Google keyword `brew` points to a malicious site with false Homebrew install instructions

[sastorsl]

• your problem was from running the official install or uninstall script?
• you carefully read the output and it was not a git fetch or other connection issue to GitHub (that Homebrew has no control over)?
• after installation: ran brew config and brew doctor and included their output with your issue? If you couldn't install: provided your OS version with the output of your issue?

What you were trying to do (and why)

Searched brew on Google search https://www.google.com/search?q=brew&oq=brew

What happened (include command output)

Got a Sponsored result at the very top pointing to a site at evernote.com, which in turn had, as far as I could tell, a malicious, base64 encoded string pointing to a site and IP-address which most definitely did not point to Homebrew.

I will not paste the contents directly so as not to propagate the malicious info further, but I have saved it (screenshot) and can share in a PM with a maintainer in this project.

Command output

What you expected to happen

Expected to either get a search result for Homebrew or as often happens at least some beer brewing site...

Not sure if you have any viable action, but perhaps Google will listen to reason if you approach them and remove the result from their search.

Step-by-step reproduction instructions (by running brew commands)

Google search, see link above.

[SMillerDev]

Not sure if you have any viable action, but perhaps Google will listen to reason if you approach them and remove the result from their search.

Would be nice if they would, but this keeps happening

[foxx99612-cloud]

• your problem was from running the official install or uninstall script?[ ] you carefully read the output and it was not a git fetch or other connection issue to GitHub (that Homebrew has no control over)?[ ] after installation: ran brew config and brew doctor and included their output with your issue? If you couldn't install: provided your OS version with the output of your issue?

What you were trying to do (and why)

Searched brew on Google search https://www.google.com/search?q=brew&oq=brew

What happened (include command output)

Got a Sponsored result at the very top pointing to a site at evernote.com, which in turn had, as far as I could tell, a malicious, base64 encoded string pointing to a site and IP-address which most definitely did not point to Homebrew.

I will not paste the contents directly so as not to propagate the malicious info further, but I have saved it (screenshot) and can share in a PM with a maintainer in this project.

Command output ## What you expected to happen Expected to either get a search result for Homebrew or as often happens at least some beer brewing site...

Not sure if you have any viable action, but perhaps Google will listen to reason if you approach them and remove the result from their search.

Step-by-step reproduction instructions (by running brew commands)

Google search, see link above.

[sloanlance]

I don't doubt the reported problem, but I saw different results. I saw search results for places in my area related to "brew" (coffee and beer shops), followed by a result for Homebrew. The difference might be because I'm signed in to Google, I allowed location services, using Chrome on an Android phone.

I also tried in Chrome's incognito mode with the same results.

Tried Samsung's "Internet" browser in "secret mode" with similar results. The only difference was the first search result following the shops in this location was for "Brew Watch Co.". The next result was for Homebrew.

[woodruffw]

Google does not return globally consistent search results: whether or not you receive a malicious site for Homebrew depends on your rough geolocation, session state, ad profile, etc.

(This is by design, and is one of the reasons we often can't reproduce reports of malicious sites. But regardless it's fully Google's responsibility to remove them, which they often don't.)