Mastodawn

In 1998, two Stanford kids published a paper in *Computer Networks*: "The Anatomy of a Large-Scale Hypertextual Web Search Engine," in which they wrote, "Advertising funded search engines will be inherently biased towards the advertisers and away from the needs of consumers."

https://research.google/pubs/pub334/

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

1/

The Anatomy of a Large-Scale Hypertextual Web Search Engine – Google Research

Google Research

Cory Doctorow Feb 24, 2023

The co-authors were Lawrence Page and Sergey Brin, and the "large-scale hypertextual web search-engine" they were describing was their new project, which they called "#Google." They were 100% correct - prescient, even!

On Wednesday night, a friend came over to watch some TV with us. We ordered out. We got scammed. We searched for a great local Thai place we like called Kiin and clicked a sponsored link for a #Wix site called "Kiinthaila.com."

2/

Cory Doctorow Feb 24, 2023

We should have clicked the third link down (kiinthaiburbank.com).

We got scammed. The Wix site was a lookalike for Kiin Thai, which marked up their prices by 15% and relayed the order to our local, mom-and-pop, one-branch restaurant. The restaurant knew it, too - they called us and told us they were canceling the order, and said we could still come get our food, but we'd have to call Amex to reverse the charge.

3/

Cory Doctorow Feb 24, 2023

As it turned out, the scammers double-billed us. I called Amex, who advised us to call back in a couple days when the charge posted to cancel it - in other words, they were treating it as a regular customer dispute, and not a systemic, widespread fraud (there's no way this scammer is just doing this for one restaurant).

In the grand scheme of things, this is a minor hassle, but boy, it's haunting to watch the quarter-century old prophecy of Brin and Page coming true.

4/

Cory Doctorow Feb 24, 2023

Search Google for carpenters, plumbers, gas-stations, locksmiths, concert tickets, entry visas, jobs at the US Post Office or (not making this up) tech support for Google products, and the top result will be a paid ad for a scam. Sometimes it's several of the top ads.

This kind of "intermediation" business is actually revered in business-schools.

5/

Cory Doctorow Feb 24, 2023

As Douglas Rushkoff has written, the modern business wisdom reveres #GoingMeta - not doing anything useful, but rather, creating a chokepoint between people who do useful things and people who want to pay for those things, and squatting there, collecting rent:

https://rushkoff.medium.com/going-meta-d42c6a09225e

6/

Going Meta - Douglas Rushkoff - Medium

While Mark Zuckerberg was sitting down to talk with Joe Rogan last week, I was in a studio recording the audio version of my upcoming book, Survival of the Richest: Escape Fantasies of the Tech…

Medium

Cory Doctorow Feb 24, 2023

It's the ultimate #PassiveIncome #RiseAndGrind #SideHustle: It wouldn't surprised me in the least to discover a whole festering nest of creeps on Tiktok talking about how they pay #MechanicalTurks to produce these lookalike sites at scale.

This mindset is so pervasive that people running companies with billions in revenue and massive hoards of venture capital run *exactly* the same scam.

7/

Cory Doctorow Feb 24, 2023

During lockdown, companies like Doordash, Grubhub and Uber Eats stood up predatory lookalike websites for local restaurants, without their consent, and played #MonsterInTheMiddle, tricking diners into ordering through them:

https://pluralistic.net/2020/09/19/we-are-beautiful/#man-in-the-middle

8/

Pluralistic: 19 Sep 2020 – Pluralistic: Daily links from Cory Doctorow

Cory Doctorow Feb 24, 2023

These delivery app companies were playing a classic #enshittification game: first they directed surpluses to customers to lock them in (heavily discounting food), then they directed surplus to restaurants (preferential search results, free delivery, low commissions) - then, having locked in both consumers and producers, they harvested the surplus for themselves.

