Slashdot Mirror
Google Targets Fake "Download" and "Play" Buttons (torrentfreak.com)
AmiMoJo writes: Google says it will go to war against the fake 'download' and 'play' buttons that attempt to deceive users on file-sharing and other popular sites. According to a new announcement from the company titled 'No More Deceptive Download Buttons', Google says it will expand its eight-year-old Safe Browsing initiative to target some of the problems highlighted above. 'You may have encountered social engineering in a deceptive download button, or an image ad that falsely claims your system is out of date. Today, we're expanding Safe Browsing protection to protect you from such deceptive embedded content, like social engineering ads,' the company says.
I agree. There are tons of fake download links on otherwise reputable sites, there are gray area sites like TPB where you have to be careful what you click, and there are tons of fake download sites where none of the links are legitimate at all. Try Googling for "[random device] driver" and you get many dozens of bullshit SEO'd sites where all the links point to some EXE full of who-knows-what. I hope they're going to combat all three categories.
As an aside, I wonder if SourceForge will get penalized...
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Microsoft could have worked on an alternative executable format that is safe and sandboxed
You mean MSI / Windows Installer Service? That's about as good as you can hope for, but it does nothing for a user who is convinced they are downloading a program - and digital signatures aren't even shown to the user to match against the name of the software being installed. It only shows if there's not one or it's invalid.
If the user thinks they're going to install software, they're going to give it admin permission to install necessary registry and file permissions. How do you sandbox that away without blocking a legitimate installer?
All you have to do is sign up for Google Adsense to end up on Google's blacklist. That's going to backfire real quick. They still have fake download buttons on Adsense.
Sites want to get indexed by google. If a site hosts ads that have bullshit Deceptive practices google can downrank them. Google doesn't have to be 100% effective. Even a crude system for spotting these is going to turn up hits if a site isn't blocking these kinds of adertisers. And so on. If a site doesn't do it's own ads but instead hosts ads from and advertising aggregator and they do this bullshit then the site will drop them to stay in google's good graces.
And so all google has to do is scan adds that show up in content providers and then punish them. so it's top down.
They can also try to go bottoms up, and seek out companies that do these kinds of ads but that's going to be impossible to block unless they are actually hosting the page. However that's not completely nuts. companies like Opera and Amazon who offer compression and caching of web pages in their browsers do have the capacity to edit the webpage to remove content from ad agencies they deem to be scum.
Does google do that for android mobile? (I have no idea). But apple is talking about ad blocking. And thrid parties like ad block plus have the capability to erase ads from nasty advertisers.
Once these technologies start denting revenue and page views those ads will dry up by themselves.
Some drink at the fountain of knowledge. Others just gargle.
That same green "play button" image is displayed millions of times per day, linking to the same URL. They only need to check it once to discover that it's bogus. Then Chrome can block it for all Chrome users who see that image linked to that URL.
That does involve communicating something about the block list between Chrome and Google's blacklist server. Hopefully they get that part right. The right way will probably involve communicating a strong hash of the two URLs rather than the URLs themselves.
This is probably the reason why Google is doing this. They realize that more and more people are using ad blockers because of fake download buttons and malware serving ads. As an ad provider themselves, Google is doing this to help their bottom line. It will also help the bottom line of other advertisers, and also help to bring a little bit of trust back to the advertisers.
I run a site that offers downloads of files. I have advertising on that site. A large number of those ads, obviously context-sensitive, display fake "Download" buttons on them.
Guess who is my ad provider? Google AdSense.
Google, heal thyself.