
Why did ProtonMail vanish from Google search results for months? - based2
https://techcrunch.com/2016/10/27/why-did-protonmail-vanish-from-google-search-results-for-months/
======
throwawaydev7
Anecdata: At a conference a couple of years ago I was talking on-stage about
my product. It's a direct competitor to Google in an area that they don't do
very well (quite often, comically badly), and my customers are people who care
about getting really good results in this area. I made a couple of joking
quips about the poor quality of the Google product during this presentation
and moved on.

Two days later my product completely vanished from the Google rankings. No
cause that I could think of; I wasn't doing any questionable SEO or other
manipulation at the time. I later found out there were Google people at the
conference, though I don't know whether they were at the talk or not.

Correlation != causation so I'm hesitant to definitively call shenanigans on
this. But it does make me believe ProtonMail's story a little more.

~~~
ExpiredLink
Listen to this TED talk. They are Google's competitor ...

[http://www.ted.com/talks/andy_yen_think_your_email_s_private...](http://www.ted.com/talks/andy_yen_think_your_email_s_private_think_again)

~~~
Tharkun
Well that was a waste of time. Poor talk, no technical information, nothing
innovative.

~~~
ExpiredLink
That's not the point. You know why Google removed them from the search
results.

------
mooman219
Let's not forget protonmail.com was previously protonmail.ch. Moving domains
can make a tremendously negative impact on search engine rankings. The "fixed"
comment could have been properly assigning protonmail.com with the ranking
data for protonmail.ch. This detail was in the previous HN post, but looks to
be left out of this one for some reason...

Disclaimer: This is speculation. Take both this article and my post with a
grain of salt.

~~~
joelrunyon
> Moving domains can make a tremendously negative impact on search engine
> rankings.

Only if you do it wrong. If you do it write, there should be negligible
impact.

~~~
jklinger410
You will usually see a dampening of rankings when moving domains. Redirects do
not transfer 100% of authority.

~~~
tf2manu994
Since August, no.

[https://moz.com/blog/301-redirection-rules-for-
seo](https://moz.com/blog/301-redirection-rules-for-seo)

~~~
jklinger410
Thank you for showing me this!

Not sure how I missed it.

------
n1000
> ProtonMail tracked this situation through Spring 2016, trying to get in
> touch with Google to query why it had vanished from search results — and
> initially having no luck getting a response. It only eventually got an
> acknowledgment of the complaint in August after it had tweeted at Google
> staff.

Why is it that large companies like Apple and Google are so hard to reach?
Remember the story of the Dash iOS app developer that got kicked out of the
store. He also practically was unable to reach anyone.

~~~
lucaspiller
To be fair what that guy originally said and what happened were two different
things. Apple contacted him before they shut down his account. At least that's
what Apple said...

[http://www.loopinsight.com/2016/10/10/apple-responds-to-
dash...](http://www.loopinsight.com/2016/10/10/apple-responds-to-dash-
controversy-with-proof/)

~~~
n1000
Whatever the case may be. I think there are plenty examples where situations
escalated simply because the company ignored an urgent and justified request.
I remember calling AppleCare and the poor guy on the phone admitted that there
was a bug in OSX but had no means to escalate my problem further.

Another example is the recent Spotify bug, which did not receive any attention
until the story made it to the top of HN. I think companies actually cause
damages to themselves by not reacting sooner.

~~~
londons_explore
As an engineer for a related company, I sometimes go and look at the support
forums or tickets for my software.

I find hundreds or thousands of complaints. Many are legitimate bugs, and some
are user stupidity ("I need to check my mums email but she won't give me her
password, can you let me in anyway").

For those which are legitimate bugs, I know, through user metrics, that they
only affect a tiny fraction <0.1% of the users. I, and the rest of the
engineering team have to prioritize our team between fixing these bugs for the
0.1%, and making the product better for the 99.9%.

It can be a tough choice, but when you've decided that it's time to move on
and develop new features, hearing about individual instances of rare bugs is
no longer useful. We just aggregate how many users are impacted by each
significant bug, and from time to time quash the top ones.

Manually editing a database entry for a single user is no longer privacy-
justifiable, so basically the only fix we can do is to fix the bug for all
users at once. And if the bug is only affecting 15 out of 300,000,000 users on
a product that makes 1 cent per user per year, I can't afford to spend more
than 30 seconds on it really, yet most bugfixes are at least a days work.

~~~
xg15
Thank you for taking the time for writing this and being so open.

However, I think this approach should be criticized. It's a very concrete
improvement for the 0.1% of users dropped in favor of a very vague improvement
for an unknown subset of the 99%. Also, the bugs have severe consequences for
the users (as in the OP or the Dash case) it would be downright irresponsible
to be customer of a company that acts like this.

------
londons_explore
If this post weren't full of vague legal risks for Google, you would likley
get a (private) explanation of the cause. As it is now, no employee would risk
such communication for fear of it being used against them in an anti trust
case, even if it were well meaning. Anti trust cases are worth billions, and a
single email saying "we messed up because your URL contained an apostrophe and
that caused a bug in our crawler" might well tip the case against Google to a
non technical judge or jury.

~~~
kuschku
If they say nothing, it’s even more likely to be used against them.

And I personally think that’s actually good. Open all the antitrust cases
against Google at once, so it can be broken up.

------
arkadiyt
Direct link to Protonmail's blog post: [https://protonmail.com/blog/search-
risk-google/](https://protonmail.com/blog/search-risk-google/)

------
mark_l_watson
A little suspicious, but lacking hard evidence of trying to hurt competition,
I choose to give Google the benefit of the doubt here.

I have had a ProtonMail account for a few years and the system keeps getting
better. The one feature lacking, and keeping me from using it as a primary
email service, is not being able to backup my emails locally. I think that is
on their TODO list.

~~~
fgpwd
They also don't have 2-factor authentication yet.

~~~
vabmit
2fa is being tested on the internal development site, now.

------
jklinger410
Google often-times makes severe algorithm changes. There is an SEO company
called MOZ that keeps track of these. If you see right around the same time
that ProtonMail suffered a disruption of rankings they were in the middle of a
huge update ([https://moz.com/google-algorithm-change](https://moz.com/google-
algorithm-change)). This was May 10th of this year.

I am referencing the official ProtonMail blog post
([https://protonmail.com/blog/search-risk-
google/](https://protonmail.com/blog/search-risk-google/)) linked by another
commenter in this thread.

I also want to say I'm not a Google employee and have no vested interest in
the authenticity in their algorithm.

It is very fishy that according to PM they contacted a Google rep via twitter
and got a "we fixed something" response from them.

As an SEO person, my opinion is this:

As an encrypted email service ProtonMail probably gets a lot of foreign and
otherwise "undesirable" (or deplorable ;) ) links in the eyes of Google.
Google lately has been doing a lot of algorithmic changes to actively sift
these types of links out of consideration when ranking sites or dampening them
severely.

My guess is that Google was basically penalizing PM for the links they were
getting without notifying them via Webmaster Tools. Whether or not there was a
manual penalty involved that they weren't notified about also adds a little
bit of shadiness. Maybe Google _thought_ PM was trying to game the algorithm
or at the very least many of the links they were getting were of a spammy
nature and they ran a penalty on them.

The redirect from them changing a domain in the past can also compound issues
with Google. Sometimes they consider redirects spammy depending on what kind
of redirect is in place.

Without more info it does seem weird that they would "fix" something not only
without warning them in the first place but not explaining it afterwards? Most
web admins have to use what's called a "disavow" list to remove the penalized
links but apparently their rep seemed to do this for them. Probably due to the
anti-trusty viral nature of the complaint?

I don't know what SERP tracker PM is using for these stats. Barring there were
no errors in that system, they can trace the lack of rankings to a lack of
organic traffic, and they were given no reasoning to the penalty or what was
going on...

They may want to hire a lawyer and start an anti-trust suit on Google. This is
very fishy without any official information from Google.

~~~
walshemj
Thats interesting it would be interesting to look at there link profile -
getting out of a link penalty is hard it took me over a year to get on client
out of one.

------
hedora
The Swiss recently passed this pro-surveillance referendum:

[https://protonmail.com/blog/swiss-surveillance-law-
referendu...](https://protonmail.com/blog/swiss-surveillance-law-referendum/)

In the blog post, proton says they aren't impacted by the new law. Do any
third party analyses agree?

------
ComodoHacker
In case anyone interested, here are my field test results for "encrypted
email", obtained today:

    
    
                     Google  DuckDuckGo   Yahoo
        Proton Mail     1       16          -
        Tutanota        7       20          -
        Gmail           -       10          1 (G Suite)
    

"-" means no appearance up to and including second page. Ranking excludes
sponsored links.

------
tptacek
Google has plausible webmail competitors. "ProtonMail" is not one of them. Can
someone provide an explanation of why they think Google would elevate this
particular random email provider in the media by penalizing their search
results?

