Slashdot Mirror
Has Google Broken JavaScript Spam Munging?
Baxil writes "For years now, Javascript munging has been a useful tool to share email addresses on the Web without exposing them to spammers. However, Google is now apparently evaluating Javascript when assembling summary text for web pages' listings, and publishing the un-munged email addresses to the world; and spammers have started to take advantage of this kind service." Anyone else seen this affecting their carefully protected email addresses?
Seriously, queue the obfuscation != security thing. If your email address is carefully protected, it is not displayed on a web page, obfuscated or not.
Really with the development of better OCR technologies and such comes the elimination of e-mail security by obscurity. If you don't want spam either A) have a decent spam filter (I don't think I've had a single piece of spam pass through G-mails filter and only one false positive) or B) don't share your e-mail address. Those are the only two ways to prevent spam that will continue to work.
Taxation is legalized theft, no more, no less.
See http://en.wikipedia.org/wiki/Mung
That should be the title. That is, if it were newsworthy. Which it isn't.
Error 001
Security Scan and Virus Detection do not work with your operating system.
Dear Google:
Welcome to the "Impossible to do anything right" club.
Regards,
Wal-Mart,
Microsoft,
G. W. Bush
WTF? Over?
nowadays, half of the pages I try to visit don't render at all without javascript. Somtimes the main content is missing (you just get the headline, the links that go on the sides, and the ads), somtimes it's just a blank page. It seems like all these traditional news organizations just _have_ to be "web 2.0" to appear relevant again.
Google needs to index the page, they don't have much choice.
--
Stay tuned for some shock and awe coming right up after this messages!
The spammers WILL get your email address. Be it web trawling, google searchers, or stealing email address off of compromised computers, the spammers will get, and then resell, you email address.
Trying to keep the spammers from getting your email address is a lost cause, and not a battle worth fighting.
Test your net with Netalyzr
A better method is to have a Contact Me form that doesn't display your e-mail address anywhere on it. Yes, you'll get spammers filling it out, but you can cut down on those with some simple techniques. For example, make a "Phone Number" field and set the CSS display attribute to none. Normal users won't see this field and won't fill it out. Spam-bots will see it and attempt to fill it out. Then, have your submission script silently fail to send to e-mail if the "Phone Number" is filled out. (If you toss an error, the spammer might figure out the trick.) No method is fool-proof, of course, but this is much better than putting your e-mail address on your webpage and hoping that someone doesn't de-mung it.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
How about "pay to email"?
I register with a pay-to-email site, and give it my actual email address. It gives me my new publicly visible email address. Anyone who wants to can send me an email through this service if they pay me an amount of money that I set. After I receive the email, I can refund the sender. The pay-to-email site takes a 10% cut on all un-refunded emails.
Sound like a winner?
Education is the silver bullet.
>The wikipedia page also links to munge - modify until not guessed easily -
> which I guess is what the original person intended
Then the original poster is a chimp and so are you. If you aren't aware that adding ~e may change the meaning of a word, I should come round and rap your ears.
What would be nice is if google created a new tag in the lines of rel="nofollow" which would be an in-line way to keep the engine from seeing content.
That would be exploited by spammers to the extreme. Imagine clicking on a listing for disney kids fun house only to have a hidden ad for an online Viagra dispensary dominate the page.
I publically list my email whenever I need to. If I want someone to email me something, I say, "Send it to itoltz@gmail.com". In fact, if HTML is allowed where ever I'm writing that, I'll even be so kind as make it a mailto link (i.e. <a href='mailto:itoltz@gmail.com'>itoltz@gmail.com</a>).
And you know what? I almost never get spam in my inbox. I'd say a piece squeaks through Gmail's filters every few months (though when it does, I usually seem to get 2-3 similar spams over the course of a day or two).
Granted, not everyone has the option of using gmail, and for those who do not everyone is comfortable with the idea of using it. That's fine. But the point is, if gmail is that good at filtering out spam, anyone else can be too.
This only works for as long as spammers don't care about it. I think anyone who can figure out the HTML resulting from javascript, can also figure out the style of an element.
What's really funny about this problem is that we used to talk about using captchas to tell the robots apart from the meatbags, so that you could discriminate against robots. But now people want the robots to make sense of their page (so that they get referrals from Google) but they don't want the robots to make sense of their page (so that their email box doesn't get referrals from spambot). You're on the web or you're not. Choose.
"Believe me!" -- Donald Trump
Nice try, but that rule only applies to "[^ng]g$" words.
but it doesn't apply "[n]g$", because the n modifies the sound of the g, and gg$ is uncommon enough that it's an exception in itself.
Unfortuantely we don't have many examples of "ung$" because most of the words of that form are either nouns (e.g. dung, lung, young) or past participles (e.g. clung, hung, sung), so their present participles are generally formed from the present tense "ing$" form of word (e.g. cling/clung/clinging, hang/hung/hanging, sing/sung/singing), etc.
Note that we do have plenty of examples of "unge$" forming "unging$":
So that's plenty of reason to believe that the rule is "unge + ing = unging", despite the fact that "inge + ing" can be either "inging" or "ingeing" depending on the word (and in some cases both are valid):
Therefore I strongly contend that:
You may dispute the claim above, but there's no disputing:
:)
For everyone's information: the page the author links to as the one that has javascript munging also has a noscript tag with the email out in the open. Guess what Google and spammers' email-crawlers really do? ;)
I've checked your claim, and it's not true. The "noscript" tag contains warning text about Javascript being turned off and an instruction to use a web form instead of email. I've also checked my own Javascript obfuscation, which uses "blah at domain" type descriptive text in the noscript tag, and Google's search results do not de-obfuscate it. This may be due to the fact that my Javascript is loaded from a separate file -- a point raised in TFA.
Even if Google is rendering some amount of Javascript in this way, it's still a stretch to accuse Google of being the leak. If you correspond with a person who has malware installed on their computer, there's a high risk that your email address will be exposed to spammers via that route. Such malware is hardly uncommon, is it? The obfuscation technique was only ever going to buy a little extra spam-free time in any case.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.