YouTube has been plagued by malicious adverts in recent months.

Here, while watching a BBC News video, there is an ad for life insurance. Hold judgement — the most intriguing part is that this is an ad placed by Yahoo that takes you to their search engine. It shows you a page of results, with more sponsored listings — this time from Yahoo. The ads are for Direct Line and Money Supermarket.

example 1

example 2

The world of search advertising is so valuable that organisations and actors will do whatever they can to get a piece of the pie from Google and take a sip of their dominance in online advertising.

We are increasingly seeing ads on Google Search that take you to other search engines (or sites that look like them) so they can earn revenue from ad impressions and clicks. And on these pages are often ads for other search engines (often sites they also control) — perpetuating a chain of ads, views and clicks.

It looks like a long chain of revenue opportunities for site operators. But in so doing, it establishes bad practices for the ad industry. Most of all, it’s not good for consumers because they’re not getting the result they want — they’re following the chain without necessarily knowing what’s going on.

It looks suspiciously like a convoluted quasi pyramid scheme adapted for the web, that exploits online advertising and the insatiable vicious demand for clicks. Views are money. Clicks are money. Attention is everything.

This is a dangerous dark pattern. It’s time to break the chain. Online adverts for queries mustn’t lead to search engines.

In the next example, an arguably more surprising and head-scratching set of bad ads.

When searching for Google Lens on YouTube, the first result is an ad. The ad takes you to a third party site to download and install Google Lens, not through the official app distribution system of Google Play or the Apple App Store. YouTube is owned and operated by Google.

On another search, another ad to download Google Lens, with a different provider this time — APK Empire. They claim that it offers free and fast downloads, with no signups. This may be yet more tempting for users, because users generally dislike setting up new accounts. But this is misguided because their Android device or Apple device requires an account to download apps officially, and should already be set up — so there’s no pain or hassle with official distribution platforms as they suggest.

example 3

example 4

example 5

You would have thought that Google would protect their brand and properties more than anything else. It beggars belief that malicious ads targeting their brand manage to appear on their platforms.

Some might think, well if Google has allowed this, then it must be safe. The thinking goes: why would Google allow me to download one of their own apps through a malicious provider, when I’m on YouTube, a Google site.

Google are not explicitly allowing this, but they are not aware of it, and cannot keep up. They are too entrenched in a reactive model, and they are not proactive enough.

YouTube and Google shouldn’t allow app ads that suggest users use alternative distribution platforms, rather than official platforms like the Apple App Store or Google Play.

This example shows a query for Microsoft Windows Search. There is an ad for home windows installation — irrelevant but not malicious.

More importantly, an ad underneath claims to offer Windows 11 Pro CD Keys (licence activation codes) for a low price (£11.98). The regular price offered by Microsoft is £219.99. The ad site is "cjs-cdkeys·com". CJS CD Keys has mixed recent reviews and it is questionable that this is a legitimate business activity. Microsoft would not offer such a saving (~95% discount) to a customer for a single licence. It is also an irrelevant ad — the query was not for Windows licences; it was for a particular product, Windows Search.

example 6

This shows a pattern of problems at YouTube. YouTube’s trust and safety checks are insufficient. It is easy to place an ad, no matter the relevance or reputation. YouTube and Google operate on a mostly reactive model of protection — and this is broken for the web.