November 2010 – Google Watchdog

Europe initiates antitrust investigation of Google

Posted on November 30th, 2010February 6th, 2011 by Silicon Valley Sleuthhound

The Monster of Mountain View’s monopolistic practices are finally drawing a response:

The top European antitrust regulator opened an investigation into Google on Tuesday to examine allegations that the Internet giant has abused its dominance in online search.

The decision follows complaints by specialized search-related companies about “unfavorable treatment of their services in Google’s unpaid and sponsored search results,” the European Commission said in a statement.

The commission said it was also looking into whether Google might have given its own services “preferential placement” in search results. In addition to its search engine, Google has a growing number of other online businesses, including mapping, translation, video and electronic commerce services, many of which, like the search engine, are supported by advertising.

Google’s tendency to give its own services preferential placement in search results appears to be an internal policy. It’s already been well-documented by critics. From Google’s perspective, cross promotion makes a world of sense. The growth of Google’s spyware-laden browser, Chrome, has been mostly driven by Google’s own Internet properties, including YouTube and Blogger, where users are encouraged daily to try Chrome. Most people who download Chrome have absolutely no idea what the implications are for their privacy and security.

Aggressive cross-promotion is also what got Microsoft in trouble years and years ago. Microsoft used its Windows operating system to destroy the market for Netscape Navigator, by giving Internet Explorer away for free and then bundling it into Windows as the default browser. Microsoft managed to survive its own antitrust investigation, but the legal battle and other circumstances took a toll on Microsoft’s stock, which is still limping along nearly a decade later.

Menacing Monopoly

Monster of Mountain View? How about just Mountain View Monster? Google seeks town takeover

Posted on November 21st, 2010 by Silicon Valley Sleuthhound

The San Jose Mercury News reports that Mountain View is running out of space for companies that aren't named Google:

Google's aggressive online growth increasingly has a counterpart in bricks and mortar, with the company's Mountain View headquarters mushrooming in the past four years to occupy more than 4 million square feet, or the equivalent of about 40 Home Depot stores.

But that's just a start. On Silicon Valley's NASA base, Google is preparing to build a new corporate campus with fitness and day care facilities and — in a first in the valley — employee housing, adding 1.2 million square feet of space to Google's real estate holdings.

Although other valley giants also occupy vast amounts of real estate, Google is growing in a way that is distinct, remaking its surroundings according to its own values. In addition to buying and leasing buildings and squeezing out some of its neighbors, it is prodding the city of Mountain View to transform the area around its headquarters, adding housing and retail to create an environment more like a town center.

The Monster of Mountain View's appetite for land and office space is resulting in a loss of economic diversity in town, as other tech firms migrate elsewhere:

Phil Mahoney, executive vice president with Cornish & Carey, recently relocated the semiconductor company MIPS Technologies to Sunnyvale, “as much as anything, getting out of Google's way.”

“The handwriting is on the wall. You don't want to compete with them for space,” Mahoney said. “In real estate circles, it's called 'the Google effect.' “

Google is so hungry for space it's willing to pay to get rid of tenants so it can use every bit of space in buildings it has purchased.

Other businesses feel pressured by Google's expansion, like Colin McDowell's McDSP, a tiny atoll bobbing in the Googley ocean.

McDSP's 1,682-square-foot office is now the only non-Google space in 1300 Crittenden Lane, a 115,000-square-foot building that Google bought in 2006 as part of a $319 million deal that also included the core Googleplex. McDowell, the CEO of the six-person audio-technology company, has a lease through 2014, but Google wants him out now. McDowell hasn't wanted to move, saying the rent is good and the offices are close to Shoreline Amphitheatre, where professional musicians frequently need McDSP's services on short notice.

As he enters his office each day and peers through a glass window into a Google break room replete with a Google-logo espresso maker, racks of candy, snacks and an often boisterous foosball table, McDowell says he can't help but feel a hint of jealousy.

“Could you just not flaunt it so bad?” he says of his landlord. “Not right in our face?”

Mercy? From Google? Fuhgetaboutit.

Shoddy Security

Young Armenian blogger discovers huge Google security hole

Posted on November 20th, 2010February 6th, 2011 by Silicon Valley Sleuthhound

Kudos to Vahe G for once again reminding us why entrusting our user data to Google is a bad idea:

Facebook would probably just consider this a feature, but the rest of us will definitely consider this a big security hole. The creator of http://guntada.blogspot.com (don’t visit that site just yet) emailed us this morning to explain.

If you’re already logged in to any Google account (Gmail, etc.), and visit that site, he’s harvested your Google email. And proves it by emailing you immediately.

What Vahe did is use Google’s Blogger to create a blog (on BlogSpot) and then take advantage of a security vulnerability to harvest the email address of anyone signed in with a Google account. The harvesting was taking place just by visiting the blog in question. As proof, Vahe was sending messages to the harvested addresses urging the individuals who own those addresses to share a goo.gl shortlink pointing to the blog with friends.

After TechCrunch reported the exploit, Google took down the blog, and Vahe sent an email to TechCrunch’s founder, Mike Arrington, explaining the vulnerability:

Hi Mr. Arrington,

I see you have already shared the news. It’s good that google got it down, I really don’t want people to know about how that was done (if Google contacts I will definitely tell them – they just don’t answer my emails). Problem relies solely on Google.

Problem is I asked a lot of people, and most of them don’t really understand and care about this kind of things and big companies act like they all really protect our privacy and such, but they see that people don’t care and don’t do anything really.

Regards,
Vahe G. (Armenian 21yrs guy whom Google doesn’t wanted to even talk to)

That’s one incredibly smart guy.

Google’s response?

We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.

It’s telling that the issue only got addressed after it made it onto one of the most widely-read technology blogs in the world. By not catching these things earlier, Google is exposing its users to external harm. All the more reason not to have a Google account and not do business with Google at all.