Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has Google Broken JavaScript Spam Munging?

Posted by kdawson on from the step-too-far dept.

Baxil writes "For years now, Javascript munging has been a useful tool to share email addresses on the Web without exposing them to spammers. However, Google is now apparently evaluating Javascript when assembling summary text for web pages' listings, and publishing the un-munged email addresses to the world; and spammers have started to take advantage of this kind service." Anyone else seen this affecting their carefully protected email addresses?

8 of 288 comments (clear)

  1. *rolleyes* by Anonymous Coward · · Score: 5, Insightful

    Seriously, queue the obfuscation != security thing. If your email address is carefully protected, it is not displayed on a web page, obfuscated or not.

  2. Really.... by Darkness404 · · Score: 4, Insightful

    Really with the development of better OCR technologies and such comes the elimination of e-mail security by obscurity. If you don't want spam either A) have a decent spam filter (I don't think I've had a single piece of spam pass through G-mails filter and only one false positive) or B) don't share your e-mail address. Those are the only two ways to prevent spam that will continue to work.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:Really.... by buchner.johannes · · Score: 4, Insightful

      No it is not. If you increase the time used per website, you can not process that many websites anymore. JS obfuscated emails were protected because spammers didn't take effort.
      You might say computers got faster, but unfortunately the web didn't get smaller.

      Anyway, I understand the need to post email addresses on a website. How else should people contact you the first time? Personally, I don't like contact forms. Would you advocate for a CAPTCHA or requiring a POST request to obtain the real email address? You could still cry "security by obscurity".

      But you can't take away the option of posting email addresses on websites from users, as it is very useful to contact people by email. Reminds me of people saying "Flash is proprietary, and too fancy for my taste anyway, so nobody must use it. Use Javascript.".

      Maybe one should make swf files with the email in them. Muhahaha

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  3. "Google indexes correctly rendered page" by RichardDeVries · · Score: 5, Insightful

    That should be the title. That is, if it were newsworthy. Which it isn't.

    --
    Error 001
    Security Scan and Virus Detection do not work with your operating system.
  4. It's not google, it's the web developers by Punto · · Score: 5, Insightful

    nowadays, half of the pages I try to visit don't render at all without javascript. Somtimes the main content is missing (you just get the headline, the links that go on the sides, and the ads), somtimes it's just a blank page. It seems like all these traditional news organizations just _have_ to be "web 2.0" to appear relevant again.

    Google needs to index the page, they don't have much choice.

    --

    --
    Stay tuned for some shock and awe coming right up after this messages!

  5. Re:robots.txt by RajivSLK · · Score: 4, Insightful

    What would be nice is if google created a new tag in the lines of rel="nofollow" which would be an in-line way to keep the engine from seeing content.

    That would be exploited by spammers to the extreme. Imagine clicking on a listing for disney kids fun house only to have a hidden ad for an online Viagra dispensary dominate the page.

  6. Much ado about nothing by Asmor · · Score: 4, Insightful

    I publically list my email whenever I need to. If I want someone to email me something, I say, "Send it to itoltz@gmail.com". In fact, if HTML is allowed where ever I'm writing that, I'll even be so kind as make it a mailto link (i.e. <a href='mailto:itoltz@gmail.com'>itoltz@gmail.com</a>).

    And you know what? I almost never get spam in my inbox. I'd say a piece squeaks through Gmail's filters every few months (though when it does, I usually seem to get 2-3 similar spams over the course of a day or two).

    Granted, not everyone has the option of using gmail, and for those who do not everyone is comfortable with the idea of using it. That's fine. But the point is, if gmail is that good at filtering out spam, anyone else can be too.

  7. Some robots are more equal than others by Cajun+Hell · · Score: 5, Insightful

    For example, make a "Phone Number" field and set the CSS display attribute to none. Normal users won't see this field and won't fill it out. Spam-bots will see it and attempt to fill it out.

    This only works for as long as spammers don't care about it. I think anyone who can figure out the HTML resulting from javascript, can also figure out the style of an element.

    What's really funny about this problem is that we used to talk about using captchas to tell the robots apart from the meatbags, so that you could discriminate against robots. But now people want the robots to make sense of their page (so that they get referrals from Google) but they don't want the robots to make sense of their page (so that their email box doesn't get referrals from spambot). You're on the web or you're not. Choose.

    --
    "Believe me!" -- Donald Trump