The Virality of Stupid

20120802-103830.jpg I have been asked more than once about my thoughts on the “Facebook bot clicks” issue recently. I am amazed and saddened by how broadly this has been covered without most doing so asking some (to me) pretty obvious questions and ultimately dismissing this as the crap it obviously is. What made me want to write this post was NOT the allegation itself, and I think the guy(s) who made it originally probably wanted a bit of PR out of it but didn’t really expect all the attention it got them (from their blog saying as much) but much more it is the unthinking, low-data, zero-information content coverage / regurgitation thereof.

I remember the days back in the early 2000’s when I was interviewed as an expert for a story (as a market research analyst covering internet commerce) by a major publication like the New York times, I would get a call from a “fact checker” to verify the things I’d said. Today, with limited newsroom budgets and publishers like Forbes or the NY Times taking their lead from the Huffington Post model of getting a larger number of people to “blog” the news and publish a lot more and trust that the public can figure out that they are not able to devote as much diligence to each story, because we all clearly know the difference between a “blog” on publisher X versus the “official news” on X, right?  Verifying the facts and/or of actually reporting the reasons behind what is going on seems to be becoming a luxury. More content is better – let the reader figure it out. Maybe if they spend an extra 30 seconds on my page they’ll click on my slideshow and generate another 9 pageviews!

First, I’ll start with the text of the “complaint” on a now-deleted Facebook page (yes, of course it’s totally normal that someone would delete their Facebook page after complaining about it so that people would have to pull it up out of the Google cache):

Hey everyone, we’re going to be deleting our Facebook page in the next couple of weeks, but we wanted to explain why before we do. A couple months ago, when we were preparing to launch the new Limited Run, we started to experiment with Facebook ads. Unfortunately, while testing their ad system, we noticed some very strange things. Facebook was charging us for clicks, yet we could only verify about 20% of them actually showing up on our site. At first, we thought it was our analytics service. We tried signing up for a handful of other big name companies, and still, we couldn’t verify more than 15-20% of clicks. So we did what any good developers would do. We built our own analytic software. Here’s what we found: on about 80% of the clicks Facebook was charging us for, JavaScript wasn’t on. And if the person clicking the ad doesn’t have JavaScript, it’s very difficult for an analytics service to verify the click. What’s important here is that in all of our years of experience, only about 1-2% of people coming to us have JavaScript disabled, not 80% like these clicks coming from Facebook. So we did what any good developers would do. We built a page logger. Any time a page was loaded, we’d keep track of it. You know what we found? The 80% of clicks we were paying for were from bots. That’s correct. Bots were loading pages and driving up our advertising costs. So we tried contacting Facebook about this. Unfortunately, they wouldn’t reply. Do we know who the bots belong too? No. Are we accusing Facebook of using bots to drive up advertising revenue. No. Is it strange? Yes. But let’s move on, because who the bots belong to isn’t provable.

While we were testing Facebook ads, we were also trying to get Facebook to let us change our name, because we’re not Limited Pressing anymore. We contacted them on many occasions about this. Finally, we got a call from someone at Facebook. They said they would allow us to change our name. NICE! But only if we agreed to spend $2000 or more in advertising a month. That’s correct. Facebook was holding our name hostage. So we did what any good hardcore kids would do. We cursed that piece of shit out! Damn we were so pissed. We still are. This is why we need to delete this page and move away from Facebook. They’re scumbags and we just don’t have the patience for scumbags.

Thanks to everyone who has supported this page and liked our posts. We really appreciate it. If you’d like to follow us on Twitter, where we don’t get shaken down, you can do so here [link to their twitter page]

Let’s look at this on its face.

The coverage – first the bad:

NY Times Bits Blog: This is the kind of hyperbole that is supremely unhelpful, that this was “an explosive claim that could give pause to brands trying to figure out if advertising works on Facebook” – well duh, if you write this kind of stuff and brands read it with an incautious perspective, perhaps they will see that Mr. Mango’s “modest advertising budget” holds important lessons for them. However modest.

Los Angeles Times: Screenshot with 450 likes. Otherwise not much here except calling it “advertsing” [sic].,0,1602559.story

Fast Company: Unquestioning regurgitation. Helpfully adds the point that Facebook page URLs are locked in after 200 likes. (see below on “Extortion”)

CNET Basically regurgitates these claims, helpfully adding the word “ouch”.

CNET then followed up a few days later with this piece that added some pearls of wisdom from random web commenters about bot clicks from other countries, for advertisers trying to get a few hundred or thousand extra fans for their personal fan pages. Guys – Google Adsense pays publishers based on clicks on ads on their websites. Facebook doesn’t have an ad network – they don’t have publishers to worry about and they don’t have bots clicking on their ads to make money. And yes, I can show you how to get likes for 3c each in Indonesia. This is not surprising, nor is it news. Should we care about bots clicking on ads? Sure? But we need real data, not undisclosed, unverified crap like this.

