Web metrics
Many ways to skin a cat
Nov 29th 2007 | SAN FRANCISCO
From The Economist print edition
Such a lot of data, so little information
IMAGINE you are an advertiser, you want to place your banners on the most popular website, and you want to know how much to pay. Globally, the leading site is Google, which has the most “page views”. Or is it Microsoft, whose various sites have, in the jargon, the most “time spent”? Or should you go by unique users, duration, hits, click-through, impressions, queries, sessions, streams, or engagement? Whether or not there is truth in advertising, there is certainly none for online advertisers, at least none that is immediately obvious and simple. Bob Ivins, who is in charge of all non-American business for comScore, a big web-measurement firm, says that the web produces data as “a fire-hose shoots water”, and that working out what those data mean is rather like “putting a straw into the fire hose to take a sip”. Get the angle even slightly wrong, and you are blown away.
Take, for instance, the case of page views, the most widely used measure for much of the past decade. It is the number of times web surfers call up web pages on a given site. Page views became popular in the late 1990s, because they were far superior to the existing measure of “hits”, also known as “file requests”. Hits are confusing because every graphic on a page, as well as the page itself, counts as a hit. If a site owner puts more graphics on his pages, he gets more hits, even if visitors, clicks and everything else stay the same. “We produced hits numbers because we could, not because it was useful,” says one old-timer in the industry.
By comparison, page views do actually mean something, and are easy to comprehend by analogy to the offline world to boot—many advertisers are still used to counting pagination in magazines. So everybody started paying attention to page views. But then something odd happened. Page views at certain kinds of websites, especially the more sophisticated sort, began to decline, even though the site appeared otherwise healthy and popular.
The explanation has to do with “Web 2.0”, and more specifically with a constituent technology called “asynchronous JavaScript and XML”, or AJAX. This is a method that lets web pages update parts of themselves—a share-price ticker or an e-mail inbox, say—without having to reload and redraw the rest of the page, resulting in web pages that behave less like documents and more like pieces of software. But this means that a user of an AJAX page, such as Yahoo! Mail or Yahoo! Finance, can spend the entire day working on the same page, and this activity counts as only a single page view.
Perhaps advertisers should therefore ditch page views in favour of “user sessions”, since that promises to count actual people, and show how many of them use a site. Except that it doesn't, because this measure counts browsers rather than humans. So 2m sessions could mean, theoretically, that 2m people visited a site once, that 1m people visited twice, or that one astonishing individual visited 2m times. People tend to check their favourite pages in the office, at home, and even from their mobile phones, which leads to an overestimate of the number of users. Conversely, sometimes several people watch YouTube clips when gathered around the same screen, which leads to an underestimate of the number of users. Nobody looking at user sessions would ever know.
As websites, and especially those using AJAX, become more interactive, advertisers are therefore interested in other measures. “Duration” and “time spent”, for instance, suggest how long one or more people were interacting with a page, which in turn hints at how “engaged”, or alert, they were. Using these criteria, social-networking sites such as Facebook and MySpace (part of Fox Interactive Media in the chart) suddenly look attractive.
In the old days of traditional media, measures may have been simpler, but they were also dumber, says Randall Rothenberg, the boss of the Interactive Advertising Bureau, a trade association. In broadcast television or radio, firms such as Nielsen or Arbitron traditionally give gadgets to samples of volunteers that measure what their televisions or radios are tuned to; or they ask people to fill out diaries describing their reading, listening and viewing habits. Both methods produce notoriously unreliable estimates.
The web is an open book compared with those old media. Search advertisements, the text links on the results pages of search engines, charge advertisers only when a user actually clicks, thus expressing an interest. “Pre-roll” advertisements that run at the start of a web video report back exactly how many times they were viewed. But when it comes to banner advertising, says Mr Rothenberg, advertisers just have to consider all these new measures as they would a pointillist painting by George Seurat: looking at one dot is no fun; taking them all in can be rewarding.
mardi 4 décembre 2007
One of the world’s most prominent cryptographers issued a warning on Friday
SAN FRANCISCO, Nov. 16 — One of the world’s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk.
Skip to next paragraph
Gabriel Bouys/Agence France-Presse — Getty Images
Adi Shamir, a cryptographer and professor in Israel.
Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.
Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote.
A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.
Using this approach, a message can be scrambled using a publicly known number and then unscrambled with a secret, privately held number.
The technology makes it possible for two people who have never met to exchange information securely, and it is the basis for all kinds of electronic transactions.
Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be “trivially broken with a single chosen message.”
Executing the attack would require only knowledge of the math flaw and the ability to send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
With this approach, “millions of PC’s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Mr. Shamir wrote.
The research note is significant, cryptographers said, in part because of Mr. Shamir’s role in designing the RSA public key algorithm, software that is widely used to protect e-commerce transactions from hackers.
“The remarkable thing about this note is that Adi Shamir is saying that RSA is potentially vulnerable,” said Jean-Jacques Quisquater, a professor and cryptographic researcher at the Université Catholique de Louvain in Belgium.
Mr. Shamir is the S in RSA; he, Ronald Rivest and Leonard Adleman developed it in 1977.
Because the exact workings of microprocessor chips are protected by laws governing trade secrets, it is difficult, if not impossible, to verify that they have been correctly designed, Mr. Shamir wrote.
“Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers,” he said, “there are many smaller manufacturers of microprocessors who may be less careful with their design.”
The class of problem that Mr. Shamir described has been deeply explored by cryptography experts, said Paul Kocher, who is president of Cryptography Research, a consulting and design firm in San Francisco. However, he added that it illustrated how small flaws could subvert even the strongest security.
An Intel spokesman noted that the flaw was a theoretical one and something that required a lot of contingencies.
“We appreciate these and we look at everything,” said George Alfs, an Intel spokesman.
In e-mail correspondence after he sent the note, Mr. Shamir said he had no evidence that anyone is using an attack like the one he described.
Skip to next paragraph
Gabriel Bouys/Agence France-Presse — Getty Images
Adi Shamir, a cryptographer and professor in Israel.
Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors.
Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel’s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft’s Excel spreadsheet program, he wrote.
A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography.
Using this approach, a message can be scrambled using a publicly known number and then unscrambled with a secret, privately held number.
The technology makes it possible for two people who have never met to exchange information securely, and it is the basis for all kinds of electronic transactions.
Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be “trivially broken with a single chosen message.”
Executing the attack would require only knowledge of the math flaw and the ability to send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
With this approach, “millions of PC’s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Mr. Shamir wrote.
The research note is significant, cryptographers said, in part because of Mr. Shamir’s role in designing the RSA public key algorithm, software that is widely used to protect e-commerce transactions from hackers.
“The remarkable thing about this note is that Adi Shamir is saying that RSA is potentially vulnerable,” said Jean-Jacques Quisquater, a professor and cryptographic researcher at the Université Catholique de Louvain in Belgium.
Mr. Shamir is the S in RSA; he, Ronald Rivest and Leonard Adleman developed it in 1977.
Because the exact workings of microprocessor chips are protected by laws governing trade secrets, it is difficult, if not impossible, to verify that they have been correctly designed, Mr. Shamir wrote.
“Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers,” he said, “there are many smaller manufacturers of microprocessors who may be less careful with their design.”
The class of problem that Mr. Shamir described has been deeply explored by cryptography experts, said Paul Kocher, who is president of Cryptography Research, a consulting and design firm in San Francisco. However, he added that it illustrated how small flaws could subvert even the strongest security.
An Intel spokesman noted that the flaw was a theoretical one and something that required a lot of contingencies.
“We appreciate these and we look at everything,” said George Alfs, an Intel spokesman.
In e-mail correspondence after he sent the note, Mr. Shamir said he had no evidence that anyone is using an attack like the one he described.
lundi 3 décembre 2007
Privacy is key to new social networking site, Kaioo
By Doreen Carvajal
Published: December 2, 2007
PARIS: As rebel cries go, Kaioo rolls off the tongue more like a yodel than a war whoop.
But the nonprofit organization - registered as a tax-exempt charity - is one of the newest members in the growing revolt against social networking sites that rummage through the personal information of members and turn it over to advertisers.
Kaioo, an invented name inspired by the Greek word for "you," is incubating a new sort of social network from a funky outpost of a former parking garage in Germany, which boasts some of the strictest data protection regulations in the world.
The founders pledge that its mission is to create an international haven from networks like Facebook and MySpace, where advertising and the sales pitch are becoming as elemental a social ritual as flirting. And Kaioo says all the profit it might make from limited advertising will be donated to charity.
"Users want to have an independent, democratic system that they feel is theirs," said Rolf Schmidt-Holtz, chief executive of the music giant Sony BMG, who is financing the initial start-up of Kaioo out of his own pocket with €500,000, or $730,000. "The biggest asset that we have is credibility and this platform can only grow if users feel that this is real and totally independent."
Today in Technology & Media
Small merchants gain large presence on Web
AP to reorganize work and accent multimedia
France leads crackdown to end illegal file sharing
The November start of its online network, www.kaioo.com, coincided with an autumn backlash against Facebook. The fast-growing social network last week bowed to a petition drive of thousands of users demanding easy controls to opt out of new behavior targeting systems that track their off-site shopping and enable advertisers to alert friends on their network about the purchases - essentially turning members into pitchmen.