9/

Cory Doctorow Feb 24, 2023

Today, delivery apps charge massive premiums to both eaters and restaurants, load up every order with junk fees, and clone the most successful restaurants out of #GhostKitchens - shipping containers in parking lots crammed with low-waged workers cranking out orders for 15 different fake "virtual restaurants":

https://pluralistic.net/2020/12/01/autophagic-buckeyes/#subsidized-autophagia

Delivery apps speedran the enshittification cycle, but Google took a slower path to get there.

10/

Pluralistic: 01 Dec 2020 – Pluralistic: Daily links from Cory Doctorow

Cory Doctorow Feb 24, 2023

The company has locked in billions of users (e.g. by paying billions to be the default search on Safari and Firefox and using legal bullying to block third party Android device-makers from pre-installing browsers other than Chrome). For years, it's been leveraging our lock-in to prey on small businesses, getting them to set up Google Business Profiles.

11/

Cory Doctorow Feb 24, 2023

These profiles are supposed to help Google distinguish between real sellers and scammers. But Kiin Thai has a Google Business Profile, and searching for "kiin thai burbank" brings up a #KnowledgePanel with the correct website address - on a page that is headed with a link to a *scam* website for the same business. Google, in other words, has everything it needs to flag lookalike sites and confirm them with their registered owners.

12/

Cory Doctorow Feb 24, 2023

It would cost Google money to do this - engineer-time to build and maintain the system, content moderator time to manually check flagged listings, and lost ad-revenue from scammers - but letting the scams flourish makes Google money, at the expense of Google users and Google business customers.

Now, Google has an answer for this: they tell merchants who are being impersonated by ad-buying scammers that all they need to do is outbid them for the top ad-spot.

13/

Cory Doctorow Feb 24, 2023

This is a common approach - Amazon has a $31b/year "ad business" that's mostly its own platform sellers bidding against each other to show you fake results for your query. The first five screens of Amazon search results are 50% ads:

https://pluralistic.net/2022/11/28/enshittification/#relentless-payola

14/

Pluralistic: How monopoly enshittified Amazon/28 Nov 2022 – Pluralistic: Daily links from Cory Doctorow

Cory Doctorow Feb 24, 2023

This is "going meta," so naturally, #Meta is doing it too: Facebook and Instagram have announced a $12/month "verification" badge that will let you report impersonation and tweak the algorithm to make it more likely that the posts you make are shown to the people who explicitly asked to see them:

https://www.vox.com/recode/2023/2/21/23609375/meta-verified-twitter-blue-checkmark-badge-instagram-facebook

15/

Meta Verified and Twitter Blue mark the end of free social media

You used to pay for social media with your eyeballs. Now Meta and Twitter want your money, too.

Vox

Cory Doctorow Feb 24, 2023

The corollary of this, of course, is that if you *don't* pay, they *won't* police your impersonators, and they *won't* show your posts to the people who asked to see them. This is pure enshittification - the surplus from users and business customers is harvested for the benefit of the platform owners:

https://pluralistic.net/2023/01/21/potemkin-ai/#hey-guys

The idea that merchants should master the platforms as a means of keeping us safe from their impersonators is a hollow joke.

16/

Pluralistic: Tiktok’s enshittification (21 Jan 2023) – Pluralistic: Daily links from Cory Doctorow

Cory Doctorow Feb 24, 2023

For one thing, the rules change all the time, as the platforms endlessly twiddle the knobs that determine what gets shown to whom:

https://doctorow.medium.com/twiddler-1b5c9690cce6

And they refuse to tell anyone what the rules are, because if they told you what the rules were, you'd be able to bypass them. #ContentModeration is the only #infosec domain where "#SecurityThroughObscurity" doesn't get laughed out of the room:

https://doctorow.medium.com/como-is-infosec-307f87004563

17/

Twiddler - Cory Doctorow - Medium

Tracking Exposed is a scrappy European nonprofit that attempts to understand how online recommendation algorithms work. They comine data from volunteers who install a plugin with data acquired…

Medium

Cory Doctorow Feb 24, 2023

Worse: the one thing the platforms *do* hunt down and exterminate with extreme prejudice is anything that users or business-customers use to twiddle *back* - add-ons and plugins and jailbreaks that override their poor choices with better ones:

https://www.theverge.com/2022/9/29/23378541/the-og-app-instagram-clone-pulled-from-app-store

18/

The OG App, an ad- and Reels-free Instagram clone, is pulled from the App Store

The OG App promised an Instagram experience without Reels, recommendations, and ads. Just a day after debuting on the App Store, the OG App was pulled. Meta says it’s taking “all appropriate enforcement actions.”