More balanced and/or skeptical coverage:


Wired News:

When you are looking for bad news because it is the cool thing to do, everything that fits into that worldview seems valid or worth pursuing. Facebook is a great example of this – had the IPO gone well (and there’s a lot to suggest it went poorly initially for technical reasons and then people piled on) we might be in a different universe where everyone would be looking for the positive angle because we all hate to be wrong, don’t we? But when the market is telling us that Facebook is not all it’s cracked up to be, we should find things to confirm that worldview.

How much data did this represent? Not much apparently. The name “Limited Run” is quite apt, actually. They had just 450 fans at the time the screenshot that shows up in the LA Times piece was taken. They received several thousand likes on their “complaint” story subsequently and many more likes, but their ads certainly did not lead to lot of likes. Unfortunately this is the only clue as to how much they spent (not much); that and the fact that they were outraged at the suggestion they would spend $2,000 in order to have their page changed (see below) means we now have a probable upper bound for the amount of spending they did to get these “results”. Now, estimating about 50c CPC which is not a bad estimate for Facebook clicks that would mean at the very most 4,000 clicks. But it’s likely far far less than that.

Bots – “Not Provable”?! There are plenty of resources online to help figure out where spam is coming from, what bots ignore robots.txt files and other mischief like this. Any “good developer” as these guys claim to be would obviously know that, and not only that, they would make the source data available for others to investigate. Anyone making any claims as serious as this should be sharing their data like IP Addresses, traceroutes, referring URLs etc publicly. Some of these IP addresses will be coming from Facebook automatic clicks actually – Facebook checks that the ads someone is showing is not malware by clicking on each of them once via an automated process from specific IP ranges. Advertisers are not charged for that and Ad API partners like my company’s (Optimal) show these and filter them out anyway in our real-time click reports so users can see when FB is testing their ads before the actual ads start. These guys give us no information on where these “bot clicks” are coming from – what country even. GeoIP lookups are easy and free from sites like; there are bad bot lists at places like etc.

They indicate that they used several commercially-available (free?) analytics services, they built their own analytics, their own page logger – and got the same results. Of course we trust that they know what they’re doing, and that their (undisclosed)(free) analytics services work as well. I’d guess that Google Analytics is one of them, though they don’t actually say in their complaint. The followup promised to TechCrunch doesn’t seem to materialize. I believe GA numbers are pretty reliable, but other than that – who knows? But another aspect of this could be (we don’t know for sure) how many ads they ran, and did they recreate the ads for their subsequent tests? It would seem logical that they would do so if they were being as meticulous as they seem to suggest. If so, they could have seen multiple sets of test Facebook anti-malware clicks and overattribute the incidence of these and also erroneously conclude they were being charged for them.

Extortion? Ever run a business before? How about one where thousands or millions of people use your service and ask you to do things that are outside of your business model, are hard to do and don’t make you any money. Should you do those things? Perhaps, but you should probably have rules about when and how much effort to devote to them. Companies like Google and Facebook simply have to be disciplined about responding to user requests otherwise they’d be drowned in costs answering questions and making changes. Surely this is something a business person should or at least could understand. A company isn’t scum or run by scumbags for doing the logical business thing which is to prioritize amongst the millions of things competing for their staff’s attention. MSNBC recently made a big change to their Facebook fan page – affecting over 500,000 fans. A company with a few hundred fans is less likely (and frankly really shouldn’t) get the same kind of attention. If the page only has a few hundred fans, then how else could their request be prioritized? By ad spend is certainly a good way to do it – and $2,000 is not that much by the way – by the way we now know that these guys spent less than $2,000 on this test that apparently led to a lot of bot clicks. Maybe a sales or customer service person did miscommunicate as was stated, maybe not – the point, though, made clear in the TechCrunch story is that Mr. Mango got pissed off when he was told this and that this was “the last straw” that got him to delete his very-successful Facebook presence and probably so disappoint its 450 fans.

Who are these guy(s)? They describe themselves as a group of “good hardcore kids” and obviously believe they are outstanding coders. While they have no “about us” section, the company name from their Terms is “Cloud Warmer, Inc.” and according to their website whois record the registrant is someone by the name of Thomas Mango who appears to have a personal blog here. He publicly mentions Limited Run and links to their twitter page as well. Most of the journalists figured this out, and saw his phone number or personal email in the whois records and called him. Based on all of this same info though, it’s probably just this one guy. Which wasn’t really mentioned anywhere. Square is a startup that just raised $200 million. One dude in Long Island, may be a startup, but these articles saying “startup alleges 80% of ad clicks are bots” surely should also ask and report more about who this guy is.

Details on the coverage: Wired’s and TechCrunch’s stories were fairly well-balanced since it was more of a response to the initial coverage, and sums up the Facebook viewpoint that “We’re trying to work with Limited Run to investigate these claims,” a spokesperson says, “but we haven’t received any data yet to support these claims.” TechCrunch asked for details and didn’t get any logs or other information either.

This is only going to get worse with short news cycles and limited attention spans. Get out those SEO tools, refine your backlinks and get ready for a lot more of this kind of viral stupidity, or is that stupid virality? I dunno, but maybe some of them can turn more of these stories into slideshows and sell even more banner “advertsing”.