SES Chicago - December 7-11, 2009

October 6, 2006

Yahoo Messenger Worm Targets Google AdSense Click Fraud

The Register reports that a new malware worm has been discovered that targets Yahoo Messenger, sends those users to pages with Google AdSense ads and clicks on them. The Google ads are specifically high priced keywords such as mesothelioma, which is a cancer caused from exposure to asbestos. More details on this worm at the Spyware Guide.

Posted by Barry Schwartz at 3:40 PM | Permalink

September 29, 2006

Yahoo China Sues Hongyi's Qihoo For Unfair Competition

Reuters reports that Yahoo China is suing Qihoo, claiming that 360safe spyware software is prompting users to uninstall the Yahoo Toolbar. The spyware software claims that Yahoo's Toolbar is "malware" and is a risk to their computers. Joseph Tsai, Alibaba's chief financial officer, said that this is unfair competition, alluding to a former Yahoo employee named Zhou Hongyi who now heads up Qihoo. It is important to note that Zhou Hongyi sued Yahoo last month for defamation.

Posted by Barry Schwartz at 9:30 AM | Permalink

September 11, 2006

Google's Toolbar Anti-Phishing Blacklist

Philipp Lenssen reports on a whitelist of URLs found at sb.google.com which appears to be a whitelist of safe URLs to be used for the Google Toolbar. Be digging deeper into the forums area of Google Blogoscoped, you can see that the this whitelist will prevent the "Web Forgery" warning in the Google Toolbar from popping up on those particular sites.

Posted by Barry Schwartz at 8:25 AM | Permalink

August 4, 2006

Google Provides Warnings Of Potentially Hazardous Search Results

Philipp Lenssen found a Google Systems post that discovered Google now provides an intermediary page, for some search results, informing you that the result you clicked on may "harm your computer." You can see this intermediary page for yourself by clicking here, it looks like Google is calling it an interstitial page. Why even list the site in the search results if they may be harmful to your computer? Well, the key terms are "may be harmful," so let the user decide. I wonder if these potentially risky pages get some sort of downgrade in rankings?

Posted by Barry Schwartz at 9:35 AM | Permalink

July 26, 2006

Google Toolbar Look-Alike Installing Malicious Programs

Search Engine Journal reports on a SurfControl release that fake Google Toolbars are being downloaded unknowingly and causing those computers to be contaminated with malicious programs. The programs then use the computers to send out mass-email spam and/or for "internet attacks." So be careful where you download your toolbars.

Posted by Barry Schwartz at 10:18 AM | Permalink

June 14, 2006

Clickbot.A Click Fraud Network Dismantled

ClickZ reports that the Clickbot.A virus that infected 34,000 machines (last report more than 50,000 PCs) and auto clicked on an unknown amount of PPC ads, has been shut down. Panda Software and RSA Security worked together to dismantle the virus. Read the full details over at Panda Software.

Posted by Barry Schwartz at 9:01 AM | Permalink

May 12, 2006

5% Of Search Results Lead To "Dangerous Sites"

Andy Beal reports on a Wall Street Journal article that claims 9% of paid search ads lead to "dangerous sites." Three-percent of organic results lead to risky sites, in comparison to the PPC ads. So on average, the article shows that "roughly 5% of the search results on average were risky sites." The SiteAdvisor study estimates a searcher will click to an "unsafe site from a search engine once every 15 days." Risky sites are defined as sites that can "infect consumers' personal computers or expose them to nuisances such as spam email."

Postscript by Detlev Johnson: You can find additional information at BBC with respect to natural listings that lead to risky sites. As much as 4-6% of search results in natural listings are categorized as risky, while sites in the sponsored listings can be 2-4 times as numerous.

The sheer volume of clicks this can account for is scary - 285 million per month. Search engines are known to try limiting their users from accessing risky sites through their search engines; at least as much as they combat spam. Their efforts will need to continue and be ongoing similarly to fighting search engine spam.

Posted by Barry Schwartz at 9:16 AM | Permalink

May 3, 2006

Class Action Fraud Suit Filed Against Yahoo Over Adware & Domain Distribution

Via Threadwatch, Suit Levels Spyware, Typosquatting Allegations at Yahoo at the Washington Post covers a class action lawsuit filed against Yahoo and others claiming "syndication fraud" over how Yahoo ads are allegedly displayed through spyware, adware and domain parking programs that involve "typo domains."

Ben Edelman, who has authored a number of reports on this subject such as this recent one, now jumps from researcher mode to being one of the attorneys in the case.

A copy of the filing is here (PDF format).

Postscript Barry: Eric Goldman has a much more comprehensive write up from a legal perspective on this case at his blog.

Posted by Danny Sullivan at 9:13 AM | Permalink

April 13, 2006

Typo Domain Spotting Tool & Domain Registration Stats

I've got some domain name related items I'm throwing into this post: a new typo-domain spotting tool from Microsoft, new stats on the difficulty of getting a short domain plus stats on how many sites there are on the web.

Strider URL Tracer with Typo-Patrol is a new downloadable tool from Microsoft Research that lets you discover typo domains, domains that are misspellings of popular web sites.

Why bother checking? So you can know who might be trying to tap into your brand name or so you can protect children or naive web surfers from landing at the wrong sites.

If it's the latter, anti-phishing features built into the toolbars from Google, Yahoo and MSN Microsoft Windows Live are likely more useful for you and won't require the .NET download.

Typo domains have gotten renewed attention in part because of recent reports on how people are earning large amounts of money off of them. See these past articles from the SEW Blog for background on this:

I'm still working on a follow up about the issue and how these domains are funded by the major search players of Google and Yahoo. The short good news answer is neither company says that typo domains are kosher. If they spot them, they're supposed to be ousting them from their domain monetization programs. The short bad news answer is that it seems like there's much more work that could be done to kill these off.

Need a good example of a type domain? Try windowsmessenger .com. When I was on a trip recently, I wanted my wife to try and reach me on my watch through MSN Messenger (a long story that I'll explain some other time on my personal blog, Daggle).

