Skip to navigationSkip to content

Is Ads.cert the new Ads.txt?

By Dom Fortin,
CIO
December 21st 2017

Ads.txt has been on a roll since last May and we are already seeing the new rise of its evolved form, Ads.cert. Here is what it is and how differently it works from its predecessor.

What is Ads.cert?

Ads.cert takes one step further than Ads.txt in the battle for more transparency. In its evolved form, this IAB initiative uses cryptography to digitally sign bid requests, making it harder for fraudsters to tamper with the file but also allowing for more transparency on the information passed between the seller and the buyer.

What is the difference with Ads.txt?

With Ads.txt, the process was simple. Publishers would integrate a .txt file to their source code listing all their authorized sellers and resellers, as seen below.

When receiving a request, DSPs could then send crawlers to the publisher’s website to verify that the request came from an authorized source, mainly avoiding domain spoofing.

However, whatever loopholes could be found in the first draft of the initiative have already been exploited, thus the need to take things to the next level.

Ads.cert takes a step further one, by providing information passed between buyers and sellers, such as the type of impression, device, and location on page (among other things) and ensuring more transparency on the supply path also using cryptography to demand a digital signature to any changes made to the request.

So, how does it work?

  1. The sender build a bid request describing the impression being offered to bid on;
  2. The sender then generates a signature based on the bid requests and attaches it to the bid request;
  3. On reception, the receiver will then use the public key to generate a signature for that same bid request;
  4. If the 2 signatures match, this means the message was not modified and that no tampering occurred.

With a digital signature process, the initiative leads to cleaner supply chains, as any reselling of a bid request that was subjected to tamperingest will render the signature invalid.

The initiative is still in its development phase, which means some details remain unclear and will need to be defined over the next few months.

What’s the next step?

We're happy to see that IAB is already getting the ball rolling to continue its battle for more transparency. That being said, with its higher degree of technical complexity, Ads.cert most likely won't be integrated as fast as its predecessor.

For one, this new solution is only compatible with IAB's OpenRTB 3.0, which was announced in September but is still in its development phase. And, once the technology is rolled out, we will have to wait for implementation at scale from DSPs, SSPs, and exchanges before we can see Ads.cert take its full magnitude. Which, just like Ads.txt, could start slowly before taking off.

In any case, Ads.cert promises to add another level of much-needed transparency and contribute to a healthier ecosystem in 2018.

Related articles

Publishers
Ads.txt: where are we at now?
December 8th 2017 — By Luc Marsolais
district m
Ads.txt: Paving the road for a more transparent ecosystem
August 29th 2017 — By Sandrine Tessier
district m
Demystifying first-price and second-price auctions
June 12th 2017 — By Dom Fortin

Access to our platforms

Let's talk about Tech!