Google has admitted to the BBC that it is pocketing profits from ads for illegal products disseminated from its automated advertising system.
According to the BBC report, published Monday, these ads include fake ID cards, fake passports, cannabis, and bogus London 2012 Olympics tickets.
The company told the BBC’s 5 live Investigates radio program that it keeps the money it makes from advertising such illegal services before it takes down the ads.
Google “promptly removed” illegal ads after the BBC brought them up, according to Adrian Goldberg, a 5 live Investigates presenter.
Google wasn’t quite so prompt when it was the police who did the asking, however.
It is illegal in the U.K. to sell Olympic tickets without the organizers’ permission, with a maximum fine for resellers now at ?20,000 (US$31,000).
A branch of the police dedicated to stopping crime associated with the 2012 games, the Metropolitan Police, told the BBC it is aware of the illegal reseller. That reseller, LiveOlympicTickets, was, in fact, breaking the law, the police said.
Yet the ads stayed up for more than a week after the Metropolitan Police asked Google to remove them-in fact, the ads were only taken down after the BBC contacted Google.
LiveOlympicTickets was Google’s top sponsored link for 2012 tickets and stayed up there during the lag time between the police asking for removal of the reseller’s ads and the time when Google complied.
The fact that Google’s advertising system is partly automated accounts for the bad ads getting up there in the first place. The automation part of the equation accounts for bad ads being selected for top billing, while the human intervention piece accounts for a time lag in taking them down.
If Google AdWords’s filter flags an ad as belonging to a potentially unlawful service, Google runs a manual assessment that entails a human having a look-see. If this human-automation combo finds an ad that breaks Google policy, the ad is taken down.
But as Goldberg points out, it’s easy for a seamy seller to get to the top of Google’s sponsored ad returns, simply by paying a higher cost per click than what other advertisers are offering.
Here’s what security adviser Reg Walker told the BBC about his firm’s experiment with knocking a ticket scam off the top ranking, as well as what it’s like to bring it up to Google:
We carried out an experiment around six months ago trying to knock a ticket scam site off the top of the Google AdWords results and we went up to ?28 per click and we still couldn't shift it from the top.
There's an automated complaint form, which gets an automated reply, which lets you know you're in a queue, and eventually a human being will get around to scrutinising it and do something about it.
The site could stay up for days, weeks, or possibly even months.
Unfortunately, the longer the ads stay up, the more Google makes.
Here’s what Sophos’s Paul Ducklin had to say on a related note, in light of the research he published last year on typosquatting (another murky underbelly of the Internet):
Of the 1502 active sites typosquatting on the six domains I examined in my research (Sophos, Facebook, Twitter, Google, Microsoft and Apple), 37% relied on DoubleClick...
...which is part of Google.
Screenshot of common domain parking pages powered by Google’s DoubleClick
At any rate, the BBC article included advice from Reg Walker on how to avoid making a mistake with bogus ads. In a nutshell, Walker says when you’re buying from an online reseller:
- Check out the site thoroughly. Don’t go near sites without a trading history, substantive company address, or VAT number.
- Use Google to find whatever address the retailer claims. If it’s for a mailing service or mailbox, stay away.
- Remember that the weight of Google behind an advertisement does not equate to legitimacy.
Google obviously profits from people getting snared by unwholesome online actors. Should it be expected to forgo such profits, which it makes off of others’ mistakes?
Leave a reply