I told her to install MSN Messenger. She guessed at the domain, ending up at this place. It looks like the MSN Messenger site, which isn't surprising since it frames the real site in order to run Google AdSense ads alongside it. In my view, that's misleading and the type of thing I hate to see supported.

Yes, it's not a proper typo domain, in that it's not a misspelling of the real messenger.msn.com site. But it's close enough in intent to be annoying. FYI, messenger.masn .com is a better example of a typo domain for MSN Messenger. The new typo tool helped me spot that one. And yes, it's carrying ads from Google.

Back to the tool, I thought one of the best features is how you can point it at a web page, then watch what other sites get contacted as a result of your visit. For example, a visit to msn.messenger.com (the real site) shows me that Omniture gets contacted (probably to track my visit for Microsoft), as does live.com and msn.com (probably my live.com and msn.com cookies kicking in). Google also gets contacted, the result of my Google Toolbar calling back to the mother ship to get PageRank data.

In other news, The Search For A Domain Name came out at the end of last month has lots of interesting stats on the availability of domain names. Want a three letter domain name? Sorry, they're all registered. It also has stats on the length of domain names and other tidbits.

And who owns a domain name? Whois information can tell you, but only if it's accurate. ICANN has a system designed to let people report if they find inaccurate or missing whois info about a domain. Spotted via ResourceShelf, now out is a report (PDF format) on how the system performed over the past year. The system got 63 percent of problems solved.

Finally, got a domain name? You'll probably want a web site next. April 2006 Web Server Survey from Netcraft reports there are now more than 80 million sites on the web, with charts gong back to October 1995.

Posted by Danny Sullivan at 8:26 AM | Permalink

April 4, 2006

Adware Said To Generate Fake Clicks On Yahoo Search Marketing Ads

Ben Edelman lets us know about his latest study, The Spyware - Click-Fraud Connection -- and Yahoo's Role Revisited, which looks at how adware is said to be generating fraudulent clicks on Yahoo Search Marketing ads. Adware vendors are said to be placing Yahoo ads into their programs, which then generate clicks without the computer user being involved. Ben has documented several examples of this, including full packet logs, annotated screenshots, and videos.

Posted by Barry Schwartz at 10:28 AM | Permalink

January 4, 2006

Malware Alters Google AdSense Links

Via JenSense, Trojan Horse program that targets Google Adsense ads has been detected by an Indian Web publisher at TechShout looks at covers malware that replaces Google AdSense links with ads for other sites.

Posted by Danny Sullivan at 10:08 AM | Permalink

September 13, 2005

Ask Wants Anti-Spyware Companies To Lift Warnings

Spotted via Threadwatch, Ask Jeeves Disputes Anti-Spyware Flaggings from eWeek looks at Ask Jeeves asking at least two anti-spyware companies to stop flagging Ask's software with warnings. The companies have apparently refused to do so. Once calls Ask products "potentially unwanted" rather than flagging them as "spyware" or "adware." Bundling issues were raised as a main concern for pushback by the companies. IE, the software itself may be fine, but the companies see problems with how it gets out to users. The story notes that other spyware detection tools such as those from Microsoft and Lavasoft don't flag Ask's products.

Posted by Danny Sullivan at 12:11 PM | Permalink

September 6, 2005

Spyware Changing Google Results

Program hijacks Google searches, gives fake results from the Washington Post talks about yet another program that replaces Google search results. There's been a ton of these that have hit Google and other search engines over the years. This one's apparently called 2search. The story also looks at the growth of spyware and the difficulty in stopping some of it even with security software. Shields Up! That link is to a great, free online resource of the same name from Gibson research that shows you how vulnerable you may be.

Posted by Danny Sullivan at 11:18 AM | Permalink

June 27, 2005

Ask Jeeves Names Online Compliance Officer

Today, Ask Jeeves appointed Steven Pickering to the newly created position of Online Compliance Officer.

[Pickering] will focus primarily on overseeing the Company's Fun Web Products and family of My Search toolbars on a variety of online consumer issues including online privacy, disclosure, and downloadable software practices.

More about today's announcement in this news release.

About two months ago, accusations about software distributed by Ask Jeeves also installing adware, made headlines. The company denied these charges in a letter to Danny.

Posted by Gary Price at 5:45 PM | Permalink

June 6, 2005

More Questions On Adware & Search Ad Distribution

Last month, we wrote about allegations that Ask Jeeves was gaining distribution through misleading installations of software. A month later, and the allegations continue, plus the issue grows to involve the entire industry more generally. A recap of some recent stories, plus a closer look at how I come away mislead by one of Ask's bundling partners.

More on Google's Role: Syndicated Ads Shown Through Ill-Gotten Third-Party Toolbars out today from adware/spyware researcher Ben Edelman looks at:

  • Google ads appearing through Ask Jeeves toolbar and software distribution, which has come under fire for possibly misleading installations.  
  • Google ads appearing through IBIS WebSearch toolbar distribution, despite practices by that partner that seem to violate Google's software principles.

Meanwhile, Uneasy Rider out last week from Newsweek looks anew at accusations that the Ask Jeeves-owned MySearch toolbar gets installed unknowingly by computer users. Installations mean traffic for Ask Jeeves, but the accusations of user hijacking could sour the planned InterActiveCorp purchase of the company.

The story recounts Ask Jeeves putting the blame on distribution partners doing things they shouldn't and facing termination by Ask if caught. Barry Diller, chair and CEO of InterActiveCorp, dismissed concerns as an issue in a recent analyst conference, the article also notes.

The Newsweek article was sparked by Ben Edelman's recent investigation into alleged misleading software installation practices by Ask Jeeves. Ask sent me its responses and denials of wrongdoing, which I published in my Ask Jeeves Denies Adware Installing Charge & Other Accusations post. But I heard soon afterward from Edelman feeling the company really didn't answer things fully. He emailed me:

I don't think AJ has responded at all to Ask Jeeves Toolbar Installs via Banner Ads at Kids Sites or Comparison of Unwanted Software Installed by P2P Programs: iMesh. Furthermore, they've said they've terminated the single distributor I showed to have improper practices in my video posted earlier this month. But they've said nothing about how this happened or how this problem could have continued without them noticing. And they've made no statement that's at all relevant as to the fact that I have multiple other videos on file, showing other distributors doing the same thing. I can't characterize so incomplete a response as "a response" as that term is ordinarily used.

Up Close With iMesh

Curious to see for myself, I took at look at iMesh today, one of Ask's bundling partners mentioned in Edelman's original report and again in his latest one. The iMesh home page tells me I can use it to connect with fire sharing networks to find music and video on the web. It promises things like "100% Clean - No Popups - No Spyware - No Trojans." The home page says nothing about installing a general purpose search toolbar. The closest it comes to this is saying:

Search for Music and Videos on iMesh from within Internet Explorer!

Clicking to download the software takes me over to Download.com's download page for the program. That page also says nothing about getting a general purpose search toolbar as part of this software.

How about the install? A very long privacy statement comes up. If you read through this, about midway down, you discover for the first time that a toolbar comes along as part of the setup:

10.3 The iMesh Software installs a toolbar into the web browser (the "iMeshBar") on Your computer. Upon receiving Your search query, the iMeshBar conducts a search with the web browser and in the course of processing a given search query, sends a request to Licensor's servers. This request includes the keyword query, time of day, browser type, default language setting, IP address, an anonymous unique ID, and a code which identifies the distribution source of the iMeshBar used by You to conduct your search. If the search query is being generated as the result of a misspelled URL or search term entered in to the browser address bar, Licensor also receives the misspelled URL address or search term. Licensor uses this information in order to properly process your search request. For example, this data provides Licensor with: information on which language You prefer to use; aggregated click information for the purpose of ensuring that Licensor's search partners are appropriately compensating Licensor; information that allows Licensor to make accurate payments to its distributors; aggregated usage and retention information; and aggregated search query information for the purpose of further monetizing commercially oriented search keywords.

Here's what I take away from that:

  • I can search for files (such as music and video, as promised on the iMesh home page) from a toolbar in my web browser.  
  • Nothing is said that other types of searches are offered.  
  • If I enter a query into my browser address bar or enter an incorrect URL, that will be turned into a general search request

Carrying on past the agreement, the installation program says it will install iMesh but makes no mention of any other products or software that will come along for the ride.

iMeshBar That Doesn't Do File Search

So what happened? After my installation, the iMesh search application came up. This let me search for music and files as promised. I did a search for "cars" and got lots of promising MP3 files listed.

I also got the iMeshBar toolbar installed into my Internet Explorer browser. This is what's supposed to help me search for files via iMesh, as promised on the iMesh home page. However, that's not the default function. By default, if you enter a word and hit return or click "Search," you get back results from an iMesh-branded version of Ask Jeeves-owned My Web Search.

What if you want to change the default to file search, as promised? You can't. An option to change the default behavior is listed at the top and bottom of search result pages.  However, you can only change to one of four major web search providers: Google, Yahoo, Ask Jeeves or LookSmart.

There is a special iMesh button on the toolbar. Does pushing this get me actual iMesh music/video/file results in my browser, as promised? Nope. What it does is cause the iMesh software application to fire up, and then the results appear over there, in that entirely separate application.

iMesh Verdict? I Felt Mislead

So what's the conclusion about iMesh? Has this Ask Jeeves partner done wrong by me? Yes, though I honestly expected worse.

  • I was never told I'd get a general purpose search toolbar as part of the installation, but I did.  
  • I was promised a toolbar in my browser to deliver actual iMesh file search results, and that didn't happen.  
  • My default browser search behavior was surprisingly unchanged. iMesh didn't try to change the default search provider that's linked to the native Search button in IE. However, it may be because the Google Toolbar already made changes earlier and resisted alteration. It could also be that my Microsoft anti-spyware tool blocked this change from happening.

Overall, I find myself generally agreeing with what Edelman said about the installation when he looked at it. iMesh didn't even hint that I'd get a new general purpose search toolbar in my browser, but that's what it gave me. Contrast that against the statement Ask Jeeves said it wants to have happen after Edelman's claims came out:

We want consumers to download our toolbars for the great functionality we offer and the volume of decidedly positive feedback combined with the millions of active users who have sent over 1 billion smileys to date seems to indicate people are doing just that.

With iMesh, nothing I've seen indicates that a consumer downloading iMesh had any clue that they'd also get an iMeshBar providing general web searching via Internet Explorer, rather than actual file searching. At the very least, requiring iMesh to link to the help page about the iMeshBar from the iMesh home page would have provided a better clue.

Getting Rid Of iMesh

Done with my testing, could I free myself of iMesh's clutches, often an issue with adware and spyware installations? iMesh provides its own uninstall program that's easily found via the iMesh program folder. In addition, there's an option to remove iMesh from the Windows Add/Remove Program control panel. So, two easy ways to remove iMesh.

Ah, but what about the iMeshBar itself? The Windows Add/Remove tool shows this as a separate installation. That leads me to wonder if removing iMesh using its own uninstall tool will still leave the toolbar behind. I suspect this is the case. I know that after using iMesh's own tool, iMesh disappeared from the Windows Add/Remove tool, implying it was gone from my system. The iMeshBar add/remove option remained, however.

I haven't yet rebooted my computer, something the iMesh install program says it needs me to do in order to finish the job. Once that happens, it could be that the iMeshBar will also disappear. I'll report back here on what happens. But if the iMeshBar remains, it's another misleading point to me. If I say to remove iMesh -- and you don't clearly indicate that iMeshBar is a separate program when installing -- then you should take it away when I uninstall.

By the way, the Newsweek article noted above sheds some new light on the Ask situation, with Ask saying it is now monitoring uninstall rates across its various distributors. If it sees a spike, then it supposedly knows a particular distributor may be doing something wrong.

