Slashdot Mirror
Google's Fraud Squad Battles Phantom Clicks
An anonymous reader writes "It's an open secret that low cost workers in India, China and other countries are hired to boost traffic for online ads by clicking on text links, banners etc. Internet marketers facing high advertising fees on search networks like Google are becoming increasingly concerned about this form of online fraud. This problem has reached a critical stage and even Google recognizes that it has been the target of individuals and entities "using some of the most advanced spam techniques for years". A Google spokesperson said the company has "applied what we have learned with search to the click fraud problem and employed a dedicated team and proprietary technology to analyse clicks.""
For 2004 about 96% of Google's revenue has come from ads.
Here is some more detailed info.
Because of thier desire for the IPO alot of financial info is now available.
the position for your adwords ads is based on CTR (clickthroughrate (%), as in clicks divided by impressions * 100) and the price you're willing to pay
What incentive does Google have to seriously reduce this type of fraud? The more clickthru's, the more they get paid!
You are thinking of Adwords, and ignoring AdSense.
If Google just let this happen, they would be saying to advertisers "you're getting screwed, but we're profiting, so we're happy." This might tarnish Google's saintly image and make people not want to pay them money.
You might as well say that cellphone companies shouldn't stop phone cloning, because if someone steals my identity and starts making calls to Nigeria, the phone company can bill me big time! But if they didn't do their best to stop the fraud, they would soon lose my custom.
You need to maintain a decent click-through rate to keep your ads up. If nobody clicks on your advert, it is automatically removed from circulation. If your competitor doesn't have a very interesting ad, you clicking on it might just keep it in circulation where otherwise it would not be.
It doesn't say who is paying whom for the clicks or where the clicked on links appear or who's the sucker or who's paying the people to click for bucks.
Both, probably.
On the one hand, you can get paid for "clicks" through to a victim site by the owner of that site (like Google ads). Or, you artificially inflate your marketing saavy by "demonstrating" all the traffic your site generates, so you get paid to host the victim's ads.
And it isn't trivial to write a program that will always behave like a person (in terms of browsing behavior); the amount of money that would need to be invested would probably cost more than these 3rd-world workers cost. I seriously doubt the people running these scams are interested in developing software themselves.
Besides, why "invest" in a scheme that'd probably be debunked soon anyway? Better to get in fast, steal a quick couple of bucks, and get out.
Unfortunately, that's also what will make fighting this sort of thing really hard: the ones "clever" enough to pull this kind of crap off will already have moved onto the next thing while Joe Copycat gets nailed for it.
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
If google's cache of google is down you can still use freecache's cache of google's cache of google: http://freecache.org/http://216.239.41.104/search? q=cache:zhool8dxBV4J: www.google.com/+&hl=en
Desireable search terms can go for $0.45/click. If you have a website that forwards clicks to google, you get a share of the revenue, which is what is driving the fraud.
One way to combat would be to compare the search rate from the website to the total hits on the website compare that ratio to hits on the google main page or to other affiliates. If 90% of the people hvisiting the website click on the ad link, it would be kind of suspicious.
Google ads can get very expensive. A dollar to several dollars PER CLICK. Would you like to do the math here?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
There are worms out there that make computers dial expensive premium phone services (phone sex and the like) using their modems. This is a godsend to the guys running phone sex lines... in the past, they had to (and did) break into phone line distribution boxes and install small electronic diallers (or pay a phone company repair guy to do this). Now they can just spread these things from the comfort of their own home. I still have a modem in my computer (for faxing stuff), but the phone line is disconnected when not in use. A normal virus might send my personal data (which is encrypted anyway), or trash my hard drive (which is properly backed-up), but this stuff might run up a god-awful phone bill. And no, phone companies will not refund any of it; they did not even do so in cases where rogue diallers were installed on people's phone lines.