~~~
user982
You are not unaware of ProtonMail [1]. Why are you putting its name in sneer
quotes to imply unfamiliarity and insignificance?

[1]:
[https://news.ycombinator.com/item?id=11305228](https://news.ycombinator.com/item?id=11305228)

~~~
Chyzwar
ProtonMail focus on security and paid services, free tier is almost useless.
Gmail is free service that make money on pushing adds and selling your privacy
but provide excellent service. There is no conflict of interest.

SEO it is hard to say. They want to compete on "email" and "secure email"
keywords it is not going be easy.

~~~
dylz
> Gmail is free service that make money on pushing adds and selling your
> privacy but provide excellent service.

G Suite Email is a paid service that doesn't sell your privacy, doesn't serve
ads, and has extremely good service.

~~~
chappi42
> G Suite Email is a paid service that doesn't sell your privacy

G Suite is an american service and will give away your privacy without a
proper/open court case when receiving a gag order. This is very much in
contrary to PM.

------
simosx
The article does not provide an answer and simply poses the question. The fact
that Google does not disclose any useful information makes it difficult to
figure out what really happened.

------
Steeeve
I wouldn't consider ProtonMail a competitor of Google. I would assume they got
penalized in search rankings like everyone else.

The fact that they went through Matt Cutts to get this resolved is telling -
since he's the public face of Google for anti-web-spam/anti-blackhat-seo.

> @mattcutts We know Google is intentionally hiding ProtonMail from search
> results. Interested in talking before our data goes public?

Apparently threats help get you attention.

~~~
tinodotim
Matt Cutts isn't the public face for the webspam team anymore, for months if
not years now. I think since 2014.

He even left google and works for the US Digital Service since this summer.

And on the topic: Nope, no penalty. At least no ordinary / known version of
typical penalization.

~~~
paganel
Just found out right now that the "famous" Googleguy user that was posting
stuff on Websmasterworld around 2002-2004 has been confirmed as having been
Matt Cutts (the article is a little older, from 2011,
[https://www.seroundtable.com/cutts-googleguy-
intheplex-13291...](https://www.seroundtable.com/cutts-googleguy-
intheplex-13291.html)). Those were interesting times, when Google was still
playing the "good guy" card trying to get most of the websites' data. I'm
pretty sure nothing of that facade has remained in place now.

~~~
Steeeve
I'm old...

------
SagelyGuru
I have every sympathy with ProtonMail. Google's behaviour in this certainly
looks highly suspect.

However, in general, I am not a fan of regulation. I wonder if this problem
could not be better fixed by an open source search engine "assistant" that
simply polls several existing (competing) search engines? Perhaps implemented
as a browser plugin?

I base this suggestion on the assumption that not all the usual search engine
providers will have the same conflicts of interest. More specifically, in this
case, they are not all email providers themselves. For the same reason I trust
more the search engine providers who have not added to it all kinds of other
business interests.

Any thoughts on that? Has anyone tried it?

~~~
gnud
What search engines are not email providers?

~~~
SagelyGuru
DuckDuckGo?

~~~
Nullabillity
DDG mostly relies on the APIs of other search vendors, who do have email
services.

------
benkarst
Over the past year or two, I'm becoming convinced Google's "Don't be evil"
days are over.

Does anybody have any recommendations for alternatives to Google Drive?

~~~
ocdtrekkie
I use Sandstorm.io, which you can either self-host or use as a managed
service.

------
discordianfish
I can't imaging they would do that intentionally and on their own will. It's
too obvious and just provides more arguments for the anti-trust complaint.

~~~
ubernostrum
Google has already been getting away with giving unfair priority and treatment
to their own properties for years. Why not take the next step and just start
outright hiding competitors?

~~~
frogpelt
Google is not required to provide you search results. And they should be
expected to market their own products.