What I'd like to see -- as author Brad Stone of the Newsweek article points out as a problem -- is a clear affiliation between Ask and these products.

For example, go to My Web Search and try to discover how it's affiliated with Ask. The Ask brand is nowhere to be seen that I can easily spot, despite the fact that Ask owns the property. Drill into the help page about the toolbar, and there's still no mention. If I go into the help page about My Info, THEN notice a page about help for the separate My Way site, THEN go to the About Us page, I finally discover:

My Way is a property of Ask Jeeves, Inc.

That's a lot of work, if I want to understand the parent company behind all of this. How about an About Us link right on the My Web Search site itself that identifies Ask as the owner. Then if people have issues, they can take it right to the top.

I want the same on cobranded sites like the one iMesh operates. The About My Search page there, listed on the home page, should make it clear that Ask Jeeves is a partner in what's being shown. That should be a requirement for Ask partners, along with a way to report if you felt you were someone misleading directed to the site. That way, if someone has a problem with an Ask partner, the message can easily be delivered.

Growing Concern On Ad-Backed Adware & Spyware

The latest articles from Edelman and Newsweek are just part of a trend of renewed focus on appropriate ad support of adware and spyware. Some further reading:

  • Are ad networks getting a free pass? from MarketWatch is a look from last month at how New York Attorney General Eliot Spitzer and others are looking at legal aspects to stem spyware. The worry for ad providers such as Google, Yahoo or their resellers is that participation with such programs -- even indirectly -- could come back to haunt them. It also looks at how much having a code of conduct may protect providers.  
  • Spyware, Adware, and the Future from iMediaConnection looks at a recent panel on spyware and adware about advertisers themselves perhaps wanting to disassociate from being show via adware. Of course, if you buy search ads with Google, you can't prevent this unless you exclude everything but Google's own sites. On Yahoo, you can't prevent this at all. Source exclusion for the extended search networks both provide isn't offered.  
  • FindWhat Profits Down Amidst Tough Decisions from last month looks at how FindWhat said recently it would remove distribution partners generating a "meaningful percentage" of clickthroughs that aren't converting for advertisers. Adware/spyware traffic isn't specifically called, but some distribution via these means is probably involved.  
  • Big Firms' Ad Bucks Also Fund Spyware from the Los Angeles Times from May looks at how adware and spyware generates cash for ad networks, with intermediaries often sitting between the main ad providers and the distribution partners.  
  • FTC Honcho Praises Spitzer's Suit Against Adware Purveyor from MediaPost in May has a US Federal Trade Commission representative suggestion that putting out ads via software tie-ins without proper disclosure might be considered deceptive advertising.  
  • Edelman Reports on Google's Role as "Advertising Intermediary" from Ben Edelman earlier this month looks at how Google ads get distributed via middleman/intermediaries via software that may be installed in a misleading fashion.

Want to discuss? Visit our forum thread, Smore' Bad PR for Ask - MySearch Toolbar Installs

Posted by Danny Sullivan at 5:09 PM | Permalink

May 2, 2005

Ask Jeeves Denies Adware Installing Charge & Other Accusations

Earlier I posted about various accusations made against software distributed by Ask Jeeves -- that it assisted other programs to install themselves unbeknownst to users, that it was tagged as spyware by Microsoft's anti-spyware tool and that it generated log referral spam. Ask Jeeves has responded to deny the accusations. John Park, senior vice president for desktop products at Ask Jeeves, emailed the following:

Ask Jeeves' toolbar products, including My Search and Fun Web Products, are not spyware or adware. Our products do not collect personal information, do not monitor the sites a user visits, do not monitor a user?s behavior on the Internet, do not log or track keystrokes and do not serve or facilitate contextual or pop-up ads. We also do not generate log referral spam. Anti-spyware/anti-adware programs do not flag us, including those from Microsoft, AOL, Norton, McAfee, Symantec and a long list of others.

Since Ask Jeeves acquired ISH we have been working diligently to follow the developing industry best practices with respect to spyware, adware and consumer disclosure. We don't allow our programs to be installed without permission or consent. We take clarity very seriously and even include a visual image of what the Fun Web Product application looks like on the install page (viewed prior to install) to make it perfectly clear what a user will see when they download our product. From what we have seen, this takes disclosure a step beyond the practices implemented by others in the industry.

The area of downloadable applications is rapidly growing and industry best practices will continue to be refined. Consumer and industry feedback continues to be critical as we work to weed out the bad apples ? it?s bad for the consumer and ultimately for business. In [Ben Edelman's] video he highlights an advertising affiliate that installed our toolbar through an unacceptable practice known in the industry as drive-by downloads.

We don?t endorse that activity and explicitly call this out as off-limits in our contracts. We terminated the relationship when it came to our attention. We want consumers to download our toolbars for the great functionality we offer and the volume of decidedly positive feedback combined with the millions of active users who have sent over 1 billion smileys to date seems to indicate people are doing just that.

We will continue to evolve our products in line with industry standards and appreciate the user and industry feedback that helps make our products better.

In my earlier post, I'd mentioned personally seeing one of Ask Jeeves' products flagged as spyware by Microsoft's detection tool. Had things changed since the end of February. Yes, Park responded.

You will see with the latest definition files that we are not flagged by Microsoft or any of the other products that are mentioned below. I personally checked the latest install from Microsoft this evening.

Posted by Danny Sullivan at 11:47 PM | Permalink

Ask Jeeves Accused Of Pushing Adware

Anti-spyware writer Ben Edelman pokes at Ask Jeeves in his Does Jeeves Ask for Permission? article up today. He finds that the Ask Jeeves My Way and My Search software also installed programs without permission or consent.

These were programs gained by Ask Jeeves through its acquisition of Interactive Search Holdings last year. They've had a long history of similar acquisitions before the purchase, but it was something that Ask Jeeves denied. From our article about the purchase, Ask Jeeves: Why Buy Interactive Search Holdings:

Rumors that Interactive Search Holdings search toolbars contained adware or spyware have dogged the company for years. [Ask Jeeves CEO Steve] Berkowitz denies that current versions of the toolbars contain spyware, though he acknowledges that there were problems with policies of early distribution partners.

"[Interactive Search Holdings] policies are extremely clean," he said. "They're working very very hard to clean this stuff up. These guys don't even do an automatic update. They've spent a lot of time working with the spyware companies to make sure that they're not considered spyware."

The issue came up again earlier this year in the Is Ask Jeeves Behind Browser Hijackers? on the martinibuster blog, where the Ask tools were accused of generating log referral spam. The issue of them being spyware was raised as part of that.

I had a message out to Ask Jeeves about this at the end of February, because not long after seeing the post above, I noticed that the new Windows AntiSpyware tool had spotted my installation of one of the Ask tools and came back with a message calling MyWebSearch a "Toolbar Browser Hijacker" that installs adware, spyware and changes browser settings.

I was told MSN was supposedly clearing Ask Jeeves of these accusations but hadn't had a chance to follow up further. I've sent a message out for an update and comment about these new accusations.

Edelman also makes criticisms about the Ask Jeeves toolbar being pitched at kids and poor disclosure in a separate article: Ask Jeeves Toolbar Installs via Banner Ads at Kids Sites.

Postscript: Ask Jeeves has denied the accusations. See the Ask Jeeves Denies Spyware Charge & Other Accusations follow-up post.

Posted by Danny Sullivan at 6:00 PM | Permalink

February 25, 2005

Google Toolbar's AutoLink & The Need For Opt-Out

AutoLink is new feature in the new third version of Google's popular Google Toolbar that's raised controversy since it was released last week. Why are publishers upset? Can they block the feature that adds links to their web pages? Who rules over content, users or publishers? Why do I think Google should give publishers an opt-out for the feature. That, and other issues, we'll explore in this article. It's a long one, so the links below will let you jump to particular sections, if you prefer.

How AutoLink Works

Let's start by revisiting how the feature works. It's only available to those using the Google Toolbar 3 beta. Existing Google Toolbar users have not automatically had this feature added, so the number of people currently AutoLink-enabled is small. It will grow, of course, when the toolbar comes out of beta and takes over as the main one offered to the public, something likely to happen in the next few weeks.

Currently, AutoLink only reacts if it spots four types of information on a page:

  • Package Tracking Numbers (those currently supported in Search By Number for regular search results)
  • US Vehicle Identification Numbers (VINs)
  • US Addresses
  • Publication ISBN numbers

Below, I've inserted two examples in the article so that anyone with the AutoLink-enabled toolbar can see autolinking for themselves easily. The first is the book Web Search Garage by Tara Calishain with its ISBN number shown. The second is Google's address:

Web Search Garage Prentice-Hall, August 2004 ISBN 0131471481, $19.99

Google Headquarters 1600 Amphitheatre Parkway Mountain View, CA 94043

If you have the AutoLink-version of the Google Toolbar installed and come to a page like this one with such "trigger" content on it, you'd hear a little "popping" sound familiar to anyone who uses the Google Toolbar currently, when it blocks a pop-up window from opening.

The AutoLink button in the toolbar also lights up or goes active, changing from "Not Active" to "Active" as shown in the illustration below:

When active, you can push directly on the button or use the little drop-down arrow next to it to get a menu, as shown with the "Drop Down Box" example.

Whether you push directly on the button or use the drop-down option, in both cases, links are also added to the page, making them look like this:

Web Search Garage Prentice-Hall, August 2004 ISBN 0131471481, $19.99

Google Headquarters 1600 Amphitheatre Parkway Mountain View, CA 94043

Click on the ISBN link, and you'll be routed via Google over to a page about the book at Amazon. Click on the address, and you'll be routed to that address shown in Google Maps.

Alternatively, use the drop-down box, select an option shown, and an entirely new window will open to display the AutoLink content. In contrast, with the links on the page, new windows aren't opened. Instead, the original window is replaced with the new content.

Don't like the links? Via the drop down box, you can use the Remove option to get rid of them or put them back using the Add option, if they have been removed.

By the way, earlier this week I found that using the drop-down box did NOT add links to the page. In fact, because I was using the drop-down box rather than pushing on the button, I at first didn't think links were actually added to the page at all. I talked with one other person who had the same thing happen to her. But in writing this article, that behavior changed for me.

Google says it's made no alteration to the toolbar behavior since it launched. Nothing has been changed on their end, the company says, and I should have always been seeing links added to a page whether I pushed directly on the button or chose the drop-down option. Given this -- and how corroded my IE installation has become over the past year or so (one reason I now use Firefox), I'll chalk it up to an oddity on my end.

The User Benefit

Google says feedback from users so far is that they like the feature. That's easy to see why. If you come across a page about a book without a link, as I showed above, it's very nice that you can get to another page with more information about it or the ability to buy it. Amazon fills that role nicely. I've often come across books mentioned on pages, then had to do the copy-and-paste routine over at Amazon in the way AutoLink helps make unnecessary.

Similarly, if you see an address such as on a corporate web site and would like to get a map, this is a handy way not to have to cut-and-paste into a mapping program.

The Publisher Benefit & Fears

Fair to say, feedback so far from publishers isn't so rosy. Yes, some think the feature is nice, such as prominent blogger Anil Dash has said. But from my review, he's in the minority. We've had other prominent bloggers such as Steve Rubel, Dan Gillmor and Dave Winer crying foul.

Closer to home for me, many search marketers who are also publishers clearly dislike the tool. At our Search Engine Watch Forums, the AutoLink & Google As Anti-Webmaster thread isn't finding many people in favor of it. The same is true for the New Google Toolbar Feature Rekindles the Old SmartTag Debate thread at WebmasterWorld.

Publishers do get a benefit from the tool. If they've failed to add useful links, those visiting their sites perhaps may come away happier that they were still able to leverage the information on the pages to get further information.

