So Google removed AdBlock Plus from the Google Play Android store. That is their prerogative, off course, but it does confirm they’re not the cool technology-centric search engine everyone once thought they were. It’s kind of ironic that in December 2011 AdBlock Plus by default enabled the display of “acceptable” ads, a move that seemed to be an attempt to appease (or please) Google.
But whatever way you look at this, Google’s core business (as is Facebook’s) is displaying ads. Sure they try to do that in an intelligent manner. And sure, they have some cool technologies (App Engine, Android, Chrome, …). But at the end of the day they want us to see and click on ads. That makes Google a media company. But whereas traditional media have -at least the notion- of a wall between their editorial and advertising departments, editorial independence does not seem to exist over at Google.
I don’t like particularly like ads, I don’t like widgets snooping on my web-whereabouts and I definitively don’t like Google’s advertising department dictating what applications the editorial team in charge of Google Play should remove. So today I installed AdBlock Plus on all my devices. Maybe you should too?
Multi-lingual WordPress the Easy Way
Imagine you run WordPress with English as default language, but some posts are in another language. Dutch, maybe? Up until a couple of months ago, you wouldn’t really notice anything about that setup. Google might be slightly confused, but us bloggers aren’t really into SEO anyhow, no? But with the release Safari 5.1, Firefox 16 and especially Internet Explorer 10, support for CSS Hyphenation became (somewhat) widely available and if your theme (WordPress TwentyTwelve or its performance-optimized 2012.FFWD child theme for example) has support for in the CSS, your hyphenation would yield weird results because of the fact that the browser uses the language attribute in the HTML to decide which dictionary to use.
The solution, if your theme is HTML5, is to add the lang-attribute to the article-tag if you have something to check the language with. In my case I just had to copy TwentyTwelve’s content.php and change line 11 into:
<article id="post-<?php the_ID(); ?>" <?php if (in_category('lang:nl')) { ?>lang="nl" <?php } ?><?php post_class(); ?>>
A real simple hack indeed; I check if the article has category “lang:nl” attached to it (which I already used) and set the language-attribute with the correct value if it does. Hyphenation now works for Dutch blogposts and I guess Google will be happier as well that way?
If it looks like a duck; ditching Google Search (again)
Let’s apply the duck-test to Google;
- They’re changing their privacy policy without offering users a true opt-out
- They severely limited access for Scroogle, the Google-scraper for privacy-nuts, to the point where it is effectively out of service (although apparently Google isn’t the only one to blame)
- They have been caught with their hands in your cookie jar, not only bypassing user’s cookie preferences in Safari but also in Internet Explorer
So if Google looks, swims and quacks like it doesn’t care about user privacy, it must be that it … doesn’t care about user privacy.
I on the other hand do care about my privacy, so I decided to put even less eggs in Google’s basket: I’ve switched my search-engine to startpage.com, which is operated by a Dutch company (i.e. one which has to comply with stricter European privacy laws) and which guarantees privacy while being powered by Google.
Startpage’s only downside: they are blocked by our company internet-filter because they provide proxy-services, so as an alternative I also use the less powerful DuckDuckGo (I changed keyword.url in Firefox’ about:config to “https://duckduckgo.com/?q=”). And a nice bonus; DuckDuckGo also has a nice Android-app, which I have installed to replace Google Search on my Sammy SII as well.
You can have my Google password!
Although web security is something I like to dabble in, I can’t honestly say it always is on the top of my mind. Up until an hour ago, access to the vast amount of information that Google manages for me (including access to my Google Android account) was protected by nothing but a password. A rather strong password for that matter, but it wasn’t entirely random and it has been the same for quite some time now.
As access to important online services such as Google should ideally not only rely on just a password (session hijacking anyone?), I activated Google 2-step authentication. What this means is that access to Google (Mail, Docs, …) is now also limited to authenticated devices. If I try to access Google from another computer, I’ll have to authenticate the device using an SMS-challenge or a code generated by the Google Authenticator application on my Android-phone.
If you’re still unsure about what 2-step authentication entails, here’s a brief intro-video from Google:
So yeah, you can have my password now. Theoretically. If you really insist. But even if I do decide to give it to you, you still won’t be able to access my account. How’s that for peace of mind? And now off to Facebook security settings, to enable login notifications & approvals.
Follow-up Friday: Ubuntu Unity, Android security & WordPress Stats
Just a couple of small updates on previous stories to keep you posted really.
We’ll start of with Ubuntu Natty Narwhal; beta 2 has been released earlier today. I’ve downloaded a lot of updated packages over the last few days, so I guess I’m on the second beta as well. The Unity launcher now comes out of hiding perfectly and it scrolls down automatically to show items at the bottom as well. There also was a bug with the menu-items of some applications (e.g. Firefox 4) disappearing which seems fixed. Hope they can get the launcher to behave with Java apps (e.g. my favorite mindmapping application) soon.