To expect otherwise is foolish.

~~~
kuschku
> Google is not required to provide you search results.

Yes, they are, if they want to access the market at all, they have to provide
results to everyone, and can’t discriminate.

> And they should be expected to market their own products.

No. They have > 90% of the market, which is used by > 50% of the population,
meaning they’re automatically a public utility, and can not provide any
positive or negative discrimination to their own or other services.

Any treatment has to be completely fair and equal, and if their own services
can get integration, so any competitors have to be able to do. (For a fair
price, of course).

~~~
pbhjpbhj
>they’re automatically a public utility //

Is that your assertion or is that through legislation where you are (which is
where?)? Thanks.

~~~
kuschku
The laws do not directly express the definition "public utility", but the very
same restrictions and regulations, and their creators specified that this was
the intent.

------
quickConclusion
This is why we need good whistle blower protections. If Google does that
intentionally, there must be quite a few people in the know at Google.

Even without, it just takes to open a throw away account here, and say
something.

------
babuskov
It looks like a net win for PM. If you look at the graph, before disappearing
they had struggled for position and after the fix they are #1. Plus they get
publicity like this TC article.

------
totalZero
Does Google make money from its relationship with government agencies that
perform surveillance?

~~~
throw2016
Cultivating government agencies comes in handy especially for global business
ops and legal snafus. And I think Google's general 'stalkiness' and getting
people used to being stalked ties right in with surveillance culture.

------
vladimir-y
Has ProtonMail become a really secure? Since when I last time checked web
client I noticed that PGP keys are being passed over the internet when you do
login (private key), which doesn't look like a true end-to-end encryption
since private key should be kept locally and never be passed over the
internet. Please correct me if I'm wrong, I'm note very well versed in the
encryption matters.

~~~
tinodotim
The private key is encrypted using your mailbox password (a 2nd password, not
the login password) and that is not stored on their servers. So they only
store and pass the private key encrypted.

So it should be secure enough but for sure, the implementation is still not
perfect at all, especially if you want to communicate with non-protonmail
users.

~~~
vladimir-y
> So they only store and pass the private key encrypted.

I remember I was able to get key passed through the network in the not
encrypted form, I was looking into the network tab of the browser's dev
console. When you do login look at the response of the
[https://mail.protonmail.com/api/auth](https://mail.protonmail.com/api/auth)
POST query.

------
ephimetheus
Got suspicious about the name Proton, started reading the website, saw that
it's based in Switzerland.. and yup, they're Ex-CERNies. :)

------
tobltobs
The domain move which protonmail did looks quite risky: Country TLD to generic
domain, new domain parked at Godaddy before and the first owner of this domain
run an email server which maybe did unexpectedly closed shop. The domain move
happened at the same time when protonmail vanished from the search results.

Instead of publicly looking for a scapegoat for their mistake they should tell
readers of their blog the one lesson to be learned from this story: Never use
a country TLD for something targeting more then this country!

------
jstrieb
On one hand I'm a major advocate of trustbusting and encouraging government
regulation of large, potentially competition-squandering companies. But I'm
also an advocate of a free and open Internet, entirely unregulated. To me,
this case walks the line between the two and I don't think any more can be
done with regards to making the "right" judgement without additional,
definitive information.

------
joering2
What a coincident; I was just wondering when will Proton popup on HN to share
my experience.

I must say I don't think they even have customer support. I emailed them and
opened tickets multitude times with serious questions (looking into moving
entire enterprise with 100+ email addresses) but I guess I was neither their
type of client nor they simply don't have customer support at all!

This issue turned me off and against them entirely; sorry.

~~~
blunte
I have had good support from them. Maybe it's because I'm a paying customer?

What they are doing, both from the backend side and the multiple clients side,
is a lot. Chances are they are just really busy with the number of employees
they have.

------
imjustsaying
Does this have anything to do with what was, retrospectively, a
disproportionately pro-Hillary, anti-Trump bias demonstrated in Google News
results over the final arc of the election, and the resulting 'out of the blue
shock' feeling experienced by so many in America after Trump's election? Or
was that simply the result of an effective backlink brigade?

~~~
lostlogin
Can you square this view with Clinton winning the popular vote? You are
looking in the wrong direction. Perhaps inaccurate polling (is polling
actually helpful anyway?) and reforming a _slightly_ troubled electoral system
are the actual problems.

