Posted by Sam Engel in BrandVerity
09 Apr 2014
You may have heard about the Heartbleed OpenSSL vulnerability in the news. This particular vulnerability affected (and may still affect) approximately 70% of the websites on the Internet, BrandVerity included.
While the vulnerability is serious, at no point did it expose any underlying BrandVerity servers or stored data – an attacker could have exposed ‘data in transit’ during the vulnerability window and most likely only if they had access to a segment of the network between your computer and BrandVerity (such as on an open wifi connection or its equivalent).
The vulnerability was resolved early Tuesday morning and we had issued new encryption certificates later in the afternoon. We believe the likelihood that you were at all impacted through BrandVerity is very, very low. However, we wanted to provide a complete background for those interested in understanding the impact of the vulnerability and how we have handled it. We hope this may help you handle other sites that could still be vulnerable.
In all likelihood, this did not affect your account with BrandVerity at all. There’s a slim chance that an attacker could potentially have captured data that traveled to or from our server during a brief 10.5 hour window Monday night. The data that could have been captured is similar to what an attacker on a shared WIFI network could capture when you use a non-SSL site.
You’ll also need to login the next time you access BrandVerity. We recommend changing your BrandVerity password to protect against the unlikely event that it was compromised. We would also recommend doing this for all SSL sites you use, including banks, social networking sites and so on and we describe in more detail steps you should take below.
Yes. We did some light testing of popular websites in the affiliate space and found some to be safe and others to still be vulnerable. Other sites, including banks, Facebook, and many others had similar exposure to us. Some, like us, have fixed this, but others remain vulnerable. You can check whether a site is still vulnerable with this Heartbleed testing tool.
It would be wise to avoid using that site until the Heartbleed testing tool (linked above) no longer shows a vulnerability. After that, you should wait until the site has re-keyed their SSL certificate (which we have already done), then change your password. If the site is still using an older certificate whose private key was captured, your new password could be captured as well. We hope that other sites will also send out emails like this to notify their customers that they have resolved the issue and re-keyed their certificates.
A much more in depth discussion and Q&A can be found at heartbleed.com, but in brief, the vulnerability allows an attacker to retrieve 64Kb of memory from webservers that use OpenSSL. This memory might include, but is not limited to: usernames and passwords, session cookies, and certificate private keys. The memory dump an attacker can retrieve is a soup of data, which at 64Kb will not be all of the server memory. However, with enough effort and luck the aforementioned security elements could be extracted. As an example, security researchers have demonstrated retrieval of usernames and passwords from Yahoo Mail.
The Heartbleed vulnerability has existed in the wild for over 2 years, but had not been broadly discovered and disclosed until yesterday (17:30 UTC April 7th) in an OpenSSL vulnerability announcement. While it is possible that a very small and secretive group of attackers were exploiting the vulnerability before, we think this is unlikely and that for practical purposes the vulnerability began with this announcement.
We use an Amazon EC2 Elastic Load Balancer to provide our SSL encryption, and Amazon Web Services acted quickly to remove the vulnerability. When we tested at 04:00 UTC April 8th, we were no longer vulnerable. Thus, we expect that we were vulnerable for at most 10.5 hours after the vulnerability announcement. By 11:15 UTC April 8th, we had re-keyed our SSL certificate so that if our private key had been previously exposed, it could no longer be used to decrypt traffic.
We have chosen to use SSL for all communications, and it is worth noting that in many ways this vulnerability in an SSL server is very similar to simply using a non-SSL site. The data sent between your browser and the non-SSL webserver is unencrypted and can be intercepted by anyone with access to the network. The most obvious threats would be when you connect on a public network, such as at a coffee shop. See our earlier post for more information on vulnerabilities of non-SSL sites, and why sites should use always-on SSL. In our system we have an Amazon Web Services Elastic Load Balancer handling the SSL encryption rather than the webserver itself.
