Steve Rudolfi1d ago

Welllllll this isn't great.

Google Just Patented The End Of Your Website

"...a system that evaluates your company’s landing page in real time and, if it decides the page won’t perform well enough for a specific user, replaces it with an AI-generated version assembled on the fly. The user never sees what your team built, they see what Google's machine learning model thinks they should see instead."

https://www.forbes.com/sites/joetoscano1/2026/03/06/google-just-patented-the-end-of-your-website

#SEO #Google #AI #enshittification

Google Just Patented The End Of Your Website

A newly granted Google patent could let the search giant replace your brand's landing page with an AI-generated version you have no control over and only your buyers see.

Forbes
Show threadSteve Rudolfi1d ago
More. But definitely go read the full article.
Show threadf*cking b*tch club1d ago

@SteveRudolfi I read it and I’m not sure I understand: can they do this to ANY website? like a .gov website as well as Aunt May’s “mycutegrandkids.com” website?

imagine the Mayo Clinic’s site being taken over and re-assembled with whatever google thinks you wanted to find for medical advice…..

Show threadErik van Straten1d ago

@grammasaurus : if I understand the patent correctly, the content seen by a user in their browser will not for 100% originate from your website given its domain name.

However, Google may let their Chrome browser show your domain name in the address bar and even suggest that a server-authenticated and encrypted valid https connection is being used (proving the authenticity of your website, which is then fully broken).

Google may even force other browser makers (such as Mozilla, sponsored by Google) to do the same.

@SteveRudolfi

#Authenticity #Authentic #MitM #AitM #GoogleIsEvil #BigTechIsEvil #TLSisBroken #httpsIsBroken #httpsIsNoLongerE2EE #E2EE

Show threadPete Alex Harris🦡🕸️🌲/∞🪐∫

@ErikvanStraten @grammasaurus @SteveRudolfi

How does this work with https? To show different content claiming to be the web site you searched for, they need to persuade your browser that the proxy they redirected it to is the real thing, which is a man-in-the-middle attack, presumably exactly the kind of thing https is designed to prevent.

11:33amWeb
Show threadRobin Adams11h ago
@petealexharris @ErikvanStraten @grammasaurus @SteveRudolfi The idea is not that they redirect requests to your URL. They want to show a link in their search results to a page dynamically generated by AI, above (or maybe: instead of) the link to your URL.
Show threadPete Alex Harris🦡🕸️🌲/∞🪐∫10h ago

@robinadams @ErikvanStraten @grammasaurus @SteveRudolfi

Which coopts whatever fraction of searches are directed only to finding some information, but not interacting with it or using an online service.

Websites that earn revenue by selling ads alongside content will suffer, but Google devoured that business model years ago. Sites for getting the info out about an actual thing you can buy from them, less so, if that info is still in Google's fake page.

It's scummy, but in a petty way.

Show threadErik van Straten10h ago

@robinadams : I hope that it's limited to that (your browser's address bar reads https:⧸⧸google.com).

But space for search results is limited. So my speculation is that if you click the search result in order to open the actual website, you _still_ get to see AI-manipulated content.

Once Chrome reads https:⧸⧸example.com in its address bar while the page shows altered content of said website, this means that Google FULLY destroyed TLS.

Note: "Google Trust Services" (and others) already partially breaks TLS by handing out DV certificates to Cloudflare proxy servers. You DO NOT have an E2EE connection to the actual website, proven by https://todon.nl/@ErikvanStraten/116263229585961944 (Dutch text, tap translate for English).

Summarizing: your browser has an E2EE connection with a Cloudflare server. Cloudflare can always see and manipulate anything you think you exchange with the actual website. They can read your passwords and hijack any of your accounts even if WebAuthn (FIDO2 hardware key or passkey) is used to log in.

Google already broke https years ago - to prevent ISP's from altering ads or inserting fake clicks on ads. Let's Encrypt was never meant to protect YOU. #DVsucks

@petealexharris @grammasaurus @SteveRudolfi

#TLSisBroken #httpsIsBroken #Authenticity #GoogleIsEvil #CloudflareIsEvil #BigTechIsEvil

Show threadErik van Straten9h ago

@robinadams : OTOH, if you click on a search result, Google could also send your browser to a runtime generated webpage, like Google Transate does.

For example, if I enter (I've replaced // by Unicode ⧸⧸ to prevent Mastodon from shortening the URLs and hiding "https://"):

🔗 https:⧸⧸www.security.nl/posting/929685/FCC+verbiedt+verkoop+van+nieuwe+routers+van+buitenlandse+fabrikanten+in+VS

into

🔗 https:⧸⧸translate.google.com/?sl=nl&tl=en&op=websites

the eventual URL turns into:

🔗 https:⧸⧸www-security-nl.translate.goog/posting/929685/FCC+verbiedt+verkoop+van+nieuwe+routers+van+buitenlandse+fabrikanten+in+VS?_x_tr_sl=en&_x_tr_tl=nl&_x_tr_hl=en&_x_tr_pto=wapp

In case of AI manipulation, such a link could read, for example,

🔗 https:⧸⧸www-security-nl.ai.goog/posting/929685/FCC+verbiedt+verkoop+van+nieuwe+routers+van+buitenlandse+fabrikanten+in+VS

Nomalizing this will result in even more people to fall for #phishing (replacing dots by dashes). The only thing reasonably trustworthy, the domain name of a website, becomes even more messy.

Apart from the fact that Google may charge websites for this "service" and/or insert their own ads.

@petealexharris @grammasaurus @SteveRudolfi

#DVsucks #GoogleIsEvil #LetsEncryptIsEvil #TLSisBroken #httpsIsBroken #E2EE #E2EEisBroken #DomainNamesSuck

Show thread🇺🇦 haxadecimal 🚫👑4h ago
@petealexharris @ErikvanStraten @grammasaurus @SteveRudolfi
Google has control of the browser, for a huge percentage of users. Why did you think they got into browsers? Might not have been with this specifically in mind, but certainly it was to get them more control over what users see, and this is definitely doing it.