Abstract:Online advertising relies on a complex and opaque supply chain that involves multiple stakeholders, including advertisers, publishers, and ad-networks, each with distinct and sometimes conflicting incentives. Recent research has demonstrated the existence of ad-tech supply chain vulnerabilities such as dark pooling, where low-quality publishers bundle their ad inventory with higher-quality ones to mislead advertisers. We investigate the effectiveness of vulnerability notification campaigns aimed at mitigating dark pooling. Prior research on vulnerability notifications has primarily focused on single-stakeholder scenarios, and it is unclear whether vulnerability notifications can be effective in the multi-stakeholder ad-tech supply chain. We implement an automated vulnerability notification pipeline to systematically evaluate the responsiveness of various stakeholders, including publishers, ad-networks, and advertisers to vulnerability notifications by academics and activists. Our nine-month long multi-stakeholder notification study shows that notifications are an effective method for reducing dark pooling vulnerabilities in the online advertising ecosystem, especially when targeted towards ad-networks. Further, the sender reputation does not impact responses to notifications from activists and academics in a statistically different way. In addition to being the first notification study targeting the online advertising ecosystem, we are also the first to study multi-stakeholder context in vulnerability notifications.

What problem does this paper attempt to address?

### What problems does this paper attempt to solve? This paper aims to solve the "dark pooling" vulnerability problem in the online advertising supply chain. Specifically, the main research objectives include: 1. **Evaluate the effectiveness of vulnerability notification activities**: - Researchers systematically evaluated the responses of different stakeholders (such as publishers, advertising networks, and advertisers) to vulnerability notifications issued by the academic community and activists by implementing an automated vulnerability notification pipeline. - Previous studies mainly focused on single - stakeholder scenarios, while this study is the first to explore the effectiveness of vulnerability notifications in a multi - stakeholder environment. 2. **Reduce the impact of dark pool vulnerabilities**: - Dark pool vulnerabilities enable low - quality publishers to mix their advertising inventories with high - quality publishers, thus misleading advertisers to purchase low - quality, brand - unsafe advertising inventories. - Research shows that notifications to advertising networks are the most effective in reducing dark pool vulnerabilities. 81.6% of the notified entities repaired dark pools in their networks, and 76.9% also repaired them in partner advertising networks. 3. **Explore new mitigation strategies**: - Current measures to prevent low - quality advertising inventories from being mixed in (such as ads.txt, sellers.json and other standards) have failed to effectively solve the problem because entities do not comply with these standards. - Therefore, the study proposes an alternative: mitigating advertising inventory fraud through vulnerability notification activities. 4. **Understand the response patterns of multiple stakeholders**: - The study analyzed the differences in the attitudes and responses of different stakeholders to notifications, revealing three main response themes: efforts to solve, showing concern or awareness, and lack of trust or insufficient resources. - The study also found that the source of the notification (academia or activists) has a significant impact on publishers, and in some cases, notifications from activists are more effective. ### Summary By designing and evaluating multi - stakeholder vulnerability notification activities, this paper aims to provide an effective mitigation method for dark pool vulnerabilities in the online advertising ecosystem. The research shows that notification activities, especially those targeting advertising networks, can significantly reduce the impact of dark pool vulnerabilities and provide valuable references for future similar studies.

Turning the Tide on Dark Pools? Towards Multi-Stakeholder Vulnerability Notifications in the Ad-Tech Supply Chain

A Privacy-Aware Framework for Online Advertisement Targeting

The Inventory is Dark and Full of Misinformation: Understanding the Abuse of Ad Inventory Pooling in the Ad-Tech Supply Chain

The Devil is in the Details: Analyzing the Lucrative Ad Fraud Patterns of the Online Ad Ecosystem

Effective Notification Campaigns on the Web: A Matter of Trust, Framing, and Support

Taking Over the Stock Market: Adversarial Perturbations Against Algorithmic Traders

Quantifying the Vulnerabilities of the Online Public Square to Adversarial Manipulation Tactics

Online Advertising Security: Issues, Taxonomy, and Future Directions

Measuring Abuse in Web Push Advertising

Establishing Trust in Online Advertising with Signed Transactions

Why Am I Seeing This Ad? The Effect of Ad Transparency on Ad Effectiveness

THEMIS: A Decentralized Privacy-Preserving Ad Platform with Reporting Integrity

Sociotechnical Audits: Broadening the Algorithm Auditing Lens to Investigate Targeted Advertising

How to enable automated trading engines to cope with news-related liquidity shocks? Extracting signals from unstructured data

Optimizing Trade-offs Among Stakeholders in Real-Time Bidding by Incorporating Multimedia Metrics

Crowdsensing Data Trading for Unknown Market: Privacy, Stability, and Conflicts

Dynamic Knapsack Optimization Towards Efficient Multi-Channel Sequential Advertising

Exploitation and exploration in a performance based contextual advertising system

Uncovering the Role of Support Infrastructure in Clickbait PDF Campaigns

Facebook's Advertising Platform: New Attack Vectors and the Need for Interventions

Bridging the Transparency Gap: Exploring Multi-Stakeholder Preferences for Targeted Advertisement Explanations