Web 2.0: Whatever Google Knows About Spam, It Isn't Saying - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
News
4/25/2008
05:58 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Web 2.0: Whatever Google Knows About Spam, It Isn't Saying

Trust and reputation systems are a great way to reduce spam, but Google avoids talk of an ongoing flood of malware-infected porn on Google Groups pages.

At the Web 2.0 Expo in San Francisco on Friday, Google engineer Matt Cutts, who heads Google's Web spam team, gave a keynote address titled "What Google Knows About Spam."

Cutts and many others at Google know a lot about spam because Google gets a lot of spam, in e-mail and on Web pages. The problem is, he couldn't say very much about it.

Cutts anticipated this in a blog post on Tuesday in which he mentioned his upcoming speech. "I'm struggling with what exactly to say," said Cutts. "On one hand, Google knows a lot about spam. ... On the other hand, I don't want to disclose things that would benefit people that try to spam."

While keeping Google's security cards close to the vest is understandable -- few companies are open about security issues -- Cutts' reluctance to disclose what Google knows about spam made his presentation more tantalizing than rewarding.

For instance, Websense Security Labs on Thursday echoed previous reports that spammers were having a fair degree of success in defeating Google's CAPTCHA system, which prevents spammers from registering free accounts that they can abuse services like Gmail and Blogger.

"Spammers have managed to create automated bots that are capable of not only signing up and creating Blogger accounts (using spammer account credentials), but also use these accounts as redirectors and doorway pages for advertising their products and services," said Websense security researcher Sumeet Prasad in a blog post.

Cutts made no mention of this, and Google has maintained that account abuse at its free services continues to be driven by people rather than bots. Nor did Cutts address what appears to be an ongoing flood of malware-infected porn on Google Groups pages.

Instead, Cutts focused on Web spam and how sites can avoid it.

"Web spam is when somebody tries to cheat or take shortcuts so that their Web site shows up higher [in search results rankings] than it deserves to show up," he explained.

The root cause of spam is money, Cutts said, so site owners should look for ways to deny money to spammers. (Putting an end to all free online services would effectively deny money, in the form of free spam infrastructure, to spammers. But that would interfere with Google's business model, so the onus is on site owners to do something.)

Trust and reputation systems are a great way to reduce spam, Cutts said, citing eBay's and Amazon.com's work in this area. True though that may be, Cutts made it sound as if eBay and Amazon had more or less rid their systems of abuse. There's no doubt that eBay and Amazon have top-notch security, but holding those two companies up as the answer glosses over real problems that remain.

Guillaume Lovet, a security researcher at Fortinet, recently explained that scammers know that to beat eBay's reputation system, they either have to steal accounts -- which is why, he said, eBay is phished about 20 times more than banks -- or create fake trust with bogus transactions. That's why, he says, there are so many items sold on eBay for a penny: to game the reputation system.

Given his observation that "spam will get more malicious and more dangerous in the coming months and years," Cutts is clearly aware of the trends. Yet his recommendations -- get some trust mechanism into your system, avoid being a target, and strive to frustrate spammers by not giving them what they want -- seem incomplete.

Google clearly knows a lot about spam, perhaps as much as spammers themselves know. If only it were more willing to share that knowledge, we might be able to have a more informed discussion about possible solutions.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll