Google AdSense: Banned for Life?
Back when I was a 19 year-old college student and still living with my parents, I was really enthusiastic about video games. So much, in fact, that I felt the need to create a clan, website and all. At the time, we went by the name “Infamous Butchers”, also known as Team IB. Yeah, I was pretty serious about it… it all seems somewhat silly today.
After a while, I decided I would put advertisements on the website, in an effort to support the team. Naturally, I looked to the most recommended service, AdSense, as offered by Google. I signed up, and despite how small the site was, I received a confirmation e-mail a couple days later. Shortly thereafter, I had the advertisements working as expected, and for a while, all was well.
Photo by Pål Berge.
At a certain point, a teammate decided to start paying for a game server that the team could use to practice regularly, and was doing so out of his own pocket. In an effort to support him, I told my fellow teammates to click on the ads, as this would help generate revenue. Now, in case you’re not aware, this is known as click fraud, and is a very serious breach of the AdSense Terms and Conditions. When instructing my teammates to do this, I never really stopped to think about the legality or ethics of my request. My friends just went along and said they’d click every now and then, and none of them questioned my approach.
In addition to telling friends to click, I also violated another core AdSense rule - never click on your own ads. While I originally was in compliance of this rule, I did find myself in one specific situation where I reasoned that yes, the content being displayed in the ad was indeed relevant to me. I was looking for an alternate company to host our game server, and sure enough, the ad was talking about just that. I only did this once, as far as I can remember.
Photo by Jason Cheung.
Approximately two weeks later, my earnings had reached a ludicrous sum of 100$, but still I failed to grasp that I was doing something very, very wrong. I remember at least two distinct moments where my friends told me they had been clicking, but I do not recall when, or how many times they clicked. It wasn’t long until I received an e-mail from Google, letting me know that I had been banned from AdSense. My initial feeling was that I let my team down, to a significant degree. As an extension of the shame I felt, I tried to reply to Google in an effort to salvage the account, and in turn, retain the possibility of earning legitimate clicks. I obviously wasn’t thinking clearly, because what I had done was a very serious offense… I was just blind to it at that moment, obsessed with my team, and how I failed to support them.
Despite my replies, the Google AdSense team informed that they were sure of their decision, eventually leading me to accept the truth. Their words had shaken some sense into me, and I began to feel greater shame towards what I had done with my AdSense account. Not only was I extremely wrong in doing what I did, I also managed to destroy a potential business relationship with Google, very early on, and on my primary Google account no-less. As a long time fan and supporter of Google, I was left with a shame so poignant that it stuck with me through the years – a dark cloud, always reminding me of that time where I really screwed up.
Photo by Dan DeLuca.
Years later, after having worked as a software developer for three years, I tried signing up to Google AdSense using another one of my Google accounts. To my surprise, they accepted my application, regardless of the fact that I had the same name as before. I was able to successfully place Google AdSense ads on my page, but then started to doubt whether this was in respect of Google’s rules. Sure enough, after reading their documentation – it became clear that if I was banned before, I should never try to apply again. It wasn’t just my account that was banned, it was me – and anything associated to me – as brutal as that sounds. Creating another account might work – but as long as I’m the same publisher as before, they could ban the account if they figured that out. To respect their rules, I quickly removed all ads from my site, and decided it might be time to contact Google. After all, I made the mistakes in my youth, and hoped this would factor into my appeal. I explained the tale to the best of my recollection; however, I still could not bring myself to admit that I had, in fact, been the root cause of the whole disaster. It was my words that lead at least two of my friends to click on my ads, and though I regretted my part deeply, I felt too embarrassed to admit it. Despite my appeal, Google still stuck to their response that they needed to protect their advertisers, and I would be a threat.
Though disappointed, I agreed with the reasoning behind their refusal. Why would they take the risk of allowing a banned user when the potential for income is probably far less than the monitoring fees? I could relate to them, and despite all my self-directed anger, I was once more convinced that I would need to live without Google AdSense, as much as that bothered me. That was roughly two years ago, and today, with more than five years of software development experience, I still feel like I shot myself in the foot very early on. Google AdSense seems to be the best pay-per-click advertising solution, one which allows even the smallest independent publisher to earn some profit back from their content. While I managed to find decent alternatives for websites, I still have difficulty digesting that I can never work with Google.
The whole experience has left me paranoid about pay-per-click advertising. For example, with one provider, I once accidentally clicked an ad on my blog, while I was browsing on my phone. I immediately figured out what my IP was, sent it to their the support team, explaining that I accidentally clicked, and they should not include the click towards my profit. They thanked me for being proactive, but warned that if it happened too many times, they would not be able to serve ads on my site. It’s unfortunate that I had to get banned by Google to understand the severity of click fraud, which, it turns out, is quite clearly explained in Google’s documentation:
Invalid Clicks and Impressions
Publishers may not click their own ads or use any means to inflate impressions and/or clicks artificially, including manual methods.
Encouraging Clicks
Publishers may not ask others to click their ads or use deceptive implementation methods to obtain clicks. This includes, but is not limited to, offering compensation to users for viewing ads or performing searches, promising to raise money for third parties for such behaviour or placing images next to individual ads.
Photo by Luigi Caterino.
So, was I blind? Was my young mind so obsessed with games that it even failed to understand the importance of the legal agreement that had taken place? Yes, I believe so. Today, I still agree completely with the reasoning behind why Google banned me – I just have one question that I’d like to ask in the open, right here. How long must I pay for a mistake that I made in my youth? Youth, mind you, is not always as simple as above or below 18. When I was banned, I was 19, and though I was mature in many ways, my behavior towards AdSense was quite the opposite. Am I really so evil that I must never be allowed anywhere near Google AdSense, even when I’m 30, 40, or 50? Does additional life experience mean nothing once you’ve made such mistakes? It’s not like I shot a man and tried to get away with it – how could this ban truly be for life, when even a murderer might get to walk after enough years of jail time?
The way Google crafted their agreement, it is entirely possible that I will never be forgiven – they have reserved that possibility. I’ve come to a certain peace about this – I’ve had ads from another company for over a year, and I remain in good standing with them. Still, I can’t help but think back to how great Google AdSense was… and, at this point, all I want is to be put out of my misery. If I’m banned until the day of my death, with absolutely zero chance of getting my account back, fine. I’ll learn to live with that, I just really need it confirmed so I can move on. Otherwise, what can I do? Would Google be willing to grant me a probationary period, during which I could prove myself worthy of reinstatement? I would gladly cover any administrative fees related to monitoring my account, if that is a concern. In any case, with this last appeal, I hope to arrive at a conclusion: either the dark cloud is here to stay, or it will eventually give way to sunlight.
Will the Real Matt Refghi Please Stand Up?
Back in mid 2009, I discovered an unexpected shipping confirmation in my e-mail inbox. It was sent from my cellphone service provider, and was letting me know that the iPhone I ordered had been sent out to me. Thing is, I never ordered an iPhone, and though the confirmation showed my name, it was being shipped to another address, and was associated with another phone number. It didn’t take long for me to realize that this was identity theft.
Photo by Ken Banks, kiwanja.net.
I immediately called my provider, and realized that I would likely have problems authenticating with them. You see, the provider usually asked for two key items whenever I called: birth date, and postal code. Anticipating this, I first told the agent the situation, and he confirmed that the address and contact information on my account had been changed. Since I had the thief’s information as well, I was able to prove that I was legitimate, and the agent told me I’d have to call the fraud department, which was currently closed.
As a next step, I returned to the confirmation e-mail, and took note of the shipping information in there. It was being shipped by one specific package delivery company, and I had a tracking number. Seeing as it was late, I couldn’t call their hotline for help. Instead, I went ahead and sent an e-mail to their support, warning them that the package should not be delivered, as it was fraudulent. I realized that I would likely not hear back from them that night, but at least I knew I did something while waiting for the hotline to open the next morning.
The next day, I called my cell phone provider first, and spoke with their fraud department. From what they could tell, the thief simply managed to authenticate as me, providing my birth date and postal code. He then had them change the address and phone number on my account, likely after telling them he had moved. As a means of protecting my account from further break-ins, the provider offered to set up a password. I naturally agreed to this, but wondered why it wasn’t active by default.
Next in line was the delivery company, which I managed to reach by phone. The agent mentioned that the package was already in transit, and that she would notify the driver to abort the delivery. She seemed fairly confident that this would occur, so I was in a good position by the end of the call. Keep in mind, though, that I probably didn’t need to worry about the delivery, as the provider likely had insurance for such situations. My pursuit, at that point, was mainly for personal reasons – if I could stop the thief from succeeding, I would be much more satisfied.
Photo by KDavidClark.
Soon after completing the calls, I arrived at work, and told my boss the story. He naturally allowed me to deal with it from the office, rather than work. Since I had spoken to the delivery company and my cell phone provider, the next step was to call the police. I explained my story, and the officer told me someone would call me back to discuss it further. In the meantime, her advice was that I should activate a fraud alert on my credit line, which I went ahead and did immediately after the call. The alert would prevent anything from being charged to my name, effectively making a social security number a requirement in all large credit purchases. After activating the alerts, I went back to my desk, and tried to piece together how exactly I had been compromised. Within a few minutes, I had my answer.
To find my postal code, the thief probably just ran a WHOIS against my domain. At the time, I had multiple domains, and each one had been registered using my full name, address, and phone number. Domain registrations are public records, and though it’s a security concern, the contact information is needed to prove ownership. While this isn’t immediately visible to everyone, with the right tools, one can access that information. As an example, visit this website, and enter “microsoft.com” in the WHOIS box. Press “WHOIS >>” when ready, and then scroll down to see the registration information. There are hosts that offer private registration, usually for an additional fee, but at the time, my host didn’t have the option.
Now, on the other hand, my birth date was a little less straight-forward. It was a coworker who initially found that my Amazon wishlist was available to the public, and it revealed my birth day and month. While the year wasn’t actually revealed, there are many sites where my current age is displayed. With that, the year can be deduced, and there you have it – the date of my birth, cracked.
With the security holes revealed, I decided to correct the easiest one – I disabled my Amazon wishlist. The domain problem would have to be addressed later, as it would likely require changing hosts, which was not a quick task. My next goal was to find out as much as I could about the thief, as I had his address and phone number. After some googling, I located the Facebook profile of the supposed culprit, which of course included his name. Unfortunately, I couldn’t determine if he was the actual thief, or a scapegoat, so I couldn’t act on this knowledge. The actual thief could simply have given that address with the intention of being there just in time to grab the delivery. So, instead of acting on it, I took notes, and awaited the police phone call.
Photo by Tim Pierce.
A few minutes later, I got word from the delivery company – they had successfully blocked the package, and it was being returned to the sender. With this news, I knew that I had blocked the thief – it was now simply a matter of bringing down the hammer of justice. Soon after, the police called back, and I explained my story once more. To my surprise, I was told that there was nothing they could do to locate the individual, despite the information I had collected. Apparently, the scam was fairly common, and the person doing it was most likely not the one at the address. The officer then explained that it would have been a different story if I hadn’t successfully blocked the delivery. Even then, I was told it would have taken the police department ONE YEAR to investigate such a theft. I left the call feeling less respect for the police, and seriously considered taking a vigilante approach.
Despite my disappointment in the police, the problem had been mostly resolved. I successfully prevented the thief from getting anything, and my accounts were now all protected. I had called all companies I did business with, and had them activate all optional security measures.
