Part three of this series will deal specifically with an important issue that had come up in part one: Some users, albeit a tiny percentage of overall users, were encountering a malware warning on pages where SocialCash ads are being served.

This is, of course, a BFD. As I mentioned in section one, while I was not going to assume that SocialCash was knowingly running any kind of malware, the mere appearance of impropriety can do irreparable damage to the reputation of both an application and the developers associated with it.

The back and forth on this is a little lengthy, but I thought it might be valuable for you to to see how this played out. The short version – after running some tests, they feel that the malware alerts are false alarms triggered by overly aggressive heuristic detection algorithms. They then went on to suggest that I might want to find a new ad network.

*blink*

So here’s the long version, starting from the very beginning…

Email from app user: Feb 1, 2009 11:05AM

I like the app or at least a lot of my friends do.

However, in the last two days my anti-virus has been flagging up a malicious link on your start page. It appears to be a script that, if allowed to run, will capture key strokes and other info. I re-checked using Norton anti-virus (I use Avira anti-virus normally) and it also flagged the same script.

Avira warns me that ” functionalities include – but are not limited to – downloading trojans, link to other infected pages, spy the user or spoof the content of a banking site. ”

Would you please check the page and remove this?

I immediately replied back to the user, asking if they could possibly provide any more information on what antivirus they’re running, whether it was the top ad or the bottom ad that triggered it (since I use SocialCash on top, SocialMedia on the bottom, and I needed to know whose ass to chew off), etc. They quickly replied:

Reply from app user: Feb 1, 2009 – 12:59PM

It happened in two different apps on FB who have the same ad server as you have at the top of your page – socialcash I think?

Okay, so it looked like SocialCash was potentially the issue. I sent an email to SocialCash at 2:03PM that same day, just moments after receiving the application user’s reply:

Email from me to SocialCash:  Feb 1, 2009 – 2:03PM

I received this notification from one of our users today. After discussing this with him further, he says it was happening on two other apps that were being served by SocialCash. When I removed the SocialCash ad code and stuck only with SocialMedia, the alert went away.

This is absolutely unacceptable. I don’t know whether this was a legitimate threat or not, but even if it was erroneously triggering this warning, this type of thing could do serious damage to the reputation of this application and any other applications associated with my name.

I would like an explanation of what happened here.

Maybe I came off a little too strong – I don’t think so. Malware alerts are, as I mentioned, a BFD, and to find out about this from a user sucks.

SocialCash replied, over 24 hours later – an admittedly longer response time than I would have hoped for in a situation where users think my application has a virus.

Email from SocialCash to me: Feb 2, 2009 – 4:53PM

We would never serve intentionally serve anything infectious or damaging, so this is definitely news to us.  What ad was it?  I see the users information below, so we will sync up with our tech side to see what we can find out.  I’m sorry that this has happened.  The more information you’re able to pass on, the quicker we can identify the issue.

I replied back that I was asking for more information from the users:

Email from me to SocialCash: Feb 2, 2009 – 4:57PM

I wish I knew which ad it was – I’d have sent a screenshot and explanation. Problem is, I naturally had to yank the SocialCash ads, lest my app get a reputation for distributing malware – so unless the reporting party happens to remember what the ads is, the only way for me to reproduce it is to turn those ads back on, which I don’t want to do until the situation is resolved.  I replied to him the day he emailed me [yesterday], asking if he could describe the ad, etc – but he hasn’t replied yet.

Days passed with no reply from SocialCash. I was hoping the issue was perhaps transient, so I decided to enable SocialCash ads again. Shortly afterwards, I received anotger malware complaint, this time from a totally different user. I sent another email to SocialCash, since I hadn’t heard from them.

Email from me to SocialCash: Feb 5, 2009 – 4:01PM

Any progress on this? I received another complaint today. We are going to lose users if this situation doesn’t get resolved quickly.

“everytime i click on to this add on my antivirus avira throws up a malware issue at least twice per page why is this are you infected???”

At this point, I reached out to some Windows users on Twitter. I created one page with only a SocialCash ad, and one page with only a SocialMedia ad, that way I could be 100% positive that SocialCash was the issue. I had 5 friends using Windows refresh each page upwards of 60 times, and their antivirus never triggered an alert. While I was relieved to know that most windows users were apparently not seeing this alert, it naturally made troubleshooting much harder.