This is important because it makes our site less vulnerable than most. The exposed data is only on the load balancer, which only sees the traffic going across it, not the webserver’s internal data. This is why we make the comparison to using a coffee shop network, where another customer could “sniff” your traffic to the non-secured site.
Similarly, the only data that was vulnerable in our case was the data traveling across the load balancer as well as the data known to the load balancer, such as the encryption keys that the load balancer uses (including the private key). Most other webservers might also have exposed their internal data, but since ours is separated from our load balancer, it could not.
While we do not expect that any data was exposed from BrandVerity’s servers, the nature of the vulnerability makes it impossible to know for sure. Here are some important items that could have been exposed:
We would recommend changing all of your passwords for SSL (https) sites on the Internet, BrandVerity included. However, you should wait to do this until each website has re-keyed their SSL certificates. BrandVerity has already done this and it is now safe to change your password.
We believe it is very unlikely your password was exposed, but changing it ensures that if it was, no unauthorized access will be possible. This is also a good reminder to use different passwords on different websites – if your password was compromised on one site, an attacker could use it to gain access to another site.
If an attacker had captured session cookies, they could have logged in using the account associated with those cookies. This would be nearly an identical attack to the session-hijack vulnerabilities we identified in major affiliate networks and alerted the industry to several years ago.
We have expired our sessions so that any sessions that might have been captured during the vulnerability period cannot be reused. You will be prompted to log in again.
If an attacker used this vulnerability to capture a certificate private key, they could then decrypt captured traffic that had been encrypted with that key, or even impersonate BrandVerity on a network they controlled. This requires a Man-in-the-middle Attack in which the attacker needs to have access to your network. Capturing traffic requires access to the network, either because it is a public network, or because the attacker is inside your home network or corporate network.
We think this type of attack is unlikely in our case, because most of our customers are on private networks. Attackers on public networks likely wouldn’t see enough people accessing BrandVerity to make an attack interesting (as opposed to Facebook, for example, where there would be many users on a given public network).
A vulnerability as significant as Heartbleed doesn’t come around very often, but when it does it demands immediate attention. While we at BrandVerity feel it is highly unlikely that you were at all impacted, we felt it was critical to share our process and experience with you as soon as possible. We expect that the effects of this vulnerability will reverberate through the online community in the days and weeks to come, and we hope that this message has helped you understand the impact of the issue and actions you can take to protect your data.
It’s always hard to fully take in everything from a conference. There are so many people to meet, conversations to have, and things to learn, that it can be tough to retain everything. That’s why I always try to jot down some notes at the end of each day—just to keep reminders about what I learned and what happened over the course of the day. Here are some of the key points I remember from the recent Affiliate Management Days in San Francisco.
It was great to hear thought leaders like Brian Littleton, Brooke Schaaf, Robert Glazer, and others talking about hot button affiliate management topics. In particular, I remember a very productive discussion about the evolution of affiliate marketing. Much like how cell network technology is classified into generations (3G, 4G, etc.), affiliate programs can be categorized similarly. Programs can be classified as 1.0, 2.0, or even 3.0, depending on the level of involvement and management concepts applied.
As the industry advances, we are seeing the newest generation of affiliate programs shifting to more advanced forms of attribution, commission structures, and compliance. From my perspective, that is great to see. When affiliates are appropriately rewarded for the value they add, the industry benefits overall.
One of the things that really jumped out to me was the conference’s attention to industry education. There are some very complex challenges that the affiliate industry faces—so I loved hearing the different perspectives from network heads and agency leaders. I recall Chad Waite of AvantLink providing some rather interesting data about affiliate touch points during the sales cycle. His data truly highlighted the complexity of the affiliate channel. On average, the first affiliate touch point comes roughly 55 hours before the final purchase. On top of that, the average sale often involves multiple affiliates.
For me, this reinforced the need for transparency in the affiliate channel. The more that a merchant knows about their affiliates and the value those affiliates provide, the better they can do in attributing sales and distributing the deserved commissions.
