Google
 

Re: New ad server system

From: Zak Power <zak_at_hackers-for-hire.com>
Date: Thu 12 Oct 2000 14:51:32 -0500

PHILIP MAK <mfraser_at_seas.gwu.edu> WROTE:
> Speaking of timeout factors...
>
> Having used several ad companies, I have general
> complaints about the quality of their user interface
> (for publishers to check their stats). Here are some
> things that stuck in my mind. All of these are somewhat
> trivial, but it would make my life easier if they were
> fixed. I think I am more picky than the average user,
> but anything that I am picky about would probably annoy
> some other people as well.

Oh, this is pure gold! We have an interface development
phase coming up. This is all going in the spec!

> [Offender: Advertising.com, Everyone.net]
> - Session timeouts. Advertising.com and Everyone.net,
> for example, make me re-login every hour. At one point,
> Advertising.com even had a meta refresh on their page
> to automatically clear it after one hour. To me, this
> is just an annoyance. I suppose some publishers would
> be accessing their accounts from public computers, so
> maybe a configurable timeout (like Yahoo! Mail has)
> would be good.

I personally think cookies are lame. I never agree to
use "intrusive" merchanisms like this. And they are
totally not secure. Even HTTPS is just "pretty secure"
I think. If somebody is going to that length to break
in to your ad server as to start sniffing user keys
etc... then some more advanced defenses are needed.

HTTPS is good and we always would prefer it, but there
should be other options - like for Lynx! The Clients
can't all support SSL, some may not even be allowed to
use SSL!

We are using a SHA-hashed user key right now, so that
no keys are stored on the system (thus they're
unrecoverable). I was thinking of using a combination
of values to generate "session keys" also for increased
security - but have not decided on which items to use.
An example might be the browser type of the user. So
when the user enters the key (which could still be
sniffed after all unless generated client-side which
requires Java, another intrusive technology), the
session key is good only for that exact browser,
account name, IP block etc. That's still not as nice as
HTTPS encryption end-to-end, but I think we can't push
security too hard here, or it makes the systems
unusable.

I think we'll end up relying on the SHA hashed key
using multiple values including browser type and IP.
Then a compromised key cannot be abused except from
that particular IP. I think that'd be acceptable and be
"secure enough" for our needs.

You should be able to leave a browser window open on
your statistics and leave it there forever.

One thing we're doing is having a daily by-email report
generated. We find most users just need to "check in",
unless they're actively configuring things. And you can
run a command from the command-line to get neccessary
information in HTML or ASCII form.

Arbitrary expiration of the session keys is lame too, I
don't like that. It's just a lame way to try and
increase the security of the cookies (which can still
get easily sniffed, spoofed and abused).

> [Offender: Everyone.net]
> - Requiring too many clicks to get to my stats. I have
> to login, then click on "Plug-In AdSales", then "Online
> Reporting", then "Generate Report" after logging in
> before I can see them.

So far we've tried to merge the STATISTICS and
CONFIGURATION aspects together. So that you see the
decision-making data right there with your controls.
The first thing a user sees when he logs in is a list
of channels.

After log-in :

http://development.web.zencor.org/beserved/BEServeD.display.controls.JPEG

Selected a content set :

http://development.web.zencor.org/beserved/BEServeD.display.set.JPEG

Checking summary statistics :
http://development.web.zencor.org/beserved/BEServeD.display.statistics.JPEG

> [Offender: ClearBlueMedia.com]
> - SSL requirement. It is impossible to check your stats
> without using the https:// URL. Sometimes I like to be
> able to use lynx to view my stats when I am at the old
> SunOS boxes at the university that run Netscape too
> slowly.

Hmm, it's secure though. What I would probably do is
arrange that on a per-client basis. Say that you're not
responsible for abuse by clients not using SSL, etc.
But give them the option not to use HTTPS...

> [Offender: Advertising.com, SearchTraffic.com]
> - Popups on the page. They use popups for
> announcements. I think they should just put the
> announcements on the page, at the top, in bold red
> letters (not blinking!).

The spam should be a visual complement to the ad server
system! Pop-ups though, ick... ;)

> [Offender: ClickFinders.com]
> - Use of unnecessary graphics that slow things down.
> Here's a screenshot of what I mean:
> http://www.aaanime.net/~pmak/wait.gif In this example,
> they could have just used text for the menu options.
> But they used a lot of graphics, so I have to wait for
> them to load to be able to see which button does what!
> (One question to ask would be, WHAT BENEFIT does using
> decorative graphics give? I would conjecture that
> publishers are serious-minded people logging in to see
> how much money they made; not to look at the pretty
> pictures.)

Hmm! Absolutely. I think right now we are guilty of
using a lot of textures and weird stuff. But it's
configurable not to use them... besides the textures
there are only the icons, which are 32 x 32 pixels
currently, only tiny little things that can be cached.
A few text titles but only one per screen, not 12 or so
like in that pic.

> [Offender: ClearBlueMedia.com,
> ClickFinders.com] > - It should be possible to see
> an entire month's stats all on the same page,
> broken down day by day showing the important things
> like page views served, CPM, CPC, CTR, etc.

See attached pic, ours dumps ALL the data to you, we'll
be doing time-slice reporting shortly! ;)

> [Offender: ClickFinders.com, SearchTraffic.com]
> - It should be possible to see the statistics for
> individual websites that are on the same publisher
> account, not just the aggregate statistics of all
> of them.

Ours has a hard-coded list of "super-users" which can
travel throughout accounts. It looks the same as if the
user had logged in except there's a super-user tool-bar
at the bottom for things like changing commission
rates, etc. You can click "next account", etc... and
view / configure. This will need to get developed more
to permit configuration of what users can and can't do
(sometimes you want them to see statistics but not
modify content, sometimes vise-versa I gather)...

Zak Power / ZENCOR
http://www.hackers-for-hire.com/~zak
(800)-759-9826 / (416)-820-3304





Received on Thu Oct 12 2000 - 14:51:32 CDT


HOW TO JOIN THE ONLINE ADVERTISING DISCUSSION LIST

With an archive of more than 14,000 postings, since 1996 the Online Advertising Discussion List has been the Internet's leading forum focused on professional discussion of online advertising and online media buying and selling strategies, results, studies, tools, and media coverage. If you wish to join the discussion list, please use this link to sign up on the home page of the Online Advertising Discussion List.

 


Online Advertising Industry Leaders:

Local SEO with Video
Houston SEO
Houston Web Design

Add your company...

Local SEO with Video
 



 


 
Online Advertising Discussion List Archives: 2003 - Present
Online Advertising Discussion List Archives: 2001 - 2002
Online Advertising Discussion List Archives: 1999 - 2000
Online Advertising Discussion List Archives: 1996 - 1998

Online Advertising Home | Guidelines | Conferences | Testimonials | Contact Us | Sponsorship | Resources
Site Access and Use Policy | Privacy Policy

 
2323 Clear Lake City Blvd., Suite 180-139, Houston, TX 77062-8120
Phone: 281-480-6300
 
Copyright 1996-2007 The Online Advertising Discussion List, a division of ADASTRO Incorporated.
All Rights Reserved.