Luckily, both of the reporting users had gotten back to me at this point, and both reported that the alert only popped up on the SocialCash page. SocialMedia was off the hook for sure. After doing a little more digging, I sent SocialCash an update with what I had found:

Email from me to SocialCash: Feb 5, 2009 – 5:33PM

It looks like both people who reported a problem were running Mozilla/5.0 (Windows; Windows NT 6.0;rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 – one with US-english as default language and one with en-GB as default language. Both reporting the problem with Avira, and one confirmed the same alert with Norton.

The next day, one of the Facebook application users was kind enough to email me back with more specifics and a screenshot of the alert they’re receiving. I forwarded this on to SocialCash:

Email from me to SocialCash: Feb 6, 2009 – 1:38PM

Here is more information – the best so far. Steven says its occurring on every page load of the SocialCash test page, and sometimes pops up several alerts on a single page load. See the attached screenshot of the virus alert.

Perhaps you should get in touch with Avira?

SocialCash replied later that day with their conclusion:

Email from SocialCash to me: Feb 6, 4:38PM

We’ve done some testing, and have confirmed that there is no malware inside of our advertisements.  Please know that no other users or publishers have reported positive hits with antivirus software.

The alert is caused by Javascript compression being flagged as potentially malicious by heuristic detection algorithms.  It’s a false positive that happens only when users enable heuristic detection in their anti-virus software.  There are many frequently used script libraries available on the web that cause a similar false alerts to be thrown.  We believe that the benefit of a much smaller download, and hence faster ad rendering and better performance, outweighs the smaller number of tech-savvy users who will surf the web with these controls enabled.  Since we’ve confirmed that our advertisements do not contain malware, and because that this is the first report we’ve received (amongst billions of impressions), we feel that this is the right approach to take to provide maximum value to the largest population of our users.

Given that you have sophisticated users who are raising these concerns to you, the last thing we want is for your use of SocialCash to impact your user base.  We don’t think there is a way to remove this behaviour from the subset of your users who see these errors.  This all being said, it may make sense for you to discontinue the use of our advertisements if you think this will have a negative impact on your overall user population.  We obviously take this type of feedback very seriously, and wanted to thank you for bringing this issue to our attention.

Please let us know if you would like any further information, and let us know your if you intend to continue to use our product.

This is the first report they have received, among billions of impressions? It seems statistically impossible that my application has received two reports of this problem, with only 100k monthly active users. Out of their billions of impresions, my puny 100k monthly active users make up only a tiny fraction of those impressions, so what are the the odds that not one but two of my users brought up a problem that no one else brought up.

The application is not one that appeals to particularly sophisticated people. It’s an absurdly simple application that lets people blow kises to each other – not exactly rocket surgery. The two users who reported it were clearly more savvy than an average user, which is probably why they actually contacted me about it, rather than freaking out and closing their browser window, convinced my application would steal their identity, email their grandmother all of their porn, make their ipod play only Jethro Tull and make their TV record “Gigli”. (Thanks, Weird Al!)

Conclusion

I’m glad SocialCash claims to take these reports very seriously, but deciding their advertisment loading time is more important than the reputation of my application is not acceptable to me. “We take this sort of thing very seriously, and we appreciate you reporting it to us so we could completely ignore it and keep doing what we’re doing.”

It would be different if something in their ad code was causing a weird display issue for users of certain browsers and operating systems. But this isn’t some flaky display quirk. This isn’t something harmless that no one will notice. People visiting my application think I am trying to do them harm. Even if the percentage of people experiencing this issue is very small, that message is not one I am willing to live with.

Maybe I’m being too hard on SocialCash – but I take my reputation seriously. It’s a shame they don’t. The impression I get from my email exchange is that I am a pain in the ass client to them, and not worth the hassle to them for the paltry 100k mau I bring to the table. At this point, they don’t seem to want my business, and I care more about my reputation than the $15 a day I make them from. So I’ll be exploring one of the alternate ad networks, replacing SocialCash with whichever seems to be the best. Stay tuned!

Possibly related posts:

1. Advertising on Facebook – Part One I have a Facebook application that seems to be doing...
2. Advertising on Facebook – Part Two In part one of this series, we talked about your...
3. New Facebook Phishing Attempts Looks like a new round of phishing attacks are well...

In part one of this series, we talked about your options – and possible concessions you may have to make if you opt to advertise on Facebook applications. Part two will discuss the returns I have seen so far based on my own applications, and the ad network’s payout schedule.

If you wandered in from Google and haven’t yet read the first article in the series, I strongly recommend it. There are some significant concerns discussed there that you may want to be aware of before implementing ads on your Facebook application.