Of course, I also spent plenty of time networking as well. This particular group of attendees provoked some strong one-on-one talks. I was fortunate to have some engaging conversations with friends, clients, and new colleagues. The exciting thing about those conversations is that they spanned a great breadth of topics, everywhere from discussing FTC compliance with Rachel Hirsch of Ifrah Law to catching up with Chris Calkin from HasOffers.
BrandVerity is thrilled to announce the launch of Content Monitoring! We’ve been developing, testing and iterating on Content Monitoring for months now, so we’re happy to share this news. We think Content Monitoring will be a very useful tool for ensuring that the content on your affiliates’ and partners’ sites is compliant with your policies—streamlining your process and saving your team valuable time.
Content Monitoring automatically scours the web for offers and promotions related to a particular brand. Then, after collecting the relevant pages, it evaluates each page for compliance. Just like with our other services, you can develop customized monitoring rules based on your own policies. We’ve also weaved in some additional features to make your process even more efficient. Among these features are: active discovery of previously unknown pages, detection of in-page changes, and storage of all the relevant supporting details.
Through our development process, we’ve continued to adapt and refine the service to match the needs of various users. Here are some examples of use cases that have been tested:
How well are your marketing partners representing your offers and promotions? Now you can ensure that the details available on affiliates’ and partners’ sites accurately reflect your offers and your brand.
Whether it’s an intentional attempt to delude customers or a case of something accidentally being misread, there can be serious repercussions from any misleading language on your partners’ sites. It’s beneficial to deal with phantom guarantees, omitted restrictions, invented discounts and other promises before they circle back to the brand.
In what context does your brand appear on marketing partners’ sites? What language do your marketing partners’ use about your brand? With Content Monitoring, you can prevent your partners from representing you in inappropriate ways.
When a prospective customer sees an old offer on a partner’s site, they’re in for a negative experience once they find out that the deal no longer exists. With Content Monitoring, you can prevent outdated offers from staying up on your partners’ sites.
We look forward to an intense iteration cycle following the launch of Content Monitoring, and welcome you to try a demo of the service and provide your feedback. To get started, feel free to send us a note here, reach out to someone from our team directly, or email firstname.lastname@example.org. We’d be happy to show you what Content Monitoring can do!
06 Mar 2014
We’re excited to announce the launch of our new custom processes with Google and Bing! These processes enable us to provide feedback directly from the search engines about the status of your trademark complaints, giving you better visibility into your results whenever you report a trademark violation through our system. Our hope is that these new improvements will make it easier than ever to protect your brand from third-party trademark abusers in paid search.
Here’s a quick rundown of what’s included with the update:
One of the most frustrating things about sending a trademark complaint to the search engines is not knowing what happens to your request. Now, with this feedback from the support teams at Google and Bing, you’ll receive confirmation when a trademark violation has been taken down. This will be reflected with a “Taken Down” icon in our reports.
In the event that the engines decide not to take the ad down, you’ll get a response from them explaining why they’re still allowing the ad to run. These responses can provide some useful insights to help shape your future requests, getting you better results in the long run.
These enhancements extend to the other engines in Google and Bing’s respective search networks. That means we’ll collect feedback for any trademark violations you report appearing on Google, Bing, Yahoo, AOL, and Ask.
We also group the trademark complaints by search network. Complaints about ads that appear on Google, AOL and Ask are routed to Google’s Advertising Legal Support Team. Complaints about ads appearing on Bing and Yahoo are routed to representatives from the Yahoo Bing Network. One added benefit to this is that an ad will get removed on all the related engines—even if we only caught it appearing on one.
We already store copies of all the complaint letters you send through the BrandVerity interface. Now, we’ll also store the responses that you receive from the search engines. We collect this in one place and thread the messages together, making it easy to check the status of your trademark complaints—whether you sent them yesterday or a year ago.