On another note: Lookout, the Android app that allows you to locate your handset and -if you have the paying version- remotely wipe it, seems to be getting some serious competition from …. Google. Enterprises who have Google Apps for Business can now locate, encrypt and wipe their Android devices. Especially the encryption is important news, but it really should be available and configurable in the Android OS itself
To finish off with some news about WordPress Stats secretive inclusion of Quantcast behavioral tracking: it seems like WordPress Stats plugin will be replaced by Automattics Jetpack, which according to the site:
supercharges your self‑hosted WordPress site with the awesome cloud power of WordPress.com
Jetpack actually is a “super-plugin” that offers functionality from Stats, Sharedaddy, After the deadline and other previously separately available Automattic plugins. The Jetpack WordPress.com stats module does still include the Quantcast “spyware”, doesn’t disclose this feature and doesn’t provide functionality that warrants Quantcast inclusion (in spite of Matt Mullenweg claiming “We’ve been using Quantcast to get some additional information on uniques that it’s hard for us to calculate”). But there is (some) good news in the Jetpack Stats source code though, because on line 145 it reads:
‘do_not_track’ => true, // @todo
This could mean that blog-owners will one day be able to opt out of 3rd party tracking or it might be that Stats will take e.g. Firefox DNT-header into account for your blog’s visitors. Having both would off course be what I will be rooting for!
Google Security says “Thanks Frank”
A few weeks ago I received the following in a mail from Google;
As a small token of appreciation for helping keep Google’s users safe and secure, we’d like to credit you on our website.
And indeed, yesterday my name was added to the “Honorable Mention” paragraph on Google’s Security Hall of Fame.
I don’t consider myself a security expert by any measure (although I am very interested in web app security) and I discovered that vulnerability in the iGoogle Facebook gadget merely by chance, but it’s nice to see my name (and a link to this blog) up there! Thanks for thanking me Google!
Google Privacy Fail; Asa Dotzler is right
Mozilla’s Asa Dotzler recently rocked the boat when telling readers to use Bing instead of Google because of a shortsighted statement on privacy by Eric Schmidt, Google’s CEO. The discussion that followed Asa’s blogpost was interesting on occasion, but harsh and even rude at times.
While we’re all Google fanboys one way or the other and while the idea of switching from “Do no Evil Google” to “Monopolist-Micro$oft” can be a little bit unnerving, there is in my opinion reason to be concerned with Schmidts’ quote. My main problem is with this claim;
If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.
I don’t know about you, but to me Schmidt seems to imply that if I require privacy, that must mean that I have something to hide which is at least unpleasant and probably even outright illegal. If one accepts this premise, requiring (or enforcing, by means of encryption or anonymizers) privacy in itself is an indication of guilt?
Given that Google has too much data about me (being the avid Google-user I am) and given the flawed reasoning of Google’s CEO regarding respect for my privacy, I cannot but agree with Asa Dotzler. It is time to rethink my use of Google applications, although I’m not switching to Microsoft alternatives just yet. The general idea is simple: stop putting all my eggs in one basket, instead fragmenting my information across multiple independent organizations, hoping that privacy-breaching data-mining will be a bit less efficient that way.
I’m still looking into alternatives for most Google web applications (Serge is right off course; “with microsoft it’s easy, you can switch to apple or linux – the problem with google is that their stuff just works“), but for search I’ve decided to switch to scroogle.org. Scroogle is a not-for-profit secure (as in https) cookie-less search that uses Google (the irony). The site is operated by Daniel Brandt, the almost anonymous weirdo who’s also behind google-watch and wikipedia-watch.
To make sure my Google-friendly browser doesn’t accidentally direct me to Google search, I changed the following things in Firefox:
- On my “bookmarks toolbar” replace the Google bookmark with a Scroogle one
- Add “Scroogle SSL” from the Mycroft search engine plugin site and move it to the top of the “search engines” list
- And finally to make sure searches from the “awesome bar” don’t direct me to Google either, in about:config I changed the value of “keyword.URL” into “https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi?q=”
So what Google property should I replace next and more importantly, what with? Any suggestions? 🙂
Google to launch Chrome, a Webkit-based browser
Yesterday Google confirmed that it would be releasing a new browser in beta today, named Chrome. Everything there is to know about this new open source browser for now, can be found in an online comic.
Based on that publication, the most important features seem to be;
- each tab runs its own sandboxed process (limiting the damage one tab or plugin within a tab) can do (as is also the case in MSIE 8 beta with what they call “Loosely coupled IE”)
- it is based on webkit (remember khtml and Apple’s Safari and all those mobile browsers)
- it features a new javascript virtual machine, build by v8, a Danish company
- the ‘omnibox’ (cfr. the ‘awesomebar‘ in Firefox) is located on the tab-level instead of the window and is thightly integrated with (you guessed it) google
- a new tab shows you your 9 most visited sites and your 3 most uses search-engines (a bit like Opera Speeddial)
- it features a ‘icognito’ mode in which nothing is logged (cfr. InPrivate browsing in IE 8 beta 2)
- google gears comes prebaked
- it is not clear if Google used Mozilla’s XUL/chrome to build the UI elements, but the name might be an indication that they did and the comic does state that Google “owes a great debt to other open source browser projects, especially Mozilla and Webkit”, so …
Looks very interesting, i’ll download is as soon as it’s available later today. But I’m curious what the Mozilla-guys think of what must be a double dent in their ego with a friend gone foo (well, to a certain extent) and with Google not using Mozilla’s Gecko as html-rendering engine.
