Google – Is Good Going Bad?

Google’s corporate reputation is incredibly good for a company of its size. Yet increasingly, Google is at the scene of Internet frauds and crimes. Our CEO Rob Cheng has described our fight with unscrupulous Google advertisers, and these problems have continued. In April, a site named FasterXP.com begun to advertise with Google AdWords, hawking a product that installed several adware and spyware applications. Since we use Google AdSense, those ads appeared on the PC Pitstop site; several users were taken in before we could block the ad.

Google ads show up in the darndest places, even video files.

Since we’ve already covered the questionable nature of some Google ads, let’s take a look at where and how Google ads appear. If you do happen to get spyware or adware on your computer, you may find yourself looking at popup ads and web pages that contain Google ads on them. Sometimes the ads are the only thing on the page; other times they’re just part of the content intrusively popped into your face. Ben Edelman has examined the role of Google advertising being delivered through adware such as 180solutions. Recently, I saw yet another “innovative” Google ad display, as part of a license page for a video that’s circulating on some of the P2P networks. These are hardly the “high-quality web sites” promised by Google.

In all of these cases, it takes a click to get the money flowing. The AdWords advertiser only pays Google if the user clicks on one of the ads. But also remember that the user’s computer has been compromised by spyware; it is perfectly possible for the spyware to simulate a click from the user. Google would have a hard time telling from its end whether it’s a “real” click or not. Regardless, Google charges the advertiser for the click, takes its own cut, and pays the “web site” that hosted the ad. In the adware cases, there often isn’t much of a web site, just a popup page or two that provide the carriers for the money-making ads.

Google’s terms of service say that its ads should not be displayed in popups or by adware, but it appears to be a difficult policy for them to enforce. I have reported several cases to Google–including the one shown in the screen shot–and they have shut them down. Yet based on my own research, this is probably happening on a very large scale. I have also seen spyware that generates “fake clicks” to pages not requested by the user in order to generate a pay-per-click payout–although I haven’t yet seen it use this trick on a Google ad. Still, the technology is in place to rob both Google and its customers.

Let’s first be clear about who gets how much of the blame for these problems. There is no doubt that a lot of the blame should go to the companies and people that make false claims about their products, deploy spyware, and break the terms of agreements they have signed with Google. So in that sense, Google has been a victim of these scumbags as well. Yet Google cannot turn a blind eye and write this off as a cost of doing business, at least not if they want to maintain a stellar reputation.

When a customer is taken in by a fraud advertised through Google, it’s perfectly reasonable for Google to get some of the blame–particularly if Google isn’t acting aggressively to stop these frauds. Similarly, when a Google advertiser is charged for “fake clicks” that get them no customers, they have been robbed as well. For the sake of their products and reputation, Google needs to act. Here are some steps that I think would help:

  • Speak publicly about the types of fraud they’ve encountered and what they’re doing to stop it. Make it clear that displaying a web page to users by using an adware popup is a violation of AdSense policy and results in forfeit of all unpaid earnings. (Google pays with about a 45 day lag, so they have a decent time window to detect and stop fraud.) Provide a public tally of the number of accounts terminated for fraud and the amount of money returned to advertisers as a result.
  • Give AdSense publishers the tools they need to help Google fight. I am puzzled as to why Google hasn’t brought their technology to bear on this. The only tool we have to stop fraudulent ads is to block them by URL; there’s a limit of 200 URLs and we’re quickly reaching it. We can’t block a product, company, or product category by keywords for example. Even if the publishers just had some way to share their information about bad advertisers the problem would be better. I have provided several detailed suggestions to Google.
  • Give users some tools as well. Right now if you click on the “Ads by Gooooogle” it lets you complain about an ad that’s currently on the page. But if you were scammed a few hours or days ago, that ad may not be around at all. It would be handy if Google provided a way for users to get back to ads they had clicked earlier and provide feedback about those. In the same way, users should be able to let Google know that the ads they saw came from an unrequested popup window, possibly delivered by spyware. I know that Google has the technical tools to do this.
  • Join the fight against spyware and adware. Microsoft, Yahoo, AOL, and Earthlink are giving away free spyware cleanup tools as a way to fight the problem. We’re awash in cures, what we need is more prevention. Google can help by aggressively and publicly policing its ads to prevent their use in scams, particularly ones that provide financial support to spyware. Google could also become involved in the legislative efforts to ensure that resulting laws are aligned with its own excellent software principles.

Without some strong action on Google’s part, this problem will only get worse in a hurry.

Comments? Questions? Please make a post in the Site Feedback section of our forums.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles