By buying their own search terms, Apple is ensuring that no bad actor can do it and tarnish their brand, my guess is it happened before and Apple decided to outbid everyone else to ensure it didn’t happen again.

The worst thing is that google does not take down those ads even after reporting them. This has been an issue for years affecting the financial industry too. There was an ad for a fake cryptocurrency exchange and even the whole crypto community with maybe hundreds of active members was not able to do anything with it.

The ad issue is 20 years old. Can't believe though there are still people not using ad blockers.

I come from a time millions of years ago when they first started putting ads in search results, and I'm still so angry at it that I refuse to ever click a Google ad link no matter what.

Apple buys the ad slot because, not only could a potential bad actor buy that search term, but a competitor could as well. They don't want the first result when you search "Apple" to be an ad for a Dell Laptop, so they buy out the search term.

3:50 about how they (may) have done it: Maybe the original api for editing the visible-URL still works and it just was removed from the UI or they used the DEL character that was collapsed for the visible url but purified out for the link

I'm not planning to work in cyber sec, but these videos are just the best on the whole platform

i bet they used the old api for setting custom urls that was "removed" on the frontend but still had functionality on the backend. ive done this before it's very common

Tbh, google doesn't care whose ads they're pushing (even on YT), but they do care about where these ads end up

Gotta give kudos to Seytonic for the consistency in his uploads. Great content too.

Surprised nobody’s said it yet! Display URL can be changed by the Search Ads 360 console. It’s for big spenders only but sometimes bad actors get an account through malware/SE.

As for why Google is silent; they don't want to draw attention to it. If the last decade has taught me anything, it's that if you can push something to the background of people's memory for a month, 99% of people will stop caring. Another month, another 99%. And by then, you can quietly deal with it in your own way. Which may include doing nothing at all, if you're rich enough.

I always bypass the Google ad links when using Google. good to see my distrust was completely justified.

If there was an old function that could change the path, maybe they only removed it from the UI and not from the API or backend.

The Google Ad one seems like Stupidly old news, but from talking to people on discord, I came to find out that there was ALOT of people who were falling for those ads

Thinking back, it was 2013-14 that I first spotted poisoned Google ads. And here we still are...

To make these Ads different from the rest of the search results, they should color them differently, put a green colored background around the Ad to show it's not a regular search item. Or how about making use of the empty whitespace to the right of the Search results, put all the ads they want there. It's completely unused area that could be filled with ads of some sort, instead of listing them right there with the rest of the search results. It really wouldn't be that hard to code that into the search page to display them all on the right hand side.

A few months ago I built a new computer. I had a Msi graphics card so I downloaded MSI afterburner. A few days later I noticed I was charged on some Google ads account and my Amex was charged thousands without me authorization it. I contacted Google and Amex separately. I now just put 2 together. Why would Google not tell me about this when talking with them about this Google ads account made in my name so I can watch out for other strange activities in my bank accounts. Last week another of my cards got hacked. I now realize that these people prob have all my information.

another average day of hearing about google's bad privacy practices

A commonly used curse word: Insta-flagged. Malware ads: Passed

I think the most plausible way the display URL was changed in the Google results is via data injection. Basically, you would run the HTTP request through a proxy and modify the value for the display URL before passing it on to the Google servers. It would be in Google's best interest to ensure this value is not modified or accessible, though it is something that can be easily overlooked when they previously restricted changing the display URL.

A practice I've had for several years at this point, practically learned from the earliest days on the internet... NEVER CLICK ON ADS..... There. Wisdom from a bygone age.

This is why I'm so glad I never ever clicked on the ad version of sites to begin with. I never trusted them to begin with.

the irony of being served two ads, from companies offering to improve online ad presence, on this specific video.... it's just beautiful irony. AI can inadvertently be giving us valuable hints right now for things that need to be looked further into.

I’m making a video on something similar soon, the hacker that shut down google. Nice video seytonic ❤

Ah yes. Seytonic has met his quota. I was worked into a cold sweat for a moment, when I thought that you'd released a video without the word miscreant multiple times. Keep up the good work sir🧐

lol I was just bored and felt like watching Seytonic so I just got finished watching a random video of yours from a year ago. Perfect timing for a new vid

I've seen multiple "featured results" recently that were direct download links to sketchy files. Like you click the link from the Google home page, and it started a download. One was due to a server configuration issue from a more or less reputable site, but the other was... less friendly seeming. I don't know why they let results show up that directly link to or auto-download files.

Remember when google said their motto is "don't be evil". I looked at wikipedia and it seems they haven't actually used that catchphrase in years. Makes sense.

All of this is linked to an education issue. People should be taught to ignore ads, phishing emails, etc..., we're in a world where people and corporations hate you, they will do everything they can to take your info and money.

I remember when I started using Facebook around 2010-11, some family members taught me to never click on ad links

Google ads has seriously gone too far, google doesnt even verify them!

I love watching your content at lunch, makes me enthusiastic going back to work.

A few months ago in school, we had to download a program to install an operating system in an usb (rufus) and the teacher and a lot of people downloaded it from an ad that was a clone of the official website. Apparently nothing happened but giving admin access to a random exe must have installed a backdoor. The only people who didn't install it are me (who had an adblocker) and some other people that noticed it

Google is also completely freaking out currently over ChatGPT, and MS buying it for use in Bing. While they have their own AI tech, for some incredibly stupid reason - they haven't thought to adapt it to search queries. They literally had to call the original Google founders back in to ask for advice 🤦‍♂️

This is why you never click on ads. Like why would Google the one making money off of these ads want to stop them?

Buying your own search term on adsense makes sure you actually list as the top search result / perceived first result. Also hinders bad actors from doing so etc.

Hi! I would like to say that I personally experienced something like this before. It was for KZfaq. The first link was an ad, and it had the exact same URL. Thankfully, the antivirus caught it, so I never got to see the website itself, but just so you know, they're not just advertising on downloadable programs search pages...

I use ad blockers to prevent these types of sites from showing up, or if I'm using a web browser that doesn't have one, I make sure to look for the word "Ad" before clicking on a link (and besides, they're the first ones to show up). I've been doing this for many years now as I don't want to accidentally click on an advertisement.

One of the MANY reasons that I wil _NEVER_ click on an "ad" or "sponsored" link ANYWHERE!

Have not used Google search for years. I flat out don't trust them.

I have been getting a lot of seemingly randomly generated trash sites these past 2 years. Mostly when I try to find older local news articles or some niche russian stalker mods related stuff.

Imagine clicking on working google ad service links. Pihole blocking goes brrrr

why is google so adamant about enforcing rules on youtube but not google ads? obviously monetary.

1:31 the reason that apple has an ad for their own brand is the same reason why this video exists: they protect themself and their brand against fakes and competitors in top-rankings. I dont really like apple but this is actually a "wise decision" to do so.

I’m glad I started using computers at a young age, I can spot spoofed domains easily and those days without a adblocker faded out in the memory.

About T-Mobile, how can a COMPANY as BIG as T-Mobile fuck up THAT bad? What is going on inside their head?

Maybe the fake site url is possible because the Google Ads API still allows display_url field? Check their api documentation.

Don't EVER click a sponsored link. It's clearly marked. If you can't see it, PAY ATTENTION!

People actually click those ad links? My eyes just automatically gloss over those until I get to the actual search results.

Also, the US government is currently taking Google to court for anti-trust issues with them prioritizing ads that were paid for directly to them. Doesn't make much sense to me..bc obviously they'd do that...but as I understand it, it's kinda similar to the old MS browser Explorer anti-trust case.

t-mobile be like: yeah, all your data leaked, but no need to panic, since we've already been selling all this data to whoever wants it!

What's hilarious is Google Ads reviews regular ads/urls and disapproves them very frequently. But these domains run for weeks before getting banned

Hopefully some insider at Cellebrite will leak the full source code, or even just snippets.

The data actually look a lot like the 37 million rows that were posted for sale on breach forums

Damn that’s pretty messed up. Exploiting quite a lot, googles greed along with users nativity and favor of convenience

A few years ago I would trick Riot Games into giving me already taken club tags by typing the name I wanted with a small typo and then contacting Riot Games Support to tell them I made a mistake and then tell them the name I actually wanted , they would give it to me. Later they added a system that would check if the name is already in use so you wouldn't trick riot employees that easily. So I would send them the name with invisible characters and if the employee copy pasted it I would get the name I wanted. I wouldn't be surprised if this is what happened with gimp.

They are keeping the ad revenue for themselves. They are looking to catch out anyone. Pure greed

Yea that first article has been a problem for quite a while. (Not the article but the Google search problem😂)

You know what's funny, just before the T-Mobile section of the video I got an T-Mobile ad...

Regarding Google Ad domain change: maybe the field is still changable, even though it isn't in the UI?

As someone who uses adsense for websites and has to follow very strict rules, seeing they don't care about their ads makes me angry

Wait! "Name, billing address, email, phone number, date of birth, account number" are "BASIC" customer info? Generally, phone number, name, and account number are sufficient to pass most T-mobile customer service reps to effect account takeover. And "widely available in marketing databases"? Personally identifiable information (PII) are the exact type of data that all kinds of privacy legislations specifically protect! Why are they widely available for money?

It could be possible that the google back end api for ads allows for that field to be changed, but the front end setup for it just doesn't allow that option, basically hiding that functionality from the end users, but forgot to actually remove it.

I think the reason why Apple buys the top result is so that nobody else will do that. Fun trivia, a Swedish political party bought the top hit for one of their competitors a few years ago. Funny stuff!

You can't figure out why google would demonetize you for petty stuff, but look the other way when advertisers do worse? I can explain it to you: financial motive. When they punish you, they get more money; if they punish them, they get less money. So they punish you to enrich themselves, and DON'T punish advertisers to (again) enrich themselves. As usual when trying to figure out motives, a good bet is to 'follow the money" (not always the motivation, but more often than not). If google lost money for allowing bad actors to advertise, they would stop allowing bad actors to advertise; however, they gain money by allowing bad actors, so why would they ever stop them? Only someone silly enough to think that corporations would ever do the right thing would be confused by this; if you are smart enough to realize corporations would do the worst, most heinous things for money, and hurt innocents for mere pennies, then this should all make sense. Corporations will do what makes them money; the only time they ever do the right things is when that happens to make them money; doing the right thing is NEVER their motivation (legally it cannot be), their motivation is ALWAYS money at all costs (as is legally required). So hopefully now, everyone understand why corporations like google pretend to do the right thing, but only ever do so when it benefits them, and they will gladly do the WRONG thing whenever that benefits them. If you want to understand the behavior of a corporation, study the behavior of a narcissistic psychopath, and you will be amazed at how similar they are, and how their it explains their past actions.

uBlock Origin.

I literally never click on the ad results in google because 99% of the time it's not there for what I want it for.

Google's competence has been a joke for about a decade. not just search security, but across majority of their long standing product lines.

Best way to prevent this is to use brave and not google chrome

3:59 And that's where you were wrong. When Google said protective they meant protective of their ad revenues. Another way to look at it is they protect more the ad makers than you the consumer. KZfaq ads *ehem *ehem

The way you pronounce Cellebrite... "After Apple refused to unlock the phone, the FBI went to celebrate"

7:45 Lmao, imagine if the NSA was publicly traded. Disgraceful.

Malvertisements have been a problem since the advent of online ad networks.

Funny enough, I had ad-blocker enabled so Google never shows any ad results when searching. So I guess I'm safe.

I never click on ads whenever I am on a machine without adblock. This is one of the reasons. The other reason is that if I like a site, I don't want them payung for my click, they are probably in the top 3 results anyway. There is no reason to click ever.

Google just fired 12'000 Employees, perhaps a salty fired employee from the Ad team or from their illegal Google-Facebook-Ad-Price-CircIe-Jerk Team made the GIMP ad

my friend accidentally typed “youtu” or something like that and the real domain for youtube came up but when she clicked on it, it would send her to a fake microsoft alert website

It's important to add celebrite is also used in US schools by staff there.

The gimp hack was probably done by making a long ass strong or using a line break char to push up the original URL and the path is just a retyped real URL

Honestly the google ad problem is probably just through imputting the data through old API or just editing the submission that the google ad forms sends or etc-- its probably a basic ass attack that google didnt remove from their old infrastructure

I literally found the afterburner phishing site good 3-4 months ago, sent a message towards msi about it, to try and make them aware of it and perhaps they could've changed the design of their download for afterburner but received no response

Google should protect people not providing a robbery service for them

this is one of the reasons i switched to linux you can download software with one command and do not have to go to shady websites and click one of the 100 download buttons im glad microsoft is finally catching up with winget the times i used it, it was very tedious though

I can't recall clicking an ad on google ever..

This is why U-block origin.

You know what, adblockers are now used for security. This is sad. Luckily I already use it everywhere I possibly can

The ads on top haven't matched search queries for a long time. Yes yes yes, we can blame Google and the scammers but really people should finally learn that nothing on the Internet is save, secure, genuine, care-free... if they want that, they need to use a certified kids browser and search engine and even then, it's real humans who program these and might make a mistake that let's kids and tech-illiterates escape the cozy bubble into the real world...

_Laughs in adblock._

Even more reason for pi-hole blocking google ads.

Google ads aren't a problem if 1) you don't use Google search and 2) you use an adblock and block google.

Maybe the typo (last segment) was on purpose to make some customera think, this is a spam mail and not a breach enclosing.

funny this has been a problem for us OSRS players for years there was a fake runelite ad directing people to malware for a really long time and countless people fell for it

5:33 I was in one of their buildings once and saw an adapter thing or device that had like 15 cables hanging out of it (among them the old Apple connector, lightning, Mini USB, micro USB, USB-C, etc.)

Just setup a pihole and you won't get any ads period. If you use ad block extensions, make sure you're not using chrome.

isn't it just intercepting th postdata and sending the display url in a custom packet? Just cause the front end doesn't allow for modifying of display url, doesn't mean the back-end doesn't. It's likely that at some point the display url is just set to actual url.split('/')[2] + '/' +path1+'/'+path2 and then sent to the next stage in another packet, when you can just send yourown data to that next stage on yourown, no?

Why do you have that halo around all white surfaces. I don’t know how to explain it, but if you look on a white screen from this KZfaq video. There’s this a little oval on the screen. Does anyone know why he does it?

Also the colour of the hyperlinked text of an ad is purple while the colour of a normal link text that appears in the search results is blue

The gimp url is most likely google. If it was possible to type your own domain in the past, chances are this is a legacy ad or and ad using this legacy feature. Similar to how I used t-mobiles deprecated internet system for unlimited wifi.

I'm sure T-Mobile has the 8K Form saved as a Template by now. 😂