Perhaps now that Google has taken steps to block websites that display these ads, Google should take steps to stop accepting these ads onto their network in the first place.
Most of the time when I see those DOWNLOAD/PLAY buttons, they're hosted on doubleclick.
I'm not sure they need to. Google's approach here tackles the problem of these ads being created from an economic direction: if nobody is seeing these ads, they won't make any CPM money any more, so their creators will stop running them.
That's a much more sensible approach than doing what you're suggesting—trying to catch specific instances of people doing something nefarious that makes them money. That just causes the people posting the ads to get more clever, such that it gets more and more costly to catch each instance. (That was helpful in the ReCAPTCHA case, since spammers were advancing computer vision techniques in the process. It's not a harnessable force in the general case.)
You're aware that people view websites through browsers which don't run Google's safe browsing software, right? How is leaving them to get tricked into downloading malware (served via Google) "more sensible"?
You're not "leaving them"; making the ROI for an ad 30% lower (given a 30% Chrome install-base) is usually enough to make the advertiser give up on that ad, because they could instead be running an ad that converts ~90% as well and not losing 30% of their impressions in the process.
Now, the advertisers who only run these mal-ads will stick around and continue running them. They're also the ones who would fight tooth-and-nail to make their mal-ads more clever, instead of giving up and switching to regular ads; so they're exactly the ones Google will have a hard time discouraging at the ad-network level.
My hope for those is that other browsers simply copy Google's strategy here. If Chrome, Firefox, and IE all do this, there's pretty much no point in running these ads any more.
The point was made elsewhere, but I think you stated it most eloquently. Here's my question though: does it not benefit the user to enforce some minimum of deterrence through automated policing on the ad acceptance side?
Yes, it's whack-a-mole, but so is SEO, and Google's continually tweaking that instead of giving up. Based on the current rudimentary techniques used by the advertisers (e.g. "DOWNLOAD!" buttons), even eliminating only such blatant examples would go a long way towards cleaning up deceptive ad's.
And as you've noted... it's not like Google doesn't have access to advanced CV techniques and the computational infrastructure to run them...
> It has nothing to do with CV, it is not an engineering problem.
Not sure what you mean by this, given that there's a human with eyeballs on the other end of the bad ad and a limited number of keywords to trick that human into undesirable actions (virus,error,infected,download,update,install).
CV is exactly the solution you'd want to use for a first-pass categorization, given that's the pathway by which the ads communicate with users.
I was going to say exactly the same thing. Blocking/warning about them at the browser level is a great move, especially as it will also work for ads not served by Google. But they should also be working to stop these ads getting published on their network as well.
I remember a few years ago AdSense was showing a lot of fake Download buttons (and users would complain about it). I haven't seen them recently, though, so I hope that means they've fixed that problem.
I just checked and the download page on getpaint.net still has a deceptive "Start Download" AdSense ad. That site came to mind because, a few months ago, I tried to be charitable and disabled ad blocking for a few days. That was the site where I decided enough was enough and started blocking again.
You're not being charitable disabling your ad blocking. You're just perpetuating a system where egregious invasion of privacy is 'the deal' for using the internet. I understand that some sites might struggle for income without advertising but if they want me to view their ads they had better find some partners who don't stalk me across the web.
The AdChoices icon is used by many ad networks, not just Google's, to indicate that there's per-user targeting happening. [1] But if you click on that "AdChoices" button and you get an AdSense help page.
I'm not too familiar with AdSense vs. DoubleClick vs. AdChoices, but when I hover the ad it shows a link to DoubleClick, the little triangle icon points to an AdSense support page, and the JavaScript to load the ad comes from googlesyndication.com. From what I understand, that all points to it being an AdSense ad.
I suspect the reason that kind of ad is allowed (despite being deceptive IMHO) is that it's not just a download link. It also indicates that it's an ad for a driver update site (which makes it even shadier to my eye, but probably not violating any policies).
I'm not at all against this move from Google - it is good sense. However, to play Devil's advocate, what are the odds this was pushed down by the MPAA/RIAA or similar? This policy more or less directly targets sites that offer free online streaming or torrent downloads of Movies/TV/Music. The sites that wind up with these deceptive ads are typically sites that provide copyrighted content to their users.
Again, this is not a bad move. But I'm curious about the true motivations. If I were the MPAA, and trying to shut down the revenue stream of sites offering free streaming and torrents, this would be one of the ways to do it. That, or Google is simply sick of receiving takedown notices - and this is one method to take these sites out of their listings before even receiving the DMCA.
Download button ads appear on websites providing useful utilities and in particular Minecraft content and add-ons. I'm having to educate my kids on what is and isn't a real download button. Its a pain in the arse.
I would say it hasn't come from the MPAA or RIAA. These deceptive download buttons appear on a myriad of sites which are not related to streaming/torrenting.
Actually when I saw the headline my first thought was sourceforge. You expect these kinds of deep web ads when perusing sites you know damn well are "less than legal" but I've seen them on a number of websites I wouldn't normally expect to, sourceforge being the worst offender in my experience.
In my experience most free online streaming and torrent downloading websites have very small hard-to-find download buttons with a lot of fake "Download Now!" ads. So this would actually make torrenting easier.
It'll be interesting to see if they block people from visiting sites that use doubleclick for ads, or if this is just an excuse for blocking sites that use competing ad providers.
I tried to flag a deceptive "Start Download" ad of this kind by clicking on this button a few days ago (which appeared on a site I run, annoyingly). The form I was required to fill out needed me to say where the link in the ad took me. So I"m supposed to click on the link in an ad which is pretty plainly attempting to install some kind of malware, in order to be able to report it? I'm supposed to either be 100% confident there's no vulnerability in my browser, or set up some kind of VM to test with, just in order to report a single, obviously malicious ad?
I just tried it on the getpaint.net site (mentioned elsewhere itt) and it only had an option box set with three options: inappropriate, repetitive, irrelevant.
But you could just right click and copy the ad link. The link would point to the ad network (e.g. googleads.g.doubleclick.net/aclk), but it would be better than nothing. Also, many ads include a domain, sometimes in a tooltip, and usually just the tld, but again, better than nothing.
