I would sit back and listen to The Sea, after shutting the drapes, closing the blinds and making the room nice and dark. I would exchange the burning of incandescent lights, with lighting up bona fide candles. Follow me on a journey to visit the mind of a Black Hat, this recently echoing story of sinister thoughts from long ago, to later return safely to this perfectly sound space.
One of the great practitioners of SEO's dark arts, is known as Fantomaster. He made it clear long ago, that the list where he used to contribute, an email digest I operated called I-Search, was the only place where his real name could be published. It was a rule I had for comments. He complied and gave up a measure of his anonymity, because our discourse was always fun, and we both grew from it.
Fantomaster, once my nemesis, my online friend and now old-school cohort on Twitter, has begun polite discussion with me once again. I met Fantomaster in physical form in London. For Fantomaster resides in Belgium. An expat who lives only some few meters away from his native Germany. I discovered the nature of the dark side of SEO in this particular man was: gracious, generous with his wisdom and above all respectful to those he admires. We don't always agree. I remember he liked smoking clove cigarettes. I don't smoke.
For me, this is an excellent time to reflect on the state of the industry, both White Hat and Black Hat, and my own involvement with it. In case you can't tell, our journey to the dark side of SEO traverses both time and space. Fantomaster and I have engaged once again nearly a decade later. And it all coincides uncannily with the reappearance of John Heard in Twitter, (Fantomaster's American version).
What possessed the proud, the paranoid, to practically hack search engines, spoofing content using cloaking or otherwise known as IP Delivery? Was it the attraction that there is nothing illegal about it? There's nothing wrong with using your technical savvy to detect search engine spiders, deliver them content which differs, sometimes drastically, with the content a search user would see clicking the result. There's easy money too. Touche!
As a White Hat practitioner, one can't resort to such simple beauty in SEO. Beauty that is, if who you do this on behalf of aren't the unsavory kind, like Porn, Pills or Casino (the other PPC). Unfortunately for us back then, cloaking was not always relegated to that other PPC. I often went directly against Black Hat pitches for cloaking big brands when I was director of SEO at Outrider, and MMG even before that. Our prospects would often decide to go the easy route instead of choosing a White Hat firm. Black Hat meant they didn't have to change a thing about their website.
To some of those prospects, their utter doom later on, did not go unnoticed by me smiling. Perhaps my smile will pay the bills one day, but it doesn't yet, and it didn't then either. The way I won business was through having superior writing skills, providing solid reasoning why resorting to such Black Hat tactics, while sexy, isn't long term for anyone concerned with their brand. I argued that cloaking should be relegated to that other PPC, much as it is today. Even Fantomaster has adopted effective White Hat tactics. If he performs work on behalf of a major brand, he readily admits he wouldn't wreck their domain doing anything irksome to search engines.
What he is aware of, is that you can't unring a bell. If you become noticed for unfairly ranking, you risk being caught and banished by the search engines. As Mikkel would put it eloquently: "Some people use cloaking to hide really bad spam." Really bad spam has been caught in really big goofs, like when that certain SEO in Arizona who liked to think of themselves as International, Crossed the line with what's known as poor man's cloaking. It was poor thinking, indeed. Big brands were busted in that sweep. The SEO replaced 'International' with a lower case 'i' and now feign true White Hat principles.
So, this journey to the dark side wouldn't be complete without a small window into our public discussions. Fantomaster Tweets, and he TweetBot Tweets. That means he publishes with a robot. The robot publishes a series of rotating quotes and fun stories from around the Web. These are often fresh, and irreverent due to Fantomaster's style, and it makes him tough to follow on Twitter (unless you can tune the noise out). What's true with Fantomaster, in true Black Hat fashion, there is always a payload of marketing buried in the feed. Yummy.
An example of some fun quotes, that are sure to capture some interesting search queries (should his Twitter profile surface in rankings) are: "Convictions are more dangerous foes of truth than lies." Nietzsche, and "In the 1980s capitalism triumphed over communism. In the 1990s it triumphed over democracy." David Korten. Interesting stuff, to be sure. When he promotes an article for the Black Hat community, he drops it into Tweet rotation with these.
The case that caught my eye, was one where he characterizes Google's Chrome browser as spyware. That's quite a charge. Now, while I wouldn't necessarily believe it, from Fantomaster's point of view, the dark nature of his thinking, his is evidence enough in his own mind. He's completely convinced. And he convinces Black Hats too. He convinces them that Google would record websites you visit by grabbing keystrokes just as you type into the address field. His article on it is perfect Black Hat link bait :)
"Google's Chrome Browser Calling Home: Blatant Spyware - the Proof"
It was worth viewing even for me. So, I visited to see just what Fantomaster gathered as evidence. I wasn't surprised to see browser sub-requests being made in the background. I might have been shocked if it looked less like a common feature. In this case, Google Search Suggestions. My reply was to say: "@fantomaster I beg to differ with you on Chrome phoning home per se. That phrase denotes something more sinister than search suggestions." I don't think collecting keystrokes for Search Suggestions equates with snooping on the surface of it. For me, it's a conceivable stretch at most.
Not one who would recoil from a technical: En Guard, Fantomaster and I had a fun public display of trading point, and counter-point. Kind of like we used to do, in long format with I-Search. We left it with neither side really wanting to demolish the other. There's too much respect between us. If it should be a crowd pleaser, it would be because he appeals to the Black Hat, the conspirators and theorists of conspiracy. While my own argument lends itself well to those who intrinsically wish that the world is not entirely made up of those who would exploit others shamelessly. We would even believe that is true of, gulp, Google.
By nature, Black Hat practitioners are those who engage exploitation tactics in order not to be outdone by those who would exploit them. Namely, search engines and competitors for business. They strike early and they strike often. They strike first. On contrast, by nature White Hat practitioners are those who believe there has to be a better way, a way where we do not need to step on a colleague or take a negative view of search engines in order to succeed ourselves. And we reserve the right to complain about search engines and to discuss all our experiences. We want long-term success and happiness for all.
I may not wholly like the search engines everyday, and Google has rubbed me wrong once or twice. However, it is my judgment that I am better off if I don't fall too easily into paranoid thinking, whether with Chrome or anything else. I sleep well, and I'm not concerning myself with a Chrome feature distracting me into thinking Chrome is snooping sites I visit. I can assume they have enough on me, it was a trade I made a long time ago, and I don't really care. When I spoke with Vint Cerf at SMX West, I confirmed my own beliefs about some of what Google intends. There's bigger fish to fry for Google.
As for how the chat with Fantomaster went, the following excerpt is a transcript of the exchange we had, as my room in Chicago darkened. As the world of Fantomaster crackled in the sky, and with it, came the rain. With hot tea in hand, I embarked my journey to meet Fantomaster in the corners of his mind on this point. A friendly little duel ensued. A fencing match commenced. Depending if you're Black Hat, or White Hat, you'll either side with the one, or the other side on the matter. It should be fun to read regardless. Do you think Chrome's Suggest feature for the address field is snooping sites you visit?
Fantomaster: Unless you strip it of about 80% of its functionality, I'm afraid that's exactly what it's doing: search tied to IP
AirDisa: Well you are insinuating that they monitor sites you visit with this method, and perhaps, but it's the suggest feature. The other important fact is that the resolving hasn't happened, so they would be capturing erroneous data with this method
Fantomaster: To suggest stuff in a meaningful way they have to track and analyze your queries first, no?
AirDisa: Well, that depends on meaningful. MySpace before Microsoft. Hahah. But seriously, they are pulling records from Google Suggest based on your entry chars.
Fantomaster: Point is that Chrome's behaving like a keyboard sniffer, only restricted to the browser. Meaningful=query-related.
AirDisa: They don't need user data for that to work that way.
