this post was submitted on 01 Aug 2024
476 points (99.2% liked)
Technology
59441 readers
3903 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Allowing showing different domains than the actual click target is wildly reckless and should be punishable.
"Oh but our poor advertisers want to use click tracking and it is too hard to set up on their main domain". Oh boo hoo, I'm sure if it is important to them they will figure it out.
I worked for Google Ads support for a while and even this dumbed down system completely stumped so many fucking people.
God I hate advertising and advertisers so much.
These useless fucking cunts wanted every feature imaginable, setup for free, with no effort of research done from them.
That job made me hate taxi drivers so much.
What do taxi drivers have to do with it?
They are probably in cahoots with the lemon stealing whores.
What do lemons have to do with it?
The lemon was stealing all the whores and used a taxi to get away with them.
Even then it should be easy to add an additional field in their ad profile. Like "provide a list of domains your ads will go to."
And then set up some sort of domain authentication similar to let's encrypt or SPF records.
Probably they exploited the Google search redirect to have show google.com
Like this http://www.google.com/search?q=example&btnI
And because Google is a startup with limited resources they didn't implement a check against that
Probably not. Google Ads explicitly allows mismatch between displayed domain and actual domain. This is literally a supported configuration with no tricks.
The link you sent gives me a "Redirect Notice" interstitial that mitigates this attack greatly.