

Google, what were you thinking? - swombat
http://blog.mocality.co.ke/2012/01/13/google-what-were-you-thinking/
This article is being blocked, even though it has been submitted by 10+ people by now, and seems highly relevant.<p>Here's the URL: http://blog.mocality.co.ke/2012/01/13/google-what-were-you-thinking/
======
samlev
There's a couple of reasons why I think this doesn't seem quite right:

\- "Large human effort" doesn't seem like Google's style - a screen scrape for
info would be faster for them, and I'd assume that they already have tools
built to do that.

\- If the callers are lying about being affiliated with mocality, then why
can't we assume that they might also be lying about being from Google?

\- Google would likely have the entire site indexed and cached already, so
there's very little reason for them to get actual people to manually screen-
scrape the live site.

\- OK, the second wave is coming from a Google IP, but why wasn't the first
wave coming from one?

Yeah, it looks pretty bad, but this type of behaviour is so atypical of
Google. It seems almost laughable to make the assumption that it's anything
other than scammers trying to take advantage of Google announcements to try to
make a quick/easy buck by selling Google services as an affiliate.

~~~
cloudwalking
I'm also very curious what services the callers were offering. Are they
services Google offers? Services Google charges for?

~~~
samlev
I'm assuming that they're offering google apps, which you can sell as an
affiliate (naming your price). But reading through the transcript, and
listening to the calls, they claim to be offering to "develop" a web site for
the business, which I very much doubt google would ever do.

They have tools in google apps for making pages/simple sites, but everything
about the call stinks of scam.

> _Caller: Twenty one days. We're going to develop the website within twenty
> one days_

When has google ever "developed websites" for independent companies?

    
    
      Caller: XXXXX, and do you have a gmai account?*
      Business owner: yes, I do have a gmail account.
      Caller: Kindly give me your gmail account.
      ...
      Caller: ... you will be given a personal password which you can use to log in and make changes in case you want to.
      ...
      Caller: ... For photos, I will give you my gmail account so you can forward to me either the business logo or the photos you feel have nice looking clothes that can attract customers.
    

Yes, I've cherry-picked some of the transcript, but the point is that these
are practices which aren't just against Google's "Do no evil" policy, but
would be counter to how they would actually run. For a company like google,
with their existing infrastructure, this would just be bad business.

Also, why ask for a gmail username, and then say later "Well we'll send you a
username and password once we're done". _It doesn't make any sense_.

Oh well, I assume that at some point, Google will be forced to respond, will
give a big "What the hell, guys, this wasn't us", and then everyone will look
sheepish for a while until a year later where some blogger will stumble on it
again, and try to expose the truth of "google being evil in africa".

~~~
michaelcampbell
Just a pedantic nit; Google's code of conduct catchphrase is not "do no evil",
it's "don't be evil".

And I suspect they aren't, as a company. Even though these were Google
employees, as Google has admitted, I doubt they were acting in accordance with
anyone sufficiently high up in the corporate hierarchy.

------
nicpottier
I'm curious to see how this ends up.

The upsell is the part that makes me suspicious, because that doesn't sound
like the type of thing that Google would do.

My guess is this. It is someone claiming to be Google and selling a service
that is actually free. That's a pretty common thing to see in Africa, in
Rwanda we see people 'selling' Google Apps for domains all the time.

The WHOIS lookup does give me pause though.

~~~
nicpottier
Reading the complete transcript here:
<[http://blog.mocality.co.ke/files/2012/01/Incoming_Call-
Redac...](http://blog.mocality.co.ke/files/2012/01/Incoming_Call-
Redacted-20111221-1133502.pdf>);

It makes me believe that it is Google, though I still find the monthly hosting
charge thing a bit strange, because I can't find any mention of that on their
site.

Apart from the false information about Mocality, does Google using their
directory to do these cold calls actually violate Mocality's Terms of Use?

Really curious to see Google's response. Joe Muchera (head of Google Kenya)
says he's looking into it. That not being an immediate dismissal makes me
think it is indeed a Google initiative, though one that went off the rails.

~~~
jontas
The post mentions that Google was violating their T&Cs:

When we started this investigation, I thought that we’d catch a rogue call-
centre employee, point out to Google that they were violating our Terms and
conditions (sections 9.12 and 9.17, amongst others), someone would get a slap
on the wrist, and life would continue.

~~~
URSpider94
NO.

The post says that, -if- Google is doing what someone pretending to be Google
is apparently doing, then Google would be violating its own T&C's.

Please read carefully so as not to turn a hypothetical statement into an
inaccurate fact.

~~~
jontas
You are correct that it is all hypothetical based on who is responsible.
However, you are incorrect that this is related in any way to Google's own
T&Cs. The post links to the Mocality T&C page and says whoever is responsible
is violating the sections mentioned in the paragraph I quoted above.

------
AndrewDucker
I am hoping that this is a rogue group of local Google employees who are about
to be smacked down by Google head office.

This kind of thing is going to happen occasionally with global organisations,
but Google needs to do something public quickly to make it clear that this is
against policy.

~~~
latch
You can't have a "rogue group of local employees". You are accountable for all
your employees action - legally and morally. How often has a company done
something only to blame it on "contractors" or "a third party". That's not
acceptable.

~~~
r00fus
And the appropriate response is to publicly: admonish the behavior,
investigate and report, then reprimand/dismiss the employee(s) who are found
guilty.

If Google's management is innocent, then they need to prove so, and show it by
acting ethically as described above.

~~~
Tobu
That, and make sure it doesn't happen again. I'd be a little worried about how
Google manages the business side of things; they have a good brand and the
potential to make a lot of money, so of course someone will find it
advantageous to take shortcuts turning one into the other. The philosophy and
reliance on automation, which can be designed to dismiss complaints and block
normal feedback, can be used to have some teams shield themselves from
accountability. At a higher level, there's the possibility of selective
blindness and negligence hiding some level of malice and irresponsibility.

Mnemotechnic for a proper apology: regret, responsibility, and reform.

------
alexmuller
I left this comment on the original post, but it's been caught by the spam
filter there:

 _Hi Stefan – apologies if I’ve missed something, but the only solid proof I
can see that this is actually run by Google is that the IP address some calls
came from was assigned to Google._

 _Last year Mark Turner was concerned that the Department of Defense was
listening in on his phone calls because of an IP address that later turned out
to not belong to them at all, but (I believe) was being squatted on by Sprint.
Couldn’t the same thing be happening
here?[http://www.markturner.net/2011/11/08/why-is-the-defense-
depa...](http://www.markturner.net/2011/11/08/why-is-the-defense-department-
snooping-on-my-phone/) _

_I wonder whether the scammers aren’t actually employed by Google and are
simply out to make a quick buck by pretending they are._

Can anyone speak to the technical aspects of his analysis? I'm not seeing any
truly compelling proof that this is run by Google. Just the one IP address
that's registered to Mountain View.

~~~
russss
That Sprint problem was caused by Sprint "borrowing" DoD addresses to use in
their internal NATed mobile network. This wouldn't be an issue with a standard
web site like Mocality which is directly connected to the Internet, instead of
via NAT.

I trust Mocality's technical chops enough to believe that the IP traffic is
coming from where they say it's coming from.

As additional proof, the callers claim to be from Google, and Getting Kenyan
Businesses Online is a genuine Google initiative. So a lot of things wouldn't
add up if it turned out not to be Google behind it.

~~~
nl
_I trust Mocality's technical chops enough to believe that the IP traffic is
coming from where they say it's coming from._

I agree with this.

 _the callers claim to be from Google, and Getting Kenyan Businesses Online is
a genuine Google initiative_

Claiming to be a member of something legitimate on a phonecall is scamming 101
- it's usually very hard for the person on the other end of the line to verify
it immediately.

~~~
xentronium
So a team of rogue callers (some of them with indian google ips) pretending to
be google pretending to be partners of mocality call numerous kenyan business
numbers and promote google initiative. What's the point and who pays for that
nonsense?

~~~
nl
I'm not arguing with that at all - I think there is a very good chance someone
at Google Kenya is about to get very fired.

 _BUT_ I do want to point out that relying on what unverified people say on
the phone is very bad practice, and leads to an enormous number of social
engineering security problems.

