What is Blockchain Technology and When is it Security Theater?

Blog post cover

Elizabeth Stark, founder of Lightning Labs and contributor to the lightning network, an example of a second-layer peer-to-peer, channel-based settlement solution.

What is Blockchain Technology?

In this whitepaper, I first give a high-level overview of blockchain technology and make a case for blockchain as security theater for privately permissioned digital ledgers. According to the National Institute of Standards in Technology from the US Department of Commerce, blockchains are “immutable digital ledger systems implemented in a distributed fashion (i.e. without a central repository) and usually without a central authority. At its most basic level, they enable a community of users to record transactions in a ledger public to that community such that no transaction can be changed once published”. This means one cannot host a privately permissioned digital ledger and still call it a “blockchain”.

Blockchain network types Illustration from “On Distributed Communication Networks”, showing three types of networks according to Baran.

Google operates the largest ad exchange in the world and decided to start investigating the use of blockchain technology in its exchange to root out “fraudulent actors.” Google’s claim that they started integrating blockchain technology into their exchange is nothing but security theater since they would essentially write themselves out of the deal between advertisers and publishers if it were to create an immutable, open, distributed public ledger for its exchange. We hear a lot of hype around “Blockchain” technology and it is important to temper this hype with the realities of implementation for this technology. Not everything can be put into a blockchain and not everything should. This blog post describes a high-level overview of blockchain (appendix) technology and how it pertains to Google’s ad exchange.

What is blockchain technology? Andreas Antonopoulos, author of Mastering Bitcoin, eloquently breaks blockchains down further into 5 pillars:

  1. Open: Anyone can access it, and participate in it without authorization, ID, ethnic origin, etc. Blockchains do not know if you are human or a piece of software when you use it.
  2. Borderless: It does not matter where you are, where you live, or where you travel. The blockchain is always there.
  3. Neutral: Anyone can make an exchange. The purpose of the exchange and the identity of the sender and receiver are not regulated.
  4. Censorship Resistant: If someone wants someone on a blockchain to stop a transaction, they cannot. No transaction can be censored.
  5. Public: The idea is that every exchange on the blockchain is verifiable on the network.

When is Blockchain Technology Security Theater?

Blockchain technology could be used to record the transfer of ad space on various sites. It could also be used to monitor user actions such as clicks and supplier site data (lead generation, clicks, re-directs). The advantage would be that it is publicly auditable and Supply Side Platforms (SSPs) do not have to trust Google to know how much is owed to the publisher. In creating a truly distributed, transparent, open, and auditable ledger, the ad exchange is essentially writing themselves out of necessity. For the blockchain to be secure, it must be open (otherwise the DSPs and SSPs are still simply trusting Google’s exchange). For the ad exchange to be open, their monetization would be cut out eventually, since they are just middlemen between the SSP and the DSP.

Google claims to “root out fraudulent actors” by implementing blockchain technology into its ad exchange. If this were true, there would be fewer attack vectors for click fraud. In reality, anyone can access a true blockchain and participate in it without authorization or identification. Blockchains do not know if the user is a human or a piece of software. To mitigate this, Google could try using a public key encryption scheme based on tokens integrated into devices within their control (such as android phones). However, they would have less control over other platforms like internet explorer, IOS devices, and countless other platforms. Effectively, using blockchain technology is not truly going to address fraudulent actors any better than not using blockchains.

It can be argued that using blockchain technology would help advertisers on the Demand Side Platform (appendix) to audit charges on traffic to their sites. However; it is not in Google’s interest to prevent click fraud unless they have a way of capitalizing on this security feature. Only the companies trying to advertise their products on the Demand Side Platform (appendix) want this protection and are often best served by purchasing third party Adwords click fraud prevention software. In reality, click fraud benefits Google just as much as the publisher hosting the ads on the Supply Side Platform (SSP). The more click fraud, the more money the exchange makes as well, which is why Google benefits primarily from using a permissioned blockchain for ad exchange purposes.

A blockchain is a computationally expensive data structure that is bigger and slower than a database. If Google decides to implement a private, permissioned blockchain to keep its ad exchange relevant, it will simply slow transactions down with no advantages over their current system, as DSPs and SSPs would not be allowed to see or write to the blockchain. Even Google’s most senior advertising executive seems uncertain about implementing blockchain technology as he says “[blockchain technology] is a research topic, so I don’t have anything super-definitive to say. We have a small team that is looking at it. The core blockchain technology is not something that is super-scalable in terms of the sheer number of transactions it can run,” Sridhar Ramaswamy, Google’s senior vice president of ads and commerce.

Below, you will find a flow chart from a peer-reviewed paper that presents their structured methodology for determining whether or not a blockchain is the appropriate technical solution to solve a given problem. If we follow its logic, we find that Google benefits most from keeping its image as a Trusted Third Party (TTP), not from creating a blockchain that would reduce dependency on a trusted third party. SSPs and DSPs might want to create a blockchain, but blockchains are too computationally expensive scale to the entire world. Therefore, they also do not benefit from a blockchain to keep track of their ledgers.

Is blockchain the answer? A flow chart for determining whether or not a blockchain is the appropriate technical solution to solve a given problem.

In creating a platform that is truly distributed, transparent, and auditable, the exchange (Google) would be abdicating their power and role as the broker between the SSP and DSP. For the blockchain to be secure, it must be open, and for it to be open, the ad exchange’s monetization would be cut out eventually. Otherwise, the DSPs and SSPs are still just trusting Google for exchange management via a private permissioned blockchain. If the technology exists for this blockchain, the need for a trusted third party is eliminated. Google is claiming they are creating a more secure exchange platform via blockchain technology, when in reality, they are using security theater in order to continue establishing themselves as a Trusted Third Party (TTP). In an ideal world, there will be decentralized autonomous applications that replace the need to rely on third parties like Google, but they will certainly not be built by the beneficiaries of the current power structure.

Appendix

  • Blockchain: Immutable digital ledger data structure implemented in a distributed fashion (i.e. without a central repository) and usually without a central authority. At its most basic level, they enable a community of users to record transactions in a ledger public to that community such that no transaction can be changed once published.
  • Demand Side Platform: Advertisers trying to market their products will find a demand-side platform to help them create ad campaigns and target specific demographics and audiences. The advertisers connect to DSPs primarily for ease of use since exchanges can be cumbersome to set up on their own.
  • Supply Side Platform: Publishers trying to monetize on advertisements connect to supply-side platforms that support various apps and websites. These platforms help connect advertisers to an exchange like Google AdWords.
  • Writers: Refer to entities with write access to the database/blockchain, i.e. in a blockchain setting, a writer corresponds to consensus participants.
  • Trusted Third Party (TTP): TTPs can function as a certificate authority.
  • Private vs Public blockchains: Public and private permissioned blockchains differ in that a public blockchain allows anyone to read the contents of the chain and thus verify the validity of the stored data, while a private blockchain only allows a limited number of participants to read the chain. Note that for any blockchain-based solution it is possible to make use of cryptographic primitives in order to hide privacy-relevant content.

References:

Further Reading on Blockchain and How it Can Impact Marketing: