
Pay up or we’ll make Google ban your ads - akeck
https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/
======
dpcan
When I ran a brick and mortar business, we ran Google Ads to get bookings, and
we could always tell when our ads weren't running, met their budget, or were
not running for some reason because our bookings would effectively drop to
zero since 2 other companies had better organic SEO than us.

THEN, one of our other competitors started outspending us a bit in Adwords. It
hurt, but wasn't the end of the world because we could afford to spend just a
little more.

However, it seems that as soon as we went over a certain amount, our budgets
started getting exceeded by about 10am in the morning.

But our competitors ads kept going.

We contacted Google to find out what was going on. None of these clicks were
even resulting in business, contacts, nothing. So we assumed the worst, our
competitor was having someone click all our ads.

This process started the downward spiral for our business. Not being able to
stay live in Adwords long enough to get any new business was devastating and I
sure as heck wasn't going to participate in clicking on my competitors ads
because that's fraud as far as I know. SO, we just suffered and I couldn't get
any support from Google.

In other news, the business has been closed for a year and Bing still lists it
as open with photos, etc. We've tried marking it closed OVER AND OVER again
and nothing is changing. We finally got on the phone to them and they actually
said they can't change the search results. It's irritating to see a year old
business open on Bing that's closed everywhere else.

~~~
Gibbon1
This brings up an unsatisfying conversation I had with an ex google person.
I've worked in the embedded/industrial side of tech for most of my career. And
the ratio of customer support vs the amount of money google is charging is
utterly shit from my perspective. My friend tried to explain why it needs to
be shit for vague security reasons but I'm unconvinced. Company collects
thousands of dollars from customers and can't be bothered to give them a phone
call when something goes sideways? Give me a break.

~~~
franczesko
Google support is non-existent. One of the reasons, why I stay away from
Google Cloud.

~~~
pg_is_a_butt
Not true... you just have to pay for it. I worked for A fortune 100 company
that was moving some things to Google App Engine, and paid for the highest
level of support. We had a list of guys we could get on the phone whenever we
needed, including the main guy in charge of everything.

I helped them fix a lot of bugs and broken processes, but I'm better than most
at making reports. If they had to deal with bad developers blaming Google for
problems that had nothing to do with Google, that would waste a lot of time.
But on the other hand, if we didn't pay for support, those problems probably
never would have been fixed, and I don't think we were ever compensated or
given discount support for helping.

~~~
jschwartzi
I don't see "Fortune 100-level support" listed on Google's website. How do I
purchase it?

~~~
drivebycomment
[https://cloud.google.com/support](https://cloud.google.com/support) says the
highest plan promises 15-min response and a dedicated account manager.

For consumers,
[https://one.google.com/about/support](https://one.google.com/about/support)
is the way to pay for the support, since they claim "Cross-Google" support. I
haven't used Google One support (even though I am a member as I have a
subscription to their storage plan), so I don't know how good it is though,
and it's not super clear how "cross" it really is.
[https://one.google.com/support](https://one.google.com/support) says 2-3 min
response for phone/chat though.

~~~
jschwartzi
What happens to my Google One plan if my account is banned for a TOS
violation?

~~~
drivebycomment
I don't know - I'm just a Google user, and I haven't gotten my account banned.
I presume it won't work ?

~~~
jschwartzi
So the reason I would want guaranteed human support from Google is in the
event they mistakenly ban my account of 13 years. If it also bans me from the
support product then it’s completely pointless.