In the United States, the Electronic Privacy Information Center and the Center for Digital Democracy are both preparing complaints about the practice for the Federal Trade Commission. In Britain - where Facebook attracted more than eight million unique users in October - government data protection authorities are investigating a user's complaint that it is impossible to completely delete accounts because the system permits only "deactivation," meaning profiles linger on the servers.
"Most people on social network sites are not aware of the audience that their data is available to," said Giles Hogben, who is editor of a report on the phenomenon for the European Network and Information Security Agency, or Enisa, advisers to the European Commission. "They encourage people to feel that they're among an intimate set of friends when in fact there could be millions of people reading what they do."
In October, the agency urged an update of European privacy regulations to take into account the emergence of social networks as huge digital warehouses of private information.
A European Commission panel of national privacy experts, headed by the German data protection commissioner, Peter Schaar, are meeting Tuesday in Brussels to settle on its agenda for the next two years. A review of sophisticated data gathering systems or behavioral targeting developed by Facebook and MySpace is likely, according to Hans Tischler, a spokesman for Schaar. "This is only a recent development and it's a very sophisticated way of advertising," said Tischler, who noted that it was too early to say how and when the group would deal with the issue, "but this topic is too important to ignore."
American privacy groups are actually pressing to influence the European panel because they believe they stand a better chance of shaping more aggressive regulations that ultimately could have a global effect.
"What most people don't realize is that a very powerful mechanism - a kind of stealth infrastructure - has been placed at the heart of the digital media experience," said Jeffrey Chester, founder and executive director of the Center for Digital Democracy in Washington. "It's a system to collect a huge amount of data about each and every one of us, to track us wherever we go and to target us."
The backlash against these emerging systems is manifesting itself in different ways. Thousands of Facebook users have signed a petition criticizing behavioral marketing and consumer groups are pressing for a "do-not-track" list for Internet users who want to end monitoring of their online activities to exploit personal endorsements for products.
But those personal recommendations remain highly seductive to advertisers. A November survey of 4,000 consumers in four European countries - Germany, Italy, Spain and France - underlines the impact. Personal recommendations are worth five times the value of advertising, according to the survey conducted by Weber Shandwick and Paul Marsden, because half of the time people follow through on individual endorsements and make purchases.
(Page 2 of 2)
With computer users becoming unwitting cogs in a virtual advertising machine, organizers of Kaioo decided that the time was right to start an alternative social networking site. On the site's home page, the founders make an emphatic promise: "User data will not be shared with third parties!" And they make another unusual pledge: "All advertising money goes to charity!"
The project, based in Hamburg, is the brainchild of Thomas Kreye, who approached Schmidt-Holtz this year with the idea while he was still a business development executive at the German media company Bertelsmann, a partner in the Sony BMG joint venture.
The project started last month in German and English versions. Schmidt-Holtz said his ambition was global though, and versions in five other languages, including Spanish and French, are in the works.
Schmidt-Holtz said he was talking to potential advertisers and lining up musical acts for interviews, live streaming music or free song downloads. But he underlines that he is recruiting a broad group of artists from different companies so that the project is not considered the preserve of Sony BMG.
"We are independent," Schmidt-Holtz said. "Privacy and protection of data are some of our highest goals."
Those declarations are steps forward, according to privacy advocates, but they say that more could be done.
Hogben, of Enisa, praised Kaioo "because it provides a lot more transparency." Still, his agency is pressing for even more freedom: a system of "portable data" that would allow users to shift data profiles from one social network to another.
In the meantime, about 5,000 users have signed up to Kaioo in its first weeks of life, most of them in Germany. Schmidt-Holtz remains heartened by the response. "The bloggers are normally critical people and they don't like anything," he said. "But we even have people who want to work with us. It's really amazing."
Published: December 2, 2007
PARIS: As rebel cries go, Kaioo rolls off the tongue more like a yodel than a war whoop.
But the nonprofit organization - registered as a tax-exempt charity - is one of the newest members in the growing revolt against social networking sites that rummage through the personal information of members and turn it over to advertisers.
Kaioo, an invented name inspired by the Greek word for "you," is incubating a new sort of social network from a funky outpost of a former parking garage in Germany, which boasts some of the strictest data protection regulations in the world.
The founders pledge that its mission is to create an international haven from networks like Facebook and MySpace, where advertising and the sales pitch are becoming as elemental a social ritual as flirting. And Kaioo says all the profit it might make from limited advertising will be donated to charity.