Fantomaster: Maybe we should define "user data" first: assigning an IP to a query's nothing new - but doing it via browser=100% tracking=spying.
AirDisa: Well, you're right. It's behavior is exactly like a keyboard sniffer in this case to power a feature. The data is erroneous tho. The data only becomes useful to Google if the user elects to visit the site in question. I'm not saying it's not possible that Google is in fact sniffing your address field for recording keystrokes, tying it you.
Fantomaster: Oh, sure: we always got cloaked pages crawled in no time by visiting them with Goo toolbar in snoop mode turned on, too. Queries are important to profile a user (via IP - not saying they're sniffing your HD or mail client credentials). But: if you're logged in with Goo, it adds up very nicely as well. This is one prime instrument of observation which, in my dictionary, equates with snooping. What most people don't seem to know in the States, too: Goo's deemed a pretty serious strategic risk by EU govts. now
AirDisa: Right. No one would enter their site credentials in an address field anyway :)
Fantomaster: Ha, you'd be surprised!
AirDisa: LOL. Well, I understand where, err... *you're* coming from with that broad definition of snooping. I'm more inclined: G Suggest. You must realize it's the Suggest feature. They *could* be recording the keystrokes, sure. It's like auto-complete for search in the address field to help users navigate - and it has snoop potential. I half agree with you. We can do Google Suggest on the chars to see if it matches the responses. Then it would *not* be personalized but just Suggest.
Fantomaster: Hehe. Every single letter you enter in the Chrome address (NOT the search!) field gets "reported home", that's what we discovered beyond any reasonable doubt, and confirmed by other third parties. Goo = data mining --1: commercial, --2: gvt. intelligence services tie-ups. Wanting "to know everything about you" (Eric Schm.) If that doesn't translate to "spooks", I really don't know what does. Similar to Scientology being under surveillance e.g. by Germany's intelligence service: considered a US 5th column.
AirDisa: I just checked it out. Perfect match for Suggest. h = hotmail, home depot etc.
Fantomaster: Well, it's what Personalized Search is all about in the first place, no? Sigh - please read our blog post on that (again, if you must): it's all spelled out there clearly.
Fantomaster: You checked out what, please? And did you use any packet sniffers? Which ones?
AirDisa: I simply used Google Suggest. Our results will vary slightly unless you used an US proxy.
Fantomaster: We run these extensive tests via all sorts of setups including a slew of different proxies, sure.
AirDisa: What the handshake back and forth is for, is Google Suggest, apparently. Note the result numbers associated with array items. What that means is, Chrome sends your chars back, just like the toolbar, or the page in order to power Suggest.
Fantomaster: As I pointed out to [name withheld], Chrome's merely a part of an overall mosaic. And we even have Goo's official statements to support it. The data they're getting is turning ever more granular.
AirDisa: Your view is that they record the chars and piece together addresses for recording user navigations as a spyware. I understand that view, and I don't believe they would get anything without resolving these strings to a website. Bad data. If they record the keystrokes, there will be mis-spellings and then corrections impossible to piece back together unless they record the final Get and keep that request which resolves to the website.
Fantomaster: Yes, it makes technological sense, but that doesn't make it less of a political and societal issue. As Danny S. (I think) recently put it: Google has turned into a habit.
AirDisa: Well, either way, it's a feature that needs to phone home to enable it. They get the chars and match it back for Suggest. If they recorded each and every keystroke (which I don't deny is possible) then they would have a lot of garbage on their hands. LOL. I agree they have turned into a habit, a bad one for some :) And I think it's cool you captured the scripting code.
Fantomaster: Frankly, I don't see that: 1. determine a user's ID + location (by IP etc.); 2. determine their search behavior; 3. determine their surfing behavior --- I mean, hell: what more could a gvt. surveillance agency ever want, no?
AirDisa: Heh. Yep. I know you like to point how engine hypocrisy and we love you for it. You and Greg Boser are the best :)
Fantomaster: Greg sure knows what he's talking about, too, indeed.