------
Mistri
I have absolutely no faith that Google will be able to fix this. I run a small
site that gets ~5K views per day, and a few weeks ago we had a heavy traffic
day (~15K views in one day) due to a retweet on Twitter. Google marked it as
fraud, and my account was "temporarily" banned. The ban never got lifted, so I
did some research and finally got it resolved (if anyone's curious, I made a
video detailing how:
[https://www.youtube.com/watch?v=_pCoBoK1hEM](https://www.youtube.com/watch?v=_pCoBoK1hEM))

If Google marked _organic traffic_ as fraudulent, their algorithm has a _long_
way to go before they can start distinguishing between sabotage and actually
fraudulent traffic.

~~~
rhizome
Just last night I listened to something on NPR about CAPTCHA v3, which doesn't
involve checkboxes nor pointing at parking meters anymore. It samples page
activity and interactions by the user and supplies a human-likelihood score to
the site (h/t Twitter bot scorers).

So we live in a future where our activity is bounded by a variety of quality
scores. You're mostly a human, your site's increased traffic is less
legitimate...every Taylorist-Goodhartian aspect of existence is priced into
the marketplaces of society.

Perhaps a decent analogy could be Black Mirror's "Nosedive" episode, but with
endless dimensions instead of just one (which admittedly could be a derived
score from the dimensional ratings), and ratings that aren't derived from the
moods of peers and other interactors, but passively gathered from everyday
behavior.

I think this is the NPR show episode:
[https://www.npr.org/sections/money/2019/04/24/716854013/epis...](https://www.npr.org/sections/money/2019/04/24/716854013/episode-908-i-am-
not-a-robot)

~~~
DrScientist
So you train a bot to show 'human like patterns'.

The problem with relying on ML on one side is it can be gamed by ML on the
other.

~~~
rhizome
If it was easy to train a bot to show humanlike patterns, we'd have driverless
cars by now.

~~~
DrScientist
Hmm... I think training a program to fool another program is a much, much,
much, much easier problem than driving a car.

As an example, you only have to learn how to emulate a single 'human like'
pattern to fool the ML, where you target function is a simple fool or not fool
ML - once you achieved fooled you are done.

Whereas to drive a car you need to deal with all the infinite variation in
inputs you might experience in driving a car, with complex target functions ie
safety versus speed.

------
ping_pong
I 100% don't trust that Google can handle this situation. I actually hope that
this practice increases drastically so that Google will be forced to do
something about this. Because right now, Google will just ignore the problem
and let small publishers and ad purchasers suffer. There is no real customer
support so it will happen little by little and nothing will change. Google
needs a swift, firm kick in the ass to fix this otherwise they will ignore it
completely.

~~~
hoorayimhelping
I'm a pretty libertarian minded guy and I generally think the federal
government is too big and bloated, but this is exactly where they are needed.
They need to start throwing their weight at Google and telling them if they
don't start reigning in this kind of shit, they're going to get regulated to
high hell then broken up.

Google has shown time and again they do not care. I don't even know if they
employ human support reps, I've never actually spoken to anyone who represents
google other than recruiters.

~~~
jngreenlee
Also libertarian minded....have you considered that in a natural state,
businesses this large would be very hard to maintain? The fundamental business
structure we have today is based around a government-sanctioned "personhood".

If you could strip this away, there would be no corporate veil, and you could
sue the person who failed to act (or whom acted wrongly) and did you wrong.
Think of bankers at Wells Fargo creating false accounts in customer
names...hire investigator or do your own, sue, discover, repeat...there would
be MUCH MORE downside to bad behavior, even if the upside is there.

I think personally that organizations like GORE would exist, and who knows
what else might emerge...more co-ops?

Of course this does require 3rd-party alternate court systems (maybe like cert
issuers, but held to the same liability standard above?)...our current system
cannot handle this, so it may be largely academic thoughts.

~~~
sfj
If you can be sued into oblivion for even starting a business, who would try?
The corporate veil is intended to help the little guy.

~~~
graylights
If you're doing oblivion-dollars damage to someone, why shouldn't you be
accountable. Otherwise you're just making society pay the cost.

~~~
sfj
Between 36% and 53% of small businesses get sued every year according to this
article:
[https://www.google.com/amp/s/www.forbes.com/sites/basharubin...](https://www.google.com/amp/s/www.forbes.com/sites/basharubin/2014/07/14/youre-
going-to-get-sued/amp/)

If suits only happened when businesses actually did something that truly did
damage to society, then I'd agree. But reality is far from this.

~~~
istjohn
Lawsuits are part of doing business, just like taxes and accounting.

------
heisenbit
In the real world protection rackets are a stable business. You either pay up
and are protected or your business gets messed up. No sane criminal would
xerox the client list, split from the boss and also try to extort money - it
is unhealthy as the turf will be defended.

In the online world there is no concept of local. You can't protect your
clients. But then, why should clients pay up - there is an infinite supply of
copycats.

~~~
andybak
So would a valid defence strategy be for a white or gray hat to send out
millions of these threats (maybe linked to an invalid payment method so it
became impossible to pay up).

Everyone would get so many of them that the "genuine" threats would get lost
among the fake ones.

Alternatively somebody uses the same technique to send massive amounts of fake
Adsense traffic to multiple businesses without any warning thus forcing Google
to improve their customer service or validation algorithms...

~~~
inetknght
> _Everyone would get so many of them that the "genuine" threats would get
> lost among the fake ones._

So the internet will turn into the United States Postal Service then w.r.t.
advertisements vs legitimate correspondence?

~~~
saagarjha
Surely in many people’s spam folders this is already the case?

------
vorpalhex
Funny story, Twitch.tv actually has a similar problem and they seemingly have
solved it.

On Twitch, "Followers" is a tracked and important metric for streamers
(publishers). Therefore there's obviously a lot of benefit to buying fake bot
followers and inflating your count.

However, sometimes misguided fans of streamers will buy bot followers for them
intending to be helpful (or even to spam them with inappropriately named
followers).

From Twitch.tv's perspective, tracking down who issued the bot followers is of
paramount importance since they have an interest in preventing gaming of the
system without catching innocent streamers in the crossfire.

Twitch actually maintains a help page on what to do when you're being spammed
by followers, and it includes a statement that they won't punish people who
haven't paid for spam. In my experience, whatever mechanisms they're using
under the hood seem to be reasonably effective - I have yet to see someone
incorrectly banned for this.

~~~
legohead
Where have you heard/read about this? I've seen cases where twitch streamers
have super obvious bots watching, literally thousands of them, and Twitch did
nothing.

~~~
tmpz22
It used to be a very large problem for the 2007scape streamers, I imagine it
was solved with a mix of legally prosecuting serious offenders via de-
anonymizing the bot networks, as well as a tighter feedback loop of reporting
and banning them - effectively making it more of a hassle to setup than its
worth, which is saying a lot because the types of people doing those
activities have A LOT of free time.

~~~
komali2
How could they legally prosecute them? What laws were broken?

~~~
kick
EULAs are legally-binding in the United States, and the Federal government is
very happy to murder people under CFAA violations.

~~~
bensw
Seeing as this is something personal to me, while Twitch originally used the
CFAA, when seeking judgement they dismissed that claim (page 2 footnote 2):
[https://www.courtlistener.com/recap/gov.uscourts.cand.299961...](https://www.courtlistener.com/recap/gov.uscourts.cand.299961/gov.uscourts.cand.299961.78.0.pdf)

~~~
kick
Thanks for linking that.

------
skymt
The fascinating thing here is that Google's systems are required to make a
judgement of intent. Is this ad fraud ordinary fraud that's intended to
increase payouts, or is it intended to be caught so the account is suspended?
From the scammer's perspective, there's no reason not to play both sides: test
fraud patterns to see if they're detected, and when they get caught just
redirect the bots towards extortion victims. No matter how well Google's
detection system works, the scammer gets paid.

~~~
dessant
Google either doesn't care about intent, or their systems have consistently
bad judgment. I've lost count of the horror stories about indie bloggers
getting a ban from AdSense when it was time to receive their first check, and
being offered no meaningful way to appeal the ban.

~~~
burnte
Yeah, that happened to me 15 years ago. Just crossed the $100 payout limit and
suddenly, FRAUD! What ticks me off the most is if they have the ability to
detect and block fraud, then why block accounts? Why the death penalty? Just
don't pay out fraudulent clicks and terminate repeat offenders, rather kill
the account on the first blush with no appeal.

