Web Accelerator Can Delete Your Account?
Oh, tell me this isn’t true. Jason Fried purports that Google Web Accelerator is, because of prefetching, actually clicking on links like “Delete my account” or “Cancel” in webforms.
The accelerator scours a page and prefetches the content behind each link. This gives the illusion of pages loading faster (since they’ve already been pre-loaded behind the scenes). Here’s the problem: Google is essentially clicking every link on the page — including links like “delete this” or “cancel that.” And to make matters worse, Google ignores the Javascript confirmations. So, if you have a “Are you sure you want to delete this?” Javascript confirmation behind that “delete” link, Google ignores it and performs the action anyway.
This could easily be the most alarming accusation yet. I would hope it is not true. I would hope the Accelerator has a mechanism for preventing this. I would hope the Web Accelerator is not the reason I keep getting logged out of my accounts lately.
I’m beginning to think prefetching, while a lofty idea, just can’t work in real life. There are far too many questions and problems. If Google has found solutions to these problems, well, good for them. I’d be quite proud to hear that they are smart enough to have already thought of these issues and solved them. The problem is, since Google is so quiet and secretive, we have absolutely no idea if that is the case.
I think its time we finally got a statement from Google. The accusations are flying left and right, and Google needs to put this to rest. No more sitting in an ivory tower in Mountain View. If Web Accelerator is safe, Google should say so. If not, disable the GWA servers until the product is more robust. Being silent is no longer an option.
(via Boing Boing)
UPDATE: Nik Cubrilovic has a good post on web applications that poorly use a GET to manipulate pages, and how an attacker can take advantage of that. For example, you could write a comment on this blog containing hundreds of spam URLs, which would of course get moderated (any post with 2 URLs or more is automatically moderated). Then you could include as the first URL a carefully crafted URL, the kind that WordPress sends to me to approve a comment. With any luck, the prefetching would approve the comment and you’d get the spam. Hell, I’m surprised it hasn’t happened already, since every comment moderation email I get has had the approve URL over the delete one, and my mouse has passed over the approve URL a few times.
A a perfect rebuttal emerges: Is prefetching now banning the practice of including URLs in emails that do things? Is that against the HTTP standard? Either way, even if poorly built web apps are having problems, it is a widespread problem, with millions of potentially screwed users. Is that worth it?
Hat-tip: Matt Walters
If you go to the preferences page, there’s an option for disabling pre-fetching, which should fix this for now.
For what it’s worth, this is partly the blame of site authors, since any data modification tasks should be done via POST requests, not simple GET urls.
Comment by Mihai | May 6, 2005
As really lousy as this Web Accelerator thing us (and I’ve uninstalled it until they clear things up), I still think the far more dangerous change they’ve announced in the last week was the change to Google News’ “quality” formula. Nothing good can come of that. Let PageRank weed out the fly-by-night operations, but for God’s sake, don’t get in a political battle about who provides quality news. That simply isn’t something that can be reduced to a mathmatical formula.
Comment by Brock | May 6, 2005
Mihai: Who gave Google permission to dictate how the web works?
.
Brock: I think we should hold on judgement on the TrustRank patent until Google actually starts using it. Don’t be surprised if they are actually trying out a good thing here.
Comment by Nathan Weinberg | May 6, 2005
Nathan,
I’ll reserve judgment on TrustRank, but I’m not holding out any hope for it being a good thing.
Quantity of stories? Length of stories? Age of corporation? Number of bureaus? These are supposed to be proxies for quality? Ha!
When the LA Time deletes a couple paragraphs from a Reuters article to make the facts fit their editorial page, and a blogger catches it, I know which source I would consider higher quality. There just is no substitute for quality except human judgment. Let PageRank sort out the fly-by-night operations, and leave the actual ethical and moral decisions to the readers.
Comment by Brock | May 6, 2005
anyone who is stupid enough to make ‘delete this account’ a http GET deserves every deleted account they get.
hey, that’s a pun!
Comment by bryan | May 6, 2005
Nathan said “Who gave Google permission to dictate how the web works?”
