It's ok Google setup a form to communicate with AdSense partners.
> “We have a help center on our website with tips for AdSense publishers on sabotage,” the statement continues. “There’s also a form we provide for publishers to contact us if they believe they are the victims of sabotage. We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed.”
Yeah, Google is well known for being responsive and helpful through their web forms. I've read many a story here on HN about users of Google services having judgements overturned by the friendly support agents who are definitely not robots.
I wonder, has anyone contacted Google and somehow avoided getting banned?
Google seems to show no outward no interest in actually unbanning anyone once they're banned, do they care if you tell them beforehand that you're concerned someone is messing with your ads?
And if they do care, does that even help / wouldn't the "ban this guy" script just run anyway?
I've had ~$150 sitting in my adsense account for about 4 years now because I'm unable to cash out. Their 'input bank information' page is broken, seems like my old banking information is stuck filled out and I can't remove it. Won't let me put new information in either. And the link to the help site leads to a 404.
I've tried various forms to reach a person and they've all been fruitless. Google is just holding my money hostage with no recourse.
They even send me a 'your payments are on hold' email every few months to basically say 'remember, we stole your money and theres nothing you can do about it!'. Thanks Google, I almost forgot that you're the definition of faceless corporation again.
I had a similar situation where I bought a domain for an old blogger blog years ago.
So anyway the credit card tied to that has expired (years ago I thought).
Then Google emails me their "update your payment information" email ... and points me to a Gsuite login.
Bro (Google) I don't have a Gsuite account ... and my regular Google account has valid payment options. Every form of help just points back to Gsuite...
Blogger doesn't appear to have any of the old information as far as the domain being purchased.
I managed to get the domain registrar to help. There was no way to contact Google, it was just an infinite loop telling me to login to Gsuite.
I suppose logically, yeah. I have no idea how to do that though. I don't imagine writing 'Google' on the defendant line is going to work. And if it does they'll likely ban me from all Google services for life. Not really a path I want to go down.
Unfortunately their unlimited storage for ~$14/month via gsuite is the best storage deal on the internet. I've got 13TB and counting in there and would prefer to not lose that account.
I've also got another grandfathered in free gsuite account I've been using for personal things for about 7 years, changing from that would be a nightmare.
I suppose I'm part of the problem, being unwilling to do something about it because I have more to lose than gain.
Yeah that is what they write for the terms. In practice though they have never enforced the 1TB/user clause, can't find any references to them doing that ever. Many people claim to have many terabytes with no enforcement on the user clause, myself included at 13TB currently with 1 user for just under a year so far. Apparently it has been this way for years.
Effectively you get unlimited storage for $12 + taxes/month.
It's a pretty smoking deal if you don't mind the (seemingly minuscule) chance that one day they'll ask for more money or pull the plug. In my use case all the data is easily retrieved again so it would only be a minor inconvenience.
I think there was a time that was true. Now reCAPTCHA is so prone to tagging someone as a bot if they employ any ad blocking or tracking prevention that it significantly interferes with web use. It's an overall harm to the web in my opinion.
captcha on what, the site? since there's basically nothing authenticating the site to the adsense iframe/script, can't the attacker serve a cached version locally?
To actually enforce the policy described in that link, would require authenticating websites when rendering ads. Otherwise, one could just embed an ad from a different domain, and easily defeat this process.
I'm not sure why the parent (throwaway2048) is getting downvoted over this. He's correct. The attack is as follows:
You want to attack (send fake traffic to) example.com, but example.com has implemented a captcha system (think cloudflare interstitial). If you directed your bots to visit example.com, they'd have to solve the captcha to view the ads. However, there's nothing stopping you from solving the captcha once, getting the page source, and serving that to your bots. This works because example.com doesn't serve any ads directly, it only embeds a <script> or <iframe> element to adsense. Since the bots are under your control, it's trivial to set up the redirection (eg. hosts file or HTTP proxy). HTTPS isn't a problem either because you can MITMing yourself with a self signed certificate, which is not a problem either as you can get your bots to trust that certificate.
From the perspective of the adsense script, it's impossible to tell whether the bot is visiting the real example.com or a fake version, since the browser is under the attacker's control. The only way to mitigate this attack would be some sort of one time use token that's generated server-side by example.com, and authenticated by adsense each time it tries to display an ad, which I doubt adsense supports.
