisher experiences. We think companies like them might be the ones setting up these mislabeled DIRECT account ID records, or looking the other way as it happens.

We think (because of a reddit thread that talked about this) that companies like Saambaa might send their publisher clients a list of account IDs and tell them to put the code into their ads.txt file. 

We don’t know, because we haven’t seen a Saambaa email (or emails from other sales houses), whether their instructions also educate the publisher about the difference between the DIRECT and RESELLER labels. Any of the organizations with these overlapping DIRECT account IDs may be surprised to know they’re in a dark pool sales house with Breitbart and other companies.

That’s not good. That could mean that even if they blocked, they’re revenue sharing with Breitbart without knowing it

Every account ID is linked to an advertising account, which is linked to a bank account. That gives us some clues as to where the money goes, but there’s no transparency beyond the shared account IDs. 

These are generally backroom deals. We don’t know what the ad revenue split is here. These deals almost certainly include complex contracts and revenue sharing agreements, and we don’t know much Breitbart might be making. What are the cuts to manage these pools of mislabeled inventory? Is there some kind of a bonus associated with taking this risk? We don’t know. looks like it’s financially tied to Breitbart, too

The story got crazy when Zach visited’s ads.txt file. He found that RT are really, really organized with their sales houses. They code them as Block 1, Block 2, Block 3, etc. In the ads.txt file, there are 13 blocks (sales houses). In many of these blocks, he found DIRECT bidding IDs shared across multiple websites. This work is blatant and out in the open. And even more surprising? Some of their ads.txt DIRECT account IDs match Breitbart’s.

Here’s Zach’s take:

If you compare the file against the file, you will find at least 4 identical account-bidding IDs that share the “DIRECT” label on both sites, which is mislabeled RESELLER inventory being sold as DIRECT inventory to advertising buyers.

Financially tied like this, RT and Breitbart look to be in cahoots.

There’s a whole network of alt-right profit-sharing?

RT isn’t the only disinformation site Zach saw in Breitbart’s ads.txt records (available here). 

He did a Google search of each of their DIRECT account IDs to find more. If you want to try this yourself, open a tab and search for this DIRECT account ID:

“, 0010b00001shFQpAAM, DIRECT, bbea06d9c4d2853c”

He found lots of associated sites. For instance, this DIRECT account ID is shared across 34 websites including... 









Remember, only one site can have a DIRECT account ID, so this means that the rest of these sites are mislabeling their inventory. If you see a DIRECT account ID that is linked to more than one website it is likely linked to a dark pool sales house. 

Here’s what Zach says:

Many of the dark pool sales houses are labeled on ads.txt files hosted on other websites — so the names of the companies can be found, parsed and flagged. Some of these organizations are violating ethical standards, industry protocols endorsed by the IAB and Google, and likely legal frameworks in numerous jurisdictions, particularly due to their work as data amalgamators without registering as data brokers.

The account ID above appears to be linked to a dark pool sales house owned by Saambaa, which we mentioned earlier.

How is this not illegal?

This type of ad fraud is almost too brazen to believe. It’s taking place in broad daylight, through the same piping that ad industry associations have told us will safeguard our brands. 

One of the reasons that this is still legal, or not explicitly known to be illegal, is that ads.txt is only three years old and there hasn’t been, to our knowledge, any major investigative research into the consequences of its design. But even though it is new, its risks are already severe. Ads.txt is a global standard, used in international markets. This giant security hole opens markets and mediascapes around the world to foreign propaganda, hate groups, money laundering, and, of course, fraud. If trade commissions aren't interested in this vulnerability, national security organizations should be. 

Where are the ad industry associations on this?

That’s a good question! Ads.txt was developed by the adtech industry to bring transparency and accountability to the advertising supply chain. It was supposed to make it easier to verify that our ads were appearing on the correct inventory. However, because anyone can make up their ads.txt records, schemes like this one are incredibly easy to get away with.

What we need to combat this is free access to a universal ads.txt directory, so we can quickly query account IDs, and block any account IDs that don’t meet our quality thresholds (aka account IDs participating in dark pool sales houses). 

