This glossary provides a concise explanation of each module in the Defender suite (SEARCH, ACTIVITY, and REVIEW), along with the specific termination criteria that may lead to a respondent being excluded from a survey. The goal of each module is to preserve data quality while minimizing friction for legitimate respondents.
Description:
SEARCH is our foundational fraud detection layer, running silently in the background as respondents enter your survey from a supply source. It combines proprietary technology and third-party anti-fraud signals to identify suspicious devices, behavior patterns, and network setups. SEARCH analyzes elements like device fingerprinting, browser configurations, IP address behavior, and historical fraud records.
Search Termination Reasons:
| Reason | Code | Description |
|---|---|---|
| Duplicate Entrant | 02 | The respondent attempted to take the survey more than once. Detected via matching IP address or digital fingerprint, indicating potential duplication. |
| Emulator Usage | 03 | Detected use of software that simulates another device or operating systemâcommonly used to manipulate respondent identity or bypass detection systems. |
| VPN Usage Detected | 04 | A Virtual Private Network (VPN) was used to mask the respondentâs true IP address. When paired with additional risk signals, this raises authenticity concerns. |
| TOR Network Detected | 05 | The TOR browser anonymizes user identity and location. While not flagged alone, it contributes to risk when combined with other fraud signals. |
| Public Proxy Server Detected | 06 | The IP address used matches known public proxies, which are shared by many users and often linked to low-quality or fraudulent traffic. |
| Web Proxy Service Used | 07 | An internet-based proxy service was used to hide the userâs location or identityâcommonly observed in fraud scenarios. |
| Web Crawler Usage Detected | 08 | A bot or automated script (not a real person) attempted to access the survey. This is clearly indicative of invalid participation. |
| Internet Fraudster Detected | 09 | The respondent was flagged by third-party fraud databases based on a history of online abuse or suspicious behavior. |
| Retail/Ad-Tech Fraudster | 10 | Similar to (09), but flagged specifically for fraud linked to retail or advertising systems. |
| Subnet Detected | 11 | Multiple entries were traced to the same network segment (IP subnet), suggesting coordinated or automated behavior. |
| Recent Abuse Detected | 12 | Recently flagged for suspicious behavior by a fraud prevention provider. This flag indicates proximity to known abuse activity. |
| Duplicate Survey Group | 13 | The respondent has already entered another survey within the same project or group, suggesting potential overlap or duplication. |
| Navigator WebDriver Detected | 14 | Browser automation tools (e.g., Selenium, Puppeteer) were detected. These mimic human behavior and are widely used by bots. |
| Developer Tool Detected | 15 | The respondent had browser developer tools open during entry, which is often linked to manipulation or testing behavior. |
| WebRTC Detected IP Address | 16 | WebRTC revealed the respondentâs real IP, which showed inconsistencies or matched known risk signals (e.g., hidden behind a proxy or misaligned geolocation). |
Description:
ACTIVITY monitors a respondentâs behavior across the broader research ecosystem. This includes frequency and speed of survey attempts. Overactive users (e.g., professional survey takers or bots) tend to generate lower-quality data and are deprioritized or blocked.
Activity Termination Reasons:
Respondents with extremely high ACTIVITY scores may be terminated due to suspected professional or automated participation behavior. There are no individual termination codes; decisions are based on score thresholds.
Description:
REVIEW is a visible checkpoint page respondents must pass before entering the client survey. It includes open-ended text analysis, honeypot questions (invisible to humans), and DevTools detection. This layer is especially useful for capturing engagement and detecting bot behavior in real time.
Review Termination Reasons: