Feeds

Google typosquat cash pegged at $497m per year

Harvard boffins probe 'mispelled' domains

SANS - Survey on application security programs

Google may earn as much as $497m a year from typosquatters, according to a study from Harvard professor and noted Mountain View critic Ben Edelman.

In a study first presented late last month at the Financial Security and Data Cryptography conference in Tenerife, Spain, Edelman and fellow Harvard researcher Tyler Moore estimate that at least 938,000 domains are typosquatting on the top 3,264 ".com" websites, waiting for unsuspecting web users to mistype or misspell a url. And 57 per cent of these "mispelled" domains, they say, include Google pay-per-click ads.

Google offers a service known as "AdSense for Domains," which is specifically designed to enable so-called "parked domains" - domains that do little more than serve ads. Mountain View's terms of service prohibit trademark violations - which includes typosquatting, a practice that goes against US law - and the company says it will remove violating domains if it finds them or is "made aware of" them.

But despite this policy, Edelman and Moore contend that Google is harboring thousands of these domains - and pocketing some serious revenue as a result. After crawling more than 285,000 typo domains to analyze their revenue sources, they found that around 80 per cent were supported by pay-per-click ads, and it's no surprise that Google ads were by far the most prevalent.

Pulling in traffic data from Alexa - and extrapolating their numbers across the top 100,000 sites - the Harvard pair estimate that typosquatting domains receive at least 68.2 million hits a day. "If these typo domains were treated as a single website, that site would be ranked by Alexa as the 10th most popular website in the world," they write, "It would be more popular, in unique daily visitors, than Twitter.com, Myspace.com, or Amazon.com."

Google doen't disclose revenues from AdSense for Domains, but Edelman and Moore use third-party studies to estimate that Google's average revenue per mispelled domain visit is around 3.5 cents. With their crawls indicating that Google ads are used on about 57 per cent of typo domains, they say that Mountain View is pulling in about $497m from ad partners typosquatting on the top 100,000 websites.

They also say that of the typo domains showing Google ads, 63 per cent are using one of just five advertising IDs. In other words, the practice could be significantly reduced by knocking out just five ad accounts.

Ben Edelman is among the team of lawyers that filed a class action suit against Google in June 2007, accusing the ad broker of violating the 1999 Anti-Cybersquatting Consumer Protection Act (ACPA). The law prohibits anyone from "registering or using" domains misleadingly similar to a trademark or famous name. ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.