A universal directory is essential to finding ad fraud like this. But the records are maintained by a handful of organizations — and it costs $10,000 a year to access them from the IAB Tech Lab. That makes it prohibitively expensive for most businesses as well as researchers like us to get our hands on the data.

We took a shot anyway, and asked three organizations - Google, Facebook and IAB Tech Lab - for a free copy of their ads.txt directory for research purposes. Google and IAB Tech Lab declined (Google said that they wanted to support their industry partners at IAB Tech Lab and TAG). Facebook didn’t respond. IAB Tech Lab told us the ads.txt directory is a source of revenue for their organization.

This raises some interesting questions about conflict of interest. What’s more important, brand safety or their organization’s money-making ventures? 

So for now, we have done the tedious, manual and time-consuming work of going through ads.txt without access to a directory. It took Zach over a month to work through the information he presents in his detailed post, and there’s tons more information out there.

What can marketers do to avoid dark pool sales houses?

We believe there should be a free and easily accessible ads.txt directory across all domains in the global advertising inventory available to the public. 

But for now, consider blocking all of the account IDs in this Breitbart ads.txt list. Otherwise Breitbart will continue receiving your ad dollars. There are over 230 DIRECT mislabeled publisher IDs in there. 

Then, contact your ad exchanges to ask them if they’re giving you a refund for the budget you spent with those account IDs.

That’s it for now. We’ll have more for you next time.

Thanks for reading!

Nandini and Claire

UPDATE (July 22, 10:00pm EST): Saambaa CEO Matt Voigt reached out to us with the following statement:

“Specifically on the ads.txt Direct issue: We run an events discovery module which renders itself on the page as a Javescript widget. The module is our own content and own experience, which is why we represent the inventory as our own inventory. We do not manage inventory for publishers, or run any kind of publisher ad network. We don't work with Breitbart, but since any publisher can copy and paste our ads.txt up, we don't control what they have up. It's an unfortunate reality of ads.txt that there is no control of it for us. The Breitbart ad inventory is managed by a third party ad management company. We work with them on other sites and they have grouped our ads.txt as part of their larger assembly of ad buyers on Breitbart."

Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin. And send all the kudos to @thezedwards.

The No Queer Zone: How Adtech Keeps LGBTQ Voices Out

It’s all rainbows and parades until you ask to be monetized

Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).

Here’s what’s new with us this week:

Hey, it’s Nandini here. 

Last week, I got white nationalist Stefan Molyneux suspended from popular streaming service SoundCloud. It took hours of research, months of back-and-forths with their team, jumping through multiple hoops, and finally a direct appeal to the company’s founder (Until then, Molyneux was protected by an inconsistently applied “three-strike policy”).

Molyneux is now locked out of nearly every major tech platform he used to build his white nationalist cult including PayPal, MailChimp, YouTube, SoundCloud and as of yesterday,  Twitter.

This may alarm those who believe a Nazi’s right to Venmo is somehow inextricably linked to freedom of speech. It’s weird how, in this ongoing online freedom of speech debate, we always end up centering the conversation around the most destructive, hateful people that society has to offer. This man radicalized a mass shooter

While I have to fight to get tech platforms to take the very real threat of alt-right figures seriously, most of us don’t realize that those same platforms are by default locking out LGBTQ voices.

Let us direct your attention to Salty, a queer-focused media outlet that adtech companies have refused to work with.

Salty: Like Refinery29, but for the queer community

We spoke to Claire Fitzsimmons, who founded Salty as an alternative to mainstream “girlboss” media companies that center straight, cis white women. 

Fitzsimmons - who identifies as a non-binary queer person and ally - is building a media hub to amplify and empower the voices of women, trans, and non-binary people. “We publish a lot of stories that you would never see on Refinery29 or Bustle or Vice,” they said. 

But this is no zine. Fitzsimmons is ambitious, with a big vision for Salty. They see Salty rivaling the reach and success of Refinery29, but as a community-driven outlet without the racist and toxic workplace culture

Salty is well on its way. Since its founding in 2018, the community has grown to over 50,000 people. Fitzsimmons and their team support the business primarily through a subscription revenue model and have been in talks with major international brands.