------
estel
[http://blog.mocality.co.ke/2012/01/13/google-what-were-
you-t...](http://blog.mocality.co.ke/2012/01/13/google-what-were-you-
thinking/) clickable

Must have been submitted at least a hundred times this morning.

------
instakill
I'm really surprised that nobody from Google has made a statement yet. Even if
the detective work was wrong, Google has suffered a huge PR blow. This story
is all over HN, all over G+ (at least the HN circle), all over my Twitter
stream (which includes some top tech journos from South Africa) and is slowly
being republishing on various blogs.

Google needs to respond now!

------
Eliezer
Anyone who thinks this is an actual plot by Google, seriously, you need to
notice your own confusion. It doesn't fit the modus operandi of any other way
they make money.

~~~
randallsquared
Now that they've officially admitted that they _were_ doing it, have you
"noticed your confusion"? No amount of poor fit with previous actions offsets
admitting that a Google team was actually doing this, no matter how
inefficient it seems to us to have been doing it. :/

~~~
Eliezer
Yep, I confess I take a probability-hit on this one. I'm surprised; it's hard
to make out who within Google was benefiting by going rogue. (I maintain that
if Larry Page knew about this I'll eat a small edible hat.)

------
EwanToo
Seems a very odd situation, I assume the URL has been manually flagged enough
times that all submissions to that URL are now marked as spam automatically.

I'd be curious to know who's flagging it though.

------
joshz
According to this post Google knows and will have a statement soon.

[http://boingboing.net/2012/01/13/google-fraudulently-
solicit...](http://boingboing.net/2012/01/13/google-fraudulently-
solicits-f.html)

------
shrikant
It looks like HN auto-kills *.co.ke links.

~~~
EwanToo
Impressive, given that's the country code for Kenya :)

.co.ke for companies .or.ke for NGOs .me.ke for personal websites and emails
.ac.ke for academic institutions

I wonder if HN had a big spam issue in the past from Kenyan domains?

~~~
okal
Doubtful. .ke domains don't pack that much SEO juice and are a little more
expensive than generic TLDs, so I don't see them being appealing for spammers.

------
richoakley
You don't think it is a bit ridiculous that somebody, pretending to be Google,
would go to the effort of running requests through Google App Engine, just in
case somebody ran a trace against the logs in the hope of figuring out where
the IP address was? All evidence points at Google and the likelihood that
that's as a result of some serious planning by a paranoid scammer is unlikely.

------
trapped123
This is what I don't like about Google. They would like to extract content
from others for free and then use it for their own profit. But they don't
allow others to extract content from their sites or charge exorbitantly to use
their APIs. They give something for free only if they can make money by
selling ads or if they can capture user behavior.

~~~
orijing
They are also a public company that generates profits for shareholders.

------
blhack
Oh, malarky.

Here. I set up a page at <http://lab2.gibsonandlily.com/google.html>

Then I ran it through google translation services. Here is the result in
apache's log:

74.125.16.18 - - [13/Jan/2012:10:45:37 -0600] "GET /google.html HTTP/1.1" 200
327
"[http://translate.google.com/translate_p?hl=en&sl=fr&...](http://translate.google.com/translate_p?hl=en&sl=fr&tl=en&u=http://lab2.gibsonandlily.com/google.html&usg=ALkJrhjD8_-6RDHslD53lf9XsYx2_J1q4A)
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko)
Chrome/16.0.912.75 Safari/535.7,gzip(gfe)

Look familiar? This one is tossing up windows NT, which is strange, but it
doesn't seem like a stretch that some of the machines at google for stuff like
this are running linux.

The scam here isn't being done by google, it's just a run-of-the-mill scammer
scamming and using google's name.

Dearest mocotality. Turning on referals in apache logs and you'll see where on
google this is coming from (if you care to).

Here is how:

in: /etc/apache2/apache2.conf (or whereever your apache configuration sits)
change the "Logformat" option to the following:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined

and then use option:

CustomLog /var/log/apache2/access_log combined

(or whatever log path you want).

~~~
powertower
> it's just a run-of-the-mill scammer scamming and using google's name

A scammer selling a Google service for which their is no affiliate program?

