I was poking through my blog posts from 5 years ago and found one referring to GMail invitations. I had forgotten that GMail was by invitation only for the first few months of its existence.
Those were the days!
I was poking through my blog posts from 5 years ago and found one referring to GMail invitations. I had forgotten that GMail was by invitation only for the first few months of its existence.
Those were the days!
Over the years, Experts Exchange has become quite the repository of tech advice, where people go to ask questions, then the experts compete to give the best answer and win the asker’s vote. It’s a pretty slick system, I suppose, if you are an ‘expert’, and your goal in life is seeing your username at the top of a list on their site, or if you have a question and have been unable to find an answer to it on any of the completely free message boards across the internet.
Whatever your reason for paying the fee to join their site, you have probably run across one of their pages if you have been searching for answers to a technical problem online. Their search engine placement has been historically good for a wide variety of key words and phrases.
A Bit of History
You have also probably run across Expert Exchange’s efforts to protect their paid content from the casual observer. If you are like me, you have seen them at the top of a search results page, cussed them out in your head, then moved on to the next result. That is because you know they often seem to have people asking the exact same thing you are in search of, and they seem to have people who have provided answers/solutions, but when you go there you are asked to pay to see the answers. But being the freebie seeking geek you are, you haven’t ever signed up for their site.
I remember that it used to be they would obfuscate their experts’ answers to a question with Javascript. That worked for a few minutes, until Firefox gained popularity and it became really easy to turn off Javascript.
For a long time, I thought that they had ended up removing their experts’ answers altogether. However, I learned that Experts Exchange is using a simple visual cue to make you think this so that you won’t find the coveted content for which they take great lengths to protect (and charge you $12.95 a month for access to).
The Hack
The secret is, if you just keep scrolling down the page, you will see all the answers to the question at the top of the page! What they do to make you think there is nothing there is show several empty bars of “Expert Comment” and “Accepted Solution”, followed by a “Sign up to view this solution” section, making you think the content is hidden. Below that, you will see a ton of “footer links”, making you think you are at the bottom of the page. However, keep going, and you will find the hidden pot o’ gold.
Why would they do this? Because they need Google to be able to crawl their content so they can maintain the excellent search engine placement they usually have. If they only showed the question, and not the answers, they would have much less worthy text to index, so it really behooves them to have that text shown somewhere in plain view. Obfuscating it with Javascript or CSS will only end up hurting them because Google looks at those things as ‘trickery’ due to the fact that they can be used for keyword stuffing.
This isn’t to say I don’t advocate paying for their service. I actually had the company I used to work for pay the fee a few years ago, but didn’t find myself using it that much, so I didn’t ask them to renew it.
In summary, scroll scroll scroll your way to the bottom of the page when you find an Experts Exchange result while troubleshooting on the Internet.
YouTube has implemented a three-phased attack to thoroughly rid me of any reason to ever talk nice about it again. They have succeeded.
Phase I – Google Search Drops My Site
It started in late December. I run a site called TheBestOfYouTube.com which is just a blog I use to feature random videos I find on YouTube. I write a little about them, and link to the video. No harm done, and this is completely acceptable (and encouraged through video embedding) by YouTube.
For two years, a search for “best of you tube” or “you tube best” would show my site either first or second in the search results. There is another site similar to mine (though more succesful) at bestofyoutube.com which would be right there at the top of the search results with me.
One day in late December, that all changed. I was nowhere to be found for those searches, but bestofyoutube.com was still there. If I searched Google for “thebestofyoutube.com” it would still show the site. Using Google’s Webmaster Tools and Google Analytics, it was revealed the site was still being indexed by Google.
There didn’t seem to be any sandboxing of my site, as it’s still findable, just not using those important keywords. Needless to say, my traffic dropped by about 85%, and thus my ad revenue fell with it. Curiously, in December, I had received my largest-ever payment from Adsense, as the site had been steadily gaining traffic the previous couple of months.
In case you were late to the meeting and didn’t hear, Google owns YouTube.
Was this a penalization of some sort by Google? Did the bestofyoutube.com guys do something to get my site unlisted for those keywords? I have no idea, and I have no idea how to figure it out. Either way, the fact that my site is still in Google’s index leads me to believe it was something that targeted me specifically.
Phase II – The Empire Strikes Back
On January 18, I received a letter from YouTube stating that Warner Music Group was claiming infringement on my “Star Wars on a Banjo” video. This was simply a video of me loosely interpreting the Star Wars theme on my banjo. It had been up for over 2 years, had garnered over 1.5 million views, and was featured on the front page of sites such as Fark.com and Metafilter.com. It led to me being interviewed by the local paper.