The publisher fear is far larger. Many publishers consciously decide what links they want to add. Having some tool come along and modify their content is simply unacceptable to them. That's especially so given how easy it would be for any tool to grow capabilities, such as making words into ad links that generate no revenue for them -- something that's happened in the past.

We've Been Here Before

There is a ton of hue and cry about how Google is trying to repeat a plan Microsoft abandoned after large outcry in 2001 called Smart Tags, which would have allowed words on pages to be turned into links. Which links and to where? That would have been determined by Microsoft.

By the way, a key developer of Smart Tags from Microsoft does now work for Google. However, rumors that he was involved with Google AutoLink aren't true. Google says he's involved in a completely different product.

Microsoft backed off from Smart Tags, but TopText from eZula went ahead later that year. It inserted yellow hyperlinks into pages -- paid links that earned eZula money but not the publisher. My Forget Smart Tags; TopText Is Doing What You Feared article from back then looks in depth at the system and the concern that arose over it. I'd strongly encourage reading it, because there are plenty of direct comparisons between what happened then and what's happening now.

eZula's still out there and apparently offering the same type of placement, but my impression is that the system didn't gain greater popularity due to search marketers who especially rallied around the late Jim Wilson's Scumware site to fight the program.

Why did search marketers care so much? They were footing the bill. Ads they placed with people like LookSmart got inserted into pages that they never actively chose. Many disliked this and made threads to their ad providers like LookSmart to stop partnering or lose them as customers.

Predating both the Smart Tags idea and TopText was Amazon's zBubbles and Flyswat, both from 1999. They came and went without any major outcry. Flyswat in particular inserted links on pages just as TopText did, Smart Tags would have and AutoLink now does.

I see now that some places like Symantec now class Flyswat as spyware, which sort of amazes me given that I thought the product long ago had died. I can't even reach the Flyswat site, but I suspect old installation copies are still floating around via download sites such as PC World (which offers it here, then offers an anti-spyware tool to get rid of it here). But at the time it was out there, Flyswat drew praise in many quarters as a great browser "helper."

Monopoly & Monetary Fears

Why was Flyswat largely acceptable, when only two years later, Smart Tags and TopText drew ire and today, Google AutoLink faces criticism?

With TopText, the answer is easy. Publishers didn't like the fact the system let competitors manage to insert themselves into their own content. Others who had purchased precisely targeted search ads weren't happy to discover that these ads were then in turn distributed to TopText for less precise contextual targeting.

With Smart Tags, it was the monopoly factor. Microsoft had such a dominant share of the browser market that letting it control how words would be linked was simply too frightening to many -- and this despite opt-outs the company decided just before the end that it would offer.

Enter Google. It, too, occupies a dominant role. We don't know exactly how many toolbar installations it has, but the company acknowledges millions of users. To be fair, Marissa Mayer, Google's director of consumer web products, told me that queries generated through the Google Toolbar are "by no means a majority of all Internet Explorer users" who access Google.

"With AutoLink versus Smart Tags, the toolbar is different is that its only installed by users [as opposed to automatically being part of the browser] and is by no means a majority," she explained further.

Even Microsoft blogvangelist Robert Scoble agrees here, arguing that Google can do things Microsoft can't because Microsoft still has a browser on 9 out of 10 desktops out there. Nevertheless, he was against Smart Tags and doesn't seem to favor the current Google implementation of AutoLink.

Monopoly or not, the toolbar clearly has many users. In addition, people like Winer fear that if Google is able to offer this type of feature, nothing prevents Microsoft and others from doing the same.

So with Google, there's a bit of the monopoly factor. I think there's also the TopText-like fear that AutoLinks could cost publishers money. If you have a page about a book, you might not want Google sending someone to Amazon to purchase it, especially without your own affiliate code.

As an aside, it's worth mentioning that there are other reasons why you might find advertising links inserted into editorial copy. Vibrant Media's been doing this for some time through its IntelliTXT service. However, the issue of publisher rights as with Google AutoLinks is not in question with this type of service. That's because the publisher themselves has chosen to add the links.

Instead, the issues are more about the practice from an editorial integrity standpoint, and yesterday's Ads Embedded in Online News Raise Questions article from the New York Times is just one of many articles to look at this.

Back to Google AutoLink, a remaining major concern for publishers is simply that they might not want Google sending anyone anywhere out of their sites via links that they didn't provide in the first place. There's a potential traffic loss people worry about, though Google doesn't see this as a serious problem.

"Are we really taking traffic away from them? Think about what they've [users] have done. They've been looking at the page. They've decided there's a piece of information on the page. They had to get the idea that they wanted to get more information some way. They clicked a toolbar button, and then they clicked a link. That's a pretty determined series of user actions. It seems to me that that user is going elsewhere anyway," Mayer said.

Future Development

What about the idea that Google might put ads links on pages? That's not something it does now, nor does the company have any plans to in the immediate future, it said.

As for those Amazon links, Google said it gains nothing from them. Amazon was selected because it was seen as the best choice for book information.

"Obviously Amazon is a partner of ours, but there was no monetary exchanges as part of this development. We picked out what we thought was the best user experience for things we linked to," Mayer said.

Don't like that choice? When the tool emerges from beta in the near future, it is definitely planned for people to choose some of the content providers they want to tap into. If you want links to Barnes & Noble for ISBNs rather than Amazon, you'll almost certainly be able to do that or pick from others.

How about the tool expanding the range of what's auto-linked. That could happen. Google's not saying what may or may not change, because the tool is still in beta -- a traditional style beta that should only last a few months at most.

It's possible, Google said, that if users push the button, it might decide that the toolbar should always automatically show links rather than make this a page-by-page choice users initiate. Or not, depending on feedback.

New features could also be added or removed. The company is interested in link enabling anything that someone might have to cut-and-paste to get existing information from Google. For instance, enter a stock symbol into Google right now, and it links to you stock data. Potentially, stock symbols could be turned into AutoLinks.

Couldn't any word be made into a link? Sure, but that would be too much, Google says.

