Misunderstanding the Google Hidden URL Play

July 4, 2020

I read “Where Am I?” The write up address the void in the browser’s address bar. The point is that Google hides urls.

The author address the “problem” this way:

Based on the contents of the page, I’m clearly on a NYTimes property, but based on the address bar I’m clearly on google.com. If I click in the address bar I see https://www.google.com/amp/s/www.nytimes.com/2020/05/22/technology/google-antitrust.amp.html.

The write up points out that Google wants the user to click on the “address bar” and then try to figure out who owns the Web page displayed.

Phishing is a popular sport, and it seems that Google’s blank or modified address bar is a giant opaque lake for bad actors.

The author of the write points out:

Google serves NYTimes’ controlled content on a Google domain.

The write up adds:

In work security trainings and guides on the Internet we are trained to look at the URL bar to help make a decision on whether to trust a site, but the Google AMP Cache requires contradictory assumptions.

Here’s a diagram of Google as the Internet. What’s “in” Google becomes the Internet:

image

Stephen E Arnold, The Google Legacy and Google Version 2, both published by Infonortics (now defunct like many publishing house). Users, partners, advertisers, and developers only “know” what Google decides to provide. Blank urls are an overt indication of Google’s “ownership” of the “Internet.” The diagram was first created for an Arnold lecture about Google in 2003.

Several observations:

  1. Google’s apparent objective is to become the gateway to the Internet. This is a variation of its walled garden approach. What you “receive” and “see” is the Internet. Obfuscating urls is one step toward this goal.
  2. The way to “find” certain content is to buy ads. Scrubbing urls for PDFs means that if someone wants content found, there is a road. That road is Google Advertising.
  3. Confusion in a Google service is understood by the happy Googlers. The confusion increases dependence on Google to locate information.

This is what some might characterize as “just business.” DarkCyber’s view is the Google is creating opportunities for bad actors to make phishing easier than ever.

Hey, how hard is it to create a spoofed page, SEO that puppy, and display it to one of my neighbors’ bridge partners?

Easy, gentle reader. Without ethical control or meaningful guidelines, the Google is — in case you have not figured it out — is the Internet.

A blank address bar is just the beginning too. Think of this control as a form of “independence.” Life is simpler when it is controlled.

Stephen E Arnold, July 4, 2020

Comments

Got something to say?





  • Archives

  • Recent Posts

  • Meta