It was a bad weekend for Google as the entire site was rendered unavailable on Saturday night and their new Web Accelerator application drew criticism on privacy and security concerns.
The free Web Accelerator app was designed for broadband users to speed up access to Web pages by serving up cached or compressed copies of sites from Google’s servers.
Within hours of release, critics were pointing to a flaw that meant that users could be served cached copies of private discussion groups or password-protected pages.
The issue was first discovered when users of Backpack, a wiki-like service for individuals and small businesses, complained that their Web pages were suddenly disappearing.
Jason Fried of 37signals, the company behind Backpack, discovered that Google’s Web Accelerator was behind the problem, explaining in his company’s blog, “Google is essentially clicking every link on the page – including links like ‘delete this’ or ‘cancel that.’ And to make matters worse, Google ignores the JavaScript confirmations.”
A clearly miffed Fried continued, “So, if you have a ‘Are you sure you want to delete this?’ JavaScript confirmation behind that ‘delete’ link, Google ignores it and performs the action anyway.”
Deeply unchuffed, Fried complained that “Google’s Web accelerator can wreak havoc on Web-apps and other things with admin-links built into the UI.”
Other users of Google’s tool also found themselves loading pages previously cached by other users on Internet forums – letting them view that user’s account information and private messages (Web Accelerator doesn’t cache secure Web sites written in “HTTPS”, so online transaction sites were unaffected).
Web publisher have raised concerns that, if Google is caching the publishers content and readers are using the Google cached version to access the information, the number of people that the server logs are reporting as accessing their content may not truly reflect the number of people reading their site. If this is the case, there would be a direct hit on the publishers advertising revenue.
Conversely, there are others claiming that there were other problems associated with the application’s ability to prefetch Web sites that are never viewed by a user – this could inflate page view numbers and exaggerate views of advertising banners.
Marissa Mayer, Google’s vice president of Web products, acknowledged the problems while downplaying the threat, saying that it had only affected a small number of sites.
“It looks worse than it is. We’ve cached the page with that username on it. But you are not actually signed in; you couldn’t operate as that person,” she added, before cranking up the PR spin machine, “We’re committed to provide users the utmost of integrity in security and privacy, and we’re working with urgency to solve this problem,” she added.
The program is currently no longer available from Google, with a notice on the Web Accelerator homepage saying, “We have currently reached our maximum capacity of users and are actively working to increase the number of users we can support.”
Sadly, things went from bad to worse on Saturday night when the world’s leading Internet search engine shut down from 6:45 to 7 p.m. eastern time, with some users experiencing longer outages.
It wasn’t just the search engine that had gone down – Gmail, Google News, Froogle and the entire caboodle of Google’s services had all vanished off the face off the earth.
Curiously, when some surfers typed in ‘google’ they found themselves being redirected to a SoGoSearch page, sparking rumours that the site had been hacked.
Google spokesman David Krane pooh-poohed such talk, declaring, “It was not a hacking or a security issue,” while insisting that that the problem was related to a DNS (Domain Name System) problem.