~~~
settsu
> if they have the ability to detect and block fraud, then why block accounts?

To protect their business by protecting their reputation.

The scale of Google's advertising business(es) means that a loss in revenue
from poor public perception of their ads is likely to be far more than a few
thousand small ad buyers (those spending <US$5000/mo) getting cut off, which
would barely register as a rounding error (<0.1% of just AdWords revenue
alone.)

~~~
lonelappde
How is perception affected by not-paying suspect accounts but not banning them
either? The public doesn't see the clickfraud

~~~
settsu
They could be shadow banning them or they could be continuing to allow them to
operate in service of their algorithms. The public doesn’t see clickfraud but
they also don’t see headlines about Google ads having a fraud problem.

A rare anecdote of Joe Schmo not getting his 97.54 payout is effectively
meaningless.

------
deckar01
> We hear a lot about the potential for sabotage, it’s extremely rare in
> practice, and we have built some safeguards in place to prevent sabotage
> from succeeding

This wouldn't ring so hollow if Google didn't have such a reputation for
blindly automating fraud detection. I seriously doubt it is actually possible
to differentiate the two. The fraudulent activity that is visible to Google is
the same regardless of the intention of the client that paid for it, be it a
beneficiary or an adversary. Any signal that is deemed fraud by Google can
eventually be simulated by an adversary.

------
whack
There seems to be an easy fix for this on Google's end. When their automated
systems see fraudulent activity on a site, instead of banning it entirely,
they can peg their future revenue to their historical revenue.

This way, malicious publishers will have significantly limited incentive to
engage in such behavior. In the short-term, their upside is heavily limited.
And in the long-term, they risk being caught and banned.

And at the same time, malicious blackmailers will also lose most of their
leverage, like in the example given above. Even if the victim doesn't pay up,
their income stream still remains mostly stable. And meanwhile, the attacker
is spending a ton of resources on generating fake traffic that isn't earning
them any money. This will eventually lead to the "business model" going
extinct, which in itself solves the problem as well.

------
ImpressiveWebs
I don’t understand: Why can’t Google just count those clicks as invalid and
keep the AdSense running with no ban? If Google has the ability to detect
fraudulent clicks, then there is no reason to ever ban any website for AdSense
fraud.

~~~
JangoSteve
I'm going to make a guess here from my own unrelated experience trying to
debug problems in live systems. It is often much easier to detect that there
is _some_ unusual activity present than it is to categorically define exactly
which activity is legitimate versus which isn't.

Usually, this is because you can easily detect some of the anomalous behavior
but not all of it. So you'll have some activity which is obviously anomalous,
some which is obviously legitimate, and some which could be either. And
sometimes when you've detected some that are obviously anomalous, most of the
rest of the activity ends up being in the category of "could be either" with
almost none left in the obviously legitimate.

So from Google's point of view, I'm sure they ban the account so that they 1)
don't end up paying a lot of money to users for the "could be either"
activity, and 2) don't need to keep expending server resources continuously
categorizing and serving the obviously anomalous traffic.

~~~
DFHippie
I'm sure this is right. You don't have enough statistical mass with any click
by itself, but in the aggregate you can detect fraudulent activity with a high
degree of certainty.

Google's plan is to make it sufficiently expensive to avoid detection in the
aggregate that selling fake clicks isn't a viable business proposition. The
fraudsters have inverted the game: they can't beat Google's detection
algorithms, so they can't sell you fake clicks, but they can sell you
protection from their fake clicks.

Google's move at this point seems to be lessening the punishment for fake
clicks so it's still not economically viable to sell them but also not
economically viable to use them as a threat.