"Users want to have an independent, democratic system that they feel is theirs," said Rolf Schmidt-Holtz, chief executive of the music giant Sony BMG, who is financing the initial start-up of Kaioo out of his own pocket with €500,000, or $730,000. "The biggest asset that we have is credibility and this platform can only grow if users feel that this is real and totally independent."
Today in Technology & Media
Small merchants gain large presence on Web
AP to reorganize work and accent multimedia
France leads crackdown to end illegal file sharing
The November start of its online network, www.kaioo.com, coincided with an autumn backlash against Facebook. The fast-growing social network last week bowed to a petition drive of thousands of users demanding easy controls to opt out of new behavior targeting systems that track their off-site shopping and enable advertisers to alert friends on their network about the purchases - essentially turning members into pitchmen.
In the United States, the Electronic Privacy Information Center and the Center for Digital Democracy are both preparing complaints about the practice for the Federal Trade Commission. In Britain - where Facebook attracted more than eight million unique users in October - government data protection authorities are investigating a user's complaint that it is impossible to completely delete accounts because the system permits only "deactivation," meaning profiles linger on the servers.
"Most people on social network sites are not aware of the audience that their data is available to," said Giles Hogben, who is editor of a report on the phenomenon for the European Network and Information Security Agency, or Enisa, advisers to the European Commission. "They encourage people to feel that they're among an intimate set of friends when in fact there could be millions of people reading what they do."
In October, the agency urged an update of European privacy regulations to take into account the emergence of social networks as huge digital warehouses of private information.
A European Commission panel of national privacy experts, headed by the German data protection commissioner, Peter Schaar, are meeting Tuesday in Brussels to settle on its agenda for the next two years. A review of sophisticated data gathering systems or behavioral targeting developed by Facebook and MySpace is likely, according to Hans Tischler, a spokesman for Schaar. "This is only a recent development and it's a very sophisticated way of advertising," said Tischler, who noted that it was too early to say how and when the group would deal with the issue, "but this topic is too important to ignore."
American privacy groups are actually pressing to influence the European panel because they believe they stand a better chance of shaping more aggressive regulations that ultimately could have a global effect.
"What most people don't realize is that a very powerful mechanism - a kind of stealth infrastructure - has been placed at the heart of the digital media experience," said Jeffrey Chester, founder and executive director of the Center for Digital Democracy in Washington. "It's a system to collect a huge amount of data about each and every one of us, to track us wherever we go and to target us."
The backlash against these emerging systems is manifesting itself in different ways. Thousands of Facebook users have signed a petition criticizing behavioral marketing and consumer groups are pressing for a "do-not-track" list for Internet users who want to end monitoring of their online activities to exploit personal endorsements for products.
But those personal recommendations remain highly seductive to advertisers. A November survey of 4,000 consumers in four European countries - Germany, Italy, Spain and France - underlines the impact. Personal recommendations are worth five times the value of advertising, according to the survey conducted by Weber Shandwick and Paul Marsden, because half of the time people follow through on individual endorsements and make purchases.
(Page 2 of 2)
With computer users becoming unwitting cogs in a virtual advertising machine, organizers of Kaioo decided that the time was right to start an alternative social networking site. On the site's home page, the founders make an emphatic promise: "User data will not be shared with third parties!" And they make another unusual pledge: "All advertising money goes to charity!"
The project, based in Hamburg, is the brainchild of Thomas Kreye, who approached Schmidt-Holtz this year with the idea while he was still a business development executive at the German media company Bertelsmann, a partner in the Sony BMG joint venture.
The project started last month in German and English versions. Schmidt-Holtz said his ambition was global though, and versions in five other languages, including Spanish and French, are in the works.
Schmidt-Holtz said he was talking to potential advertisers and lining up musical acts for interviews, live streaming music or free song downloads. But he underlines that he is recruiting a broad group of artists from different companies so that the project is not considered the preserve of Sony BMG.
"We are independent," Schmidt-Holtz said. "Privacy and protection of data are some of our highest goals."
Those declarations are steps forward, according to privacy advocates, but they say that more could be done.
Hogben, of Enisa, praised Kaioo "because it provides a lot more transparency." Still, his agency is pressing for even more freedom: a system of "portable data" that would allow users to shift data profiles from one social network to another.
In the meantime, about 5,000 users have signed up to Kaioo in its first weeks of life, most of them in Germany. Schmidt-Holtz remains heartened by the response. "The bloggers are normally critical people and they don't like anything," he said. "But we even have people who want to work with us. It's really amazing."
Inscription à :
Articles (Atom)
