Recently we had the opportunity to interview three execs from the ChameleonX team: Founder and CEO Maor Hod, Founder and CTO Shay Elkana, and VP of Product Doron Lyabock. Their ad tech security company addresses a growing problem that is costing the publishing industry billions of dollars a year: ad blockers. Not only is ChameleonX the only pure-play company to address this problem, but they have an innovative way of doing it and a clear vision of how this will help to restore trust between publishers and users. A big thanks to Maor, Shay, and Doron for walking us through the development of their company and providing us with a deep dive on their tech.
First, tell us a little bit about the company
ChameleonX is an ad tech security company focused on securing publishers business assets. Our team is composed of experts in cybersecurity and ad tech. We’re based in Tel Aviv, Israel.
Would you consider yourselves part of the web security sector?
Yes, of course. We position ourselves as an ad tech security company, and believe revenue security is essential to maintain the web as we know it today. Our Secured Ads Layer provides publishers with tools to secure their business operation, which relies on advertising.
We believe our solution is addressing a growing market need, as the publishing industry is facing many challenges today, and the ongoing rise of ad blockers pose a significant risk for their business model.
Looking ahead, we expect that revenue security service will soon be a default setting for publishers and a table-stake product feature for CDNs (such as WAF and DDoS).
How did you come up with the idea for this company?
M: I had a chance to work with a few online media companies as an advisor, and the ad blocking subject was always brought up in our risk management discussions.
Personally, I see advertising as the coin of free internet and believe it should be a balance between users’ experience and publishers’ right to control their online business, including the ad experience they provide.
S: Maor brought this subject to my attention, and we began with some research, meeting with many publishers, and noticed this was a growing problem, particularly in North America and Western Europe. We started exploring potential solutions. However, this is a security problem that is very challenging, requiring a deep understanding of the ad blocking world and motivation. Our team went through a few cycles before we came upon a solution.
Could you tell us about the development process?
S: At a very high level, I will break the process into two phases. Ad blocking functionality is based on two main engines: 1) damaged elements and 2) firewall.
As for the damaged elements, we developed an end-to-end protection and recovery mechanism, which auto-restores and rebuilds damaged elements on the page; to test and improve this mechanism, we provided our partners a client-side solution that is used on more than 3B pages.
Also, to address the firewall challenge, we developed an advanced encryption mechanism using publishers’ backend infrastructure in a very efficient method.
How does ChameleonX integrate with publisher’s sites?
S: It can be deployed into any site with a small backend configuration, and once done our solution is entirely automatic. The publisher doesn’t need to add any code to their site. Our algorithms always monitor our clients’ website patterns, potential risks, and ad blocking software lists and methods; the system auto adapts the Security Ads Layer and makes sure it is always up-to-date.
With machine learning, are you running supervised algorithms, like through Hadoop or Spark?
S: Yes, in some of the logics.
Could you walk us through how ChameleonX would work?
M: The onboarding process is very simple and almost completely automatic. Publishers need to make a small DNS/backend configuration, and the system auto-detects and protects the site’s ad units.
Do all users see the same version of a publisher’s page, or is there room to customize experiences for subscription-based users?
D: The Secured Ads Layer comes with an applicative environment. We also provide publishers with tools for users’ engagement and dialog; we call this app myChoice, offering users the ability to customize and control their ad experience in a friendly manner (full ads, light experience, ads-free). In addition, users can select specific topics and/or opt-out of personalized ads; the app is completely customizable.
M: We believe that to resolve the ad blocking issue, you can’t simply force users to see ads. Instead, we want to provide them with the ability to select the ad experience they would like to have.
How many users choose to view the site with no ads? And are the publishers provided with these metrics?
M: We noticed that for quality sites with a loyal community, only a small percentage of the users chose to remove all advertising from the site (1.5% – 4%). Our publishers also got very good feedback from their users, who appreciated the effort to meet them halfway.
D: Our dashboard provides publishers with all the ad blocking, advertising, and verification metrics, as well as their users’ engagement stats and trends.
Give us a brief overview of the architecture. Does the customer provides a DNS to you and then it goes to the CDN?
S: Basically, yes. Regarding the system architecture, our Secured Ads Layer is very flexible and can be deployed anywhere between the publisher origin to the CDN level. Of course, the optimal position will be at the CDN level.
For example, this picture illustrates some of our available deployment options.
Do you also protect against malware?
Yes, because of the nature of our solution we do protect against malware in some cases; also, we’re integrated with leading third-party ads verification vendors to align with the IAB (Interactive Advertising Bureau) industry standards.
How do you distinguish your solution from others in this arena?
M: Both our approach and tech are pretty unique in the arena; as mentioned, we want to not only restore ads to the page but to restore users’ trust in advertising. We are looking to rebuild the relationship between the publisher and user.
As for our tech side, part of the other solutions that try to fight ad blockers are based on the client-side; using some exploits in the ad blocking extension, we believe that client-side solutions will never be good enough here. However, our edge is far from being based on our position on the server-side. It’s derived from our advanced page recovery mechanism and algorithms that we’ve developed.