What I talked about is defined in the HTTP spec:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
Webmaster ignore it at their own peril.
Comment by Mihai | May 6, 2005
“anyone who is stupid enough to make ‘delete this account’ a http GET deserves every deleted account they get.”
And what about the user who gets their account deleted through no fault of their own? IF this is true (and I don’t know that it is), Accelerator is really broken.
You Accelerate the Web you’ve got, not the one wish you had.
Comment by Brock | May 6, 2005
It would be nice if the entire web conformed to standards, but it doesn’t, and even Google can’t make it so.
.
But I could not have possibly said it better than Brock did:
“You Accelerate the Web you’ve got, not the one wish you had.”
.
Inspired, absolutely inspired.
Comment by Nathan Weinberg | May 6, 2005
Pre-fetching can work. It is up to the developers to account for it. The holes that are being discussed existing before GWA, its just that GWA pointed them out in a very obvious way. These are security holes in web apps, and poor implmenetations, nothing more, nothing less. A lot more about the pre-fetching here:
http://www.perfected.org/archives/2005/05/07/poor-web-applications-and-pre-fetch-security-issues/
Comment by Nik Cubrilovic | May 7, 2005
Fuck all yall bogus shit you need to figure out how to delete aol accounts
Comment by me | June 27, 2005
Complete Injustice in disabling of Adsense Account.hOW GOOGLE IS ALLURING sMALL PUBLISHERS TO FARUD
I followed every policy of your company honestly without violating any guidelines. I have not generated any invalid clicks in my present accoount which you can verify.I did not hide any information not did i mislead your company in any way.My application was approved by your company after approving my details & website which adhered to your policies.I worked hard to promote your products & give good business to your company & advertisers.I failed to undestand why someone is punished unnecessarily as if they are
criminals.I am very much dissapointed that your comapny has disabled my accout unresonably without any violation, forefeited my money which i earned with my hard work.Your unresonable decesion to discontine have caused immense damage to my websites & my work. It seems the google adsense is not tranparent, Not answerable,biased,commits frauds on publishers by commiting theft their money, this is the impression publishers are slowly recogonizing all over the world. Yours is not most dangerous companies to work with, this is the impression i have got after working for you.
I will see to it that i put forward this matter with Owner of Your company,Goverment & other rederrsal platforms if i do not receive any response from you or my account is not enabled.So please
reconsider your decesion.
GOOGLE IS THE COMPANY OF THIEVIES & GANGSTERS BEWARE.
Kindly reconsider.
ADSENSE
Comment by doogle without sense | December 18, 2005
I wanna know how to delete my account to make a new one. Or if it is not possible to delete it, then i would like to know how to change my e-mail name. Thank You
Comment by Alberto | December 31, 2005
BEWARE of Google Adsense JOIN AT YOUR OWN RISK
I just wanted to give fair warning to all fellow website and blog publishers, to beware of the Google Ad program, “Adsense”. Unfortunately, I fell victim to this program.
As you may noticed, I am no longer running Google Ads on my site. That is because they disabled my account for no proper reason. When I contacted Google, I was told that my account was disabled because it was “related” to another account that was disabled due to invalid clicks. This is pretty weak reasoning, and was false as well. The other account in question, was one that my wife had. We do live in the same house, and do use the same computer, however, after that, the similarities end. Her site is like a diary of her day to day life, plus some political and entertainment news. Obviously different. She has a different email account, and a different Social Security number. However, this made no difference to Google.
Secondly, the timing of the disabling of my account was very suspicious. My wife’s account was terminated in early August. At that time I had accumulated about $50 in ad earnings. You need $100 to before Google will pay you. Did they disable my account then? I was married at the time, so the affiliation was there at the time. Take a guess at when they decided to disable my account. Was it at $70 earnings? $80? Nope. I am sure you guessed the timing, it was at over $90, and more than a month later. They are certainly not dummies at Google. They let me run their ads continuing to generate revenue for them as long as they could, before cutting me out. What a great deal for them. Basically a free employee. There is a lot a profit in that.
After making an end around, and going through the Google Adwords department, I was able to finally contact a human being, and they forwarded my concerns to someone at Google Adsense. They admitted I was correct about the account affiliation, however, undaunted by this fact, they went on to say that they ran a separate scan on my account, and found that I was in violation of having invalid clicks myself, so they were still disabling my account. This “invalid click” line seems to be Google’s main way of disabling publisher’s accounts before they have to pay them. Why do I make such a general assertion, using “publisher’s” plural? It’s because apparently, I am not the only one that this has happened too.
GOOGLE ADSENSE IS TURNING INTO DISASTER
Comment by publisher | January 3, 2006
GOOGLE ADSENSE ACCOUNT DISABLED HARD EARNED MONEY LOOTED
HOW GOOGLE IS DEFRAUDING BIG & SMALL PUBLISHERS
Google AdSense Account Disabled
> Hello,> > As you know, Google treats instances of invalid clicks very seriously. By> disabling your account, we feel that we have taken the necessary measures> to ensure that invalid clicks will not continue to occur on your site. Due> to the proprietary nature of our monitoring system, we’re not able to> disclose any specific details of these clicks.
this is the fradulant message often the publishers are receving all over the world. Why? Because google adsense program is being mismanaged by the company to loot the advertisers of their money & publishers by forefeiting their amount.There is no transparency in their dealings.Millions of people and publishers are being taken for a ride.Google Dam Care of thier publishers or advertisers.There are like leech surviving on work done by advertisers & pubslishers.
ALL THE PUBLISHERS AE ADVISED NOT TO JOIN ADSENSE PROGRAM AS YOUR ACCOUNT CAN BE DISABLED ANYTIME & YOUR HARD EARNED MONEY FRADULANTLY FOREFEITED BY GOOGLE.
http://google-adsense.blogsource.com/
Comment by publisher | January 3, 2006
WHY PUBLISHERS ARE LEAVING GOOGLE ADSENSE
PUBLISHERS ARE LEAVING GOOGLE ADSENSE PROGRAM
1. NO TRANPARENCY IN THEIR PROGRAM
2. GOOGLE FOREFIET THEIR MONEY.
3.GOOGLE PUNISH INNOCENT SMALL PUBLISHERS.
4. GOOGLE DOSENT HAVE ANY MECHANISM TO PREVENT INVALID CLICK OR EVEN JUDGE IT.
5. THEY HAVE VERY SLOW CUSTOMERS SERVICE TO REPLY TO QUERIES OF PUBLISHERS.
6. YOUR APPEALS ARE NOT HEARD IF YOUR ACCOOUNT IS DISABLED.
7. THEY TREAT PUBLISHERS LIKE CRIMINALS.
8. THEY HUMILIATE PUBLISHERS.
9. IF THEY DISABLE YOUR ACCOUNT THEN YOU MANUALLY HAVE TO REMOVE ALL THEIR CODES & IT DESTROYS PUBLISHERS & WEBMASTERS WEBSITES.
10. THEY DO NOT DISCLOSE HOW MUCH MONEY THEY ARE GOING TO PAY TO YOU OR HOW MUCH PROFIT THEY ARE SHARING WITH PUBLISHERS & HOW MUCH THEY ARE LOOTING.
11. THEY PLACE COOKIES IN YOUR COMPUTER & GET ALL THE INFORMATION O YOUR WEB SURFING HABITS.
12. THEY ARE TRYING TO DICTATE & OVERTAKE INTERNET ADVERTISING.
13. WHEN THEY DISABLE PUBLISHERS ACCOUNT THEY ALSO DEBAR PUBLISHERS FROM SUBMITTING THEIR WEBSITES TO GOOGLE SEARCHE ENGINE SOMETIMES & LOWER THEIR WEBSITE RANKINGS.
14. GOOGLE ALSO PUNISH PUBLISHERS & WEBMASTERS BY CHANGING THEIR POLICIES FREQUENTLY WITHOUT MOST PUBLISHERS KNOWING ABOUT IT BY INSERTING CLAUSES IN THEIR TERMS & CONDITIONS WHICH ARE AGAINST THE INTEREST OF PUBLISHERS SO THAT THEY FIND IT DIFFICULT CLAIM DAMAGES IN THE COURTS.
15. GOOGLE IS NOT TRANSPARENT IN THIER REFERRAL PROGRAMS AS PUBLISHERS DONT KNOW HOW MUCH MONEY THEY ARE GOING TO GET?
IT IS BETTER IF PUBLISHERS & ADVERTISERS JOIN MSN ADVERTISING OR YAHOO PUBLISHING NETWORK
Comment by publisher | January 4, 2006
Has Google Peaked & Turning To Disaster
Saturday, December 31, 2005 at 12:44 AM PST
Has Google Peaked?
When I think of Google, I think of the arch-villain Mr. Big from the James Bond film Live and Let Die. His diabolical plan: Flood the streets with free heroin to drive out competing suppliers and dealers. Once users got hooked on his free smack, Mr. Big could leverage control over the entire market.
This is, in essence, Google’s business model. Of course, instead of heroin it traffics in free software and Web sites. It’s unlikely Google will start charging for them anytime soon—rather, it will continue to deploy services as a vehicle for targeting ads. But, like Mr. Big, Google depends on the broad acceptance of its products. Without massive numbers of users, the company wouldn’t have the customer base to attract billions of dollars in advertising revenue.
Starting with a few algorithms, Sergey Brin and Larry Page coded a company from scratch that today has a market cap approaching $90 billion and a stock price of more than $300 a share. When conventional wisdom said there was no money in search—that a search engine had to be an add-on to a portal to attract users—Brin and Page figured out how to sell ads based on keyword searches.
About 99 percent of Google’s revenue comes from advertising. Roughly half of that money comes from paid keyword searches—when I search for “edible body paint,” I’m greeted by a number of “Sponsored Links” for online merchants (Kama Sutra Products, Body Candy) that have bid on these specific keywords. The other half of Google’s ad revenue comes from its AdSense program, which offers commissions to site owners who run ads on their Web pages.
But if you live by advertising, you can die by advertising. If there were a downturn in the Internet ad market for any reason, Google wouldn’t be able to meet Wall Street’s expectations. Its stock, perhaps already inflated with a price-to-earnings ratio of close to 90, would lose some luster. (Yahoo!’s PE is in the 30s, and Microsoft’s is in the 20s.) Google is well aware of this. In its latest quarterly report, the company warns that reduced ad spending “could seriously harm our business.”
Not only does Google depend on ads, it relies on one source—AOL—for about 12 percent of its AdSense revenue. If AOL terminated its contract, Google would feel some pain and its stock price could take a significant hit. Last Friday, the Wall Street Journal reported that TimeWarner and Microsoft, Google’s main rival, are talking about forging an alliance between AOL and MSN. That can’t come as welcome news in Mountain View, Calif.
Another threat to Google’s ad-centric business model is click fraud, which the company lists as a significant risk in its SEC paperwork, noting that it could lead to advertiser dissatisfaction and potential lawsuits. It is either perpetrated by affiliates who receive a commission for every click they can induce, or by a competitor who wants to force a rival to run through its ad budget so it can buy the top keywords at a discount. No matter who does it, it’s the online merchants who pay; they pony up anywhere from a few cents to $20 or more for each click.
Although there’s no way to know what percentage of clicks on keyword ads are fraudulent, estimates range from the single digits (what Google claims) to 40 percent or more. Google offers rebates to victims, some of whom claim click fraud has cost them as much as $500,000, but stamping it out is easier said than done. With millions of keyword transactions every day, coupled with bots that are growing ever more sophisticated, click fraud can be hard to spot in traffic logs. And in the short term, search engines have little incentive to prevent it, because they get paid whether the clicks are legit or not. If Google were to deploy an automated solution that could catch every instance of keyword fraud, traffic might plummet, as would ad revenue. That’s precisely what happened to a small Brooklyn-based company called Blowsearch.