The Verge

Cory Doctorow Feb 24, 2023

As I was submitting complaints about the fake Kiin scam-site (and Amex's handling of my fraud call) to the FTC, the California Attorney General, the Consumer Finance Protection Bureau and Wix, I wrote a little Twitter thread about what a gross scam this is:

https://twitter.com/doctorow/status/1628948906657878016

The thread got more than two million reads and got picked up by #HackerNews and other sites.

19/

Cory Doctorow (@[email protected]) on Twitter

“So there's a great Thai restaurant in my neighborhood called Kiin. Yesterday, I searched for their website to order some takeout. Here's the Google result.”

Twitter

Cory Doctorow Feb 24, 2023

While most of the responses evinced solidarity and frustration and recounted similar incidents in other domains, a significant plurality of the replies were #ScamApologetics - messages from people who wanted to explain why this wasn't a problem after all.

The most common of these was victim-blaming: "you should have used an #AdBlocker" or "never click the #SponsoredLink."

20/

Cory Doctorow Feb 24, 2023

Of course, I *do* use an ad-blocker - but this order was placed with a mobile browser, after an absentminded query into the Google search-box permanently placed on the home screen, which opens results in Chrome (where I don't have an ad-blocker, so I can see material behind an ad-blocker-blocker), not Firefox (which *does* have an ad-blocker).

21/

Chuck Munson Feb 24, 2023

@pluralistic Thank you for writing about this! Google scrapes information from restaurant websites and it is often incorrect or impossible to update. As a freelance web developer, this has stolen dozens of clients from me over the past two decades. I can't compete with Google. Sure, Google allows business owners to have Google Business Profiles, but does Google provide customer service? A Silicon Valley Tech Bro company providing customer service?

Chuck Munson Feb 24, 2023

@pluralistic There are also lots of local version of these restaurant verticals. Big headache for this freelance web developer. Fly-by-night local delivery apps who build shitty websites for restaurants as part of their "services."

Zlatin Zlatev ♣Feb 24, 2023

@pluralistic
I would call this Troll Bridge business model.

mark Feb 24, 2023

@pluralistic locking down a profit for physical work through technical means is the primary learning in every "digital transformation" degree

Jeremy B. Merrill Feb 24, 2023

@pluralistic don't forget Google also accepted ads for scam IRS websites with IRS.gov IN THE URL!

https://themarkup.org/google-the-giant/2021/05/13/ads-are-impersonating-government-websites-in-google-results-despite-ban

Ads Are Impersonating Government Websites in Google Results, Despite Ban – The Markup

The company pledged to eliminate ads for sites that charge hefty fees for otherwise free or inexpensive services—but they continue

Andreas K Feb 24, 2023

@pluralistic Sigh, and that's why adblocking is a cyber security measure.

In my case, I take it in multiple levels, blocking at the DNS level for the whole of our home (pihole), and again at the browser level.

Yes, irritating if the Google text ads in the search are visible and actually contain links to the correct site (“google search as a short cut”) because the links cannot resolve and I have to scroll down, but I can live with that.

Pyperkub Feb 24, 2023

@yacc143 @pluralistic use ddg

Dr Daniel, Photon Shepherd🇸🇪🇦🇺Feb 24, 2023

@yacc143 @pluralistic same. I occasionally consider white-listing some of the providers for that reason but never do. The added scrolling is a reasonable price to pay.

sbi Feb 25, 2023

@yacc143 You should fully read @pluralistic's thread before replying. He is not exactly a dummy and lists exactly why things went awry here. (The cheese analogy is almost perfect.)

My android phone runs a free Android version with a root-level ad-blocker, it's mostly Google-free, I use Firefox everywhere, and never use the Google search engine on any of my machines.
Do not feel safe that something like this could never happen to me? Not at all. 🤷‍♂️

Douglas Kilpatrick Feb 24, 2023

@pluralistic I've hit a similar one with a Pizza place near me. "Slice" camped a similar domain (credopizza (slice) vs. credopizzeria (legit)) and middle-manned it. Google put the fake domain in the business's record.

Google has "you can report bad info", WHICH I DID, which the owner did. And they just didn't fix it. They need you to basically prove it with a photo of store merc w/ their URL on it. Logos / street view / nothing else works... so they profit from the mistake.

Gabriel Pettier Feb 24, 2023

@kilpatds @pluralistic there are companies whose whole business model is to push info to google map, i used to work for one (in France), our clients where legit businesses that wanted to ensure the info was correct and up to date, and indeed, not taken over by people redirecting unsuspecting clients to their business. I'm sure there is also people specializing on the opposite, taking over unmaintained google pages.

Matt Diamond Feb 24, 2023

@kilpatds @pluralistic At some point one of these campers will fool another, leading to multiple layers of scammers, each taking a cut before forwarding the customer’s order.

I’m guessing it’s happened at least once.

Steven Roose Feb 24, 2023

@pluralistic Wait, the intermediate website actually took your money and made the order? How is that a "scam"? That's exactly the business model of companies like Takeaway.com and UberEats.. Connecting consumers with businesses and charging markup..

Also kinda sucks they canceled the order without consulting you.. Now you have ti pay twice for your food and have to deal with canceling the original payment :/

sbi Feb 25, 2023

@stevenroose Thank you for advertising so clearly that you want to be blocked. Request granted.

John Deters Feb 24, 2023

@pluralistic Thanks Cory! I couldn't understand why you were seeing such a volume of "you should have" responses on Twitter. I take similar precautions to the ones you listed, and also make the occasional mistake. When it happens I feel extra-suckered as a result, and pangs of empathy for people who aren't technical enough to defend themselves the same way (and must hit these more often.)

And it's super frustrating to discover enshittification has been blocking the cure all along.

Kat the Leopardess Feb 24, 2023

@targetdrone @pluralistic Not saying that mastodon is at all immune from people having a superiority complex, or punching down, or kicking somebody when they're down but .... it's interesting to compare the response between Twitter and the Fediverse

The fact Cory got scammed is just a reminder of how many misleading things we netizens have to combat every day. We all need to have our wits about us and help people out if we spot the scam/hustle before they do.

John Deters Feb 24, 2023

@Catwoman69y2k @pluralistic Exactly! If you have the privilege of an education or experience, adopt your circle of friends and family and help them protect themselves.

If you can't handle the altruism, think of it selfishly as "at least I won't have to help them clean up after they get scammed."

Philip Moscovitch Feb 24, 2023

@pluralistic The victim blaming really is about feeling superior and not wanting to accept everyone is vulnerable. You see this a lot with respect to health and disability too.

Chuck Munson Feb 24, 2023

@pluralistic In 1998, several of us activists, developers, programmers, and technologists started a federated search engine project called Freesearch. It sadly didn't get off the ground because the tech stack wasn't there yet. Google wasn't on our radar (Alta Vista was the hot search tool) but we anticipated most of the problems coming with Big Search. I even published a prescient analysis in my zine that year about the dangers of walled corporate digital gardens.

Phil Thane ✅Feb 24, 2023

@pluralistic Today I searched (not on Google but StartPage which relays anonymised Google searches) for a car parts dealer giving just the name and town, no mention of the nature of the business. The top 2 results were adverts for national car part shop chains, the next were other car part shops and 5 was a Yell directory of car part shops. The one I wanted was 6th. So Google ran the search, found it, identified I was looking for car parts and decided to try to redirect me to a different company

Sharyl (she, her)Feb 24, 2023

@pluralistic That's a great painting

Aaron In Minnesota Feb 26, 2023

@pluralistic a worthwhile read