But there’s just one problem: no one will supply the adtech.

No queer media need apply

Fitzsimmons and their team have been rejected from nearly every adtech platform they’ve applied to. Here’s a non-exhaustive list of companies that have closed the door on them, with no explanation:


Our good friends at Criteo, who have monetized everything from 4chan to The Gateway Pundit, determined that “a direct integration with us would not be a good fit for [Salty’s] monetization needs.”


In June, MediaVine launched the We Stand With You campaign to show their commitment to supporting marginalized groups. They wrote this:

“We have expanded our lens to make sure we are creating a completely inclusive environment where all employees and publishers (existing or potential) feel welcome, included, properly represented and able to show up as their full selves.

To that end, we’ve been looking into ways to support the LGBTQIA+ community. Internally, we’ve been having discussions about how to better serve this community as well as provide a safe space to employees where they can talk about their experiences.”

But that doesn’t seem to apply to Salty, which was given a blanket rejection. “We are not provided with details; it’s just a simple approval or rejection, so we can’t provide more insight. I’m sorry about that,” they said.

Google AdSense

Google, one of the largest ad exchanges, enables practically any website to run ads using its AdSense technology platform. AdSense has “community standards” and rules for using Google’s tech to sell ads. But sites like The Gateway Pundit, The Federalist, Breitbart, OANN, (formerly Russia Today), American Thinker, and hundreds of others are still monetizing through Google’s platform.

Every single one of these sites has been determined by NewsGuard to “severely violate basic journalistic standards” because they “repeatedly publish false content, use deceptive headlines, obscure ownership and sources of financing, etc.” 

Google enables all of these sites to make money but will not work with Salty because sometimes the articles talk about sex, dating, and trans bodies. 

Fitzsimmons says they have also been rejected from MediaMath and The She Network.

“It’s so odd. There’s money on the table.”

Salty has found advertising partners that would like to place ads — if they could. However, the advertisers still require Salty to have Google’s infrastructure for a direct advertising deal to go through. 

“It’s the easiest commercial transaction. I don't understand why that’s so difficult. It makes first party ad sales almost impossible for us,” says Fitzsimmons.

This really only leaves one option: Salty has to put their limited resources towards building direct relationships with brands. For the community-focused business Fitzsimmons wants to build, direct partnerships are the best for Salty anyway. But these things take time, and they don’t get the ongoing cashflow that other media outlets enjoy.

“There’s an interconnection between all these different platforms that are working together to silence voices and publications like ours,” says Fitzsimmons. 

Salty is a media empire waiting to happen. The pieces are all in place. Fitzsimmons is a fearless and visionary leader. Salty’s team is packed with top creative directors from Condé Nast, Vice, Bustle and The Atlantic. They have partnership packages and a media kit ready to go.

“We could even make the ads. We could be a full service agency,” says Fitzsimmons.

Salty is building a powerful community of engaged, interested readers and contributors. Their content is fresh and unique. They are leaders in a growing movement about beauty, strength, and identity. If your brand covers those topics, it’s exactly the kind of place you want to be: with a smart and plugged-in audience drawn together by shared values and community. 

It’s easier to spread lies and hate than to run a trans-friendly media outlet

We hate to bring this up again, because Salty is an inspiration and it feels weird to put them in the same conversation as Stefan Molyneux, but let us make this last point: 

Until random readers flag white supremacists on tech platforms, they can monetize without raising flags from ad tech, payment platforms, and email clients. These tech platforms let eugenics enthusiasts make money and spread hate but they block Salty, a legitimate media hub for women, trans, and non-binary people.

So, what can marketers do?

  • If your brand would be a fit with Salty, they’re ready to build creative and give special treatment to direct sponsors

  • If your ad tech company will let Salty on, contact them and also let us know - we’ll mention this in the next newsletter. 

  • Check your ads! Is your ad budget funding hate and disinformation online? Check through your site list. If you need help with this, contact us.

Thanks for reading,

Nandini and Claire

Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin.

Loading more posts…