RSSGoogle Web Accelerator Draws Concern
By Ed Oswald and Nate Mook | Published May 6, 2005, 2:54 PM
Google's release of its Web Accelerator has caused growing concern among some developers that it may actually do more harm than good. In order to speed up Web surfing, the tool automatically downloads URLs linked from the page a user is visiting, which means it might load administrative links for editing or deleting content.
The issue was discovered when users of Backpack, a service designed to organize information for individuals and small businesses in a wiki-like format, complained that their Web pages were suddenly disappearing.
Jason Fried of 37signals, the company behind Backpack, discovered that all the complainants had one thing in common - they had downloaded Google's Web Accelerator.
"Google is essentially clicking every link on the page — including links like 'delete this' or 'cancel that.' And to make matters worse, Google ignores the JavaScript confirmations," Fried wrote in the company's Web log. "So, if you have a 'Are you sure you want to delete this?' JavaScript confirmation behind that 'delete' link, Google ignores it and performs the action anyway."
Fried called it "disconcerting" that Google Web Accelerator was ignoring these confirmations because of the potential destructive power to customer information it could cause. "Google’s web accelerator seems like a good thing for the public web, but it can wreak havoc on web-apps and other things with admin-links built into the UI," he argued.
Deleting content isn't the only potential problem caused by Google's Web Accelerator. Members of Internet forums using the tool have found themselves loading pages previously cached by other users - meaning they can view that user's account information and private messages. Google Web Accelerator uses caching to speed up the loading of Web pages.
Although developers can forcibly tell Google not to cache a page, some have opted to block Web Accelerator all together to avoid violations of privacy.
Other, less critical issues have cropped up as well. Because Google Web Accelerator can prefetch Web sites that are never viewed by a user, it can inflate page view numbers, or even cause phantom views of advertising banners.
Because all traffic is routed through Google, Web site owners have also expressed concern about tracking where visitors are coming from, called referrer data. "My second question was whether or not this would affect referrer reporting as requests are being made on behalf of Google. But apparently your IP is still forwarded," said a 37signals user. "I'm still not sure if this will actually retain the referrer data."
Google could not be reached for comment by press time.
Here is a download mirror for those that dont have it yet...and yes this is a clean copy I have tested it and you can test it to...
http://home.insightbb.com/~google/
Score: 0
|... for the Spyware-removers.
Score: 0
|... for the Spyware-removers.
Score: 0
|For people who don't know...
since we are talking about web crawlers..
there is actually an internet archive...
it stores websites on it from years ago... you might actually find your own old site on it you thought was gone..
it's some super web crawler that checks for updates of sites and then actually copies over the whole site to their storage drives..
you can even find the original napster website on it for example ;-)
anyway the site is http://www.archive.org/
it might actually freak you out when you find that website you thought was gone lol...
p.s. it's slow at times because of the extensive database it works from...
Score: 0
|GOOGLE IS DOWN as of 3:55 PM PST. The world is coming to a hault.
Score: 0
|I don't use this app, but it seems to me that any system where this is an issue (in regards to deleting posts and stuff) is probably massively open to very simple get request xss attacks and you shouldn't be using it anyways.. go figure..
Score: 0
|I tried this program the other day for a few hours, but I immediately uninstalled it after I went to Hotmail and accidentally gained access to someone elses account... Lucky for that person I have morals amd I just logged it out, but what if It would have been someone without any, they'd be up a creek right now...
Score: 0
|This is just too funny.
Again I agree. This is why it's on Google Labs and it's just beta.
People have just gotten too used to Google's beta's being as good as production for some other companies.
Google will get it right. They always do.
Score: 0
|This is going to be a fantastic tool for malicious sites. Automatic downloads of virii, malware, spyware, keyboard loggers and porn!
All they have to do is get indexed by Google.
Score: 0
|Obviously you are a geek.Get a job and stop cluterring the Internet with insipid comments. Google is doing for the Internet more than anyone. The day you develop an algorithim that is equal to Googles' maybe it is time to change your diapers. I hate it when pre-schoolers make comments concerning issues they have no right to make.
Score: 0
|One more reason why sites like this should be on 'https://', not 'http://'. Only other option would be to deny access by proxy. Although, most users probably wouldn't be able to figure out why they can't get in and are getting a 'proxy' error, which would mean quite a few support calls.
This really isn't google's problem. If the site is insecure enough to allow a web-crawler, even if it is operating under user-authority, to delete things, then it is also insecure enough to allow bots to do the same. Not a site I would trust much to.
You don't see eBay users whining that their auctions were deleted...
Referrer's? This isn't new. Any 'Web-Accelerator' software referrs as itself. It's actually looked upon as a benefit of folks who wish their privacy to be retained/usage un-tracked.
Score: 0
|The point is that the user is running the client - NOT Google itself. This means the user logs in and the links appear, which are then automatically accessed by Web Accelerator. This has nothing to do with Web crawler security.
Score: 0
|I just checked out the referrer issue. The referrers still seem to be correct, at least when you really click on the page. In addition, referrer is different from originating IP address, which is masked when you use some proxy-based privacy tool, like JAP. (http://tinyurl.com/33b6r)
Score: 0
|Still something the site should be required to fix, not google. It's an issue of site security. If a web-accelerator can get user rights to a site, a trojan/backdoor can as well. The sites in question need to be better secured.
Score: 0
|lol hmmm... looks like they still have some work to do. That is why, after all, it's listed on Google Labs instead of on the Google homepage as a finished product.
Score: 0
|I knew something like this was going to happen.
It caches the entire site. lol
Nowdays most people have Broadband at least 512KBits, here in the UK it's now at least 1-2MBits why do you need to make it go faster? It's fast enough already.
Score: 0
|Wondering the same myself. Last time i had issues with "slow web" was back in the modem days.
Broadbands are getting faster, cheaper and better all the time, im not sure this "web accelerating" will be all that nessary.
Score: 0
|Actually the majority (at least in the U.S. as of a few months ago) are still on Dial-Up.
My only problem with the damned thing is I click so fast / don't want many other linked sites in it.
For instance, I am a common 'fark'-er and when I'm on their site, I don't want every single linked news source's bookmarks... they're just not useful.
Score: 0
|Yeah they are rolling out ADSL2+ or something which will be like 20MBits.
Score: 0
|I wouldn't be surprised if, in ten years or so, 60Mbitp/s connections will be avialable from your local phone company. I tried the google app for a bit until I read this, can't say I didn't mind it though, sped my connection up quite a bit, and I am running on only 7kbp/s connection, so I didn't mind it in the least.
Score: 0
|Wait, it downloads all the links on the page? Just recently I went to a ROM site that listed like 500 links to roms on a single page....does that mean google is going to try to download and cache 500mb for me?
Score: 0
|uhhh i think it caches somewhere on your system. not on the google server?
Score: 0
|It only caches pages, not binary files.
Score: 0
|