John Clyman
4 min read

Buyers.json and Demand Chain Are Here: Your Chance to Improve Buyer Transparency

Buyer transparency in the programmatic advertising industry is no longer just a good idea: It’s now formally embodied and ready for adoption in a pair of specifications published by the IAB Tech Lab today.

These new buyers.json and Demand Chain Object specs extend and complement the ongoing transparency efforts that began with ads.txt in 2017 and are continuing to promote safe, trustworthy transactions. Now that the specs are final, it’s time for the industry to collectively drive their widespread adoption — since the more they’re adopted, the more everybody benefits.

Why buyers.json and Demand Chain Object?

First, a quick recap of what buyer transparency entails. It’s a cliche that sunlight is the best disinfectant, but nevertheless true that toxicity thrives in the dark and opaque corners of our industry.

Last September, I wrote an article for Adexchanger arguing that the industry needed a buyers.json standard that would be the buy-side equivalent of sellers.json. Its most immediate mission: Combating malicious ads that harm sellers and consumers by propagating scams, fraud bots, and even ransomware; damaging sellers’ reputations; and encouraging adoption of ad blockers.

The widespread interest in this proposal is reflected in pledges at the site established by the ad quality and security firm Confiant. Through intensive collaboration at the IAB Tech Lab, we’ve now delivered two interlocking specifications: buyers.json and Demand Chain Object.

Buyers.json gives DSPs, and other companies that sit between the ultimate site publisher or app developer and the ultimate ad buyer, a way to disclose the entities that provide their demand. This transparency is a crucial step toward helping identity recidivist bad actors, while laying a foundation for legitimate buyers to avoid having their identity be faked. 

A common malvertising technique is to steal creative assets from a legitimate brand and repurpose them for nefarious ends; while buyers.json doesn’t eliminate this threat by itself, it can be a piece of a more comprehensive future transaction-security framework that could help do so. Identifying the actual business entities involved in transactions is a crucial component of knowing which specific companies can and cannot be trusted.

Demand Chain Object defines how to add information to bid responses to indicate, in conjunction with buyers.json, exactly which parties are in the payment chain for the creative that will ultimately be delivered if the bid wins. It also defines how to add information about the creative’s originator in the markup that is delivered to a browser or app. This means that when a malicious or undesirable creative is observed or delivered, it will be much easier to determine the source of the problem.

In an industry where buyers.json and Demand Chain Object are ubiquitous, malicious ads will have a short lifetime because they’ll be easily traceable, and because bad actors buying through one channel won’t be able to hide, undisclosed, behind other DSPs. That disrupts the economic calculation in favor of quality: If we can sufficiently raise the barriers to entry and reduce the return on investment, propagating malware simply becomes less lucrative.

What Needs to Happen Now

Adoption of any new standard takes time and typically happens in phases. To help jumpstart this adoption, the Tech Lab has published an extensive implementation guide for buyers.json and Demand Chain Object. The implementation guide has detailed examples of what aspects of the specs are relevant to different types of participants in the industry.

Most importantly, we encourage DSPs to ensure that they are communicating buyer-seat information in all bid responses and then publishing a buyers.json file to designate which buyer is associated with a given seat ID. This is the precise equivalent of the push for sellers.json adoption in 2019 that gave buyers far better insight into the specific sources of supply so they could make more informed decisions about how to prevent fraud and find efficient supply paths.

But that’s not the end of it. SSPs and other intermediaries need to participate too, publishing their own buyers.json file, supporting the Demand Chain Object (dchain), and later, perhaps, providing reporting and controls on this information to help sellers make more informed decisions about the risk-reward trade offs of different demand sources. Here at Magnite we’re already working on those plans with our product and engineering teams.

As an industry, our efforts in transparency are far from complete. We need to continue collectively investing in techniques to ensure secure, trusted chains of both supply and demand. But today we all have one more new tool in our toolkit, and I encourage everyone to enthusiastically support its adoption.