These are actively being served through Google Adsense, right now.
Here's a few example, live sites, where I see "Download" buttons in an ad, in a context that would be confusing.
http://www.getpaint.net/index.html
I only see them when using chrome on Android these days. I generally use Firefox with an ad blocker on both windows and Android to combat it. I disable on some sites to support them, donate where I can, subscribe to YouTube red/Google music, etc to be sure I support content.
Are you sure they are ads, and not the site redirecting you based on your useragent? I've had some sites that have apps do that, but I've never had an add automatically direct me to the Play store before.
It's never "weird" for a company to choose not to attack its own revenue base.
There should be a button to report them. Please report them.
Edit: I found the feedback form: https://support.google.com/adwords/troubleshooter/4578507
> Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
Honest question: When you take a look at the "manipulation of people into divulging confidential information" part, wouldn't this, by definition, incriminate the vast majority of the modern ("Internet 2.0") web, WRT unremovable-cookies, tracking, "analytics", and so forth?
I fully admit there is a difference between downloading a random AdobeFlashPlayerUpdate.exe or MacKeeperApp.dmg from a malicious site and having all your personal data and information about you sent off to a 3rd party company......but where do we(or Google, here) draw the line?
Just last week, Facebook started gleaning contacts from my phone and injecting them into the "People you may know" page - these were people I did NOT want on my Facebook - ranging from business contacts to tinder matches. I knew this was (sadly) standard behavior for users of the Facebook App, or users of "Facebook for Mobile", but I have never given my phone number to facebook, not once, and I only access it via a mobile browser.
Is it social engineering to see my recent searches in the Amazon app on mobile reposted on Facebook on my desktop Web browser?
[0]: https://en.wikipedia.org/wiki/Social_engineering_(security)
Wow. Just wow. That seems like such a horrifically bad idea. The worlds represented by FB and Tinder are almost diametrically opposed and I imagine that people who use both would never want any mixing. We are one FB bug away from some serious embarrassment.
As developers this isn't hard to implement, but it is a bit extreme.
There is also the question of business contacts, whom I have only had connection with via Voice Call and Text message (no external app and permissions given), showing up in my feed. Of course, this could be permission given on THEIR side that is reciprocating on my end, but again, this implementation is also extreme (ly possible).
And then they become that problem by taking on flash ads a few years ago.
I mean, the last thing I want out of ads is targeting. Nobody needs to tell me to buy things I already like.
Yesterday I just saw a banner ad on a YouTube music video - from Google AdWords - that was alerting me I may need some "Drivers" for my machine and I should get them from some suspicious company called TechSoft or RealSoft or something like that. It was the "dying car alarm drops a sick beat" extended remix if that's of any interest.
I did take a screenshot but don't have it handy right now.
And they can punish other people's websites for having malicious ads, including Google-sourced malicious ads, because that totally solves the problem!
This comment was thick with sarcasm.
DoubleClick certainly is not the worst offender of this, but they are the biggest player. Is Google going to block/penalize the sites of their own customers? That would feel weird. Is Google going to block/penalize the sites of their competitors? That would also feel weird.
Doubleclick is actually a suite of different applications.
I suppose you mean DFP (Doubleclick for Publishers). This is a google product but it doesn't necessarily display ads from Google Network. With DFP you can show ads from Google but also other networks or even your own negotiated ads. So in other words even though it's a Google Product it's designed to give publishers freedom on which ads will be displayed. If you use DFP to only show ads from Google Network such as adSense you can rest assured these are reviewed by Google for such social engineering tactics.
I suppose they might block sites that use DFP to serve ads from other networks they can't vet and don't go through good review and were detected to contain bad Ads.
Not all ads on adSense are reviewed. Or, if they are, the reviewers are doing a poor job. Locally, and on mobile devices, I get adSense ads like: "Your device has a virus. Click here to download our anti-virus software for 4.99$." Then the page shows the "404 broken robot"-graphic (it is an ad on adSense network, which spoofs Google, and scares you into downloading a paid, probably worthless, virus-scanner).
I've reported numerous ads to Google over the years: Some competitors who were not playing by the rules, but also redirects to porn websites and the (locally) infamous: Your Whatsapp has expired! Enter your phone number, so we can mine that, and charge you weekly for a fake app.
> I suppose they might block sites that use DFP to serve ads from other networks they can't vet and don't go through good review and were detected to contain bad Ads.
Likely, but this seems weird (fix/penalize DFP partner networks first, don't penalize your users for using your own product). Also from a competitor sense: I am all for protection of users (use an adblocker!), but it does not feel right that a company with the resources of Google, finally manages to rid their own network of these malicious ads (let's say for sake of argument they have), then immediately puts the ban-hammer on their less resourceful competitor networks. Perhaps that is a side-effect of owning both analytics, the ad networks, and the browser people use to view those ads.
In that model you got a free listing in a category or two but had to pay to get either additional listings (in other categories) or for an advertisement (of various sizes) in order to get phone calls. The rationale (in addition to making money obviously) was that there had to be a way to determine the serious people trying to hawk a particular or good or service from the casual players. The thinking was that if a person took out a listing or an ad saying they "sold recumbent bicycles" they must be doing that because they were willing to pay to say so. So the theory is if you pay for say something you must be fairly serious about what you are saying (in terms of things you are selling).
It showed people what they wanted to see, while other companies were focusing on what they were paid to show.
...or until they don't and have an Anti-Trust suit on their hands.
This was previously discussed at https://news.ycombinator.com/item?id=11032270.
Google's expanded it from just protecting users to also notify the network admin via https://security.googleblog.com/2010/09/safe-browsing-alerts...
(The "notify the AS owner" service existed before, but now it also notifies about social engineering content.)
[/end doing job of reporter who should have done it themselves.]
Deceptive site ahead
Attackers on kat.cr may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers, or credit cards).It's definitely a step forward in the right direction, provided Google Adsense, well, adheres to their own company's guidelines…
This source appears to show at least for downloads the browser is sending data to the API: "From Firefox 32 on, downloads are checked against the local list and a remote list if the local list does not return a hit."
SOURCE: http://www.ghacks.net/2014/07/23/prevent-firefox-sending-dow...