We’ve already launched our custom process with Google and its search partners globally. That means this feedback is available for trademark violations appearing in any of the countries that we search from around the world. Our process with the Yahoo Bing Network has been rolled out for ads appearing in the United States and Canada, but we’ll look to expand that coverage soon.
Brands who use our Send to Engine tool are already experiencing solid success rates and collecting valuable feedback. If you aren’t using the tool yet, we certainly encourage you to join them and start protecting your brand from third-party trademark abuse. Feel free to reach out to us and we’ll help you get started.
Posted by Sam Engel in Affiliate Tactics
27 Feb 2014
The Oscars are fast-approaching and will air this Sunday, March 2nd. Web searches for related terms tend to spike in the days leading up to the show, and this year seems to be no exception. Just check out this Google Trends graph and you can see the uptick starting to form.
So, noting the influence that The Oscars have on searches, we decided to start some monitoring and follow up on our post from last year. The ads probably haven’t hit their peak yet, but we’ve already found a particularly interesting example that we wanted to share. Here’s an ad that we found showing up on Bing:
Initially, we suspected that the ad would take you over to a toolbar download page or illegal streaming site populated with ads. We typically encounter sites promoting the “Television Fanatic” toolbar and the “Bring Me Sports” toolbar on these types of searches. We also find advertising-heavy sites that are hungry for pageviews.
But in this case, the ad actually takes you to a sparse landing page with some generic copy about watching the awards online. The page seems to be centered around two basic calls to action—a somewhat spammy text link and an image link that mimics a video play button. The landing page is actually just the site’s homepage, so you can check it out here. If you’d rather not give their site any traffic, here’s a screenshot of the landing page:
It’s worth taking a moment to inspect the image link a little more. First off, it’s made to appear as though it’s a video embed. (In fact, it actually looks quite a bit like the design that ESPN once used for its WatchESPN service back when it was called ESPN 360.) If you came to the site expecting an actual video stream, you’d probably go right for that link—much to your disappointment.
What’s more misleading is that this ad started appearing on February 24th, a full 6 days before The Oscars. So, let’s say a searcher types “Oscars” into Bing, unsure of when the show is actually going to air, and then clicks on LiveOscarsStream.com’s ad. They then click on what looks like an embedded video stream—only to be taken elsewhere.
So, where does that click bring the visitor? If you test any of the page’s links, you’ll be taken to a signup page on the site. The signup page actually uses the HTML “frame” tag to load in a payment form hosted by the affiliate network. Instead of a video, you get asked for your credit card. That’s not a great experience.
There are two sides to this issue: A) Is this something the merchant allows? and B) Is this something that the search engines allow? Based on last year’s analysis, the answer to the latter is almost certainly “No.” So we’ll focus on the answer to A.
What’s the merchant’s stance here? While the affiliate’s tactics are unsavory, none of that matters if the merchant permits them. We decided to check into the merchant’s policies and see what position they take. Here’s the most relevant passage we found:
(f) You will not use the names, trademarks and/or logos of content providers, including but not limited to broadcast or cable television channels (e.g., ABC, CBS, FOX, TBS, AMC) or movie channels (e.g., HBO, SHOWTIME), or the name, titles, trademarks and/or logos of programs, including sporting events, teams, and their owners (e.g., NFL, MLB, NBA) (collectively, “Prohibited Terms”).
It seems that The Oscars would fit into the “programs” part of the passage. And although it’s never good to see examples of affiliate non-compliance, the merchant’s foresight is definitely a positive here. At least they’re anticipating the ways that an affiliate could mislead customers.
Interestingly, after checking DomainTools to learn more about the affiliate’s site, we learned that the site has only been around since last Friday. It was created on February 21st of this year, so it seems to have been made purely for the purpose of poaching traffic and manufacturing illegitimate commissions.
It wouldn’t be surprising to see a set of similar sites pop up over the next few days. We’ll make sure to continue monitoring the terms and update this post if we find any new ones engaging in these tactics.
