Hacker News new | past | comments | ask | show | jobs | submit login
Google, what were you thinking? (mocality.co.ke)
751 points by swombat on Jan 13, 2012 | hide | past | favorite | 143 comments

There's a couple of reasons why I think this doesn't seem quite right:

- "Large human effort" doesn't seem like Google's style - a screen scrape for info would be faster for them, and I'd assume that they already have tools built to do that.

- If the callers are lying about being affiliated with mocality, then why can't we assume that they might also be lying about being from Google?

- Google would likely have the entire site indexed and cached already, so there's very little reason for them to get actual people to manually screen-scrape the live site.

- OK, the second wave is coming from a Google IP, but why wasn't the first wave coming from one?

Yeah, it looks pretty bad, but this type of behaviour is so atypical of Google. It seems almost laughable to make the assumption that it's anything other than scammers trying to take advantage of Google announcements to try to make a quick/easy buck by selling Google services as an affiliate.

I'm also very curious what services the callers were offering. Are they services Google offers? Services Google charges for?

I'm assuming that they're offering google apps, which you can sell as an affiliate (naming your price). But reading through the transcript, and listening to the calls, they claim to be offering to "develop" a web site for the business, which I very much doubt google would ever do.

They have tools in google apps for making pages/simple sites, but everything about the call stinks of scam.

> Caller: Twenty one days. We're going to develop the website within twenty one days

When has google ever "developed websites" for independent companies?

  Caller: XXXXX, and do you have a gmai account?*
  Business owner: yes, I do have a gmail account.
  Caller: Kindly give me your gmail account.
  Caller: ... you will be given a personal password which you can use to log in and make changes in case you want to.
  Caller: ... For photos, I will give you my gmail account so you can forward to me either the business logo or the photos you feel have nice looking clothes that can attract customers.
Yes, I've cherry-picked some of the transcript, but the point is that these are practices which aren't just against Google's "Do no evil" policy, but would be counter to how they would actually run. For a company like google, with their existing infrastructure, this would just be bad business.

Also, why ask for a gmail username, and then say later "Well we'll send you a username and password once we're done". It doesn't make any sense.

Oh well, I assume that at some point, Google will be forced to respond, will give a big "What the hell, guys, this wasn't us", and then everyone will look sheepish for a while until a year later where some blogger will stumble on it again, and try to expose the truth of "google being evil in africa".

Just a pedantic nit; Google's code of conduct catchphrase is not "do no evil", it's "don't be evil".

And I suspect they aren't, as a company. Even though these were Google employees, as Google has admitted, I doubt they were acting in accordance with anyone sufficiently high up in the corporate hierarchy.

Ok, after reading over this transcript, it's clearly a scam unrelated to Google: http://blog.mocality.co.ke/files/2012/01/Incoming_Call-Redac...

1. Google doesn't offer website creation. 2. Google doesn't charge for low-traffic hosting. 3. Google wouldn't setup your website via email.

They do. With partners. It's "Getting Kenyan businesses online": http://www.kbo.co.ke/

They've done a similar action in France few months ago.

The guys who said coming from Google were probably a partner of the operation.

But they're not offering to create websites for businesses - they're just offering the tools and making it easy for businesses to create their own websites.

There is much in that transcript which is inconsistent and even contradictory to any available information on the "Getting Kenyan Businesses online" site.

Yes, exactly. It's called Google Business SiteBuilder. Perhaps the company calling is using this tool to build Kenyans' sites, then charging for it?

I'm curious to see how this ends up.

The upsell is the part that makes me suspicious, because that doesn't sound like the type of thing that Google would do.

My guess is this. It is someone claiming to be Google and selling a service that is actually free. That's a pretty common thing to see in Africa, in Rwanda we see people 'selling' Google Apps for domains all the time.

The WHOIS lookup does give me pause though.

Reading the complete transcript here: <http://blog.mocality.co.ke/files/2012/01/Incoming_Call-Redac...;

It makes me believe that it is Google, though I still find the monthly hosting charge thing a bit strange, because I can't find any mention of that on their site.

Apart from the false information about Mocality, does Google using their directory to do these cold calls actually violate Mocality's Terms of Use?

Really curious to see Google's response. Joe Muchera (head of Google Kenya) says he's looking into it. That not being an immediate dismissal makes me think it is indeed a Google initiative, though one that went off the rails.

