Slashdot Mirror
Google Warns Users About "Unsafe Sites"
Dynamoo writes "The BBC is reporting that Google will start to warn users about unsafe websites, in particular those that host spyware or have privacy implications. The technology to do this has been developed in partnership with StopBadware, and appears to be an alternative to the popular McAfee SiteAdvisor application. Perhaps this will help curtail slimeware ridden sites from peddling their wares. But it will be interesting to see how Google rates some of its own products, including the potentially risky Google Desktop."
If you don't want to RTFA, you can follow the link to Google's policy here:
www.goatse.ru
-THE END-
If you thought Google had a lot of lawsuits when altering pageranks of linkfarms, wait until limewire et al start suing Google for "defamation".
A "screensaver" site isn't going to get much traffic on page 1000.
This tagline is copyrighted material. Please send $10 for an affordable replacement.
In my opinion it's like saying I am a risk because I have arms. Potentially I could strangle someone with them.
Google Desktop isn't unsafe in any way. Google fully discloses the fact that they'll be rooting around in your hard drive and mixing data from there, with data from their servers, for the purposes of providing a local Google search to you on your own machine.
There's nothing wrong with people who are willing to voluntarily give up some measure of their own privacy in exchange for a service provided on that data -- I use Gmail for all of my e-mail, even to the point of forwarding multiple accounts into my gmail inbox, and don't think twice about the fact that somewhere, Google is reading and storing it.
The problem arises when people aren't informed their privacy is being tampered with...malicious web toolbars and cursor packages, Gator, etc. No anti-spyware application I've seen to date has detected Google Desktop (granted, I've only seen 3 machines that actually used GD) but that says something to me.
Google Desktop and crap-ware ridden screensavers have nothing to do with one another. Summary is a google-bashing troll, at best.
Beware of the Leopard.
Or even better still, read the Google cache of the site with all the bad stuff removed. That would be trick!
I'm sure my letter of commendation, along with Google stock options grant, is arriving any moment now.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Like Financial Services companies that used to advise their clients to buy their company's own investments, I can easily see how Google getting involved in this could be a quagmire. As the summary example pointed out, what happens when Google's own software is dangerous? Do they have to face down their own rating service to get it out there? Chances are... they won't. They will assume that all Google software is "Good" software.
Fair enough, since I guess you can assume that Google wouldn't be actually creating malware on purpose. If you just single out those sites with the 1000 porn banners that try and install virii and spyware on your computer, Google won't have a problem. However, I think, the real problem for most users is not sites like that which are obviously dodgy, its the sites that look clean and professional that seem to have a legitimate purpose for their software, and often those proprietors are quick to try and play up their legitimacy. When Google marks them as "bad", you can expect lawsuits.
While I find that this may be a big plus for a search engine that can be percieved as impartial to software makers, as Google becomes a notable software maker itself, it may be an issue. It certainly could leave them vulnerable to the charge of conflict of interest as time goes on.
Why not fix the software and/or its default configuration so that it is safe to use?
That doesn't address sites that deliberately link people to executables that they delibrately download and run because they think they're about to see a 3D holographic movie of unicorns actually producing rainbows in the shape of guardian angel puppies protecting endangered species that are making jokes about the president.
The point is that if Google finds sites polluted by such malware - not just some plugin-abusing bit of blinking nonsense - then they're going to give you the heads up on the link. I think it's great - but it will just make the bad guys get involved in another hide-the-malware arms race.
Don't disappoint your bird dog. Go to the range.
Why not give users feedback about their browser or the browser compatibility of sites? I think it would be nice if Google would tell IE users with Active X on that a site they're about to visit contains Active X and may be a threat to their system.
Better yet, consider standards compliance and accessibility when ranking pages.
If Google wants to use their position to police the Internet, why stop with Spyware. Test whether people have a secure browser and tell them when they don't:
"FYI, your version of IE is 3 years out of date. Please go here to upgrade it, or go here to replace it."
They could fix a lot of the problem right there.
Some people have a way with words, and some people, um, thingy.
Because google [claims it] doesn't alter search results. Flagging them doesn't technically alter them (it just displays a bit more information), but moving them to the bottom of the pile, so to speak, is.
But what if your site was somehow rated as "spyware-filled", when, in fact, it wasn't? Would you rather be flagged as dangerous, or would you rather be sent to the bottom? At least the flag can be ignored.
... like AOL.
The original post never implied that searches for porn should turn up anything else but porn. It just said that if you search for kitty cat that you shouldn't get a bunch of beastiality websites. Now if you searched for "kitty cat porn" then fine.
What is it with the anti-javascript/flash attitude here? Properly managed use of Javascript is fine. Yes, it has more holes than swiss cheese, but it is so easy to disable and manage with firefox and the like; why claim that ANY site using Javascript is a "potential security risk"? The same goes for PHP, Flash, and every other web technology that has potential security holes; surely, nine outta ten times, the benefits outweigh the risks. Yes, AJAX is overhyped, but Javascript is in its name for a good reason.
They'll flag sites that deploy malware, spyware, and other junk. They'll flag sites that use unrestricted javascript and dangeous security workarounds. Not everything. Blanket labelling would only cause annoyance.
How do you handle sites where the bad pages are hidden behind a robots file? The front page may be crawlable, but the page with the malware isn't.
How do they handle redirects? If I have a site that redirects a user to bad content, is the original page flagged as bad? Combined with a page that isn't crawled, how would they know to flag it?
How are they going to handle any obfuscation that takes place? Or handle new malware? This might not be a show-stopper, but I think it is a techinical issue that should be addressed.
How are they going to handle the lag between crawling and new content? My server gets crawled about once a week. So I would have ~6 days to host bad content before switching it back to look legit for my next Google crawl.
What system are they going to have to handle complaints or appeals? If my site is flagged incorrectly, Google is taking a risk of liability by flagging it that way. It seems that if they take due diligence to keep the false positives low, there will be an increase in false negatives.
These are just off the top of my head and I am sure there are a lot more issues that I haven't thought of.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
You have to actually click on the link. Here's an example: http://www.google.com/interstitial?url=http://www. theserials.com/serial/serialbox.html
This is one of those ideas that sounds good in theory, but isn't likely to help much in the long run.
The reason it won't work very well is that all the malware sites have to do is present a non-malware version of their pages to google's spiders. If they don't see the malware, they can't know it is there for everybody else.
So, at first we will see Google correctly identify malware sites, and that will be effective for just long enough that people will come to expect that sites without a malware warning are safe. By then, someone will have come up with an automated systems for giving google a "clean" version of the website and serving malware to everyone else. This automation will spread rapidly and then google will no longer be effective - but now some number of people will have started to rely on google's warnings (or rather lack of warning), thus making them more vulnerable than before.
I think another poster's idea is much better - include malware detection as part of the pagerank score. Don't advertise it, don't spell it out, just do it. Malware sites will sink to the end of the search results (where they belong anyway since they are rarely useful for anything but malware distribution). Eventually the malware distributors will figure it out and start feeding "good" pages to google's spyder - but at least no regular users will ever be lulled into a false sense of security by thinking that the lack of a warning is an indication of safety.