Valentine’s Day sure seems to bring out the creativity from paid search teams. Maybe it’s easier to stand out when so many advertisers are using the traditional jewelry and chocolates narratives, or perhaps it’s just fun to manufacture relevance to the topic of love.
Either way, after monitoring a set of Valentine’s Day keywords over the past week, we felt the need to share some of our favorite ads. Here are our top 8, in no particular order:
Does your significant other have spartan tastes? If so, you might want to cut the sappy stuff and grab him a “Mancrate”—a kit packed with manly goodies such as beef jerky, beer paraphernalia, or knives.
Out of ideas? Let your loved one get something for him or herself! Western Union seems to be offering a free transfer fee in the UK today.
If you’re still searching for that special someone, you’re free to stop by Culinary Dropout’s Singles Awareness Day event (AKA “SAD”). Is this a viable option, or is it just mean?
Perhaps it’s comforting to know that Mario or Princess Peach will always appreciate you?
What guy wouldn’t want to smell “Dangerously Sophisticated”? The only question is whether the colognes are shaken or stirred.
It’s not so much the ad that makes this great, but the offer itself. M&M’s will let you make a personalized set of candies to celebrate with your Valentine, which we think is pretty cool.
I don’t know what to say other than that I love the sassy copy of this ad.
We’re not trying to be gender biased here, we promise. It just so happens that there were far more absurd ads promoting gifts for men. As if the Mancrates and 007 Fragrances weren’t plenty, here comes the Popcorn Factory with its bacon popcorn. It almost seems that most of the bacon sold these days is for novelty purposes.
If you saw any humorous Valentine’s Day ads in the wild, we’d love to hear about them.
This year’s Super Bowl broke a record for online streaming. More people than ever chose to watch the game online, with an average of 528,000 devices tuning into Fox’s online broadcast each minute.
Similarly, the demand for a live stream of the Super Bowl seemed to skyrocket this year. The volume of streaming-related searches increased about five-fold on Google. Check out this Google Trends graph for the keyword “super bowl stream”. There’s a huge spike in February 2014—overshadowing everything from previous years.
So what were all these searchers finding on their SERPs? In the time leading up to Super Bowl 48, we monitored a variety of keywords related to watching the game online. Among the results, we found a number of ads promoting illegal streams of the game. Here’s a screenshot from one of our tests that includes three questionable ads right at the top.
These domain names should immediately raise some red flags. Forced keywords and a plethora of hyphens are not exactly the makings of a trustworthy site. It’s also worth noting that the third ad’s copy uses a zero instead of an “o” in “Super Bowl”. That’s a common tactic that malicious advertisers use to avoid getting flagged for trademark abuse.
As I moved to these ads’ landing pages, I found even more cause for concern. Here’s the destination of the first ad from the SERP:
Why would I have to download a toolbar to watch the video stream? Is a toolbar even capable of that? My guess is that the toolbar has no live stream functionality at all. The site is probably just making whatever case it can to get the toolbar downloaded. If a visitor is desperate or in a rush, this might be enough to motivate an install. And if the site is getting paid for each of those installs, that’s all it needs to care about.
By conducting a quick search for the the “BringMeSports toolbar”, you’ll find that the majority of people are looking for a way to uninstall it. This indicates that its promotional tactics are misleading or downright deceptive. Most users were probably duped into downloading it in the first place. Of course, some of that may be due to aggressive software bundling or another practice. But based on what we see here, I imagine that paid search abuse is at least a partial culprit.
As streaming becomes more and more popular, we expect this abuse to grow. More searches mean more opportunities for malicious advertisers to grab traffic. Furthermore, the search engines can’t be expected to police this. There are plenty of legitimate ways for a third-party advertiser to use “Super Bowl” in their ad copy (for example, sellers of Super Bowl merchandise or an informational site on the history of the Super Bowl).