------
hackuser
Perhaps part of the way to address Google's enormous market power is that they
should provide remediation when it causes a problem, including transparency
when Google's search results place a site significantly lower than it does in
competitors' results.

------
walshemj
Doesn't seem (from the tone of that post) that they had anyone on staff to
handle the SEO Inbound marketing - where is the summary of what investigation
they did.

There are ways to reach out to google and get an answer

------
nullnilvoid
Don't be evil, Google. This one has clear evidence. I doubt that it is a bug.
It only affects Protonmail not others.

------
shocks
Runbox user here. Can anyone comment on how these two compare? Is it worth
switching?

~~~
tinodotim
Runbox is more like a "normal, ordinary" e-mail service with high security &
privacy precautions, but for example no integrated end-to-end, zero-knowledge
encryption (option) for mails. You can of course use pgp/gpg like with any
other service.

So in Protonmail, for mails inside the service, from protonmail user to
protonmail user, they afaik use a pgp implementation and handle the key
exchange.

To send secure messages from protonmail to another service, you can encrypt
the message / conversation with a password and the recipient gets an email
with an url, where he can, given he has the password, decrypt the message and
reply securely.

~~~
shocks
Thanks! I guess I'll stick with Runbox.

------
dandare
Could you in theory sue Google for (intentionally or not) discriminating
against you in the search results? Just in theory.

~~~
jlgaddis
In theory, one can sue Google (or any other party) for any reason whatsoever
-- no matter how absurd or "out there".

IANAL but I doubt they'd get very far. What would their actual argument even
be? Google isn't obligated to include every web site in existence in their
index.

~~~
awqrre
Seeing how Google have a near monopoly on Search, perhaps they should be
required to... or at least be required not to remove search results of
already-indexed legitimate websites.

~~~
kyrra
How does one create such a list? How do you distinguish domains that have gone
rogue (either ones that were legit then went bad. Or if the domain expired or
was sold to a nefarious person)?

I believe in this case protonmail was hit by an algorithm based derank (not a
manual action). What causes it is anyone's guess. But something series of
events hurt their ranking. Its also important to note that PM was NOT
delisted. They still were getting traffic from Google, they were just
deranked.

------
mikebay
Google censoring search results and acting more and more like microsoft in
90's.. time to skip google search engine and support another corporations..

------
glaberficken
Not condoning any shoddy move by google, but have you noticed how the
ProtonMail UI is a shameless ripoff of gmail?

See these screenshots from ProtonMail:

[https://protonmail.com/images/slider/compose.jpg](https://protonmail.com/images/slider/compose.jpg)

[https://protonmail.com/images/slider/inbox.jpg](https://protonmail.com/images/slider/inbox.jpg)

[https://protonmail.com/images/slider/column-
labels.jpg](https://protonmail.com/images/slider/column-labels.jpg)

~~~
kuschku
First, there’s no copyright on a general style, or theme. Nor can it be
patented or trademarked.

So, legally, this is already nothing.

Second, this is not something Google invented – Google started with webmail,
but many other companies had designed stuff like the in-frame editor, or other
concepts before Google.

So, even if ProtonMail outright copied Google, Google, because they copied
together many other people’s ideas, wouldn’t have reached the Threshold of
Originality.

~~~
nickpsecurity
They're called Design Patents. They exist. Apple vs Samsung was quite a famous
case over them with hundreds of millions in damages on the line. I have no
idea if Google is using Design Patents on their products but can if they
choose.

[https://techcrunch.com/2015/08/03/swipe-to-patent-design-
pat...](https://techcrunch.com/2015/08/03/swipe-to-patent-design-patents-in-
the-age-of-user-interfaces/)

~~~
kuschku
ProtonMail is in Switzerland. Neither in Switzerland nor in the EU, Design
Patents exist.

~~~
nickpsecurity
Your first sentence was broader than that. Far as EU, they're called
registered designs. I don't know much about them past that they exist. They're
also in Hague Agreement of WIPO which Switzerland is a party to. Apple's
attack on Samsung in Germany was about them copying the interface and style.
Situation isn't as clear cut to me given the above.

Even if nothing applied in Switzerland, the countries supporting such things
might block their local presence there under grounds of violations. This risk
actually is why some companies, esp Chinese, won't do business in the U.S.. If
this played out, they'd be blocked from serving customers in U.S. or any
nation that upholded the claim against them.