Indeed.
(Fantomaster Tweets Reprinted with permission. Read why permission is important.)
One of the great practitioners of SEO's dark arts, is known as Fantomaster. He made it clear long ago, that the list where he used to contribute, an email digest I operated called I-Search, was the only place where his real name could be published. It was a rule I had for comments. He complied and gave up a measure of his anonymity, because our discourse was always fun, and we both grew from it.
Fantomaster, once my nemesis, my online friend and now old-school cohort on Twitter, has begun polite discussion with me once again. I met Fantomaster in physical form in London. For Fantomaster resides in Belgium. An expat who lives only some few meters away from his native Germany. I discovered the nature of the dark side of SEO in this particular man was: gracious, generous with his wisdom and above all respectful to those he admires. We don't always agree. I remember he liked smoking clove cigarettes. I don't smoke.
For me, this is an excellent time to reflect on the state of the industry, both White Hat and Black Hat, and my own involvement with it. In case you can't tell, our journey to the dark side of SEO traverses both time and space. Fantomaster and I have engaged once again nearly a decade later. And it all coincides uncannily with the reappearance of John Heard in Twitter, (Fantomaster's American version).
What possessed the proud, the paranoid, to practically hack search engines, spoofing content using cloaking or otherwise known as IP Delivery? Was it the attraction that there is nothing illegal about it? There's nothing wrong with using your technical savvy to detect search engine spiders, deliver them content which differs, sometimes drastically, with the content a search user would see clicking the result. There's easy money too. Touche!
As a White Hat practitioner, one can't resort to such simple beauty in SEO. Beauty that is, if who you do this on behalf of aren't the unsavory kind, like Porn, Pills or Casino (the other PPC). Unfortunately for us back then, cloaking was not always relegated to that other PPC. I often went directly against Black Hat pitches for cloaking big brands when I was director of SEO at Outrider, and MMG even before that. Our prospects would often decide to go the easy route instead of choosing a White Hat firm. Black Hat meant they didn't have to change a thing about their website.
To some of those prospects, their utter doom later on, did not go unnoticed by me smiling. Perhaps my smile will pay the bills one day, but it doesn't yet, and it didn't then either. The way I won business was through having superior writing skills, providing solid reasoning why resorting to such Black Hat tactics, while sexy, isn't long term for anyone concerned with their brand. I argued that cloaking should be relegated to that other PPC, much as it is today. Even Fantomaster has adopted effective White Hat tactics. If he performs work on behalf of a major brand, he readily admits he wouldn't wreck their domain doing anything irksome to search engines.
What he is aware of, is that you can't unring a bell. If you become noticed for unfairly ranking, you risk being caught and banished by the search engines. As Mikkel would put it eloquently: "Some people use cloaking to hide really bad spam." Really bad spam has been caught in really big goofs, like when that certain SEO in Arizona who liked to think of themselves as International, Crossed the line with what's known as poor man's cloaking. It was poor thinking, indeed. Big brands were busted in that sweep. The SEO replaced 'International' with a lower case 'i' and now feign true White Hat principles.
So, this journey to the dark side wouldn't be complete without a small window into our public discussions. Fantomaster Tweets, and he TweetBot Tweets. That means he publishes with a robot. The robot publishes a series of rotating quotes and fun stories from around the Web. These are often fresh, and irreverent due to Fantomaster's style, and it makes him tough to follow on Twitter (unless you can tune the noise out). What's true with Fantomaster, in true Black Hat fashion, there is always a payload of marketing buried in the feed. Yummy.
An example of some fun quotes, that are sure to capture some interesting search queries (should his Twitter profile surface in rankings) are: "Convictions are more dangerous foes of truth than lies." Nietzsche, and "In the 1980s capitalism triumphed over communism. In the 1990s it triumphed over democracy." David Korten. Interesting stuff, to be sure. When he promotes an article for the Black Hat community, he drops it into Tweet rotation with these.