Fortunately, there are definitely ways to combat such abuse. The ads we saw were in clear violation of the search engines’ trademark policies—and most likely their editorial policies as well. By proactively monitoring for these types of terms, a brand owner would be able to report these violations and get the offending ads taken down. As fans of the Super Bowl, we hope the NFL takes steps to combat this abuse next year!
29 Jan 2014
Yahoo made an interesting move a few years ago by introducing branded favicons for certain paid listings. The concept made a lot of sense at the time (and to this day). Not only would the new visual element encourage clicks—it would also add a level of trust for the searcher. Considering the potential for brand confusion with search ads (via tactics like ad hijacking, search arbitrage, and various other forms of trademark abuse), this was a win-win for brands and consumers alike. Brands could make themselves stand out. Consumers could be assured that they were heading to their intended destination.
Eventually these ads became known as Rich Ads in Search. A number of formats were added, and in 2012 they were expanded to Bing search as well. These new formats include additional features such as deeplinks, images and even video. All of them follow the same core principle: create additional brand authority on the SERP. Overall, that’s great for brands. But what happens when an affiliate takes over and hijacks a brand with these Rich Ads? Here’s an example we found on Yahoo of an affiliate directly linking to a merchant’s site using Rich Ads:
In this case, the extra branding on the SERP has a negative impact for the merchant. By attracting more attention to the ad (and likely more clicks), the affiliate can skim away extra commissions on these searches. What was originally intended to improve the brand’s presence in PPC is actually being used against it!
The affiliate seems to be specifically targeting variations of the brand’s domain name. Compare the affiliate ad from above with the brand’s actual ad below:
A few differences immediately jump out. First off, the brand’s ad includes deeplinks. It’s unclear why the affiliate would pass these up—but it’s certainly possible that they simply haven’t updated their ad in a while. After all, the second obvious difference between the two ads doesn’t suggest much attention to detail. The affiliate’s ad copy touts a “00% Satisfaction Guarantee” (not exactly the world’s most enticing offer) as opposed to the “Quality Gift Baskets from $24.99″ that the brand itself promotes.
You can test this out yourself by swinging over to Yahoo and searching for “Gourmet Gift Baskets” and then for “gourmetgiftbaskets.com”. The first search should show the brand’s ad. The second search should show the affiliate’s ad, complete with the “00% Satisfaction Guarantee” copy.
Although it may be tempting to make snide remarks about the error, I think it’s actually more interesting to consider what issues this ad could pose without the typo. Sure, 0% satisfaction doesn’t reflect very well on the brand. But what if it had indeed said 100% and a customer decided to take them up on it? While in this case the brand actually supports such an offer, this could really start to get ugly if they didn’t. The brand would potentially be on the hook for a guarantee that they never promised.
When Bing rolled out Rich Ads in Search (RAIS), it limited them to a subset of premium advertisers. That restriction alone should be enough to prevent affiliate hijackers from abusing brands via RAIS. Notably, we didn’t find any Rich Ad hijacks for this particular brand on Bing. But on Yahoo, it seems that we have a very different story (barring the unlikely possibility of this affiliate being a premium advertiser).
If you were under the impression that Rich Ads were handled the same way on Yahoo as they are on Bing (an assumption which I mistakenly made), this is some unfortunate news. Yahoo is not safe from RAIS-based abuse. Furthermore, if Bing follows suit with Yahoo and opens them up to all accounts, we could really start to see some rampant abuse. After all, Rich Ads must be quite attractive for affiliate hijackers. They increase brand recognition and encourage additional clickthrough, drawing free organic clicks away from the brand and enabling a blackhat to insert their affiliate link in the process.
Posted by Sam Engel in affiliate marketing
22 Jan 2014
2013 brought a number of interesting twists and turns for the affiliate marketing industry. We experienced the abrupt shutdown of the Google Affiliate Network, some tough new questions to answer about disclosure, and even a public denigration of the entire industry as a “scam”.
