From the article: "Others pretend to be “Download” or “Play” buttons, as if clicking them would provide access to the video content or stream the user had wanted. "<p>These are actively being served through Google Adsense, right now.<p>Here's a few example, live sites, where I see "Download" buttons in an ad, in a context that would be confusing.<p><a href="http://www.getpaint.net/index.html" rel="nofollow">http://www.getpaint.net/index.html</a><p><a href="http://downloads.tomsguide.com/PaintNET,0301-4883.html" rel="nofollow">http://downloads.tomsguide.com/PaintNET,0301-4883.html</a><p><a href="http://filehippo.com/download_paint.net/" rel="nofollow">http://filehippo.com/download_paint.net/</a>
From Wikipedia[0]:<p>> <i>Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.</i><p>Honest question: When you take a look at the "manipulation of people into divulging confidential information" part, wouldn't this, by definition, incriminate the vast majority of the modern ("Internet 2.0") web, WRT unremovable-cookies, tracking, "analytics", and so forth?<p>I fully admit there is a difference between downloading a random AdobeFlashPlayerUpdate.exe or MacKeeperApp.dmg from a malicious site and having all your personal data and information about you sent off to a 3rd party company......but where do we(or Google, here) draw the line?<p>Just last week, Facebook started gleaning contacts from my phone and injecting them into the "People you may know" page - these were people I did NOT want on my Facebook - ranging from business contacts to tinder matches.
I knew this was (sadly) standard behavior for users of the Facebook App, or users of "Facebook for Mobile", but I have never given my phone number to facebook, not once, and I only access it via a mobile browser.<p>Is it social engineering to see my recent searches in the Amazon app on mobile reposted on Facebook on my desktop Web browser?<p>[0]: <a href="https://en.wikipedia.org/wiki/Social_engineering_(security)" rel="nofollow">https://en.wikipedia.org/wiki/Social_engineering_(security)</a>
It's worth remembering that this is the pain point Adsense and Adwords originally solved for by only allowing a title, 2 lines of text, and a URL. And they did it so well they disrupted/killed a mutli-billion dollar industry of online flash ads practically overnight.<p>And then they become that problem by taking on flash ads a few years ago.
What about on their own sites? Like YouTube?<p>Yesterday I just saw a banner ad on a YouTube music video - from Google AdWords - that was alerting me I may need some "Drivers" for my machine and I should get them from some suspicious company called TechSoft or RealSoft or something like that. It was the "dying car alarm drops a sick beat" extended remix if that's of any interest.<p>I did take a screenshot but don't have it handy right now.
The only time I have been bothered with these kind of ads, is when DoubleClick serves me those on my Android.<p>DoubleClick certainly is not the worst offender of this, but they are the biggest player. Is Google going to block/penalize the sites of their own customers? That would feel weird. Is Google going to block/penalize the sites of their competitors? That would also feel weird.
And Google's own Adwords ads looking more an more like organic search results and pushing the organic results further down the page isn't social engineering at all, right?
Can't wait until Google has to block websites using AdSense because they themselves served such an ad through a reseller.<p>...or until they don't and have an Anti-Trust suit on their hands.
>[Update: Google published this news today on its corporate blog, but this was previously announced earlier this year. We’ve asked Google to clarify why it was republished, if that was in error, or if it represents any changes since the first announcement.]<p>This was previously discussed at <a href="https://news.ycombinator.com/item?id=11032270" rel="nofollow">https://news.ycombinator.com/item?id=11032270</a>.
Well I block ads on my desktop so I'm not really seeing fake "download" buttons that often. On the other end what really bothers me on mobile (using the latest chrome) is ads automatically redirecting me to another site, happens quite regularly when I browse Google news. I don't really know if those ads use an exploit of some sort or if they consider I've clicked the ad when I only tried scrolling the page with my finger but that should clearly be checked. And it happens on well known newspapers websites, not that I was browsing some obscure shady part of the web...
Will they do that on their own sites too ? like youtube or blogger ? because yes, I got plenty of "Your computer is infected by a virus, Please call Microsoft hotline" popups from those.
That's rich, coming from them. When I used mobile apps with ads, the majority seemed to be fake "update battery driver"/"uninstall virus" type nonsense. In flashing red and yellow.
I see this warning in effect on <a href="http://kat.cr" rel="nofollow">http://kat.cr</a> in Chrome:<p><pre><code> Deceptive site ahead
Attackers on kat.cr may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).</code></pre>
Since sites like this are so ubiquitous, I wonder if users will see warnings like this so often that they'll start to ignore them and just click "proceed" without thinking.<p>It's definitely a step forward in the right direction, provided Google Adsense, well, adheres to their own company's guidelines…
This is a good start to solve an old problem. However they need to start filtering out their own ads. I don't know which is easier, catch them before it goes live, or after, but either way... that's something in the right direction.
Hmm... I just saw this mess on Youtube today. An "Ads by Google" ad for some malware.<p><a href="http://i.imgur.com/vQkjZWU.jpg" rel="nofollow">http://i.imgur.com/vQkjZWU.jpg</a>
Most people don't realize that Google's "Safe Browser" sends via Chrome & Firefox the URL of ever single URL you visit to Google; as far as I'm able to tell.