I wouldn't be surprised if the operators of certain sites (usually with the more obnoxious and dubious ads) would stoop to such methods to boost their income from ads.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
Sites can track purchases from google, and from my experience the ads work great. I did work for two companies, and both of them loved google. Their price of advertising per purchase through google was cheapest (around 1.50 which is anywhere from 1-5% of the cost of the item) among any other online advertising they have done.
With Google it is not as easy as some other companies out there.
Google's code is placed on the site as a javascript include that then gets rendered to the screen at runtime when a browser executes it.
That means if you have a script hit the page and get the source for it, all you get is the javascript include.
If you write a page that onClick let's you view the content of the Google IFrame (the Javascript include dumps out an Iframe that then fills with a page off of Google), you will then see more of the code.
They have several layers of javascript and none of the pages render out links directly, so it is hard to scrape them with a bot, since a bot only sees the source.
You could load up the pages individually (outside of the iframe) and take a look at them, but it doesn't always work and also when you load that page, it sends back a reference to Google of what the site/location/name of the page you are loading looks like.
So if you have a site ballsweat.com that has Google Ads on it so that you can look to see what the ads look like, as you start messing around with it to get a better idea, they will see that it is no longer showing up on the site and instead showing up on your hard drive (or if you like you can put it on your server and then they can read your code that you are using).
That alone will tip them that you are looking into it - but then you could claim that it was someone else and not you (assuming it was on a drive), but then that could also mean that you just use someone else's site to test.
So anyway, back to getting the data, you would have to load up the source, and then either parse the javascript and execute it to build it the same way a browser does (hopefully there are objects in Windows that let you simulate this and then dump the post rendered contents into a variable which you can scan - don't know about that),.
OCR is out of the question since that is not going to get you the proper link (the links are listed, but the payment only goes out if you click on the link which first routes it through a Google site so it can register the click and track the stats and then redirects you to the site). When you mouseover it shows the regular site link, but that is done via javascript.
Then you run the issue that Google would have to be retarded to just let a single IP crunch through a ton of ads everyday.
So then you have to worry about spoofing - in this case it could arguably be blind spoofing - but the problem there isn't that you want to load web pages - that would actually work with blind spoofing (say I am computer A, and I want to tell server B that computer C is connecting to it, and that it should send the page data there), but the problem is again that it is only going to send raw HTML/javascript source down that connection and it is them going to drop off of that machine.
So the site (Google in this case since you loaded a page and then "clicked" a link) registers the hit, but the page never gets rendered, so the Google page is never displayed and the redirect never happens - one could assume that Google is aware of this and wouldn't count that as a hit since the other page never gets loaded.
So even if you could past all of that (heh, feels like shades of Oceans 11), then there is the issue that Google (technically it isn't Google, but a series of companies that they farm out the AdWords content - learned that from an investment bank friend that sat in on the IPO workings - yay) monitors this shit and looks for anomalies.
So while you were getting 200 hits a 2 clicks every day for a month, if you all of the sudden are getting 2000 hits and day and 200 clicks, they are going to investigate your site.
If nothing has changed to show that there should be new interest in your site (new ad placement, new content, etc) and they can do searches and see that there aren't any new sites pointing to you - then all signs point to you cheating.
And then on top of all of that, we can show that a Gaussian distribution
There are some odd things afoot now, in the Villa Straylight.
I doubt it would be illegal. A lot of the old dialup "Web Accelerators" usto do something similar to this. They would start to download likely next page links once the page had loaded, and then when the user clicked the page would already be half downloaded.
But, let's follow your idea to the logical end. If web ads no longer paid money, there would be a lot of smaller sites that would have to either shut down or start charging for content to cover bandwith costs. Keenspace for comics would likely no longer exist. Many tech review sites would go pay only. Is that the future you wish for the Internet?
I agree that pop-ups and pop-unders are annoying as hell, and I block them as well. But, when I see a banner ad, I just ignore it. The web is not free, content providers need to cover their costs somehow.
--Demonspawn Armageddon