Two weeks after the incident, I received yet another e-mail, notifying me that my password had been reset on my account. I once again called my cellphone provider’s fraud department, and they helped me piece together what happened. The thief probably noticed he hadn’t received the iPhone, and tried to get that corrected by going to a store in person. When he couldn’t figure out the password that was being asked of him, he likely claimed he had forgotten it, and had the agent reset it. Since my account had the correct contact information, the new password was sent to my e-mail address. Since he couldn’t get into the account, and couldn’t check my e-mail, he was officially stuck, and the conflict finally came to an end…. I had won.
However stressful, the whole experience proved instrumental in improving my security on the web. No longer could I just casually open accounts everywhere, worry-free. I now had to be very conscious of how websites intended to use my data, otherwise, I could be leaving bits of information for thieves to exploit. I once wrote an article that explains how I would google my own e-mail address to see if it was visible to spammers. Well, the same approach can be used for other things – you can google your name, address, phone number, and see if it is exposed anywhere. Keeping in mind, of course, that after searching for anything sensitive, you should probably wipe your browser history, as well as your Google Web History, if you have that activated.
Beyond making sure that websites don’t expose too much information about me, I also try to avoid being specific in my posts. You likely noticed that I never mentioned who my cellphone provider was, and who the package delivery company was. I do this to make sure I’m not giving away details that can be used against me. I also exclude certain facts from my posts so that if my identity is ever in question, I have unique information that can set me apart from the thief. I do something similar with the images that I upload to this blog – if I spot anything even remotely sensitive, I’ll cover it up.
So, that’s my story, folks – hopefully my experience will prove useful in preventing similar attempts on others.
Detained While Reporting Spam in Livemocha
Ah, yes, Livemocha. If you haven’t heard, Livemocha is a site that allows you to learn languages with the help of a community. While it does offer exercises and quizzes that are similar to Rosetta Stone, the most powerful feature is the fact that other users review your submissions. That alone is worthy of a recommendation, so check it out if you haven’t already. The community support goes a long way towards motivating a person, and also ensures only native speakers of a language are the ones reviewing. This idea is a very powerful one, but unfortunately, the interface that they offer – the website – is flawed in many ways. Today, I’d like to share my experiences with one of these flaws, which, in my opinion, is a major usability issue.
Consider this Livemocha e-mail notification:
Alright, so “maxwevictor96″ sent me a message. The name is a bit weird, so I’m pretty sure it is spam – but there’s no way for me to read the message content from the inbox. If I click on the link, I’m forced to log into Livemocha before I’m allowed to see the content. Seeing as Livemocha also offers paid learning services, I can see why they might want us to log in as often as possible. After all, the more time we spend on the site, the more time we have to consider paying for advanced services. Of course, I’m just speculating – it’s possible they didn’t intentionally design it with that in mind.
Anyway, provided I do log in, I’m brought to the message:
So, yeah, definitely spam, and it’s up to me to either flag it, or ignore it completely. In an effort to improve the services that I use, I usually go out of my way to flag spam. Notice the Report abuse button on the left? Seems clear enough, so let’s click that.
A gray overlay appears over the site, and after about 2 seconds of loading, the above dialog appears. So far, I can’t really complain – apart from the long load time. The form seems pretty standard, so I select Spam from the Category dropdown, and click Submit.
Instead of the dialog disappearing, an error message appears, telling me that the “Message cannot be blank“. Apparently, saying the e-mail is spam is not enough. I actually have to type something in the comments box… but what do they want me to enter at this point? The first few times, I wrote “This is spam”, what else do they expect? Seems to me that the form should not require comments if you’re simply flagging spam. After doing this on many separate occasions, and cursing at the unknown designer that came up with this process, I actually caught myself adding random characters to the Comments textbox, just so I could submit quickly. In other words, I spammed the report spam feature, to save time - all because of this bizarre design choice. It reminds me of the Windows Server 2003 dialog that appears whenever you boot, where you have to explain why the machine was taken offline. Sure, it can be useful in specific environments, but for a simple test machine – I really don’t care when it goes offline, so I learned to enter random garbage into that textbox just to get past it. Funny how design choices can turn well-intentioned users into annoyed pseudo-spammers.