So they yanked it down, and I inquired about what to do on both Reddit.com and Metafilter.com. I received many varied responses, but the general consensus was that people were supportive of me, and that YouTube was overreacting.
Even though Warner claimed infringement, the video could easily be considered a parody, in which case it falls under fair use. Still, YouTube has to take things like this down if a copyright holder complains, just to protect themselves under the DMCA laws. The procedures state that it is now my turn to file a counter-claim, which might get my video back online if Warner doesn’t respond in 10 days.
I have filed the counter claim with YouTube, and am hoping to see the video return. Stay tuned.
Phase III – Shock and Awe
This morning, I got another email from YouTube. This time, they were letting me know that my Fingernail Collection video had been yanked for violating the YouTube Community Guidelines.
I guess that a video of someone licking fingernail clippings is considered a “shock” video. The funny thing is, in my opinion, it is completely ironic that people get grossed out by it. What is the difference between biting your fingernails while they are on your finger and merely touching your tongue to them when they are off your finger?
I just don’t get it.
The video has been up for nearly two years, and for this to happen just a few days after my Star Wars banjo video takedown got a lot of attention in the Internet press, seems too coincidental to me.
In Summary
I have been disheartened by all of this. I’ve always been a big fan of Google and their ventures (YouTube included), and to get the triple smackdown in three different areas has been quite demoralizing.
I do plan on contesting the Star Wars On A Banjo and fingernail video takedowns.
If the person at the other end of the line has an iota of reasoning abilities, they will hopefully see my point of view and put the videos back online.
I’m interested to hear your thoughts on this matter. Please comment!
Google says the recent GMail account breeches were due to typical phishing scams, not a vulnerability in GMail itself.
With help from affected users, we determined that the cause was a phishing scheme, a common method used by malicious actors to trick people into sharing their sensitive information. Attackers sent customized e-mails encouraging web domain owners to visit fraudulent websites such as “google-hosts.com” that they set up purely to harvest usernames and passwords.
They don’t say exactly how the usernames and passwords were harvested, however. Were people just dumb/gullible enough to type their Google usernames and passwords into some other web site? Or was there a way for these phishing sites to grab the authentication info from the user’s browser? Is this the fault of the web browser or a faulty plugin?
While the fingers continue to be pointed, the specific methodology for adding malicious filters to a GMail account by way of a phishing attack remains a threat.
I’ve been following the story about the domain name hijacking of MakeUseOf.com the last few weeks with interest. All signs are pointing to the domain thief having cracked the MakeUseOf.com Gmail account in order to retrieve their GoDaddy.com password and transfer the owenership of the domain.
This is not good for any GMail user, let alone domain name owners who have registered their domains through GMail.
Apparently, this one hacker has stolen over 850 domains this way, and holds them for ransom at $2000 a piece.
The latest part of the saga details how the MakeUseOf.com folks think this happened, right down to the hacking of the GMail account. If there is indeed a security flaw in GMail, which there appears to be, MakeUSeOf.com offers prudent steps to take in order to secure yourself (emphasis added by me):
(1) Well, my very first advice would be to check your email settings and make sure your email is not compromised. Check fowarding options and filters. Also make sure to disable IMAP if you don’t use it. This also applies to Google Apps accounts.
(2) Change contact email in your sensitive web accounts (paypal, domain registrar etc.) from your primary Gmail account to something else. If you own the website then change the contact email for your host and registrar accounts to some other email. Preferably to something that you aren’t logged in to when browsing web.
(3) Make sure to upgrade your domain to private registration so that your contact details don’t show up on WhoIS searches. If you’re on GoDaddy I’d recommend going with Protected Registration.
(4) Don’t open links in your email if you don’t know the person they are coming from. And if you decide to open the link make sure to log out first.
I would add to that list:
(5) Always use secure, encrypted GMail. There is an option at the bottom of the main Settings page in GMail for “Always use https” under the “Browser Connection” heading. Select this and leave it selected! Otherwise, anything you do in GMail is sent unencrypted over the Internet. Not good!
Keep in mind that this security flaw not only matters to domain name owners, but to anyone who has any sensitive email in their GMail account, whether it be online banking info, love letters, or whatever.
This will be interesting to watch, and I hope Google takes notice of this.
UPDATE: This fellow here has posted a proof-of-concept on creating malicious filters in someone’s GMail account.
Chrome just came out, and I downloaded it and have it installed. Expect a review here once I have time to kick the tires a little bit.
One thing that made me chuckle during the installation was a dialog box that popped up when I told Chrome to import my settings from Firefox:
Sadly? I’m impressed they feel so compassionate about the fact that Firefox was open on my computer.
Anyway, the first 3 minutes of messing with Chrome have been a series of “oooh cool!” moments for me. Look for more opinions soon…