December 12, 2012, 11:06 PM — Some advertising analytics companies are using a vulnerability in Microsoft's Internet Explorer browser for a questionable edge in figuring out if web users are actually seeing display advertisements buried within web pages.
The flaw, if fixed by Microsoft, could take away a metric called "viewability," which is helping companies decide where to spend their sought-after advertising budgets on display ads with only the most productive of publishers.
Spider.io, a U.K.-based security company, published details of the vulnerability on Wednesday. But the flaw has been used for some time by at least two major advertising analytics companies in the course of business, said Spider.io CEO Douglas de Jager.
Display advertising is hoped to be a rich source of revenue for publishers. But not many people actually click on display ads, which makes it harder to measure whether the ads are having an impact on customers. Display ads are usually sold for a fee per one thousand impressions, known as CPM.
Advertisers want to know if their ad has fallen within the "viewport," or the viewing area of a browser where a person sees content, which is smaller than the real size of a web page.
Browsers such as Chrome and Safari are capable of delivering information on the position of an ad relative to the screen. With that information, advertisers could figure out if the ad is actually within the user's viewport. But that capability is turned off in those browsers for a variety of security-related reasons.
IE also does not reveal screen information. But IE's flaw reveals the position of the cursor relative to the advertisement and the position of the cursor relative to the screen. Whether the ad is visible in the viewport can be calculated by triangulating, according to a video from Spider.io.
Spider.io's de Jager said this "viewability" metric is being used by at least two major advertising analytics companies to blacklist publishers whose display ads are not seen.