The case that caught my eye, was one where he characterizes Google's Chrome browser as spyware. That's quite a charge. Now, while I wouldn't necessarily believe it, from Fantomaster's point of view, the dark nature of his thinking, his is evidence enough in his own mind. He's completely convinced. And he convinces Black Hats too. He convinces them that Google would record websites you visit by grabbing keystrokes just as you type into the address field. His article on it is perfect Black Hat link bait :)
"Google's Chrome Browser Calling Home: Blatant Spyware - the Proof"
It was worth viewing even for me. So, I visited to see just what Fantomaster gathered as evidence. I wasn't surprised to see browser sub-requests being made in the background. I might have been shocked if it looked less like a common feature. In this case, Google Search Suggestions. My reply was to say: "@fantomaster I beg to differ with you on Chrome phoning home per se. That phrase denotes something more sinister than search suggestions." I don't think collecting keystrokes for Search Suggestions equates with snooping on the surface of it. For me, it's a conceivable stretch at most.
Not one who would recoil from a technical: En Guard, Fantomaster and I had a fun public display of trading point, and counter-point. Kind of like we used to do, in long format with I-Search. We left it with neither side really wanting to demolish the other. There's too much respect between us. If it should be a crowd pleaser, it would be because he appeals to the Black Hat, the conspirators and theorists of conspiracy. While my own argument lends itself well to those who intrinsically wish that the world is not entirely made up of those who would exploit others shamelessly. We would even believe that is true of, gulp, Google.
By nature, Black Hat practitioners are those who engage exploitation tactics in order not to be outdone by those who would exploit them. Namely, search engines and competitors for business. They strike early and they strike often. They strike first. On contrast, by nature White Hat practitioners are those who believe there has to be a better way, a way where we do not need to step on a colleague or take a negative view of search engines in order to succeed ourselves. And we reserve the right to complain about search engines and to discuss all our experiences. We want long-term success and happiness for all.
I may not wholly like the search engines everyday, and Google has rubbed me wrong once or twice. However, it is my judgment that I am better off if I don't fall too easily into paranoid thinking, whether with Chrome or anything else. I sleep well, and I'm not concerning myself with a Chrome feature distracting me into thinking Chrome is snooping sites I visit. I can assume they have enough on me, it was a trade I made a long time ago, and I don't really care. When I spoke with Vint Cerf at SMX West, I confirmed my own beliefs about some of what Google intends. There's bigger fish to fry for Google.
As for how the chat with Fantomaster went, the following excerpt is a transcript of the exchange we had, as my room in Chicago darkened. As the world of Fantomaster crackled in the sky, and with it, came the rain. With hot tea in hand, I embarked my journey to meet Fantomaster in the corners of his mind on this point. A friendly little duel ensued. A fencing match commenced. Depending if you're Black Hat, or White Hat, you'll either side with the one, or the other side on the matter. It should be fun to read regardless. Do you think Chrome's Suggest feature for the address field is snooping sites you visit?
Fantomaster: Unless you strip it of about 80% of its functionality, I'm afraid that's exactly what it's doing: search tied to IP
AirDisa: Well you are insinuating that they monitor sites you visit with this method, and perhaps, but it's the suggest feature. The other important fact is that the resolving hasn't happened, so they would be capturing erroneous data with this method
Fantomaster: To suggest stuff in a meaningful way they have to track and analyze your queries first, no?
AirDisa: Well, that depends on meaningful. MySpace before Microsoft. Hahah. But seriously, they are pulling records from Google Suggest based on your entry chars.
Fantomaster: Point is that Chrome's behaving like a keyboard sniffer, only restricted to the browser. Meaningful=query-related.
AirDisa: They don't need user data for that to work that way.
Fantomaster: Maybe we should define "user data" first: assigning an IP to a query's nothing new - but doing it via browser=100% tracking=spying.
