Google will warn users when sites contain social engineering ads

151 点作者 PirateDave大约 9 年前

23 条评论

tyingq大约 9 年前

From the article: "Others pretend to be “Download” or “Play” buttons, as if clicking them would provide access to the video content or stream the user had wanted. "These are actively being served through Google Adsense, right now.Here's a few example, live sites, where I see "Download" buttons in an ad, in a context that would be confusing.<a href="http://www.getpaint.net/index.html" rel="nofollow">http://www.getpaint.net/index.html</a><a href="http://downloads.tomsguide.com/PaintNET,0301-4883.html" rel="nofollow">http://downloads.tomsguide.com/PaintNET,0301-4883.html</a><a href="http://filehippo.com/download_paint.net/" rel="nofollow">http://filehippo.com/download_paint.net/</a>

评论 #11482521 未加载

评论 #11482819 未加载

评论 #11482377 未加载

评论 #11484688 未加载

评论 #11483125 未加载

评论 #11482350 未加载

FilterSweep大约 9 年前

From Wikipedia[0]:> Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.Honest question: When you take a look at the "manipulation of people into divulging confidential information" part, wouldn't this, by definition, incriminate the vast majority of the modern ("Internet 2.0") web, WRT unremovable-cookies, tracking, "analytics", and so forth?I fully admit there is a difference between downloading a random AdobeFlashPlayerUpdate.exe or MacKeeperApp.dmg from a malicious site and having all your personal data and information about you sent off to a 3rd party company......but where do we(or Google, here) draw the line?Just last week, Facebook started gleaning contacts from my phone and injecting them into the "People you may know" page - these were people I did NOT want on my Facebook - ranging from business contacts to tinder matches. I knew this was (sadly) standard behavior for users of the Facebook App, or users of "Facebook for Mobile", but I have never given my phone number to facebook, not once, and I only access it via a mobile browser.Is it social engineering to see my recent searches in the Amazon app on mobile reposted on Facebook on my desktop Web browser?[0]: <a href="https://en.wikipedia.org/wiki/Social_engineering_(security)" rel="nofollow">https://en.wikipedia.org/wiki/Social_engineering_(security)</a>

评论 #11481447 未加载

brador大约 9 年前

It's worth remembering that this is the pain point Adsense and Adwords originally solved for by only allowing a title, 2 lines of text, and a URL. And they did it so well they disrupted/killed a mutli-billion dollar industry of online flash ads practically overnight.And then they become that problem by taking on flash ads a few years ago.

评论 #11486292 未加载

评论 #11484597 未加载

6stringmerc大约 9 年前

What about on their own sites? Like YouTube?Yesterday I just saw a banner ad on a YouTube music video - from Google AdWords - that was alerting me I may need some "Drivers" for my machine and I should get them from some suspicious company called TechSoft or RealSoft or something like that. It was the "dying car alarm drops a sick beat" extended remix if that's of any interest.I did take a screenshot but don't have it handy right now.

评论 #11482135 未加载

putaside大约 9 年前

The only time I have been bothered with these kind of ads, is when DoubleClick serves me those on my Android.DoubleClick certainly is not the worst offender of this, but they are the biggest player. Is Google going to block/penalize the sites of their own customers? That would feel weird. Is Google going to block/penalize the sites of their competitors? That would also feel weird.

评论 #11481349 未加载

评论 #11481755 未加载

评论 #11483389 未加载

josephjrobison大约 9 年前

And Google's own Adwords ads looking more an more like organic search results and pushing the organic results further down the page isn't social engineering at all, right?

评论 #11481193 未加载

michael_h大约 9 年前

Why stop there? When a site contains the offending ads, push them down to page four of the results. The ads will disappear in a matter of days.

评论 #11485243 未加载

评论 #11482610 未加载

评论 #11482343 未加载

ilyanep大约 9 年前

Can't wait until Google has to block websites using AdSense because they themselves served such an ad through a reseller....or until they don't and have an Anti-Trust suit on their hands.

elcapitan大约 9 年前

I didn't even know that there are ads that don't involve social engineering.

ikeboy大约 9 年前

>[Update: Google published this news today on its corporate blog, but this was previously announced earlier this year. We’ve asked Google to clarify why it was republished, if that was in error, or if it represents any changes since the first announcement.]This was previously discussed at <a href="https://news.ycombinator.com/item?id=11032270" rel="nofollow">https://news.ycombinator.com/item?id=11032270</a>.

评论 #11482201 未加载

diegorbaquero大约 9 年前

I'm not saying an ad-blocker IS the solution, but it works on blocking not only ads but making websites faster and safer.

评论 #11482631 未加载

blaze33大约 9 年前

Well I block ads on my desktop so I'm not really seeing fake "download" buttons that often. On the other end what really bothers me on mobile (using the latest chrome) is ads automatically redirecting me to another site, happens quite regularly when I browse Google news. I don't really know if those ads use an exploit of some sort or if they consider I've clicked the ad when I only tried scrolling the page with my finger but that should clearly be checked. And it happens on well known newspapers websites, not that I was browsing some obscure shady part of the web...

spriggan3大约 9 年前

Will they do that on their own sites too ? like youtube or blogger ? because yes, I got plenty of "Your computer is infected by a virus, Please call Microsoft hotline" popups from those.

评论 #11482530 未加载

cha5m大约 9 年前

What hypocrites <a href="http://imgur.com/3Emyw5y" rel="nofollow">http://imgur.com/3Emyw5y</a>

MichaelGG大约 9 年前

That's rich, coming from them. When I used mobile apps with ads, the majority seemed to be fake "update battery driver"/"uninstall virus" type nonsense. In flashing red and yellow.

fireworks10大约 9 年前

I see this warning in effect on <a href="http://kat.cr" rel="nofollow">http://kat.cr</a> in Chrome:<pre><code> Deceptive site ahead Attackers on kat.cr may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).</code></pre>

JamilD大约 9 年前

Since sites like this are so ubiquitous, I wonder if users will see warnings like this so often that they'll start to ignore them and just click "proceed" without thinking.It's definitely a step forward in the right direction, provided Google Adsense, well, adheres to their own company's guidelines…

dfar1大约 9 年前

This is a good start to solve an old problem. However they need to start filtering out their own ads. I don't know which is easier, catch them before it goes live, or after, but either way... that's something in the right direction.

chinathrow大约 9 年前

Why warn? Why not simply drop/block them and notify the ad network/ad buyer?

评论 #11482641 未加载

jevinskie大约 9 年前

Hmm... I just saw this mess on Youtube today. An "Ads by Google" ad for some malware.<a href="http://i.imgur.com/vQkjZWU.jpg" rel="nofollow">http://i.imgur.com/vQkjZWU.jpg</a>

Strilanc大约 9 年前

They count fake download buttons as social engineering. Excellent.

评论 #11481937 未加载

guelo大约 9 年前

I'd rather my adblocker deal with these instead of my browser.

nxzero大约 9 年前

Most people don't realize that Google's "Safe Browser" sends via Chrome & Firefox the URL of ever single URL you visit to Google; as far as I'm able to tell.

评论 #11482013 未加载