Posts

Sorted by New

Wiki Contributions

Comments

Sorted by

jefftk, you state you're open to being convinced that you're causing harm through your work. So let me take a crack:

Have you read about the "rehabs near me" incident that the Verge uncovered? https://www.theverge.com/2017/9/7/16257412/rehabs-near-me-google-search-scam-florida-treatment-centers

Yes, Google chose to act *after it became public*, but Google was operating a major market segment, where they had dedicated members of the Ads sales team working on fostering a business area that was... outright predatory. At a CPC of $230, big money was moving here. It's hard for me to credibly believe that this harm happened due to the algorithm, that no humans at Google were clearly aware of what was going on, when Googlers were being sent out to events to pitch to this market.

This business Google was involved in was targeting an incredibly at-risk segment of the population, getting wild profit off of it, and, despite being a party to fraud, gets to keep all of it's profits from having done so. The problem I see here isn't just that the Ads team gets paid for participation in criminal activity, but they have no incentive to really stop profitable illegal activity.

When Google got caught, they didn't lose a cent. So why would they be proactive about preventing harm going forwards?

I mean, I feel like at some point, I have to move into my personal anecdotes: I've done computer support for senior citizens for over a decade, and my takeaway from that has been that Google's primary business model is misleading people into clicking on ads that are indistinguishable from search results. And the reason that people call me after doing so, is because a large portion of those ads masquerading as search results are full of malware.

*Every* malware support call I've ever gotten from a senior citizen came from a search ad. Every. One. (Not all from Google Search, but every one was a "top of result page search ad" from a major search site.) And it doesn't even seem like Google's committed to making sure the ads accurately represent the destination. Google Ads are regularly hijacked, such that they present https://youtube.com or https://bestbuy.com as the destination, but lead to a fraudulent website. Here's one with a photo that hit a news site: https://www.zdnet.com/article/malicious-google-ad-pointed-millions-to-fake-windows-support-scam/#ftag=RSSbaffb68

Apparently, that's possible because marketers want to redirect URLs through shifty third party services, so Google permits ads to do something real results can't: Display a completely fake destination URL.

One of my regular examples I have pointed out before is MapQuest. A site which is still heavily used by senior citizens, who Google for it because they don't know how URLs work. Every ad served for "mapquest" on Google is a malicious scam site. And no matter how many times I report them, Google won't remove them, because nearly every dang click is a successful scam hit, so it's a wildly profitable term to sell ads on. But any time Google delivers a user to mapquest.com, they make nothing.

Ultimately, choices companies make often slide between security and profitability. And it feels to me like the Google Ads business has no meaningful commitment to security or protecting users. Scams and malware end up running rampant whenever ads are involved, that's where the money for the business segment is coming from, and ultimately, some senior citizen's lost retirement money is making it into your paycheck.

The issue here is that the advertising company's incentives are not aligned with consumers. It's in the best interests of Google for the consumer to click on an ad, not a search result. So even if Google has the best search result, it's goal is to get the consumer to click on the ad. This is a concern Sergey and Larry originally had, and expressed in their original paper. Google would rather a senior get scammed than find the right result.