------
rosybox
Google's invalid click contact form that Krebs links to says:

> Please keep in mind that it's your responsibility to prevent invalid
> activity from occurring in your account, and this form does not absolve you
> of that responsibility.

How is some random lay person running a wordpress site going to know how to
prevent invalid activity when anyone could do this to them? I hate that
corporate speak too about they can't comment and how they have tools, without
addressing the concern people have. I resent how much power Google and
Facebook have over small businesses that have an online presence. I hope the
Justice Department takes a real good look at all this bullshit and breaks
these giant, powerful companies up so that we end up with small companies,
that care about their customers.

------
matsemann
> _We have a help center ... There’s also a form ..._

But good luck getting hold of a real human to explain the situation to.

~~~
CryptoBanker
That's just Google in general. Apparently not a single human being still works
in their support department. All androids I hear...

------
therealmarv
There are other industries where a similar attack could work. Just look at the
new fintech banks: send suspicious transfers to an account and get their money
blocked by their AI which monitors fraudulent transfers. Because this kind of
banks have often too less humans checking and releasing blocking somebody
could put a business and their bank account out of business.

One famous example: Send a PayPal transaction with the word "bitcoin" to
somebody. Your account (burned in the process) and the receivers account will
get blocked. Welcome to the new AI world.

------
mirimir
Money quote from Google rep:

> If there are concerns about invalid traffic, they should communicate that to
> us, and our Ad Traffic Quality team will monitor and evaluate their accounts
> as needed.

Given all the comments here, and everything else I've read about Google having
~no human support, this is plainly bullshit.

------
asdasdasdasdwd
I wonder if they sold clicks before. Interesting way to pivot their
"business".

------
amelius
Another bad usecase for bitcoin.

I'm not sure if I'm still thrilled by cryptocurrencies. It seems to me that
they are mostly wasting energy and helping criminals set up their businesses.

------
DrScientist
Advertising online is beginning to sound like the 'Law of Rent'
[https://en.wikipedia.org/wiki/Law_of_rent](https://en.wikipedia.org/wiki/Law_of_rent)

ie when a resource is both essential and limited ( user attention in this
case, land in the original case ) the person controlling that resource takes a
share of the value generated by people using the resource that approaches
break-even. ie all the profit.

ie to put it another way - if you need customers and the only route is through
Google, then you will have pay almost all your profits to Google for that
attention.

------
busymom0
I think as well as several app developers using the AdMob sdk have been a
victim of similar practice by malicious parties. 3 years ago, google suspended
my admob account for fake activity even though I have never ever clicked on
the ads nor did I use anything other than the test ad on my devices. This has
happened to several developers and google doesn’t want to help. Back then, I
got a 30 day suspension but since then, I have completely stopped using ads
and solely rely on in app purchases. It’s less money but it’s at least
reliable.

------
pjc50
I've been saying for a while that the problem with micropayments is
microfraud, and this just adds to that.

------
pier25
How do other ad networks deal with this?

Eg: Carbon, AdThrive, MediaVine, etc.

------
beloch
The kicker is that scammers could claim their own site is being attacked in
this manner and then drive up their clicks with bots. Google's response
necessarily has to include denying sites revenue for clicks they deem
fraudulent. This scam basically gives Google justification to pay sites
whatever they feel like paying as long as at least some of their clicks look
fishy.

------
gok
I've often suspected that some of the egregiously fake 5 star reviews I see on
Amazon are really an attempt to get some seller banned.

------
sankalp_sans
A client I worked with long back received a similar threat, and she replied "I
don't have $10000 like you requested, I do have $20; would that buy you a nice
coffee wherever you live?"

The blackmailer(s) responded with a single alphabet "k" and it was sorted
within hours of the first email.

------
justlexi93
As is par for pretty much all of these types of scams, the best solution is
generally to ignore them entirely. They're all after the quick buck, and even
if they could pull off an attack, it's easier to just move onto the next
potential victim than bother with someone who may or may not even be paying
attention.

------
notlukesky
I assume it will be a cost benefit analysis for unfortunate victims.

