(Editor’s note: David Ulevitch, who runs OpenDNS, has written a notable post below about the scams being run on Web users, and how big companies like Google and Yahoo aren’t doing much about it. Why is Google accepting money from “fraudulent” advertisers, as David calls them? Great question, and we’ll take it to Google!)
Two weeks ago Auren wrote a dead-on post about the Black Hat Tax that really struck a chord with me. I’ve been paying the Tax for five years with my first company, EveryDNS, and for a few months now with my current start-up, OpenDNS. The problem has become much worse in the last few years. Why? Simply put, bad guys are getting paid. Moreover, the Tax is on users as much as its on businesses. Today we see phishing sites, malware and spyware sites growing at an astounding rate.
Consider the example I cite often when discussing the issue with friends: goggle.com (see image below; not providing a link, bad site), the site that might be the most insidious of all typo squatting and malware sites on the Internet. Goggle.com, an obvious typo of google.com, offers an anti-spyware product called SpyBouncer in addition to being filled with pop-up ads (nb: SpyBouncer claims the copyright on the bottom of goggle.com). The website makes a user believe that their computer is currently infected with spyware and that installing SpyBouncer will get rid of it. They say it’s free to try and the program conveniently finds spyware which it will remove for a price, of course.
Symantec and others all claim that this product is a total scam and that it neither detects nor repairs spyware with any accuracy. Thanks to the accidental traffic that lands on goggle.com by unsuspecting users, SpyBouncer has no incentive to make a good product, they can just fool a new batch of users everyday.
Why does a site like goggle.com exist? Because crime pays, but that’s hardly news. Why it doesn’t get shut down by its webhost (DataPipe) is a good question for another time. What I do want to know is… why is SpyBouncer allowed to run Google ads on its Web site (as they do on the top)? Why are these kinds of abusive software programs allowed to purchase AdWords campaigns luring even more users into this trap? Why is Revenue.net paying SpyBouncer to show ads on goggle.com? Why is Google accepting money from fraudulent advertisers which continues the cycle of malware and spyware? This is why users react so negatively to online advertising. It’s not the relevant and unoffensive advertising that they bemoan, it’s the scams and tricks the advertisers and advertising networks spread around the seedier neighborhoods of the Internet.
These kinds of abuse are pretty bad, but what bothers me more is that much of it is being facilitated by companies I respect and admire. People like Ben Edelman have done a lot of research showing the connections between companies like Yahoo and fraudulent advertising practices but that’s not enough. There are so many layers and levels of misdirection that it becomes hard to tell who is paying who and why. As the CEO of a company operating on the Internet, I’m spending money dealing with Internet bad guys who are getting paid to annoy me, my employees and my users. Everyone is wasting their time dealing with this crap while the folks in the money trail keep taking their cut and passing on the buck. When I asked my users what they thought about goggle.com I saw a nearly unanimous response of outrage and frustration. Hundreds of users spoke out on our corporate blog and on sites like Digg.com venting at the absurdity of a site like goggle.com.
It’s time that ad networks cleaned up their act and started being more transparent about fraud and abuse. It’s time security companies started fighting the causes of network abuse and not simply the symptoms. There will always be a Black Hat Tax but right now legitimate companies are making it more expensive. That has to stop.