Adgregate Markets, a TechCrunch 50 startup, has signed a distribution deal with Google’s DoubleClick. Adgregate’s ShopAds allow consumers to browse, interact, and ultimately purchase directly within an ad unit. Normal display ads take users away from a publisher’s site and brings them to a third-party store but Adgregate lets users buy products featured in ads without moving away from the page. Adgregate, which presented its technology at TechCrunch 50 last fall, received positive reviews from our panelists, who included entrepreneur Marc Andreessen; MySpace CEO Chris DeWolfe; Salesforce founder Marc Benioff, angel investor Yossi Vardi; and former Yahoo executive VP Ash Patel. The panelists unanimously agreed that Adgregate was a great idea that will make money and address a need in the display ad market.
It was only a matter of time before Adgregate’s technology attracted big-name interest. ShopAds, which is a widget, can replace any size banner ad and will now be available to all of DoubleClick’s advertisers. If a user views the ad widget and wants to buy the product it’s advertising, they need only to click the description button under the ad and click “add to cart” to buy it. From there, the user can pay directly in the widget by inputting credit card information in a secure buying process.
Adgregate will share revenue with both DoubleClick and the retailer whose goods are being sold in the ShopAd widget. But the publisher of the ad only gets a share of revenue if the retailer has accepted them as an affiliate publisher. If that is the case, then the publisher will also get a separate commission fee from the advertiser. This isn’t a bad deal for publishers. Advertisers have an incentive to pay a higher commission to publishers so they put their ads in a more prominent spot on their page, but the money is being split an awful lot of ways.
Competitors to Adgregate include Nooked and Lemonade, which both also allow publishers to embed an e-commerce widget on their sites, but lead users to the retailer’s site for purchases. Adrgregate’s technology is useful to publishers because users can purchase an item in the ShopAd widget without having to ever leave their site.
Display ad network DoubleClick was bought by Google in 2007 for a $3.1 billion, outbidding Microsoft and pushing through eventual approval of the deal in both the U.S. and Europe.
Here’s an example of one of Adgregate’s embeddable ShopAd widgets:
what kind of idiot would give out their cc information to a widget embedded on a random site?
There’s no SSL info being passed to your browser to verify that this is secure. I sure wouldn’t give my info.
When/how would adobe enable browser flash players to indicate ssl in an un-spoofable manner?
I see a major data privacy and fraud implications here. Yes I agree, you should NEVER give personal information or credit card details to any site that is not the vendor’s own SSL site. Definitely not on an unknown widget.
Even Tim Berners-Lee was subjected to a phishing scam … http://www.smh....7054650657.html
Yeah, I’d have to agree. I don’t see people adding their CC into a widget. Maybe I’m wrong here but there’s too much damn fraud in this country right now to be handing over CC information.
If people have enough confidence to start stuffing CC card numbers into sidebar widgets, I say it’s about time for the world’s first Ponzi Widget. What do you say Google, can I get some VC love?
same idiots that gives out their password to third party apps
this type of add is perfect for ESPN audio players or any radio station player where you have some box left open.
+1. I never got past that when thinking about these guys. The level of trust would have to be huge with the consumer. Spoofing this service to grab CC numbers is a very easy and compelling for those who employee such alternate business models.
Great idea, but think about where these ads are going to be seen. Right next to googlemoneytree.com and “Free iPhone” spots. That’s a tough stigma to get around.
Yeah, I have to say this comes off as a little too close to phishing. My hope is that people don’t trust it, because if they trust this they will trust the more nefarious siblings.
Also, internet shopping is all about reading reviews, finding best price. Just buying right here and now, is not what I would do.
I would not use that widget. I don’t buy things just because I randomly saw them on a radnom site. When I buy smth I wanna see the merchant, see the options, etc..
small-ticket items, impulse purchases, no?
Widgets man, whod’a thunk?
it appears that these are all flash widgets and are served up over https (see the “grab code” ). Flash is sandboxed, so that means their widgets are secure even if the page that it’s hosted on isn’t. i’m sure the google guys wouldn’t have signed this deal if it wasn’t secure
“i’m sure the google guys wouldn’t have signed this deal if it wasn’t secure”
Oh dear …
Please try a Google search for “Doubleclick” and “Spyware” … Doubleclick has a history of privacy violations
it’s not the matter of security but the matter of trust. buying something for widget with 1 or 2 sentences for its review is kinda stupid to me
Phil is right… The flash widget seems to be coming from https and is secure… As long as they aren’t trying to store Cc data it should be bullet proof.
You have got to be kidding me.
If you want to buy a product online,
1. go into your browser,
2. type the name of the vendor directly onto your browser and
3. buy the product there.
DO NOT GIVE ANY PERSONAL INFORMATION ON A WIDGET … I normally do not say this to people, but to do so is the height of stupidity.
Interesting concept, and I’m sure they’ll be at least moderately successful. While the readership of TechCrunch is very unlikely to give out their CC info in a widget, it’s probably not the target audience for this type of ad. There will be many people who _will_ do so, especially for impulse buy and/or small ticket items. Think less tech-savvy folks like your parents, or the average AOL user.
This is great though. It demonstrates the continuing innovation in the display ad business — better targeting, more relevance, and enhanced interactivity.
The question of cc security will definately be the major factor regarding the success of this concept. I just dont see many people giving out the cc info on a random wifget they happen to come accross, but time will tell.
This is definitely the new age of banner ads, amazing concept and as Phil said i don’t think that doubleclick/google wouldn’t have signed them if they weren’t totally secure to transact and no fraud involved
It’s not clear to me but is this type of display ad limited to only DoubleClick supported sites or can anyone use it regardless of whom they are using for ad serving?
The first set of commenters are right: Adgregate encourages very bad user behavior that will make users vulnerable to phishing attacks. I wrote a blog post about this when Adgregate launched:
http://blog.red...or_the_web.html
I’m honestly a little amazed that Double Click would do a deal with them when they are actively encouraging users to enter CC#s on insecure, tamperable pages.
@Phil D. The communication to get the Flash widget from Adgregate is secure in the sense that it is private, but the HTTP page that hosts the Flash widget is completely tamperable. So, an evil person could change the HTTP page to point to an evil Flash widget that looks just like an Adgregate widget. That evil Flash widget could send the CC# wherever the evil person wants.
There is a validate feature that is in place with the widget, users can confirm the authenticity of the widget.
I feel this is a great idea and will definitely work…
Yeah, but the validate feature is easily spoofable as well. See my reply to Hemen Chhatbar below.
I have used this widget a couple of times and I have never had any issues with my credit card.
There is also a feature on the widget to validate it and confirm if this an authentic widget.
I have tried few different ways to see if the credit card data is passed to their server in plain text but looks like they are encrypting and making it secure.
So, I would recommend that you should test it out before commenting any bull***t
Hemen
I don’t disagree that Adgregate, when it has not been tampered with, is encrypting the information in between the user and the server. However, *when the HTML page hosting the ad has been tampered with*, the tamperer can put in a Flash ad that looks EXACTLY like the Adgregate ad but which steals credit card information instead of buying products.
The validation feature on the ad does link to https://secure.adgregate.com, which is good, but any other Flash ad, made by anyone, could link off to secure.adgregate.com in the same way. This is not a solution.
The point is that Adgregate is telling users to ignore web security and that their product gets a pass on the normal HTTPS rules, and it isn’t true. And if and when someone loses their CC# info on spoofed Adgregate ads, all of us web developers will suffer because users will think we’re all insecure.
only the co can serve a validation message thru https://secure.adgregate.com when someone attempts to validate the ad. if you tried to spoof, you would get a fail message b/c the spoof ad wouldn’t have a unique identifier, which wouldn’t trigger the validation message. duh! unless you are talking about someone trying to hack into a secure server which can be done but c’mon, there are easier ways to make money off fraud.
Wrong: http://shinobi..../adgregate.html (just pretend I actually took the time to make it look like a real widget).
hey, it doesnt work for me, I see your status message.
Are you just trying to get traffic to that page – I see your status message saying they are updating their security mechanism, any smart company will do that periodically.
I hardly believe you even got it working once. Try some other websites for cheap publicity.
Leo C
Sorry, no, the status message is that they changed from a single static string to a single string that changed every 5 minutes. I assumed at first it was more secure than that, so I just moved onto more interesting things.
After coming back and realizing it was that simple, I updated the page to automatically fetch the changing string (with instructions) and to refresh every 5 minutes.
As of right now, they’ve changed their validation code to blacklist dempsky.org as a referrer, but the trick would work on any other domain you care to try. E.g., right now http://70.85.31.../adgregate.html still works.
Matthew,
are you out of job, looks like you spent entire night on trying to validate their widget
by the way your second link does not work either.
let me know if you are looking for a job..
email me at jobsonlyforhackers@matthew.com
Leo, no, I’m happily employed right now, the project just caught my interest yesterday, but thanks for your offer.
Yeah, the second link looks to have stopped working around 4:15 AM (Pacific time). They haven’t fixed the issue, they’ve just blacklisted my IP address from talking to their servers. Try running the curl commands in my 1:30 AM update if you’re still interested in reproducing it.
Regardless, you seem clueless about how secure software works, so I’m not going to bother following up anymore.
aside from security issues, this presents all sorts of shopper experience issues. first of all the space constraints are non-trivial.
next, there are all sorts of data feed issues from the merchant’s side. reviews, in stock, promotions, related items, etc.
if you go thru THAT much work to turn your entire website into an ad widget, then you might as well invest that cash in just doing a lot of CPA-ads and offering screaming deals to get people to CLICK ON THE DAMN F-ING Thing.
Let’s not forget, this is an AD after all. And you have this really expensive, high touch, thing called a WEBSITE that is ONLY ONE MOUSE CLICK AWAY!>!>!>!>!>
So why would you spend THIS much energy gilding a lilly when what you really want is to get users to experience the REAL, unconstrained version of the site.
If the user cares THIS MUCH about buying something, clearly they care enough to CLICK ON THE DAMN BANNER. Saving them time inside this super constrained space is a non-starter for most people.
If you got my attention w/ the ad, then you’ve succeeded. So move on. Carrying too much engagement w/in suboptimal spaces actually risks buyer frustration and poor user experience –ON TOP OF the fraud potential.
Clever “concept” — however, it is not well thought through. This is the classic Silicon Valley shoot before you ask questions company I would expect from a mgt team that has never worked in advertising OR ecommerce for any appreciable length.
This is a perfect idea and we should admit that these people worked really hard to make this application work I think. I would say, their strategy was wrong, as you say it is not a good idea to share you cc info with an unknown widget.
They can defend that the site which shows the widget is a second layer and the data gets stored in the main platform which I assume is SSL encrypted. But still… You pay on the widget.
Here is a better way to enable e-commerce in a banner ad:
http://www.lce-...ma/banners/lce/
you lost me as soon as a window popped up..
why so much negativity over this issue ? if someone is going to hack the host site, they can do so irrespective of whether there is a widget there or not.
plus, i believe that credit cards are automatically insured against fraud.
personally i believe these types of widgets will be the standard in a few years, and people will look back on static image banners and laugh.