On the flipside, there were significant steps towards industry progress. More people started to rethink attribution, including Affiliate Window in their whitepaper and RhinoFish on Acceleration Partners’ blog. We also saw some ground re-gained in the affiliate Nexus Tax struggle, with the Illinois Supreme Court ruling that such a law was unconstitutional.
We’re excited as we look ahead to what the industry can accomplish in 2014. Important values such as transparency and accountability are becoming a great emphasis across the world of affiliate marketing. This was apparent to us during Affiliate Summit at the Pinnacle Awards, with accolades going to some outstanding individuals and companies who exhibit integrity and dedication to the industry’s advancement. We at BrandVerity are honored to be recognized among them.
To collect some industry focal points for 2014, we caught up with several of our fellow Pinnacle Award recipients. We asked each to respond to the question “What do you want to see the industry accomplish in 2014?” We appreciate their answers, and once again would like to extend our congratulations to all the Pinnacle Award winners!
“I want a greater awareness of ethics, standards and practices among affiliate program managers. We need to protect the interests of the merchants and the affiliates, while delivering as many new profitable customers as possible.” -Greg Hoffman, Greg Hoffman Consulting
“I would like to see the affiliate industry bridge the gap with bloggers and other content generators in 2014. I think that this will require the networks to develop tools that meet the content generators where they are comfortable—in their WordPress or other CMS dashboards, and using other tools that make it easy for content generators to quickly and easily share affiliate links to specific products or pages to their blogs or to social media followers.” -Wade Tonkin, Fanatics
“I’d like to see more transparency. For all networks, sub-affiliates and tools to provide an easy-to-use interface for program managers to see exactly who and how they are promoting said merchant’s offers. That would help with identifying unethical folks and better rewarding value add partners.
It would also be great to have a positive resolution to the “advertising tax” issue so any affiliate partner can work with any merchant.” -Kush Abdulloev, VMInnovations
By and large, their responses reinforce our optimism in the industry’s outlook for 2014. There are a number of hurdles to overcome, of course. But overall we see the industry converging on transparency, an improved public image, and a clearer value add.
We’re incredibly honored to be chosen as the Service of the Year for the second year running. From everyone on the BrandVerity team, thanks for your support!
07 Jan 2014
Outside of the typical affiliate scenarios, there are plenty of other cases where marketing partnerships can run into brand bidding issues. Whether it’s hotels and OTAs, product manufacturers and retailers, or brands and franchisees, there’s really no perfect answer. Some brands may welcome it as a means of dominating the search results—others might consider a form of brand poaching. Regardless, I figured I’d call attention to a new example of partner bidding that I noticed over the weekend.
I happened upon this while conducting some research about ISPs in my area. Right now I’m preparing to switch to a new internet provider, so my research included a fair number of branded search terms. When I searched for “CenturyLink internet”, I found a few interesting results:
At first glance, the top ad seems like it was placed by CenturyLink itself. After all, it includes the brand name right in the URL. However, further inspection reveals that this is not the case. If you look up “buycenturylink.com” in DomainTools, you’ll see “Domains By Proxy” as the domain’s owner. By comparison, other domains with CenturyLink in their name (such as centurylink.com) return “CenturyLink, Inc.” in their WhoIs records. Furthermore, the ad in question leads to this landing page:
Notice the “Authorized Sales Agent” text below the CenturyLink logo. Despite how much buycenturylink.com looks like CenturyLink’s official site, it’s a separate entity. The same “Authorized Sales Agent” artwork also appears on usdsl.com—the other advertiser I highlighted in my search results screenshot—as well as on usbundles.com (another advertiser I found).
I can’t be sure whether these particular examples would count as violations of CenturyLink’s partner program. These sites may be well within the terms of their agreements. However, coming from the customer side of this experience, I have to say I was a bit confused. I wanted to go directly to the brand, and the ads didn’t make that pathway very clear. The experience left me wondering: at what point do partners, resellers or affiliate ads on the SERP create more friction than value?