A note on ad-blockers

For some reason, perhaps the url of the ad network sites themselves, the admin/reporting areas of SocialMedia (and Cubics, although I didn’t implement their ads) appear broken if you’re using AdBlock Pro for Firefox. The header images, and even some of your reporting tools, are being interpreted as advertisements, so they won’t display properly. The easiest way to deal with this is just to disable AdBlock Pro for the network domains giving you trouble.

Disable AdBlock Pro per site

A Note on AdBlockers & Your Reporting Console

Of SocialCash and SocialMedia, SocialCash definitely has a better reporting console – at least for my purposes here, since they let you see a daily performance breakdown  at a glance, where SocialMedia only gives you a graph view overview, and you have to select specific dates from a single dropdown menu.

Again, if you’re using AdBlock Pro, the flash performance graph may not appear for you until you allow ads on the SocialMedia domain.

Day-by-day reporting may not be important to you, and I suspect it will be less important to me as time goes on and I have more overall data.

The Revenue Model

Neither SocialCash nor SocialMedia do a stellar job of explaining exactly what your ad revenue is based (per impressions, per click, etc.), however I sent an email to SocialCash, asking about the rather dramatic fluctuation in revenue from day to say. They replied back:

Many of our advertisers take several days to report sales. This means that for the first few we days, we don’t know how much your app is earning. The flip side to this lag is that if you stop running ads with us, you will continue to earn money as sales are reported to us.

Reliable data is only reached looking across a minimum number of impressions rather than days. This is typically over 150,000 impressions, but also depends largely on the placement of the ad, how the ads fit in the flow of your application, and your audience’s general engagement patterns. The same ad can yield widely varying click through rates and conversions based on these factors. We’re currently putting together some knowledge documents for developers on this front, so let us know if you’d like any guidance on these areas.

This simply means that it will take a couple of days to see a reliable eCPM reading. You’ll find this to be the case with all other performance networks as well. (This is not true with “brand” networks that pay a fixed amount for every impression.)

This leads me to believe that the revenue model is not based on impressions or even click-throughs, but instead based on user buy-in. The user adds the advertised application, subscribes to the advertiser’s service, etc – and you earn money. It’s been my experience that although you end up with fewer revenue points (since you’re requiring the user to buy-in, not just click), however the payoff is higher than a simple click-through based model.

Basically, since they’ve actually made a sale, they’ll pay higher per buy-in than they would for a simple click-through, which gives them no guarantee of actual revenue for their money spent.

I cannot find the model on the SocialMedia website, however I will confirm how their ad revenue is determined over the next few days and update this section. I suspect it is a similar model to SocialCash, based on the fluctuations in earnings.

Payouts

Both SocialCash and SocialMedia offer PayPal and a mailed check as a way to pay you your earnings.

According to an email reply from SocialCash, payouts happen mid-month and end-of-month, give or take a day or two. Payments are allegedly made automatically, once you have earned over $50. I say allegedly only because I haven’t been with them long enough to say for sure – guess I’ll find out this week.)

For SocialMedia, developers have the option of being paid on a weekly basis though PayPal or by check. This process can be automated. All payment requests must be made by 10pm Wednesday night to be paid out that coming Friday. All requests made after Weds 10pm will be paid out Friday of the next week. The minimum PayPal payout amount is $25.

My Results So Far

I set up ads on my Facebook application on January 5, and as of end of day February 1 – just over three weeks – I have made $404.97 – 206.26 from SocialCash, and $198.71 from SocialMedia. While these numbers seem close, there are two details that should be noted: I started with SocialMedia a few days after I started with SocialCash – and the SocialCash ad has the top banner position, while the SocialMedia ad is a footer banner.

Three weeks isn’t long enough to make any decisions written in stone, however the fact that SocialMedia is basically keeping pace with SocialCash, given the fact it had a later start and has an arguably much less prominent position on the page. Given the fact that their ads seem (slightly) less deceptive – and I haven’t had anyone reporting them for virus alerts on the application as I have with SocialCash (see previous article), I am strongly favoring SocialMedia over SocialCash at the moment.

At the beginning of January, when I first added advertisements, I had approximately 54k monthly active users. As of February 1, I have 103k monthly active users. I was expecting a sharp drop in engagement once advertisements were implemented, figuring a lot of people would opt to use a similar application that didn’t have advertisements – however that is clearly not the case.

Here are my Facebook Insights report for the application from the beginning of the application launch:

Monthly Stats Graph for Facebook Application from Dec

Notice there is no significant drop in user engagement during the week of January 6, just after advertisements were added.

And here are the stats starting when the advertisements were added:

Facebook Stats starting from January 7

One would think that the ad revenue graphs would be at least somewhat similar to the engagement graph, however I have found that this isn’t the case at all.

Here are my stats from SocialCash, by week:

SocialCash stats by week

At the week level, you can’t see exactly how volatile the ups and downs are, so here are the past two weeks:

SocialCash by week

SocialCash by week

Because the reporting options for SocialMedia are not as robust, I can’t provide the same overviews as easily, but this is my performance over time for SocialMedia.

SocialMedia stats since inception

Conclusion

This experiment continues – three weeks is definitely not long enough to speak definitively about advertisements on Facebook, which ad network is the right fit, and which one will give you the most bang for your application buck. So far, I’m leaning towards SocialMedia, for the reasons detailed in the first article and this one – and the fact that they seem to be able to hold their own with regard to revenue is a big plus.

I’ll keep you posted on future progress and statistics – and SocialCash got back to me regarding the virus alert some users were reporting – check out part three in the series to learn more about it, and why I won’t be using SocialCash anymore.

Possibly related posts:

1. Advertising on Facebook – Part One I have a Facebook application that seems to be doing...
2. Advertising on Facebook – Part Three Part three of this series will deal specifically with an...
3. Advertising on Facebook Applications – An Experiment This article has been deprecated, and has been replaced by...

I have a Facebook application that seems to be doing rather well – over 100k monthly active users after just two months, and gaining by about 1.5k every day. I’ve been toying with trying to monetize that in some way, and the most obvious way (that requires the least amount of effort) is to add banner advertisements.

This article series replaces my previous article, Advertising on Facebook – An Experiment, published in January. The information provided in the previous article will be provided in this series, but in a more organized, informative manner. That article is deprecated.

Social Media Advertising Networks

There are a handful of advertising networks that seem to be the top options available:

• SocialCash
• SocialMedia
• RockYou
• Cubics
• Offerpal (points-based offers)
• AdParlor

As of now, I have only experimented with SocialCash and SocialMedia, although I may expand the experiment to include others soon. SocialCash and SocialMedia seem to be the most popular choices of the above four, and SocialMedia has just raised an additional $6million in venture capital after coming out strong in 2008.

According to an article in Venture Beat, Social Media says it brought in between $15 and $20 million in revenue last year, mainly due to successful sales in the last six months.

A note about the ads

The types of ads offered by both SocialCash and SocialMedia tend to be what I consider a little deceptive. By that I mean many of them are engineered specifically to look like part of the application, and often use the application user’s name, photo and friend’s photos in the ad itself. SocialCash seems to be more guilty of this than SocialMedia, but both rely on similar tactics.

Ad by SocialCash

Some of the images in the above ad are profile photos from my friends Facebook profiles. This ad links to a mysterious Facebook app called Jamster Mobile Screensaver. I have no idea if this application is legit, and am not willing to sign-up and give it my mobile number to find out, but it feels fishy to me. Sort of reminds me of those “text L-O-S-E-R to shortcode 666666 for texts from hot girls” type of thing you see on TV at oh-my-god-o’clock in the morning.

Another sample ad by SocialCash

And in this ad, also by SocialCash, the ad pulls in my profile photo and my name. The advertiser site you get to when you click on seems to be some sort of Scrabble-type game, which requires the user to download an Active-X component to play. While I have no justified reason to believe this is suspect, an ad linking to a site that requires a download rubs me the wrong way, big time.

Another ad-type I have seen from SocialCash is a similar-style ad that leads you to a “quiz” website. At the end of the “quiz”, the website asks for your mobile phone number (without really explaining why), and in small text at the bottom, informs the user that they will be billed $19.95 per month for this service – when they are not even particularly clear on what the service actually is.

Still another ad style I have seen from them is one that leads you to a website that when you try to leave, a javascript alertbox pops up informing the user that they are going to miss out if they close the window, and sometimes even spawns a new popup window after the user has confirmed they want the window to close. I have a real problem with these kinds of ads. They feel a lot like the malware sites that try to convince (windows) users that their computer is infected, and they have to download this software to clean it. The software is, of course, malware and will subject the installer to a variety of ills from keylogging to unpromoted ads.

I am absolutely not implying that the advertisers with SocialCash are promoting malware - just making the comparison in how that type of ad feels to me, someone who’s been around the Internet block for 15 years. That said, I received a troubling message from one of my application users today, which I will address later in this article.

In the SocialMedia ad below, you can see they’re not pulling in as many user details, but a less savvy application user might not recognize this as an ad, and may actually think that this “Valentines Cards” thing is somehow related to the application itself. On the possible upside, the destination website, MyFunCards.Com, does not seem to be a paid service and seems harmless enough, although I certainly cannot speak to their SPAM policies or what they do with people’s email addresses when you send or receive a card from them.

Ad by SocialMedia

The Conundrum

My own personal feelings are that these types of ads are not entirely ethical. The problem is, they work – and their somewhat sneaky tactics are exactly why they work. Facebook users suffer from banner-blindness as much as any other web user, so your standard, run-of-the-mill banner ads just won’t get as high of a click-through rate. So before you begin, you need to ask yourself whether or not you can deal with your name being associated with advertisements that may not reflect your own ethics.

Ads that trick a user into clicking on them by making it seem like its part of the application functionality (“you have 1 new message!”) are deceptive. Offers that throw a javascript window alertbox when a user tries to close the advertisement page, asking if they are really sure they want to leave and miss out on xyz implements the same tactics that malware sites use. It just doesn’t feel right to me.

What SocialCash Had to Say

When I first signed up in January, I emailed SocialCash, expressing some concern over the types of ads being run. They replied with the following via email (in two separate emails, condensed for clarity):

Types of ads/offers.  One quick point on terminology:  “Ads” are the banners themselves; “offers” are what the user sees after clicking on an ad.  Your question seems to be on the offers.  We’ve been in the online marketing business since 2000 (on Facebook since early 2007) and advertisers range from large brands vying for app installs to tourism companies advertising discounted trips to Paris.   We display ads over 100+ countries.  In this range of advertisers is also mobile content, which provides users scheduled content on their mobile phone for a monthly fee.   This is a service many users enjoy worldwide[...]

[...]We’re in the process of upgrading our ads and you’ll see a change-over in the near term.  And like we said before, we have a wide mix of both ads and offers.  To fully understand the available options with advertising, we’d encourage you to do what most developers do and try multiple ad networks at once.  This is really the best way to learn the ins and outs of optimizing and monetization.  That experience also enables a great deal of choice for you on the whos, whats, wheres, etc. of advertisements within your applications.   There are tons of great resources out there!

An Additional Concern

As I mentioned earlier in the article, I received a troubling message from one of my application users today. I have emailed SocialCash about this, and expect to hear back from them tomorrow, but this situation was drastic enough for me to pull their ads from my application today. This is the message I received:

I like the app or at least a lot of my friends do.

However, in the last two days my anti-virus has been flagging up a malicious link on your start page. It appears to be a script that, if allowed to run, will capture key strokes and other info. I re-checked using Norton anti-virus (I use Avira anti-virus normally) and it also flagged the same script.

Avira warns me that ” functionalities include – but are not limited to – downloading trojans, link to other infected pages, spy the user or spoof the content of a banking site.

I replied back to this user immediately (for obvious reasons), and they replied again:

It happened in two different apps on FB who have the same ad server as you have at the top of your page – socialcash I think?

This, my friends, is a deal-breaker. If they do not have an adequate explanation for what happened, I will no longer be using SocialCash. Even if the advertiser/advertisement is not actually malware and was erroneously labeled as such, it is their responsibility to make sure something like this NEVER happens. With all the actual virus activity on Facebook, sometimes like this can ruin the reputation of an application – and once you lose the user’s trust, you WILL NOT GET IT BACK.

UPDATE: For more information on this issue, click here to read Part Three.

In the next article in the series, I show you my performance stats. Click here to go to Part Two!

Possibly related posts:

1. Advertising on Facebook – Part Three Part three of this series will deal specifically with an...
2. Advertising on Facebook – Part Two In part one of this series, we talked about your...
3. Advertising on Facebook Applications – An Experiment This article has been deprecated, and has been replaced by...

This article has been deprecated, and has been replaced by the new series Advertising on Facebook.The new series goes into more detail about social network ad companies, pros and cons, and updated results based on my own Facebook application.

Please update your bookmarks and linkbacks.

Click here to go to part one of the series now.

Possibly related posts:

1. Advertising on Facebook – Part One I have a Facebook application that seems to be doing...
2. Advertising on Facebook – Part Two In part one of this series, we talked about your...
3. Advertising on Facebook – Part Three Part three of this series will deal specifically with an...