I'm curious why these ads are even allowed to get through the network in the first place. Is there just NO content reviewing taking place? That's seems negligent on Google's part. There is no reason for an ad like that to exist on any webpage, period. It should have been blocked at the source.
Where is the 3-strikes policy in the ad space? Google is so eager to punish its Youtube streamers for running questionably offensive content, and yet it continues to let advertising scum like this run rampant across its ecosystem.
> Google is so eager to punish its Youtube streamers for running questionably offensive content, and yet it continues to let advertising scum like this run rampant across its ecosystem.
Youtube streamers are not cients, they are content creators. Just like newspaper sites, the average email user, or, in this case, paint.net.
Google can afford to treat content creators poorly, but they won't slight real clients : people actually paying them money. No matter how scummy these are.
And one of the download button ads that I just checked (EasyPDFCombine) is "getting trough" 3 separate Google "reviews" if I understand correctly how this scheme works:
1. The misleading download button Google ad.
2. After clicking the ad they ask the user to install their extension from the Google Chrome Web Store [1].
3. After installation, the extension replaces new tab page with their own which includes a "custom" search engine "Enhanced by Google" [2].
4. PROFIT!!!? They make money when the user clicks a Google ad in their search results on that new tab page.
I'm not sure how it's worth it for Google because with the extension installed they are sharing part of their search results revenue with the owner of the extension compared to the users directly using the Google search when there is no extension to "hijack" it.
From the users perspective: Sure, it's not a ransomware level malware but it's still a PUP and the users are annoyed that they were "tricked" into installing it and their new tab page has been changed, as it can be seen in almost all of the reviews for their chrome extension, and almost all the first page google result for "EasyPDFCombine" is about how to remove this "virus".
It's the same decade old trick from the same company: Mindspark aka MyWebSearch aka Ask Toolbar and many more names.
I found this kind of misleading download buttons to be very common for free (no-cost) Windows software, and I also can't understand why Google is unwilling to put a stop to it. I'm pretty sure that this class of advertisement can be quite reliably identified with machine learning techniques, of which Google is so fond.
I wonder if they ran an A/B test on customer spending depending on the time it takes from "uploading" an ad to the network and the ad showing positive metrics. My guess is the result of such a finding would impact the duration and thoroughness of the review process.
And my guess is youtubers make up such a small slice of revenue that the threat of lawsuits outweighs the convenience of the customer.
Looks nice, but I would always prefer Chocolatey (https://chocolatey.org/packages). Reason: More (and easier to customize) packages / applications to get.
Everyone seems to give Google the benefit of the doubt here. Is it possible they aren't doing anything because they are making lots of money from this ethical grey area?
The incentives seem perfectly aligned... the advertiser doubtlessly doesn't care about whether it's a scrupulous ad or not. Paint.NET authors make money, and Google makes money.
This is entirely it. It's not nearly offensive enough to get the "you're putting racist ads on my page" level of public uproar for them to do anything about it. And distributing malware is incredibly profitable. They simply have no incentive to stop. And trying to moderate it would cost them money, both in terms of effort to review ad submissions, and lost revenue from the ads themselves.
Heck, Google likes to brag about how Chromebooks don't get viruses. Distributing viruses for Windows PCs only helps their bottom line. (You'll also notice that Windows support-related search queries have malicious ads, and no ads display at all for Chromebook or Google support-related search queries.)
The terrible experience of pulling down an installer for Paint.net was one of the final straws that pushed me to move over to using chocolatey for windows workstation setup.
> choco install paint.net
Unfortunately, while that allows me to never see fake download-button ads when pulling down software for my machine, one place it's still a nightmare in is the world of getting minecraft mods installed on a kid's computer. Picking out the real download link from among all the fake ads is sometimes a real challenge.
Yep, the only time I've ever managed to install malware was trying to put a very ordinary Minecraft mod on for my kid. How to feel stupid in one easy move.
My question is why is it so easy to have advertisements that directly link to downloadable software? If I'm clicking on an advertisement I want to know more about a product, not be forced to run a binary of which I have no certainty of it's true purpose. Or am I thinking wrong? If you disallow download based advertising including linking to pages that only offer you a download, this could be a little more useful against malvertisements. More reason to run an adblocker.
I can't believe Google couldn't categoricatically add context to these type of ads if they really cared.
Google knows the ad link. Google can crawl the target page / file. If it's an installer, Google can run it in a VM and note what ends up being installed.
If you can't pull a clear "this is crapware" signal out of that, then their ML is a lot less advanced than it seems.
And if they can, then just automatically put a stronger visual border around it with something like "This is an advertisement" in bold. Then let advertisers sort it out. Google penalizes SEO they disagree with all the time, and people stop doing it because they don't want to take the hit.
And I'm pretty sure it is (image recognition) and they don't... so... advertising buys trump "don't be evil."
The problem is enforcement. Telling malware distributors "that's not allowed" obviously isn't going to do anything, and it's easy to have the ad go to one place when Google is investigating and another when a user clicks the ad in the wild.
Clicking the advertisement does what you want. It doesn't download anything (at least the one I clicked on), it takes you a site with more information where you can download the advertised thing.
People must remember that Google is first and foremost an advertising company. 90% of its revenue comes directly from advertising. Anyone who thinks they will prioritize anything over ad revenue is either very naive or very stupid.
Google's CEO declared it's "AI first" and they developed TensorFlow. If they wanted to, they could have easily prevented those ads from entering their network.
Might be easy, and I imagine they are going to shuffle employees around (they read HN) believe it or not, they are humans and make mistakes. It's very likely that up to this point in time, they didn't think to use ML on proposed ads, and even if they did, it's not like every employee working at Google has ML skills yet. The most advanced ML departments there are probably already working on their top priority issues that need ML. Second tier ML guys at Google are probably the ones that are learning ML just like many devs on HN, won't quite have the expertise to get this stuff moving quickly.
But yes, if they wanted to, they can divert their more advanced ML teams to tackle specific issues like this first and get it done. I really doubt this is a high priority issue for them.
To be fair, this is not just Paint.NET. I am a Adsense publishers and I had the chance to talk to "optimizers" from the Adsense team from time to time, and I told them how much I loath those "Download" ads... unfortunately, up to today, things haven't improved, and there is little an Adsense publisher could do, because you can ban those ads in your Adsense panel, but usually they just show up a few days later under a different account.
And as unpopular as the idea is with geeks, I think this illustrates the need for a "walled gardened" for the majority of users where each app is sandboxxed. Something like this couldn't happen on iOS, ChromeOS or Windows 10s.
Most non developers would be served perfectly fine with a locked down OS.
What it illustrates the need for is understanding why you're receiving things (which is a pretty vital outside of software, too). If you pay for your product then you won't see phishing on the download page. If it's a subscription fee, then they're going to make it difficult to abandon or switch away from. And if it's "free", then who knows what's going on - maybe the product will wantonly encourage spending money (advertising), or manipulate you towards a paid service. Or maybe the secret motives are innocuous, like the dev's resume or (very rarely) the common good, but you need to understand that before you know what's coming.
So you want to limit creativity and empower big companies even more by pushing forward walled gardens, because there are too many ads on the download page of one paint app out of a myriad?
You can report these bad ads by clicking the small X in the corner. Please do that if you ever see any of those, and they'll be replaced by other kinds of ads (and hopefully over time they'll get enough reports to be removed.)
Hmm I tried this and I see 4 reasons:
(1) Seen this ad multiple times
(2) Already bought this
(3) Not interested in this ad
(4) Ad covered content
There doesn't seem to be an option for "this ad is a huge DOWNLOAD link directly above the actual download link on a page that offers to help me download software." I did try filling out the form at https://support.google.com/adsense/troubleshooter/1190500 with this info, though. There was no way to indicate with a screenshot in that form exactly what the bad ad was.
Just curious, why single out Paint.NET exclusively? These types of ads have a long history all over the Internet, even on more popular sites than this - isn't this more of a Google issue than an individual website operator?
Interesting, I've visited this website multiple times before and didn't know about this problem until today. Ad blocker browser add-on seems to be doing its job really well.
I think this was the exact same downfall as SourceForge. It's great we don't live in the SoftPedia/SourceForge days anymore (or maybe it's just me, I'm on a Mac now).
A close friend used IE to get Google Chrome. They clicked the first result and luckily I was able to stop them before starting the install on some crapware.
So I asked them to be careful to ensure the download site is correct and left them to it.
I came back to find they had downloaded some other crapware.
I checked the search results. The ENTIRE first one and a half page of results were advertisements for versions of crapware which may or may not have been Chromium or Chrome lookalikes with lots of malware.
I hope the author of Paint.NET will see this submission and removes the ads. I'm a big fan Paint.NET and made a donation. But this practice is just shady and makes no honor to the author of otherwise great application.
So why do they allow banner ads to look like download buttons anyway? I mean, there's no real reason you should be able to pass an ad off as a download link, so wouldn't the obvious answer just be to ban ads that look like that?
Heck, you could probably even automate that process with Google's technology. If OCR technology can identify captchas, it can probably identify button shapes in images or text that looks like program information.
If it is about the money for Google, can't they at least put a warning over the ad that says "Are you really sure you want to download [Some Malware]?" if you hover/click on the ad.
Nevermind, the right thing to do would be to ban these kinds of ads outright, but we can't count on them to do that now, can we?
I always recommend against Paint.NET precisely because of its adware-ridden website. There are enough free, open-source alternatives that you don't really need it. Hell, even IrfanView can do little image edits if you need something really damn quick.
[+] [-] zeta0134|9 years ago|reply
Where is the 3-strikes policy in the ad space? Google is so eager to punish its Youtube streamers for running questionably offensive content, and yet it continues to let advertising scum like this run rampant across its ecosystem.
[+] [-] pyrale|9 years ago|reply
Youtube streamers are not cients, they are content creators. Just like newspaper sites, the average email user, or, in this case, paint.net.
Google can afford to treat content creators poorly, but they won't slight real clients : people actually paying them money. No matter how scummy these are.
[+] [-] spyder|9 years ago|reply
1. The misleading download button Google ad.
2. After clicking the ad they ask the user to install their extension from the Google Chrome Web Store [1].
3. After installation, the extension replaces new tab page with their own which includes a "custom" search engine "Enhanced by Google" [2].
4. PROFIT!!!? They make money when the user clicks a Google ad in their search results on that new tab page.
I'm not sure how it's worth it for Google because with the extension installed they are sharing part of their search results revenue with the owner of the extension compared to the users directly using the Google search when there is no extension to "hijack" it.
From the users perspective: Sure, it's not a ransomware level malware but it's still a PUP and the users are annoyed that they were "tricked" into installing it and their new tab page has been changed, as it can be seen in almost all of the reviews for their chrome extension, and almost all the first page google result for "EasyPDFCombine" is about how to remove this "virus".
It's the same decade old trick from the same company: Mindspark aka MyWebSearch aka Ask Toolbar and many more names.
[1] https://chrome.google.com/webstore/detail/easypdfcombine/kpo...
[2] http://hp.myway.com/portal/ttab02/index.html
[+] [-] photon-torpedo|9 years ago|reply
[+] [-] ben_jones|9 years ago|reply
And my guess is youtubers make up such a small slice of revenue that the threat of lawsuits outweighs the convenience of the customer.
[+] [-] ajmarsh|9 years ago|reply
[+] [-] FlorianRappl|9 years ago|reply
[+] [-] monochromatic|9 years ago|reply
[+] [-] dizzy3gg|9 years ago|reply
[+] [-] johnnyb9|9 years ago|reply
The incentives seem perfectly aligned... the advertiser doubtlessly doesn't care about whether it's a scrupulous ad or not. Paint.NET authors make money, and Google makes money.