I wouldn't file this one away due to having a Google crawler on an IP address
that’s on the same B block (that's like having the same car brand, not the
same make/model)... An IP address that's not even related to the original
investigation, but to some anecdote at the very end of the story.

We need more info about the service being sold, and how it's being sold, who's
the billing party, etc.

~~~
alexmuller
From the PDF transcript, page nine:

 _Caller: No, it’s absolutely free, free of charge. Ok, there’s a small fee
for hosting of Ksh. 200 per month._

This seems like an incredibly simple scam, and it looks like blhack's nailed
it.

There is _nothing_ connecting this to Google apart from that one IP address. I
could phone up half a dozen companies and claim to be from Google, too. Hell,
I get phone calls from "Windows Security Centre" every few weeks telling me to
do something to my non-existant XP install.

------
mechanical_fish
Curious: If I had a Google App Engine account, a) could I open outbound HTTP
connections, and b) what IP range would I appear to be coming from?

Not that I find it unbelieveable that Google, multinational megacorp, could
and would do this thing, but this evidence still seems kinda circumstantial. I
mean, here's hypothesis two: One compromised PC in Google's HQ, running a
proxy.

~~~
sern
You can fetch web pages and you'll appear as coming from a Google IP, but your
user agent header will contain "AppEngine-Google".

~~~
jontas
I'm not familiar with AppEngine at all, but could you really not craft your
own headers? Isn't it python's urlib or similar?

------
Loic
The history tells us that Google subsidiaries have quite a level of freedom to
have their own strategy to achieve the desired outcomes. You can remember the
paid blog posts for google.jp for example. So, Google Kenya will be kind of
banned or whatever and mea-culpa will come out, life will go on.

What I find more interesting if everything is true, is that they have cheap
manual workers in India doing the scrapping manually to then cold call. It
means that if their "crawlers" are not smart enough, they are ready to go
"manual" to enter a market.

For me _this_ is really an interesting piece of news and this is where I am a
bit afraid of Google hegemony.

------
Andaith
Is there any actual proof that it was google? It sounds to me like someone is
borrowing their name for legitimacy.

~~~
waitwhat
Scroll down a bit to "Results (2)": _These new accesses were coming directly
from Google’s network. The IP address 74.125.63.33 made 17,645 requests
(15,554 to BusinessProfile.aspx)_

~~~
kalleboo
"Google's network" could also just mean an App Engine user.

------
mooism2
See also <http://news.ycombinator.com/item?id=3459966>

------
ak2012
Google monopoly hard at work, its only a matter of time till we start viewing
Google as the next Microsoft.

------
AznHisoka
As an aside, there's a good business idea hidden in this: a website monitoring
service that monitors for scrapers, showing you hit rates for IPs, which
countries, user agents, what pages, etc. Sends you a SMS or email when it
detects a scraper and you can take action.

------
wildmXranat
Well, somebody will either get a smack upside the head or a raise. This is a
blemish if proven to be a Google operation and there's no way subversive
tactics of this kind are looked upon with good grace.

------
ck2
Are you sure some other entity didn't just figure out how to use google as a
proxy, ie. via their translator tool?

~~~
tripzilch
Coming from a Google IP isn't the biggest clue (though the second one from
India seems pretty damning), they also say they work for Google and then try
to sell those businesses websites from Google.

If it was some other entity, why'd they sell Google-built websites?

------
boscomutunga
Well, it will be interesting to hear what google has to say but meanwhile
there seems to be a lot of people with axes to grind with google.On the other
hand, what's taking so long, google should have given a statement on the
issue.

------
wangweij
If Google has become so huge that theoretically they cannot enforce the "Do No
Evil" motto throughout the whole company, they can remove that motto and
publicly admit they are just the same as any other one.