"That goes a little too far. We aren't interested in turning an entire page into hyperlinks. That's not particularly helpful to the user," Mayer said.

What's Acceptable & What's Not?

AutoLink also raises anew the philosophical debate of who ultimately controls content. "It's my content, hands off!," is a common theme that resonates with many publishers. What gives Google the right to start tampering with your page?

Google's response is that the users give them the right. The users want this tool. The users want to control how they view that content.

"It's important to recognize that the toolbar is installed by people who want Google-enhanced functionality," Mayer said. "I would argue that the user is adding the link to the page. Google just provides the tool."

That's a pretty forceful argument. We don't hear many objections to the fact that users can control font sizes as they like, for example. Google's open source program manager Chris DiBona goes through a litany of more things like this in his personal blog post on the issue, Oh, please.

It's easy to add more. I've heard plenty of praise for various Firefox browser plug-ins that can do special things to pages when they spot certain types of links or the ability to restyle entire pages with Firefox. Why is Firefox so praised for enabling users but Google suddenly seen as evil for doing the same?

Indeed, this isn't the first time Google has interacted with publisher content via its toolbar before. The ability to highlight or jump to words on a page are widely praised. But more dramatic was the addition of a pop-up blocker in June 2003. That not only prevented some web sites from doing what they wanted to do, but it also arguably cost some publishers money through the blocking.

Wide-spread criticism? Hardly. I've seen a few grumblings from time-to-time that Google might be blocking commerce and publisher intent this way, but the praise over the pop-up blocking feature has been enormous -- and mimicked by other search toolbars. My guess is that publishers didn't fight back more against this because it was clear how hated pop-ups where by consumers.

Drawing The Line At Links

So where is that line when a tool gives a user too much control -- or better, when a user is given control that a publisher ought to be able to counter? I agree with many others that adding links crosses it. I don't care if the user thinks adding links to my pages will make things better for them. As a publisher, I want to be able to override a tool that tries this.

Legally, we don't know where publishers really stand on this, as the recent Google toolbar move raises online ire from News.com examines. But forget legal.

Instead, adding links is a line that I think any respectable software publisher shouldn't cross. Last year, Google introduced a set of software principles that are all about protecting the user experience. An addition to those principles should be made to protect the publisher experience, as well.

Provide An Opt-Out!

In this case, I think Google should provide an easy opt-out that publishers can implement to block AutoLink. Some others want AutoLink to be opt-in -- that Google shouldn't be able to do anything like this unless publishers explicitly say they should.

I think that's too far. Users do have rights. They have installed this software. Opt-out gives any publisher seriously concerned with the tool the ability to control it on their site. Many won't be concerned, so requiring an opt-in is overkill that does hurt the user experience.

It's also somewhat hypocritical to demand Google do an opt-in for this tool when virtually no one demands an opt-in about being crawled. Why that isn't demanded is pretty clear. People want in Google because of the traffic it will bring them. But being crawled is another form of messing with content.

For its part, Google doesn't want to do an opt-out. The fear is that it will hurt the user experience.

"If you had opt-in or opt-out, that's overall a lot less useful," Mayer said. "If the links sometimes won't show because there's a publisher opting-out, that's bad for the user experience."

Explaining further, she said:

"It's an interesting balance to strike, but we're going to weigh more heavily on the user side," Mayer said. "We think we struck the initial balance in a reasonable way. The publisher's page is seen as intended in the browser. It's a user-elected action that changes things. Beyond that, we aren't driving all traffic to Google."

Google also feels there's a form of an opt-out in that it won't overwrite any existing links. Worried that an ISBN code might get turned into a link by Google? Make it a link yourself, and it will be untouched.

Indeed, when Gary Price first wrote about the AutoLink feature in Search Engine Watch last week, he used an example of going to Barnes & Noble to show how unlinked ISBN codes there got auto-linked through the Google Toolbar to connect people to Amazon.

That made Barnes & Noble into a poster child for many publishers about why AutoLink was bad. Look at how it put links to a competitor on the Barnes & Noble site!

It took the company about a week, but an opt-out is effectively in place with Barnes & Noble. As I wrote yesterday, all ISBN numbers on the site now have links to Barnes & Noble's own content.

It was probably an easy move for them to make, having a database-driven site. But for others, it could involve a lot of hard-coding. In addition, if Google adds new content types for AutoLink, then publishers have to go back and make more changes. Adding your own links to block Google AutoLinks is simply not an effective form of opting-out for many to use.

They're My Users Too

My response to the "protect the user experience" argument is pretty blunt. Too bad if it is harmed in this case, from Google's perspective.

They may be Google's users, but they are also my users as a publisher as well. If my visitors are upset that my site prevents them from using Google AutoLink, they can tell and lobby me directly. I don't need Google deciding for me what my users want on my web site.

Google would gain on the public relations front from offering an opt-out. Even better, I'd encourage them to lobby for a single standard type of opt-out that other publishers could support such as through a robots.txt file extension that works for everyone. That would be real leadership in the industry and in line with the software principles statement it started last year.

Turning The Tables

How about turning the tables? How would Google feel about programs that modified its search results. It's not even theoretical. We have tools that will strip out ads from Google because the user may not want ads. We have software that will add links to Google's own results (for more, see our forum thread).

"I think we'd need to look overall at the utility offered to the users. Can a good argument be made that those users understand what's going on?" Mayer said. "It would be hard for us to argue against user utility because those are the same metrics we're going to use in evaluating our feature set."

It's a change from when Google was asked about this in 2001, on what it thought of TopText adding links to its results. At that time, it wasn't an issue of it being OK if it helped the user. Instead, the Google wasn't concerned because there didn't appear to be much take up of TopText.

Still, things change -- and it's helpful to have a current view on where Google stands, especially if a competitor like Yahoo or Microsoft decides to add a feature to its toolbar that allows users to hit links inserted on Google pages to generate results from their search engines.

The Toolbar Area Itself Is Yours

I'd sweeten the pot a bit to encourage Google to give an opt-out. Personally, I only want it to prevent adding links to my pages. Want to display links via the toolbar? That's fine -- it's your toolbar, do what you want with it.