For a company that depends so much on a single type of revenue, Google has stretched itself awfully thin. In the last two years, the company has released a dizzying array of products: Gmail, the Google Toolbar, Google Maps, Google Earth, Google Blog search, and an instant messaging/Internet phone service called Google Talk. There’s also the Google Print Library Project (a plan to scan and make searchable the contents of entire libraries), a video search engine that’s in beta testing, and a recent bid to provide free Wi-Fi to all of San Francisco. Things are so frantic at corporate headquarters, a Google PR rep recently told me, that he didn’t have time to answer questions; he did ask if I knew of anyone who wanted a PR job. As Search Engine Watch editor Danny Sullivan puts it, the fact that Google is getting into everything means that they run the risk of not doing some things well. If Google had invested more in blog search over the last few years, for example, it could have controlled the industry rather than playing catchup.
The recent announcement of an alliance between Google and Sun is another sign of potential future trouble. Usually when Google trumpets something, it has a product ready for prime time (even if it’s a product that remains in beta for years). But despite the media froth about Google and Sun joining forces to attack Microsoft on the desktop, all the companies have agreed to do is distribute and promote each other’s products—and without a plan to actually make it happen.Even if the press got it right, and Google and Sun are planning to create a network-based office suite to compete with Microsoft Office, they would undoubtedly experience a bumpy ride. Would the companies follow Google’s model of giving software away in exchange for targeting advertisements? If so, can you imagine drafting a screenplay about vampires and being bombarded by keyword ads for stakes and garlic? Spooky (and annoying). Besides, would fighting Microsoft for control of the desktop be smart? As risky as it may be to continue spitting out Web products that help disseminate its ever-growing inventory of advertisements, it’s even riskier to take on Microsoft, whose market cap is three times the size of Google’s. After all, Bill Gates has smashed upstarts before. Google would probably be better off figuring out another way to diversify its revenue streams. Perhaps its own success is the greatest long-term threat to its business. Because Google gives away its products for free, it’s a good bet that the day a company that charges for similar services gets forced out of business, it will sue claiming predatory pricing. The government probably wouldn’t allow Ford to give away cars equipped with satellite radio just so it could pump ads to drivers; the courts might find that Google, by giving away software, is competing unfairly.
Who knows, maybe Microsoft would be the one to file the first lawsuit.
Comment by publisher | January 5, 2006
[…] It gets even worse: Various sites are reporting that the “pre-fetching” option basically clicks all links on a page, including ones that say things like, oh, “delete this account.” […]
Pingback by michaelzimmer.org » Blog Archive » Google Web Accelerator: More (Scary) Problems | January 6, 2006
[…] Read more about this on InsideGoogle […]
Pingback by Marketing Thoughts » Things To Tune In To | January 15, 2006
[…] With all of this promotion, there must be millions of users installing GWA now. It works with both Internet Explorer and Firefox - that covers nearly the entire web population. Further, you might think that the program is more mature now. It’s not. I’m having major problems with websites I use, particularly ones with private accounts and sign in info. GWA can delete your account. It’s true - I’ve seen it firsthand - and I’m very worried. They are also tracking almost every click in results pages (redirecting them through google.com). This is a major concern to me. It is a huge breach of privacy. I am very, very surprised that people are letting Google get away with this. If I saw some kind of “Stop GWA” campaign, I would probably support it. If anyone is with me on this, please, start something. We should speak up. […]
Pingback by Google Search blog » Something is very wrong with Google Web Accelerator | March 28, 2006
can u delete my account windows live mail please and i want my hotmail back
Comment by tricia | May 12, 2006
can u delete my account windows live mail pls & i want my hotmail back
Comment by Rashid Ali | September 17, 2006
How can I delete windows live mail beta if the website won’t let me?
Comment by Debjani Syam | September 30, 2006
my hotmail wont delete. HOw could i delete it?
Comment by Paige Lyla | November 5, 2006
Follow the link below to delete/transfer material from AOL
http://www.trueswitch.com/help.htm
Comment by Rajiv Kumaran | September 18, 2007