~~~
tmpz22
It's ok Google setup a form to communicate with AdSense partners.

> “We have a help center on our website with tips for AdSense publishers on
> sabotage,” the statement continues. “There’s also a form we provide for
> publishers to contact us if they believe they are the victims of sabotage.
> We encourage publishers to disengage from any communication or further
> action with parties that signal that they will drive invalid traffic to
> their web properties. If there are concerns about invalid traffic, they
> should communicate that to us, and our Ad Traffic Quality team will monitor
> and evaluate their accounts as needed.”

~~~
duxup
I wonder, has anyone contacted Google and somehow avoided getting banned?

Google seems to show no outward no interest in actually unbanning anyone once
they're banned, do they care if you tell them beforehand that you're concerned
someone is messing with your ads?

And if they do care, does that even help / wouldn't the "ban this guy" script
just run anyway?

~~~
somehnguy
I highly doubt it.

I've had ~$150 sitting in my adsense account for about 4 years now because I'm
unable to cash out. Their 'input bank information' page is broken, seems like
my old banking information is stuck filled out and I can't remove it. Won't
let me put new information in either. And the link to the help site leads to a
404.

I've tried various forms to reach a person and they've all been fruitless.
Google is just holding my money hostage with no recourse.

They even send me a 'your payments are on hold' email every few months to
basically say 'remember, we stole your money and theres nothing you can do
about it!'. Thanks Google, I almost forgot that you're the definition of
faceless corporation again.

~~~
fwip
Can you bring them to small claims court?

~~~
samfriedman
Sounds like a good way to get banned from all Google services.

~~~
jacques_chester
This would place them in contempt, I suspect, potentially open to equitable
remedies.

Of course, IANAL, TINLA.

~~~
lonelappde
Why would they obligated to do business with someone who sues them?

------
onetimemanytime
>> _Pay up or we’ll make Google ban your ads_

Pay up or we’ll make Google ban your site by buying you a gazillion backlinks
for a few dollars.

My site was harmed this way and any "guarantees" by that [withheld] Matt Cutts
that no one could hurt your site were useless.

------
hmage
with google everything is sunshine and rainbows until the moment you expect to
get paid by google

then they will use every excuse not to pay you

1\. suddenly you're frauding

... you fix that ...

2\. suddenly you don't have proper paperwork

... you fix that ...

3\. prove that you're a legal business

... you fix that ...

4\. we found inconsistencies in your paperwork, we will hold the money until
you prove to us that those inconsistencies are minor

... you fix that ...

5\. your bank has refused our payment (bank then says they never even seen the
money), please try a different bank

... you fix that ...

6\. with so much time has passed, we will not send you the money right now and
will bundle up the payment with the upcoming billing cycle

... you wait for that ...

7\. GOTO 1

------
mcv
I would think Google could easily detect this and ban the IPs that the
fraudelent clicks come from. Is this really something that works? And why
doesn't Google stop it? It's hurting their primary industry.

------
rogual
I wonder how it feels to write one of these emails.

Is it done with gleeful malevolence? Or just a dispassionate "I think this
wording will yield the most revenue"?

~~~
fauigerzigerk
It probably depends on how experienced they are. I received daily extortion
emails in my spam folder for many months, all related to the same breach (I
think it was Yahoo).

The wording kept changing all the time, going through lots of different
sentiments and styles. So to me it looked like someone was trying to maximise
returns in this particular case.

------
yellow_lead
In my opinion, the parallel is Black hat seo. The parallel solution is
disavowment via Google webmaster console. That concept could work here.

------
0xff00ffee
"thousands of IP addresses"

Naive question here, but this seems like a good starting point to combat this.
Aren't some hijacked IPs "hotter" than others for spam activity? I would think
that with Google's massive AdSense network, patterns would emerge from bot'ed
IPs that are blasting away at various Google adsense customers, no?

~~~
paulgb
Yes, I suspect Google has a pretty good idea of what IPs are in botnets. I
used to work on detecting fraud traffic at an adtech startup and the
impressions we got through Google tended not to include the botnets I could
identify coming through other ad networks. (Granted, this was near the
beginning of last decade and it's a constantly-evolving cat-and-mouse game.)

------
lifeisstillgood
Ok - so the search-space - all the things that are in the web - is a finite
(!) space but also a "commons". If Google had not a private monopoly on the
search space but it was a commonly / public held corpus - would this problem
even exist? How would advertising work vs just searching?

~~~
duskwuff
This has nothing to do with search. This is an attack on site operators who
are running Google ads, not on Google's own search ads.

------
pier25
What if browsers were able to somehow certify users as not bots?

If that was ethically feasible it would be easy to block bots.

~~~
CraneWorm
I think there is more than one way to generate fraudulent traffic including
click farms or Amazon Mechanical Turk. That the operator is a human does not
entail the click is legitimate.

~~~
pier25
Good point, although since those clicks are much more expensive to produce
than using bots I imagine its use will be more limited.

------
triangleman
While I agree with others that Google should be able to deal with this by
spending a small percentage of their revenue on better service, but probably
won't...

Is there any way a site owner could switch over to impression based ads from
the ppc ads for a time?

------
eyegor
If this doesn't lead to a change in googles fraud policies, I'd bet this will
be the next viral scam. It's a classic protection racket, and requires far
less technical ability than ransomware. Renting out botnets is big business.

------
dannyr
This is just the consequence of tech monopolies.

It's easier for bad people to blackmail you since they only have a few
distribution channels to game or abuse. If your business get banned in one of
these channels, then your business is screwed.

------
elorant
This is known as "click bombing" and it's certainly not a new scheme. It has
been around for ages, but I was under the impression that Google has
mechanisms to analyze traffic and reject such clicks.

------
pier25
Jesus so how do you protect yourself against something like this?

~~~
mc3
Don't use Adsense for revenue.

~~~
pier25
What about other ad networks?

~~~
mc3
Maybe. The problem with ad networks is they don't pay well. Google is probably
the best but still it's a pittance.

I think the sweetspot for adsense is a site will millions of visitors who are
not targeted for anything so adsense individually targets them for you.

But if you have a site that is niche then you are better off finding a direct
advertiser who will pay you more, and neither of you have to worry about
getting banned or quality scores or all of that shit.

------
webjunkie01
Would it help if you get your site behind Cloudflare or similar?.

~~~
jrockway
They only need to request your site once, to get the ads that are served, then
they can "click" them without visiting your site.

~~~
pier25
So like copying the ad embed code and pasting it in an HTML and the somehow
spoofing the ip address?

~~~
pravda
I'd guess you would only have to spoof the REFERER.

But I might be wrong.

------
scotty79
This scheme was literally first thing that came to my mind after I found out
about what AdSense is.

They pay for clicks > autoclicker! > they must detect this but can't detect
all so they must punish severely > autocliker for people you don't like!

It was I think more than a decade ago. Although I did not come up with
extortion, just with harming your competition that relies on AdSense for
revenue. Or a site you don't agree with. The risk was always there.

EDIT I never implemented any sort of AdSense autoclicker to harm anybody or
for any other purpose. Just noticed that it's trivial for somebody to harm any
AdSense publisher.

------
m3kw9
This problem is similar to Amazons fake products. Gonna take long before it
gets stamped out.

------
scarface74
If the entire third party ad supplier web blew up tomorrow nothing of value
would be loss.

------
alfiedotwtf
I stopped reading Krebs when he started doxing people. You should too

------
vivekd
Hooefully this willnget Google to take appeals from suspensions more seriously

~~~
vezycash
No. Their MO has been to remedy only those that get high publicity.

------
goatinaboat
How is this different from Google encouraging company A to out-bid company B
for ads on B’s product names? Online advertising is inherently a racket.