[+] [-] ocdtrekkie|9 years ago|reply
Heck, Google likes to brag about how Chromebooks don't get viruses. Distributing viruses for Windows PCs only helps their bottom line. (You'll also notice that Windows support-related search queries have malicious ads, and no ads display at all for Chromebook or Google support-related search queries.)
[+] [-] Camillo|9 years ago|reply
[+] [-] jug|9 years ago|reply
[+] [-] kuschku|9 years ago|reply
Screenshot taken 2 minutes ago: http://i.imgur.com/FOcB46m.png
[+] [-] wernsey|9 years ago|reply
[+] [-] oceanswave|9 years ago|reply
[+] [-] jameshart|9 years ago|reply
[+] [-] julianz|9 years ago|reply
[+] [-] ThomW|9 years ago|reply
[+] [-] Nexxxeh|9 years ago|reply
[+] [-] giancarlostoro|9 years ago|reply
[+] [-] ethbro|9 years ago|reply
Google knows the ad link. Google can crawl the target page / file. If it's an installer, Google can run it in a VM and note what ends up being installed.
If you can't pull a clear "this is crapware" signal out of that, then their ML is a lot less advanced than it seems.
And if they can, then just automatically put a stronger visual border around it with something like "This is an advertisement" in bold. Then let advertisers sort it out. Google penalizes SEO they disagree with all the time, and people stop doing it because they don't want to take the hit.
And I'm pretty sure it is (image recognition) and they don't... so... advertising buys trump "don't be evil."
[+] [-] GeneralMayhem|9 years ago|reply
[+] [-] Buge|9 years ago|reply
[+] [-] deprave|9 years ago|reply
Google's CEO declared it's "AI first" and they developed TensorFlow. If they wanted to, they could have easily prevented those ads from entering their network.
[+] [-] coding123|9 years ago|reply
But yes, if they wanted to, they can divert their more advanced ML teams to tackle specific issues like this first and get it done. I really doubt this is a high priority issue for them.
[+] [-] theDoug|9 years ago|reply
[+] [-] mrsaint|9 years ago|reply
[+] [-] scarface74|9 years ago|reply
Most non developers would be served perfectly fine with a locked down OS.
[+] [-] twhb|9 years ago|reply
[+] [-] FatalBaboon|9 years ago|reply
It's like adding regexp to have one more problem.
[+] [-] ocdtrekkie|9 years ago|reply
Companies should be held responsible for the ads they distribute, it's the only way to make them care enough to vet the ads they push.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] yuriks|9 years ago|reply
[+] [-] mherdeg|9 years ago|reply
There doesn't seem to be an option for "this ad is a huge DOWNLOAD link directly above the actual download link on a page that offers to help me download software." I did try filling out the form at https://support.google.com/adsense/troubleshooter/1190500 with this info, though. There was no way to indicate with a screenshot in that form exactly what the bad ad was.
[+] [-] mynewtb|9 years ago|reply
[+] [-] brodie78382|9 years ago|reply
[+] [-] mkup|9 years ago|reply
[+] [-] coding123|9 years ago|reply
[+] [-] emmelaich|9 years ago|reply
A close friend used IE to get Google Chrome. They clicked the first result and luckily I was able to stop them before starting the install on some crapware.
So I asked them to be careful to ensure the download site is correct and left them to it.
I came back to find they had downloaded some other crapware.
I checked the search results. The ENTIRE first one and a half page of results were advertisements for versions of crapware which may or may not have been Chromium or Chrome lookalikes with lots of malware.
[+] [-] dgudkov|9 years ago|reply
[+] [-] wernsey|9 years ago|reply
[+] [-] JCharante|9 years ago|reply
[+] [-] CM30|9 years ago|reply
Heck, you could probably even automate that process with Google's technology. If OCR technology can identify captchas, it can probably identify button shapes in images or text that looks like program information.
[+] [-] wernsey|9 years ago|reply
Nevermind, the right thing to do would be to ban these kinds of ads outright, but we can't count on them to do that now, can we?
[+] [-] tehwebguy|9 years ago|reply
[+] [-] Grue3|9 years ago|reply