Wouldn't that mean Google might down the line start showing ads or content related to my pages in the toolbar. Yes, it might. But we've had tools do this sort of thing already (a new toolbar program from Searchfeed and EffectiveBrand just came out this week), plus free useful tools do need to be supported somehow.

I wouldn't necessarily like it, but if it's not interfering with my actual page -- popping things over my content, adding links but instead staying within the toolbar area, I'd live with it.

That's especially so as long as the user clearly knew what was happening in the toolbar. All the same arguments Google makes about the user having the right to do what they want, I heard the same from TopText way back when. But Google says its history of user disclosure on what the toolbar does is better, and I largely agree.

"You can just look at Google's track record as with the PageRank feature. We tell people it's not the 'usual yada yada' and we are very up front," Mayer said. "We make sure our users are really informed that something going to happen, because we want to have the trust of our users."

In other words, no one gets tricked into downloading the Google Toolbar. And the links aren't automatically enabled. You do have to make the choice to turn them on.

Nevertheless, I still don't want links added to my pages. But if someone wants to consciously choose to click on a button that makes new windows pop-open, it's hard to object.

Similarly, we have a long history of other tools being tolerated for showing related content, such as Alexa. Heck, for ages both Internet Explorer and Netscape had built-in "related links" functionality powered by Alexa that few ever objected to.

Alt-Click Away!

Another option for Google is to provide Alt-Click functionality in the way that the GuruNet helper application (now Answers.com, also once called Atomica) has long allowed. In this case, people can select a word, hold the ALT key and click with their mouse, which in turn brings up a page with more information about what's described.

This doesn't add anything to a web page, easing concerns about content manipulation. Indeed, Wall St. Journal writer Walt Mossberg, who rallied against Smart Tags in 2001, nevertheless loved GuruNet for letting him Alt-Click on words in his same complaint against Smart Tags and has continued to praise the GuruNet's Alt-Click feature in 2003 and 2005.

In short, Alt-Click is an easy way to provide the user who wants to make a conscious choice to act upon ISBN numbers, addresses or other content that lacks links with AutoLink-like functionality -- just without having to use the actual links that are objectionable to some publishers.

Google did consider this option, but links were seen as more intuitive:

"We talked about whether we should make this work like that or something else. But we think that if you're going to create a link, the ability to get to get to another page, the web already has paradigm for that. Right now, the link really does make sense," Mayer said.

Adding further, she said:

"The links that we add do look different. We work hard to help the user understand that this was a link added by the Google Toolbar, that it wasn't a native link. We do this through a mouse rollover that is visible when you mouse over the link."

From my end, the mouse rollover isn't enough, little Google color "bubbles" or "balls" added to the hand icon, along with link pop-up text that says "Google Toolbar AutoLink." That's because before you hover, these links look identical to native links -- and some people are just going to click rather than hover for very long.

A different color or a double-underline or something would help. But while I certainly agree that links are far more intuitive, whether they look radically different from native links or not, they simply clash too much with publisher rights, in my view, and at this moment.

Here's An Opt-Out

You don't have to wait for Google to provide an opt-out, especially in that it might never do so. Threadwatch describes a JavaScript blocking solution cooked up by Search Guild. Download the solution (instructions are provided), insert it into your web pages. The same Threadwatch thread is also tracking any new solutions that come up -- some new server-side ones have just been posted.

Meanwhile, an anti-anti-AutoLink option appears to also be out there for users who want to override publishers trying to prevent AutoLink. I say appears because it seems like a clunky workaround that I can't really understand -- and looking at the comments posted, some others don't get it as well.

I mention it mainly because it highlights how quickly things have become absurd. You have third-parties working to prevent AutoLink and potentially others working to prevent preventing AutoLink. It's a mess.

The user experience is hardly being protected by Google refusing to provide an opt-out. It would be much better for Google to provide an opt-out in a way that makes publishers happy but also lets Google report clearly to its own users if the publisher has blocked AutoLink from the site they are visiting.

After all, it's arguably bad for the user experience if they can't get cached copies of pages. Nevertheless, Google has long allowed web site owners the ability to opt-out of having pages cached, primarily it seems to avoid conflicts over copyright. Despite this opt-out, the cached pages feature has survived for years. AutoLink can survive opt-out black spots, as well.

Finally, just weeks ago, Google acknowledged that publishers should have MORE ability to control their links through the introduction of the nofollow link attribute. It's disconcerting to say the least to then have the same company assume a right to add links to publisher pages without permission.

Posted by Danny Sullivan at 10:43 AM | Permalink

February 23, 2005

Google's Blogger and Unwanted Software

An eWeek article: Spyware Snags Blogger Users, reports on a new study by Harvard researcher, Benjamin Edelman that says that "dozens" of blogs hosted by Google's Blogger/Blogspot trick visitors and install spyware and adware onto visitors' computers.

The offending blogs typically prompt visitors to accept downloads through misleading pop-up windows, said Ben Edelman, a vocal spyware critic and Harvard University researcher. While a user typically must accept the download before the software installs, the prompts often attempt to trick users by disguising the download as a necessary Windows or Internet Explorer upgrade.

You can read the complete study: How Google's Blogspot Helps Spread Unwanted Software, here.

Posted by Gary Price at 4:13 PM | Permalink

See More Posts From:

This Week | This Month

  var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); var pageTracker = _gat._getTracker("UA-564586-7"); pageTracker._setDomainName(".searchenginewatch.com"); pageTracker._trackPageview(); window.collarity_appid = "incmedia"; //> //>
Top Jobs
more Jobs

Senior Digital Planner
U.S. International Media Los Angeles, United States

Senior Search Analyst
U.S. International Media Los Angeles, United States New York, United States

Webmaster - Marketing
West Virginia School of Osteopathic Medicine Lewisburg, United States

Web Marketing Manager
Harvard Business Publishing Watertown, United States

White Papers
more Research

0