Today my google account was suspended for ToS violation. I think it might have something to do with the "ruin my search history" viral thing yesterday.
Did anyone else who participated in that have their account suspended today?
(Talking about this -- do not open link if you do not want to literally ruin your search history: ruinmysearchhistory.com)
Ask HN: Did anyone use ruinmysearchhistory and get Google account suspended today? | Dark Hacker News
Recently (maybe the past ~6mo or so) I've noticed that when I start pasting logs/errors/tcpdump into Google, it is now especially suspicious that I'm making automated queries and makes my IP solve a captcha.
I doubt my lack of a Google login and random UA spoofing does anything to help this, though.
Could it simply be the speed with which the queries are made, making a bot-blocker suspect a bot?
Edit: apologies, meant to reply to OP, not here. To parent, I already upvote your comment - it's pretty cool, but also scary that we now have conversations about whether we're being surveiled by our government (in the US) as a casual normality. The only difference that appears to remain is that we openly talk about our government surveiling us. I worry they'll attempt put a stop to that too eventually.
(Tedious disclaimer: my opinion only, not speaking for anybody else. I'm an SRE at Google.)
One might describe it as a social botnet: somebody convinced a bunch of people to execute some code on their computer that sent automated search queries.
I'm curious: does anyone know whether Google searches are truly monitored, and how, if it's HTTPS?
I showed ruinmysearchhistory.com to a Pakistani Muslim friend, not having clicked it myself, and he thought it was funny until the ISIS application parts started coming up, when he consequently freaked out, as you might imagine.
But this got me wondering -- it seems to be widely accepted that googling things like "how to make a bomb," "bomb materials," "where to buy guns," etc will get you put on a government watchlist.
It's never been clear to me whether this is superstition or if there's truth to it. Google is fully HTTPS-- how could your searches be monitored unless google was handing them over to the government?
> It's never been clear to me whether this is superstition or if there's truth to it. Google is fully HTTPS-- how could your searches be monitored unless google was handing them over to the government?
They could be monitored if the government had surreptitiously gained access to Google servers or internal data transfers by compromising infrastructure such as Google's datacenter-to-datacenter links.
I use that example because I recall a leak (IIRC, either as part of or contemporaneous to early rounds of the Snowden leaks) that the NSA had done exactly that with unencrypted inter-data-center links of Google and other entities with multiple datacenters, and reports shortly after that that Google and several others had taken action to secure and encrypt those links afterwards.
That was the famous slide that showed where Google took off SSL with a little smiley face--which reportedly caused Google engineers to "explode with profanity."
The NSA actually did not do the actual hacking. The British GCHQ did, with technical assistance from the NSA. Thus the NSA could pretend that since the GCHQ collected all the information, it was foreign-sourced and therefore not subject to FISA court jurisdiction.
Most Third World governments control ISPs and DNS queries can be easily monitored but whether those are implicative or not depends on where the content embedded in the search results is hosted/served from.
Also, even if Google is fully HTTPS, if a query returns images hosted on unsecured websites, those urls will be plainly visible and hence implicative.
Edit: The embedded thumbnails are actually encrypted as pointed by the comment below.
I was curious and just checked -- until you click on an image in google's search results to see it fullsize in the semi-lightbox, you're actually getting the "thumbnail" sent from google as a b64 encoded string
Google retains your full search history, by default, and lets you read all of it. (Google also scans it for ads.) Google most likely also have your real name, address and/or phone number.
Do they hand it over to law enforcement/NSA/oppressive regimes? Maybe.
I think Google has some monitoring for images of child sexual abuse and terms used to find those images. I'm not sure what they do if you search for those terms or if they just return blank pages.
I have assumed that searching things like "How to make a bomb" will bring you on government radar. How government does it does not matter. I will not be surprised if the government has malware infected your computer to occasionally steal your browser history.
Google is not fully https - its the road customer<-> google that is fully https - internal traffic is not encrypted. And internal traffic goes worldwide for google.
I don't know if it still works, but Google used to support network providers force non-ssl searches using DNS poisoning. BT's WiFi offering used to do this, which is one of the reasons I stopped using it.
The kind of stuff you can afford to do only when you're a US citizen and thus not a potential victim of some arbitrary US custom officer deciding you can't come in anymore and have no appeal.
What I'm saying is, if you're not a US citizen, don't participate in those kinds of actions. The problems these campaigns highlight are real, but being foreigners, we have no legal recourses in the US in many areas, and can end up seriously fucking up our lives.
Also it'd be nice if US folks sharing those links and encouraging actions of the kind could be considerate of non-US people who don't necessarily have the leisure of getting on all kinds of list.
Well this is a weirdly US-centric view.. You seem to assume that all people not living in the US are actually just waiting to emigrate their. I'm quite happy in Spain, thanks!
As I am currently in a North African country I freaked out when the ISIS shit started popping so I immediately deleted my google history and nothing happened now.
I still don't get why something so malicious was upvoted so much.
I always use a VPN so I am not worried about my IP address getting listed somewhere but I only hope Google does delete my search history... Yeah I'm on that list now.
There is a small difference between ruining ones search history and being brought to the attention of whatever authority is watching[1]. It does seem like a https://xkcd.com/576/ situation applied to search.
1) I would bet our web filter would be sending me some reports
Wow, really sorry to hear that happened! I would be in a panic if that happened to me. I feel like that site could have been used for good, to maybe scramble user profiles. As another user commented here, the terrorist search terms seem like a really unnecessarily extreme joke. Do you think you were suspended because of the high volume of automated searches or would it have something to do with the actual content?
Exactly, surely they are cross referencing your browser making requests with your IP one second, your "anonymous" mode the next then another sync with gmail from your gmail page. And I'd bet that is far less sophisticated than it gets.
Wow! It really saddens me that our world has gotten to a point where people are scarred, justifiably, for the consequences of clicking on a website link.
I haven't clicked it as my usual Chrome user because I find my search history useful for recalling results.
I did open it in an incognito window and saw what it does. It doesn't look like a big deal. It's probably the web-era version of sticking red-alert keywords in your Usenet signatures back in the 80's and 90's.
Poked through the JS to find the list of search terms since I didn't want to ruin my search history, silly list. The last one was a funny easter egg "OH COME ON DONT JUST COPY AND PASTE THE LIST FROM THE ARRAY YOU CHEEKY SCAMP"
I'm curious, what if something like this was distributed as malware or viral links (the new rick and roll), would it get a lot of people banned? Would it work as a global privacy tool?
I doubt it? The site still requires you to click a button (which would be inside the iframe) before it will search for you. Also, are iframes able to use `window.open`?
Interesting thought, but wouldn't it kinda have to be done that way? Otherwise you'd see missing images on image SERPs, and you'd see the delay of thumbnails loading due to slower source servers.
This whole incident has convinced me to actually use a tool like this, so I'm going to write one and distribute the extension code for free. I promise you won't be able to detect it, so good luck.
I think anyone who wants the ability to obscure their search footprint should have it. And if you think otherwise, I'm doubly convinced it's necessary.
Maybe, but it depends on whether the location of the query is taken into account. In that case, the majority of the people who clicked through (which is based in the USA/Europe) won't get picked up as opposed to the small percentage of people located in the MENA area.
Oh nice... but it wasn't that in 2009.. and there were some potentially embarrassing search terms display, scrolling past.. but sure, it was probably filtered at some point.
It used to be a slightly different app on a different link, but that's gone now; this one is the replacement (and what the reception displays now use).
Many VPNs do actually leak your IP address. Beyond that, your VPN traffic could be associated with your billing information for said VPN. Also by coresponding the traffic to the VPN and coming out of the VPN. Or if you have any personal information associated with your Google account or have ever accessed it with an IP associated with you.
Look out the window. They're in the ice cream truck.
"your VPN traffic could be associated with your billing information for said VPN" - that's why I asked a friend from a completely different country to sign up for me (we are good friends with high technical prowess and he knows what he's up to).
Reputable gun shops offer ammunition whose primary selling point is its ability to kill humans. I mention this as a relevant aside: in the US, it is (very possibly) even legitimate to search something like "ammunition best suited to kill someone".