Anyway, provided you spend time entering something in the comments box, you can successfully click Submit. Then, this message appears:
"Thanks for helping us keep Livemocha clean. Your Abuse Report has been submitted successfully. (This form will close automatically in 5 seconds.)"
I get thanked for keeping Livemocha clean, and it tells me my report has been submitted successfully. Okay, fine – then I’m told the dialog will disappear in 5 seconds, so I don’t need to do anything. They offer a small close button, but it’s far enough away from where my mouse cursor is (after clicking Submit) that I never actually felt like it was worth it to try and close the window early. If at least they would count clicks outside the dialog, I could hide it immediately by clicking the gray zone. But no, instead, I’m subject to time-limited target practice – if I can click the little Close button quick enough, I can save maybe 2-3 seconds. That, or sit idly and let the 5 seconds elapse – after all, once you’ve read the message one time, there’s really no value in re-reading it.
So why do you feel the need to waste my time, Livemocha? I lose 2 seconds waiting for the dialog to appear, then I have to select Spam, enter redundant information in the comments box, click Submit, and then wait 5 more seconds. I have a suggestion, guys – how about a Report Spam button with no questions asked?
Update: I posted a feature request on LiveMocha’s feedback site.
Distraction-Free Writing in WordPress 3.2
As a fan of WordPress, as soon as 3.2 was released, I found myself reading the changelog. While doing so, I noticed a very intriguing feature addition:
Start writing your first post in our redesigned post editor and venture to the full-screen button in the editing toolbar to enter the new distraction-free writing or zen mode, my personal favorite feature of the release
Zen mode? Distraction-free writing? Sounded good, so I proceeded to update all my WordPress installations. To fully impress upon you how significant of a feature it is, here’s what the typical WordPress WYSIWYG editor looks like:
It’s a full-featured page, that’s for sure – but it also has quite a lot of controls surrounding it. The text editor itself loses some screen space to these controls, even vertically – requiring a scrollbar. I often find myself resizing the editor by dragging the bottom right corner, until I have the maximum vertical space available to me. While this works, WordPress does not actually remember my preferences, forcing me to manually resize whenever I’m working on a post.
Now, with all that said, take a look at full-screen mode:
Full-screen mode is a highly simplified version of the regular WordPress editor. All you really have is the toolbar at the top, subtle outlines of your title and content sections, and a lot of free space.
Then, two seconds later:
The controls disappear, making it so only the content is visible. When this originally happened, it was a bit of a shock to me, as I realized that having the full WordPress interface around the content (as I typed) gave me some re-assurance. It kept telling me when it auto-saved, the word count, stuff like that. But in this new mode, I seemed to be on my own – what if I accidentally navigated away? I barely felt like I was in WordPress anymore – it almost looked like completely different application. It’s at this point that I tweeted a message to @wordpress:
@wordpress Good job guys, I really like the new dashboard design. Full-screen editor will take some getting used to, though – but it’s nice.
After writing that, I stepped away from the editor, and only returned to it a few days later – when it was time to write a blog post. It’s at that point that began to see how useful it was. The toolbar appears whenever you hover your mouse towards the top of the page, no matter how much you’ve scrolled. The same cannot be said about the regular editing mode, so this is a definite improvement. If I accidentally press Back in my browser, I get the usual warning that I might lose information – and I can cancel it. So, there’s really no need to worry about navigating away.
The other features I mentioned, namely, the auto-saving and the word count, are still accessible from this new editor. You can save whenever you want by making the toolbar appear, and click Save. I’m not sure it actually saves automatically, but I find it instinctual to save manually, so at least for now, this isn’t a problem. The word count can be found at the bottom of the page, right after the content. It’s at that location that you can also see a slogan, which says, quite simply, “Just write.” I really like this, as I feel it truly sums up the spirit of this new feature – it is meant to block out all excess interface noise, and let you write, distraction-free.
At this point in time, I exclusively use the full-screen editor when working on my posts. It’s a very refreshing feeling, having just my content to work with – and I commend the WordPress devs for adding such a feature.