DID GOOGLE GET PHISHED?
[For my most recent post on public policy, click here.]
Less than 24 hours ago, my Google’s Blogger control board displayed a message warning me that a Google algorithm had identified my blog as spam and had blocked it temporarily. The message said my entire blog would be deleted in twenty days unless I clicked a link requesting a review. I did so and got a message that review would occur within 48 hours and that Google would notify me at my on-file e-mail address (which the message showed) when my blog had been unblocked. A similar message appeared in my e-mail inbox.
Like a dummy, I never checked whether posting on my blog actually had been blocked. I trusted the notices because they used or displayed my correct on-file e-mail address. That fact suggested that the notices, if faked, had to come from someone who had hacked into Google’ database of e-mail addresses. Believing that to be impossible or extremely unlikely, I trusted.
So I clicked the link requesting a review. I later looked at the e-mail in my inbox, which contained a similar link. Fearful of having my whole blog (five years of work, not completely backed up by me) deleted, I clicked the link and got a message that my blog already had been scheduled for review. All comfortingly professional.
On waking this morning, I began to think that any algorithm that would identify this blog as spam would have to be terminally sloppy. So, intending to be helpful, I wrote Google the message appended below, expecting it to be blocked from publication but available internally to Google and its ’bots. Yet it published as usual, and I got no message from Google (as promised) that my blog had been reviewed and unblocked.
This sequence of events leads to two possible conclusions. First, some diabolically clever spammer hacked into Google’s Blogger database and mined its e-mail addresses, using bogus “blocking review” requests to have bloggers verify their addresses’ active status. Second, Google uncharacteristically let loose an algorithm that should have remained in alpha test for a much longer time and then failed to follow up with the promised, automated e-mail notice when it unblocked huge numbers of erroneously blocked blogs.
As between these two alternatives, I think the former more likely, simply because the latter implies a sloppiness and lack of professionalism that I have never observed in any of my many uses of Google’s services.
I am disappointed in myself for failing even to suspect a phishing scam. It will be interesting to see how quickly Google informs its users as to what really happened, and how quickly bloggers and mainstream media pick up on what is either the phishing scam of the decade or a rare lapse in professionalism on Google’s part.
Here’s my original message to Google, which now is just part of my thinking:
You have blocked my blog for almost 24 hours because your spam identification algorithm flagged it. As Mark Twain might say, that identification is “greatly exaggerated.”
My blog contains no links to commercial sites in which I have an interest because there are no such sites. My comment policy states, “I also don’t publish comments that appear to be sent for commercial purposes or just to drive traffic to another blog or website.” I have observed that policy religiously with one exception, which I explain in a counter-comment (see comments to this post). All links on my site are to my own blog, other bloggers, mainstream media, or reputable sources of information on the Internet (including Wikipedia). I don’t even use Adsense because I want to maintain my anonymity and I don’t believe Adsense can do that. So accusing my blog of spamming is a bit like accusing Mother Teresa of theft.
I can conceive of only two reasons why your spam algorithm my have flagged my blog First, shortly before you flagged it, an unmoderated comment that was obviously spam landed in my comment inbox. I intend to reject it, but I have left it there so your ‘bots or programmers can study whether it caused the flag. (I also intend to reject the other unmoderated comment for extreme length and irrelevancy, but not because I noticed any spam links in it.) An algorithm that flags blogs as spam because of unmoderated comments placed by others is neither fair nor appropriate.
The second reason might be numerous links to Amazon.com throughout my blog. When I refer readers to a book, I often include a link to that book on Amazon.com for two reasons. First, readers may want to buy the book, and Amazon.com has one of the quickest ways to get it in their hands. Second, Amazon.com provides readers with a table of contents, front matter, and a look at some interior pages, some of which may contain the text for which I’m citing the book. So linking Amazon.com is the quickest and easiest way for me to give readers a seamless citations experience.
I hope your clever programmers will see this message and be able to figure out a way to (1) avoid tarring blogs as spam because of independent commenters’ actions and (2) allow multiple links (especially if in different posts) to mainstream media and websites like Amazon’s. If not, your spam ID engine should go back to alpha test. It’s not ready for prime time.
Update: Contrary to your spam ID engine’s promise, I have received no e-mail message that my blog was unblocked. Yet this message posted nevertheless. That sequence makes me fear that someone other than Google may have caused the blocking (or the warning message without blocking), as does your warning of an (extremely rare) outage of unspecified duration at 2:00 A.M. PDT tomorrow.
I have gone to great lengths to keep this blog anonymous. Yet because your (maybe not your?) blocking message contained my non-anonymous e-mail address, I fear my anonymity may have been compromised. If that fear is unwarranted, I would appreciate your assuaging it with a general notice posted on your Blogger home page or an e-mail message directed to the address that you have (anonymously, I hope) for me on file.
I also hope this incident is not some ghastly spammer’s revenge, in which some diabolical spammer mined your database for e-mail addresses and had fearful bloggers like me foolishly verify them by clicking the link to have their sites reviewed. I only clicked that link because you are the Gold Standard in online protection. I hope I wasn’t misled.