How is it possible that in this screenshot, the URL shown on the sponsored result / ad is "<a href="https://www.brew.sh" rel="nofollow">https://www.brew.sh</a>"?<p>Can a Google search ad display a different value there than the actual origin of the page?
I don't get what non-malicious reason there would be for not automatically verifying domain ownership of display urls as an advertising network. The advertiser is highly likely to already have a Search Console account in which they'd have had to verify it, and URL verification is easily done by all kinds of systems via meta tags, CNAME or TXT entries, etc. Why not for ads?
Every time there's this kind of news, there's always other comments with similar news: <a href="https://x.com/alexrozanski/status/1881043544204599330" rel="nofollow">https://x.com/alexrozanski/status/1881043544204599330</a> (or <a href="https://www.reddit.com/r/Bitwarden/comments/1cwc0r9/caution_a_sponsored_google_head_result_for/" rel="nofollow">https://www.reddit.com/r/Bitwarden/comments/1cwc0r9/caution_...</a>)<p>And then some people here attacked content blocker users with:<p>> Why would I, as a developer whose income stream is based on advertising, intentionally cater to users who are costing me money?<p>> you're destroying the open web<p>If even the FBI calls out your industry[1], sorry, your AdTech industry, your source of income is beyond broken now.<p>[1]: <a href="https://www.ic3.gov/PSA/2022/PSA221221" rel="nofollow">https://www.ic3.gov/PSA/2022/PSA221221</a>
Ugh, I've seen this before with Todoist. I got as far as downloading the app package before realizing it was spelt incorrectly, and so was the domain. (Though the domain was correct in the ad, and the ad was identical to the actual search result below it.)<p>It has to be deliberate by Google at this point.
SEO is also damaging the search engines, and IMHO should be considered as a viral activity.<p>It is not uncommon to find a legitimate software site on the second page of a search, while all the hits on the first page are crap, often with malware added.
That has to be the most suspicious possible alternative they could have chosen to "blindly pipe curl into bash," which most developers would probably run without a second thought.