------
Tichy
Are those known Google IPs? Otherwise I suppose anybody could just register
something as "Google"? Just saying, WHOIS might not be very reliable.

~~~
russss
WHOIS is generally very reliable - there are identity checks when you register
for IP space (especially with ARIN, which is who provides Google's IP space).

One other way you can check is by looking at the organisation handle in the
WHOIS - it's GOGL, which is the same org handle as you'll find on all their IP
addresses if you WHOIS them. That ties up with the ARIN site:

<http://whois.arin.net/rest/org/GOGL>

I've done a fair bit of network engineering and I'm convinced that this is
actually a Google address.

------
TerraHertz
OK, now this is just exploring an idea about WHY this might have been done.

Rough details:

Google doesn't develop business web sites, but the callers were offering that
service.

Obtaining their business contact database, and misrepresenting themselves, in
a very un-Google way.

Since early November 2011. And the call operation switched to India when
spotted.

The businesses being called were all in Kenya. KENYA - now why does that ring
a bell?

Google admits it happened, but is vague about who did it. "a team of people
working on a Google project"

Hmmm... You'd think if there was a clear relationship that Google could admit
to, they would have. I smell something a bit more intense than mere bad
business choices.

How about this:

Suppose you were a current US President, who (for whatever reason) very very
strongly desired to eliminate (or 'modify') a specific piece of paper held at
the Coast Province General Hospital, Kenya. A birth certificate, from 1961.
This one: <http://everist.org/pics/Obama_bc/lucas_Obama_bc.jpg>

Someone comes up with the bright idea to offer a document digitizing and cloud
archiving service to the hospital. Just to get hands-on for that one piece of
paper.

But as cover... you'd need something much more general. Like offering web
hosting to all businesses in Kenya. Comes with document scanning at low low
prices! You can trust us, we’re GOOGLE! And we are associates of your widely
liked Mocality.

So why now? Because finally a lawsuit about Obama's eligibility established
legal standing and made it to the supreme court. Document discovery begins.
Stuff's about to hit the ventilators...

20120113 VERY QUIETLY OBAMA’S CITIZENSHIP CASE REACHES THE SUPREME COURT
[http://www.pakalertpress.com/2012/01/09/very-quietly-
obamas-...](http://www.pakalertpress.com/2012/01/09/very-quietly-obamas-
citizenship-case-reaches-the-supreme-court/)

That and other cases have been working their way through slowly. Takes months,
and someone maybe saw a need and activated some emergency contingency plans.

Just a thought. There’s always a reason, and it's often not the most obvious
one.

Why would any actual Google team, even rogue, offer web services Google simply
does not do?

------
linguistbreaker
Those Kenyan businesses don't represent enough money to be worth bungling into
a crushing PR nightmare. That would be stupid, and stupid is the one thing
that I know to be absent at Google. I predict that Google will get to the
bottom of this very quickly in order to protect their name.

------
rmc
The first part sounds pretty circumstancial, since pretending to be from a big
company (Google) is a basic scamming technique.

However the second instance is from part of a /16 IPv4 block assigned to
Google. It could just be a compromised proxy on someone's machine.

------
yanw
Google's statement via: [http://paidcontent.org/article/419-google-
investigating-keny...](http://paidcontent.org/article/419-google-
investigating-kenyan-client-poaching-allegations/)

 _We were mortified to learn that a team of people working on a Google project
improperly used Mocality’s data and misrepresented our relationship with
Mocality to encourage customers to create new websites.

We’ve already unreservedly apologised to Mocality. We’re still investigating
exactly how this happened, and as soon as we have all the facts, we’ll be
taking the appropriate action with the people involved._

~~~
JS_startup
This needs to be at the top. Google confirms that it was their representatives
who pulled off the scam, not someone posing as Google. We can all stop making
excuses for them now

~~~
sek
We should accept that Google has many employees and some of them are black
sheep.

They are not perfect, but they seem very transparent by admitting it.

~~~
robryan
Any large company can use that excuse though, they still benefit greatly from
the activity. It's pretty rare you see a big company not try an shift the
blame to contractors or a small international office. If you can't have
effective oversight over all your operations then maybe the company is to big.

------
yanw
I'm assuming it was flagged because the headline was in ALL CAPS.

~~~
bnr

        text-transform: uppercase;
    

There's lowercase text in the DOM.

~~~
hellweaver666
Strangely though, if you copy and paste in Chrome, you get uppercase text,
even if it's lowercase in the DOM.

~~~
justincormack
I would file a bug for that...

------
kenrik
"Do no evil"

There is a saying in spanish that roughly translates "beware of unrequested
affirmations"

I think it applies here..

------
billpatrianakos
No need to circumvent. This is already the top story.

