Slashdot Mirror
Google Not Reciprocating On IFrame Usage?
theodp writes "Over at the Google Web Search Community, posters are questioning why Google feels free to IFrame others' web pages, yet blocks attempts to IFrame pages on its own sites. 'Google has so much contradiction in what it wants for itself and what it does with other websites [e.g., Google frames Slashdot],' quipped one poster. 'Do no evil, right?' And over at the Google Maps Help Forum, developers are also begging for Google to allow them to IFrame entire pages again. 'I know there are other options (&embed etc.),' explains a poster, 'but then there is no sidebar which is useless. I really need the functionality like it was before.' Can any Googlers out there explain The Mystery of 'This content cannot be displayed in a frame'?"
It's to prevent XF clickjacking, XSS and XSRF attacks. Please see recent web security papers. Many other major sites with valuable login credentials do the same thing.
http://en.wikipedia.org/wiki/Clickjacking may be related.
For them it already is theirs.
As long as nobody clearly states that it isn't their data, they will treat it as theirs. And nobody is saying that the personal data belongs to the person, so companies can keep confusing you and telling that as soon as it is somehow online, it is not yours anymore.
Don't fight for your country, if your country does not fight for you.
The summary seems to imply that Google has "magical powers" which enable it to block displaying its pages in IFrames, which no one else has?
The reality, AFAICT, is that everyone could block Google from displaying their pages in that way, also. They largely just don't (either want, bother or know how to do it), but I fail to see how that makes Google "evil".
The threads you linked to have 18, 2, and no comments respectively.
While this is mildly interesting, it appears all the links you could find have trivial numbers of people participating.
Nobody cares, this is non-news. Oh wait, Google was mentioned?
There's even a comment about DRM! Everyone loves DRM articles!
Nevermind, proceed with the company-bashing.
Congratulations on spamming your private battle to thousands of people via Slashdot editors.
Any person who modded this up needs a refresher in basic application security. The ability to iframe in a page allows for attacks like clickjacking.
'Google has so much contradiction in what it wants for itself and what it does with other websites [e.g., Google frames Slashdot],' quipped one poster. 'Do no evil, right?'
I don't see the contradiction. Everyone is allowed to decide whether or not they allow their content to be displayed in iframes. If Google chooses no for itself but takes advantage of the fact that others have chosen yes, that is not hypocrisy. (If Google was forcing yes on others, the poster might have a point.)
There is plenty to complain about here, I'm sure, but that's not it.
They do it for security. It's OK if you don't understand it. You apparently don't like Google. That's OK as well. But neither is a good reason for posting hate-speech.
I think the reason people are upset that Google isn't living up to their own mantra of "Don't be evil" is the fact that they fail to meet the standard they set for themselves. On the other hand, if Google had the phrase, "Let's make lots of money off of others' content and technology," then no one would be upset with some of Google's questionable tactics. It goes back to basic symbolic logic p=>q. If p is false, no matter what q is, the statement is true; however, if p is true and q is false, the whole statement is false. In other words, if Google never implied that they were never gonna be evil, they would be logically consistent, but since they tried to make that implication and failed, people that care about such things are thusly upset.
"Good, Fast, Cheap: Pick any two" -- RFC 1925
Google's motto is "Let's make lots of money off of others' content and technology". Did anyone ever doubt that? It goes without saying.
Where Google comes close to evil is booting people off the Google services without making it possible for the booted user to collect his or her belongings before the door slams their ass. There's effectively no recourse if Google makes an error in their determination. I think this pushes fairly deep into caprice, and with no real upside that I can see. At least your jilted GF has the decency to pitch your possessions out the window. It can't be that hard for Google to implement a "data export only" authentication level.
The problem with inference from evil is that first you need to define evil, and if you elect to paint evil as "everything you don't approve of" you're left pretty much speechless by some of the things other companies do, if you're paying attention.
Google has lots of APIs to let you do most anything. If you need to embed an entire page from google then you are doing it wrong. This is a security issue and frankly I'm glad they are acting responsible.
DOING IT WRONG:
I am designing a web site and I wish to make extensive use of google.com via iframing.
Anons need not reply. Questions end with a question mark.
To follow up on my last post:
I wouldn't be unhappy to see property law evolve in the cloud era so that blocking a user from recovering those possessions in a reasonable process and time frame would constitute actual theft.
Property is a social construct and it changes as the embodiment of property changes (wives, children, slaves, agricultural boundaries, water, mineral rights, design, copyright, and in the ridiculous fullness of time as practiced by the legislature and legal profession ... personal cloudwares).
So you are proposing government mandated elimination of security measures? Do you by chance make a living by phishing?
ASCII stupid question, get a stupid ANSI
You can ask them to give you your money back if you are not satisfied.
Don't break the law complete defeats the purpose of a motto. The idea of having and sharing the "don't be evil" motto is to show intent to be good citizens beyond simple regulatory requirements to abide by the rules the state hands down. Everything else you say is true it will be used against them but they believe, wrongly or rightly, that it is important to show intent to act in a moral/ethical way beyond what is simply required of them. This may just be simple advertising or it may be a genuine belief that this type of corporate cultural artifact is vital to being the company they want to be but either way it's not as simple as don't do things that can be used against you because it's not a simple tactics exercise but a philosophical one instead.
This isn't why they're doing it. It's an issue of security, not protecting revenue by blocking sites from injecting their own ads into a framed google...
...what google services are ones you would expect a government to run? I can't think of a single one.
Is Google adding ads to other people's sites? I just checked some search results and didn't see that happening. If you look at the image linked in the summary, there are no Google ads on the page.
Anyway, Google putting other pages in IFrames isn't an issue, so long as you can block the use of IFrames and still be listed by Google. That's entirely equitable: they're able to opt-out and you're able to opt-out. And, unless I'm very much mistaken, that's how it works.
I agree.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."