Google Web Accellerator: all hail to the spammers
Filed under: cyberspace
Number of comments: 
Number of trackbacks: 
Tagged with: 
Of course a lot of people have already spilled their guts about Google's new Web Accellerator but being the author of Pivot's anti-spam software I felt obliged to say some words about it as well. First things first: Pivot Blacklist will block any attempt to post a comment by anyone using the Google Web Accellerator if you have the most important spam blocking options enabled.UPDATED: it gets worse, even...
Why doesn't it work
The Google Web Accellerator really isn't anything new. In fact it's just a proxy server. While proxy servers are a good thing when it comes to speeding up your browsing experience, public ones are one of the cornerstones of blogspam. Open proxies are blocked by Pivot-Blacklist which is obviously a good thing. In Addition to this there's the HashCash extension in Pivot Blacklist. It requires the client to execute some javascript to calculate a checksum before submitting. The checksum is submitted with the comment and will be verified by the server. No checksum or an incorrect checksum? Comment blocked. Even the basic Owens Spam Action won't work because it's key uses the remote IP address which is going to cause this checksum verification to fail as well. Therefore, in order to get
I REALLY need it to work! Help!
Pivot-Blacklist to work with Google Web Accellerator you'll have to:
- disable the WP HashCash check (the most powerful one of them all)
- disable the Owen's Spam Action check (simple but yet quite effective still)
- (probably) disable the open proxy check. (I expect Google's proxies to be banned as soon as the first spam is submitted through them)
The only effective protection you can still use is the Silly Question option which requires the poster to answer a trivial question in order for the comment to be validated. Quite a lot of bloggers however don't really like this extra hassle for their users. In short, you'll have to seriously cripple Pivot-Blacklist in order to enable comments through the Google Web Accellerator and I can tell you one thing: It's not gonna happen on this site or any of my other sites.
Other reasons why the Google Web Accellerator just sucks
Privacy anyone? I'm sure there'll be privacy policies stating we won't do this and that with your browsing stats but seriously, why would we trust a company with a full profile of when we surf, how much we surf and which sites we visit? I sure as hell won't. In addition to this, it's really not always that much faster than surfing without it. For remote sites that have poor connections to the internet it can speed up things but for sites that are close to you you might actually even feel a DECREASE in speed. All in all it's really not worth it in my opinion.
It gets worse
According to this article on SomethingAwful it gets a lot worse than I first thought. If this is really true, anyone using the GWA can read all kinds of private webpages including stuff like your webmail.
I'm having to pay a coder just to figure out how to prevent Google from caching all the webpages on our forums. Why is this a problem? Well first of all, it's a giant security hole, as private forums for mods and admins can now be viewed by anybody. Thanks Google, thank you very much for sharing our sensitive information with the entire Internet, without even giving warning or notice to any parties involved! Secondly, our forums offer a private messaging feature, where users can send messages to each other which can only be read by them. It's like AIM or ICQ, but through a webpage. If you're using Google's Web Accelerator - guess what? - now anybody can read your private messages! Cookies, logins, sensitive information, private messages - they're all stored on Google's servers now, and they're all available for anybody on the Internet to read.Think before you worship on SomethingAwful
This is truly a scary thought indeed. I guess owners of websites with content which was never intended for the whole world to view will have to block GWA from accessing pages alltogether.
Alternative ways to speed up your browsing experience
A cache CAN do nice things for your browsing experience. If you want to speed things up without selling your soul to google there's always the option of installing Squid on your machine and configure it as a local proxy cache. This will seriously speed up things. If you have a machine in your home network configured as a router to the internet you could very well install it there and configure your other PC's or Macs to use it as a proxy server. Since most people tend to visit the same sites often it will dramatically reduce page loading times because a lot will be cached (images, flash movies, etc.). Running a local cache on your home network will also NOT cause problems with Pivot-Blacklist or other anti blogspam tools. It really is the better solution for those who really feel their browsing experience isn't fast enough. I myself don't which is why I'm not using any cache at all.
Caching is great! Google Web Accellerator is definitely NOT!
At 06 May '05 - 15:40 stefan wrote:
At 06 May '05 - 15:43 Marco wrote:
At 07 May '05 - 07:53 Gooly wrote:
Am I right when I conclude that, (only) when using the GWA, all of your private stuff is loaded on the Google servers and is accessible for anyone, but that you’re personally ‘safe’ when not using GWA?
That would be another argument for people to surf without the GWA.
I mean from the point of view from the surfer. Because to website owners this is horror anyway.
At 07 May '05 - 11:58 Simon wrote:
At 07 May '05 - 15:39 Marco wrote:
@Simon there’s a way to block GWA from caching your site at all. There’s a link to a page describing how to do that in the article.
At 10 May '05 - 08:41 Chantal wrote:
At 13 May '05 - 12:52 Niky wrote:
I’d rather have a bit slower site than a site with lotsa comment spam everyday.
At 06 November '05 - 13:19 Redsun wrote:
In any case, I think preventing GWA to cache the website pages won’t allow GWA users to post comments anyway, am I right? as preventing cache does not prevent the connection from going through the proxy. Maybe the best solution is just warn the users to turn off GWA when posting, as I am doing now (yes I am an evil GWA user), or better still turn it off for the whole websites so they do not need to turn it off each time.
At 01 December '05 - 16:15 jpstraightup wrote:
Personally, I wouldn’t use it because as a consumer of web applicaitons, which I may not always be incontol of, prefetching could cause my browser to execute some unwanted operations. But, I believe that web accelerator is safe for most web users.
About caching – if you have content that became available through the google search engine, then that content must have been indexed by bot. If your site had a proper security implementation in place, this would not have happened. Any caching performed by a google “proxy” server is not done based on the browsing activity of any particular user – this type of caching is done to speed the loading of popular content from sites like slashdot, msn, yahoo, amazon, etc. When web accelerator caches pages based on your personal browsing, the information is stored locally in a cache similar to but separate from your web brower’s cache.
Furthermore, information that is highly sensitive should only be viewed over a secure connection (https). GWA does not handle any data transmitted over a secure connection.
GWA also will not prefetch any link with a query string (links having a ? in them).
An additional note for webmasters is that you can easily reject prefetch requests by looking for “x-moz: prefetch” in the HTTP heade of any request.
I think that there are some valid reasons for not wanting to use a product like GWA, but the only valid ones I see here are the ones relating to broken site functionality caused by GWA. A couple of my peronal thoughts on this are that (one) this software is currently still only available in beta version, meaning that some bugs are to be expected and (two) the software has an “off” feature – why not just turn it off while trying to use an applicaiton that it seems to be interfering with?
I don’t think that Google has ever been self-proclaimed as a saintly company whose only interest is to provide the world with free solutions for the good of mankind, but I personally think that they have several excellent products out there including their searh enging, google maps, and gmail.
I just don’t think it’s fair to bash an entire company and presume them to be the epitome of evil and deception just because they have a few products that aren’t on par with the expectation that the public has of them.
At 29 August '07 - 11:53 agp wrote:
At 29 August '07 - 15:04 Marco wrote: