Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Policing ads and 3rd party content at scale on media sites

508 Aufrufe

Veröffentlicht am

Billy Hoffman from Rigor explains how to audit ads and other 3PC for performance problems and other best practice violations

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Policing ads and 3rd party content at scale on media sites

  1. 1. Engineering By Billy Hoffman, Director of Product Policing ads and 3rd party content at scale on media sites billy.hoffman@rigor.com @zoompf
  2. 2. Who Am I? • Automated analysis and detection of performance issues • Founder of Zoompf • Former web security researcher and pentester
  3. 3. 3PC: A Traditional Approach • “Can’t control it” • “It has to be there” • “I know, I know, it’s so terribly bad” • “I don’t even want to see it”
  4. 4. Landscape of Modern Ads
  5. 5. The times they are a’changing • Ad blockers • Parallel platforms a. Google’s AMP b. Facebook Instant Articles
  6. 6. Landscape of Modern Ads • Ad Inventory • Direct Ads Sales • Programmatic Ads • Ad networks (Adx, Appnexus) • [tag] -> ad appears
  7. 7. Landscape of Modern Ads • 1 IFrame per ad a. Async b. Each fires own trackers c. Reuse can be poor • Ads run for fixed impressions a. Then you go into remnants
  8. 8. Landscape of Modern Ads • No idea what an exchange will give you ahead of time • Set Polices (video, audio) • Bad stuff still slips through • Different ads among people/geos
  9. 9. “We don’t have 1 page load. We have our page load, and then 3-6 separate mini payloads from ads.”
  10. 10. “Sub” loads/Waterwalls
  11. 11. Main Goals 1. Ad Performance Problems 1. Ads doing shady stuff
  12. 12. (Full) Waterfalls are not helpful
  13. 13. Load Graphs • Build DAG – Referrers, initiators • Visualize dependencies
  14. 14. Ad Performance Problems 1. Weight of resources 2. Redirects 3. Head of Line blocking 4. Rendering issues 5. Quality Issues
  15. 15. Party like it’s 2006
  16. 16. OMG and the creative!
  17. 17. Gotchas 1. Caching a. Can’t update the inclusion markup 2. Using/not using CDN a. Beacons don’t go to edge servers 3. JS Reuse a. “Why are we loading jQuery 3 times?” 4. Inlining JS that’s not inlinable
  18. 18. Aside: What are you loading?
  19. 19. Aside: Do 3PC Audit 1. Inventory of what’s on your site 2. Define who can add a tag 3. Master list or Repository? 4. Use a tag manager?
  20. 20. Ads Being Shady 1. Breaking out of frames 2. Opening new tabs 3. Redirecting to app stores (2 tricks) 4. Sending you to sketchy places
  21. 21. Demo
  22. 22. AdInspect 1. PhantomJS script 2. Produces custom HARs 3. Finds bad/shady stuff github.com/acidus99
  23. 23. Malware
  24. 24. Catching (Possible) Badness • Malware, Phishing, Unwanted Downloads • Free! • Local & Remote Options • 10K lookups/day
  25. 25. Next Generation Stuff 1. Does the ad actually render? 2. Rendering outside of containers? 3. IAB Compliance 4. Clickthrough testing? 5. Leveraging RUM?
  26. 26. Take Aways 1. You can’t ignore 3PC/Ads 2. Find the needle in the Haystack, then audit that 3. Typical frontend analysis works* 4. Shady things are more common then you think

×