AirDisa: Well, you're right. It's behavior is exactly like a keyboard sniffer in this case to power a feature. The data is erroneous tho. The data only becomes useful to Google if the user elects to visit the site in question. I'm not saying it's not possible that Google is in fact sniffing your address field for recording keystrokes, tying it you.
Fantomaster: Oh, sure: we always got cloaked pages crawled in no time by visiting them with Goo toolbar in snoop mode turned on, too. Queries are important to profile a user (via IP - not saying they're sniffing your HD or mail client credentials). But: if you're logged in with Goo, it adds up very nicely as well. This is one prime instrument of observation which, in my dictionary, equates with snooping. What most people don't seem to know in the States, too: Goo's deemed a pretty serious strategic risk by EU govts. now
AirDisa: Right. No one would enter their site credentials in an address field anyway :)
Fantomaster: Ha, you'd be surprised!
AirDisa: LOL. Well, I understand where, err... *you're* coming from with that broad definition of snooping. I'm more inclined: G Suggest. You must realize it's the Suggest feature. They *could* be recording the keystrokes, sure. It's like auto-complete for search in the address field to help users navigate - and it has snoop potential. I half agree with you. We can do Google Suggest on the chars to see if it matches the responses. Then it would *not* be personalized but just Suggest.
Fantomaster: Hehe. Every single letter you enter in the Chrome address (NOT the search!) field gets "reported home", that's what we discovered beyond any reasonable doubt, and confirmed by other third parties. Goo = data mining --1: commercial, --2: gvt. intelligence services tie-ups. Wanting "to know everything about you" (Eric Schm.) If that doesn't translate to "spooks", I really don't know what does. Similar to Scientology being under surveillance e.g. by Germany's intelligence service: considered a US 5th column.
AirDisa: I just checked it out. Perfect match for Suggest. h = hotmail, home depot etc.
Fantomaster: Well, it's what Personalized Search is all about in the first place, no? Sigh - please read our blog post on that (again, if you must): it's all spelled out there clearly.
Fantomaster: You checked out what, please? And did you use any packet sniffers? Which ones?
AirDisa: I simply used Google Suggest. Our results will vary slightly unless you used an US proxy.
Fantomaster: We run these extensive tests via all sorts of setups including a slew of different proxies, sure.
AirDisa: What the handshake back and forth is for, is Google Suggest, apparently. Note the result numbers associated with array items. What that means is, Chrome sends your chars back, just like the toolbar, or the page in order to power Suggest.
Fantomaster: As I pointed out to [name withheld], Chrome's merely a part of an overall mosaic. And we even have Goo's official statements to support it. The data they're getting is turning ever more granular.
AirDisa: Your view is that they record the chars and piece together addresses for recording user navigations as a spyware. I understand that view, and I don't believe they would get anything without resolving these strings to a website. Bad data. If they record the keystrokes, there will be mis-spellings and then corrections impossible to piece back together unless they record the final Get and keep that request which resolves to the website.
Fantomaster: Yes, it makes technological sense, but that doesn't make it less of a political and societal issue. As Danny S. (I think) recently put it: Google has turned into a habit.
AirDisa: Well, either way, it's a feature that needs to phone home to enable it. They get the chars and match it back for Suggest. If they recorded each and every keystroke (which I don't deny is possible) then they would have a lot of garbage on their hands. LOL. I agree they have turned into a habit, a bad one for some :) And I think it's cool you captured the scripting code.
Fantomaster: Frankly, I don't see that: 1. determine a user's ID + location (by IP etc.); 2. determine their search behavior; 3. determine their surfing behavior --- I mean, hell: what more could a gvt. surveillance agency ever want, no?
AirDisa: Heh. Yep. I know you like to point how engine hypocrisy and we love you for it. You and Greg Boser are the best :)
Fantomaster: Greg sure knows what he's talking about, too, indeed.
Indeed.
(Fantomaster Tweets Reprinted with permission. Read why permission is important.)
Leave a comment