Update; a screenshot of the new browser:
Don’t let Google fool you; tame your Flash!
As I wrote some time ago, Google indeed does index Flash. Great? Well, maybe not: you might even lose valuable site visits this way! This is because Google does not direct users to the page on your site that contains the Flash (as it does for image search results), but to the standalone SWF-file. That means that people doing a normal search in Google, will in some circumstances get high-ranking links straight to your Flash-files instead of to your website and that these prospects will not be drawn into your website’s sales funnel at all. So much for SEO.
Solutions? Well, you could refrain from using Flash all together, there’s too much of that stuff around anyhow. Or you could prohibit googlebot (and others) from indexing swf-files by specifying this in your robots.txt-file.
These are both great remedies, but somehow I think not everyone will agree. So what if we could perform some ActionScript-magic to make a Flash-file force itself in its correct context? Although I am not a (Flash-)developer by any account, I hacked together a small demo (in ActionScript 2) to show how that could be done.
And indeed, if you point your browser to the standalone swf-file, you’ll see you are redirected to this page. How this is accomplished? Quite easily actually;
- add a flashvar (e.g. “embedded=true”) to the object/embed tags in the html
- check for the value of that flashvar in the first frame of your movie:
var embedTrue=_root.embedded; if (embedTrue=="true") { // all normal flashyness goes here stop(); } else { gotoAndPlay(2); stop(); }
- and in frame 2 we do the redirect to the correct url:
onEnterFrame = function() { // weird, stupid test to avoid this from being executed more than once if (!runOnce) { var targetUrl = "http://blog.futtta.be/2008/05/06/"; geturl(targetUrl); runOnce="1"; } } stop();
I’m sure the code stinks and it indeed is only actionscript2 and not 3, but maybe someone out there can build something usefull out of this general idea. And if not, I’ve had fun learning some (very) basic actionscripting. Now off to “Add/remove software” to get rid of that hog of an IDE! 🙂
Google lust Flash, maar willen we dat wel?
Ge weet het, ik ben geen fan van sites die geheel of grotendeels Flash-gebaseerd zijn (idem voor Flex of MS Silverlight, vanzelfsprekend). Daarvoor geloof ik te sterk in de kracht van gestandardiseerde html, css en javascript en hecht ik te veel belang aan toegankelijkheid, gebruiksvriendelijkheid en ‘searchability’.
Maar met de ‘searchability’ van Flash zit het blijkbaar dan toch wel snor; Google indexeert blijkbaar ook swf-bestanden (flash dus). De “do no evil”-zoekgoden maken daarvoor gebruik van de Adobe Search Engine SDK die onder andere een applicatie bevat om (html-)strings uit een swf-file te halen. Swf2html lijkt qua functionaliteit gelijkaardig aan swfstrings, onderdeel van het open source swftools.
Dat Google nu ook Flash indexeert, is echter niet altijd ideaal. Probeer bijvoorbeeld een eenvoudige zoekopdracht naar “student woon samen sparen kbc“. Het 3de (!) zoekresultaat is een link naar een “instructie-filmpje” over de KBC Spaarservice. Normaal gezien krijg je die presentatie enkel in de KBC-site te zien, maar dankzij Google wordt het flash-bestand zonder die context ontsloten. Ik durf te wedden dat dat toch niet echt de bedoeling is? En dat een grootbank of webcommunicatie-bureau vermoedelijk toch prefereert dat zoekresultaten naar de site (van de klant) gaan, in plaats van naar het individueel geindexeerde flash-bestand?
Mijn mening over flash blijft dan ook grotendeels onveranderd:
- geef de zoveel mogelijk de voorkeur aan ‘plain old html’, zeker voor navigatie
- gebruik flash enkel voor pagina-elementen en niet voor hele pagina’s
- gebruik flash enkel als die technologie een duidelijke meerwaarde biedt (voor video of iets game-achtigs bv)
- zorg voor een beschrijving van de inhoud van de flash in de html (in de div waar de flash wordt geplaatst, of in noscript-tags)
- mijn enige nieuwe advies: voorkom dat swf-files worden geïndexeerd (dmv robots.txt) of voeg code toe aan je flash, zodat die enkel in de juiste context getoond wordt (ik veronderstel toch dat dat kan, zoals ook een html-pagina met wat javascript in de juiste iframe-context kan gedwongen worden?).
Om af te sluiten nog een bijzonder leerrijk (flash-)filmpje misschiens?