Alf, surely there's more to this story than "transparently hit every Google Ad that's fed to me," right?

Maybe this is some form of pro-Google activism--if everyone uses this, then everyone hosting Google Ads will have their revenues go through the roof, thus driving GOOG (and thus the world economy) into a new Golden Age of commerce?

Or maybe there's some obvious reason why these preloads wouldn't be counted by Google as hits, and I'm just missing it. Yea, that's got to be the answer.

All of those things, probably, and some more.

It does fetch all the Google ads, and I'm not sure who that would benefit. I don't think there's a way to distinguish these from actual requests, apart from multiple links being followed close together.

It's mildly amusing that the people who made this possible (Greasemonkey, Firefox) are mostly working for Google. It was supposed to use rel="prefetch" to show that that wasn't necessarily a good idea (as Google have it in their search results), but I couldn't get it to work properly that way (now it just uses XMLHttpRequest).

It was also supposed to be a way to support sites that have ads without having to actually look at them, but then I found that Adblock never actually loads the ads (unless you set it to 'hide' rather than 'remove') so it can't follow the links.

OK, I figured that there was an interesting explanation. 8^)

Well, please correct me if I'm wrong, but I'm under the impression that you're not doing advertisers any favors with this tool. They pay only when their ads are hit, and this hits their ads - and so costs them money - even when there isn't necessarily any interest in whatever it is they're advertising.

Re your observation that "It's mildly amusing that the people who made this possible (Greasemonkey, Firefox) are mostly working for Google." I would submit that Google's advertisers may not be quite so amused!

Cf. the recent (April 6, 2005) WSJ story "In 'Click Fraud,' Web Outfits Have A Costly Problem:" http://online.wsj.com/article/0,,SB111275037030799121-email,00.html

This is a "must read" for those interested in this tool - among others.

Quote: "Click fraud is 'the biggest threat to the Internet economy,' Google's chief financial officer, George Reyes, said during a December investors conference. 'Something has to be done about this really, really quickly, because potentially it threatens our business model.'"

(NB how a threat to Google's business model is synonymous with "the biggest threat to the Internet economy(!)" Now *that's* kind of amusing....)

It's possible that the tool gets the url displayed at the bottom of the ad and prefetches it that way. This wouldn't result in a click-thru being counted for the ad.

Actually, it could do either, couldn't it? Click-thru, or not, at the programmer's discretion?...

Assuming this is correct, I am curious, Alf, which route you chose to go???...

(Are you long GOOG, or short?!...)

I sorted out that the ads "clicked" by the script do not count as clicked ads --> they do not generate any revenues.

Try again now - I've altered the script slightly.

"they do not generate any revenues." - Don't they? I think they do. The script calls a HTTP GET on the href attribute which points to the google counting script.

I have just tested this script using LiveHTTPHeaders and I can confirm that it *does* count the ads for revenue. This is click fraud, I am afraid.

@ Matthew Weymar

Well Google themselves were the biggest offenders when it comes to click fraud and costing web developers money:

http://www.geeknewscentral.com/archives/004260.html

This tool if used on mass would sure show them how it feels. Although I won't be using it myself.

I do not know how to make trackbacks to this post, so here it is: http://guti.bitacoras.com/index.php?entry=entry050617-173550

Anybody here knows of a similar feature compatible with Opera?

That would depend on whether Opera's userscripts can do cross-domain XMLHttpRequest, and I don't think they can.

I have done some preliminar tests, and Opera does not report any JS nor security error while trying to connect, even in cross-domain.

I will do more research, and if successful, will release an Opera port of your script.

Regards.

This is a malicious script. It will undermine the google adsense program and cost advertisers extra money and may cost some publisher's their adsense accounts for click fraud. Google will likely find a way to get around this, but really such a tool is not necessary and there are more constructive ways to poke fun at the web accelerator prefetching fiasco... IMO...

did you look at the script? how could something so simple be so bad? it just opens all the links on a page.... big deal.... if google's (or any else for that matter) entire well-being is based on the hope that people wont be able to run a script that opens all the links on a page they can, i would suggest a different business model.

If you want to be doing a true prefetch, then you should be including the X-moz: prefetch header as this Mozilla FAQ describes (Google Web Accelerator does this too):

http://www.mozilla.org/projects/netlib/Link_Prefetching_FAQ.html#As_a_server_admin_can_I_distinguish

This allows Google (and other sites in general) to distinguish between regular requests and pre-fetched ones, treat them accordingly (in this case, not count them as ad clicks).

Mihai: adding prefetch links dynamically once the page has loaded doesn't seem to work. It was the first thing I tried.

That's not what I meant. You can do your own "prefetching" with GM_xmlhttpRequest. However, when you specify what headers should be sent along with the request, you should include "X-moz: prefetch" (along with Referrer, which you already specify). By identifying your request as a prefetch, you are following web standards, like Mozilla and GWA are.

I could include 'X-moz: prefetch' in the headers, but while using GM_xmlhttpRequest it's not actually a prefetch, so that would be misleading. As is the title of this post.

I was merely trying to point out the difference between your script (malicious) and Google's applications (designed to at least allow web sites a way out).

You're right. Here's an alternative version of the script that adds the X-Moz: prefetch header: http://hublog.hubmed.org/files/google_ad_pretend_to_prefetch.user.js

Let me point out that this is definately click fraud. Further, this is easily detected and Google could code around it. Multiple near simultaneous hits from the same session over and over, with no misses. No threat to Google, but still, it's click fraud.

Good point. Here's an alternative version that fetches just one link after a random amount of time: http://hublog.hubmed.org/files/google_ad_random_fetch.user.js

haha. thanks for the improved version alf

Very amusing.

What exactly is 'click fraud'? Some people seem to be quite serious about it. But I don't get it.

Isn't this my computer and I can tell to send to the internet whatever request I like? How could that be 'fraud'. And how does it involve 'click'ing?

Puzzled.

Click fraud is when you click on an advertisement and then don't buy anything.

Wait, no, it's when you click on an advertisement without intending to buy anything in the first place.

No, that's not right, it's when you use a script to consolidate advertisements so you can do comparison shopping.

No, maybe it's when someone in India clicks on an advertisement.

Maybe click fraud is when a web proxy serves up the ad from its cache, so that the advertiser isn't forced to pay for bandwidth.

Besides, we all know from the dot-com era that the only thing that counts is eyeballs. We should be worrying about eyeball fraud instead.

Click fraud is when you click on an advertising link in order to make money. Google Content Blocker could be very helpful in that respect: http://j-walk.com/other/googlecb/ (apart from the making money bit).

"Click fraud is when you click on an advertising link in order to make money."- alf

Click fraud is also clicking on an advertising link to cause another to lose money.

This script costs money to each website that this script fraudelently clicks to. There is no white hat in this scenario, this is just kiddy script fraud.

Alf, the change you made, makes it even more obvious that this is click fraud. That is, you've obfuscated the algorithm solely to trick Google, to prevent detection of your script. At this point, I'd suggest you are crossing the line and you are risking legal action. Don't think of this as a threat on my part, I have nothing todo with Google. I'm just trying to minimize the damage here.

this script no longer works.

See my click fraud article - http://www.MakeEasyMoneyWithGoogle.com/click-fraud.html - for more about the click fraud problem.

Given that I had Google close my Adsense account for no reason, accusing me of click fraud (I did nothing!) with no details or proof, and stole the $4000 they owed me for my next check, I like this script.

The fact that someone else fraudently clicking ads on my site is somehow my fault is insane.

I have installed this script on my computer, my friends, my families, my schools, and will any computer I get my hands on.

Google's "guilty with no way to prove innocence" stance is a slap in the face, and as far as "dont be evil" as you can be.

Anything that causes them to change the way they are managing adsense is a good thing.

Omfg! I am going to click on a link that they put in my face! Ya! I'm going to click on it! Omg wow! That is very fraudulant of me huh??? *SARCASM*

LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL THIS IS SO DAMN FUNNY AND BULLSHITY

https://bugzilla.mozilla.org/show_bug.cgi?id=309776

Goto Google. Search for 'selinux'.

You now have a Cookie from NSA.gov, and your Firefox browser has downloaded http://www.NSA.gov. Nice implementations of privacy Firefox team. Good job.

Yeah! You are all criminals! If you click on an ad link, you MUST LOOK AT WHERE IT TOOK YOU! Otherwise you are BREAKING THE LAW!

Actually not. People who pay for google ads also pay for my dick.

SPEND $55 PER MONTH EARN $1336 PER MONTH WITHOUT WORK

Description : 100% legal company New way to earn money without work.
Just participate in business with paying $55 per month
and earn $1336 every month. Just lauched join first to
get top position to earn early.

Click Fraud is a term for violating Google's AdSense program's EULA--not like credit card fraud that sends you to jail. Its ONLY fraud If you are the person hosting the ads and intentially clicking on advertisers to force a few pennies to go into your Adsense account. If they suspect you are, they close your account and return the money to the advertisers.

The primary way Google tries to enforce this is monitoring clicks per IP address. For instance the IP you used to sign up for the account will NEVER log clicks. Enough clicks from a single IP and they stop counting any further clicks from the IP. Running this yourself and plugging away at your own ads from a remote probably wont earn you much more than 5 bucks per day, and before they cut your check will likely close your account if your IP accounts for 90% of those clicks.

What you could try is creating a networked ring of our PCs in which we are all willing to run a web crawling like script in the background (similiar to scripts that scrape email addresses I'd imagine). Each person operating an AdSense hosted website can add their's to the master crawling index and reap the rewards of hundreds or thousands of IPs tapping their AdSense ads.

It probably wouldn't take long for Google to figure out a pattern there.... but, worse case scenerio they close your AdSense account or try to sue thousands of people. If your site is hosted in some 3rd world tho, they might not be able to hold you accountable.

It wouldn't surprise me if some strategically marketed SpyWare couldn't accomplish this even BETTER on loads of unsuspecting and random IPs. That would probably be untrackable for a long time.

That's all just my theory. But I know for a fact people are getting away with it. I'd never do any such thing of course, right... Google? I know you have this comment indexed >:)

Hi,

For the geeks amongst you, I thought of a way of adbusting googles advertising.

In my theory it should work, it just needs some whizzkid to implement, see the idea at http://wordpress.org/extend/ideas/topic.php?id=1935

the difference is that it doesnt need peoples browser, because it could be embedded in blogs etc, and everyone visiting those pages would be "clicking" google ads. Thus there would be a totally more random pool of ip addresses, which would be harder for google to filter out!!

Maybe if you vote for the idea, the Worpress techies will start considering it...