To me it reads a lot like a scam. Gmail addresses to send data to, vague comments about cost and features. A lot of bullshit about Google.

We get SEO and "host your website" scam calls now and again (maybe 2 or 3 times a month) - since my boss went to an "SEO & Hosting workshop" sigh - and it sounds a lot like some of them.

Reading the complete transcript here: … It makes me believe that it is Google

How so? I read it and it looked like one of those crappy scams? How does this strike you as a legitimate Google employee?

The post mentions that Google was violating their T&Cs:

When we started this investigation, I thought that we’d catch a rogue call-centre employee, point out to Google that they were violating our Terms and conditions (sections 9.12 and 9.17, amongst others), someone would get a slap on the wrist, and life would continue.


The post says that, -if- Google is doing what someone pretending to be Google is apparently doing, then Google would be violating its own T&C's.

Please read carefully so as not to turn a hypothetical statement into an inaccurate fact.

You are correct that it is all hypothetical based on who is responsible. However, you are incorrect that this is related in any way to Google's own T&Cs. The post links to the Mocality T&C page and says whoever is responsible is violating the sections mentioned in the paragraph I quoted above.

Not to get too far off-topic, but you're doing the exact same thing:

> -if- Google is doing what someone pretending to be Google is apparently doing

We don't know if it was Google or someone pretending to be Google. However, to make jontas's statement neutral:

> The post mentions that the alleged Google team was violating their T&Cs:


I think that transcript essentially proves that it wasn't Google. Everything he says about the program is completely wrong. I'll just pick out the things that are indisputably wrong, there is more that I would argue is wrong but may be viewed differently by others. You've already mentioned the false information about Mocality that the caller uses, so I don't need to repeat that.

"[The domain will be] ww.your business.CO.KE" No, it will be www.your business.kbo.co.ke. This is something very important, you get a subdomain of Google's Kenyan Business Online site kbo.co.ke.

"Twenty one days. We’re going to develop the website within twenty one days" No. Google's KBO does not develop the websites themselves, they provide a "Business Sitebuilder tool" that allows you to do it yourself.

"XXXXX dot XXXXX at gmail dot com." This should be @google.com not @gmail.com.

"and also we go on facebook. People who log into facebook can see the clothes you are selling." No. Google's KBO does not do anything with Facebook.

"When someone is on facebook, they’ll see your ad there." Again, no. Google is not giving you advertising space on Facebook.

"Ok, there’s a small fee for hosting of Ksh. 200 per month. [...] Only that for hosting. You know hosting is different from developing." No, there is no hosting fee. The only possible fee is an optional one if you want your own domain and it isn't 200 per month.

There's more but I think that should give you the general idea. Given just this transcript and comparing it to the details of Google's program at kbo.co.ke I would say that this caller is definitely not working for Google but is rather a scammer. In fact, in this transcript the caller basically walks through the steps needed to use the Business Sitebuilder tool. This explains how the business who didn't agree to the thing would end up with a site anyway, the scammer did it while on the phone. Now, I haven't considered the IP logs, but my best guess for that is that it is coming from Google Translate as discussed elsewhere.

Edit: I should clarify. I am not certain that Google was not involved with this, it's more that I am convinced that that particular caller wasn't working for Google. While I am unconvinced that these callers worked for Google, there is some rather damning evidence.

The main problem is that the Google representative incorrectly presented the offer as a partnership with Mocality. This is clearly fraud as the Google representative is using the business owners trust in Mocality to sell a competitors product, using a non-existing Google-Mocality partnership as a selling point.

> It is someone claiming to be Google and selling a service that is actually free. That's a pretty common thing to see in Africa

I bet it's pretty common everywhere, I know it happens in Sweden regularly, although the scam companies are shut down pretty quickly over here.

"The upsell is the part that makes me suspicious, because that doesn't sound like the type of thing that Google would do."

You haven't worked with their sales team then. Sales people (Commissionus Salesdroidicus :-) live and breath to win, and winning means creating leads, converting leads, and booking business.

Hopefully the folks inside Google who believe in transparency and doing business competitively but honestly, will be able to pressure the teams who endorse this sort of activity.

The next step will be the more interesting one. Do they they stop scraping Mocality? Do they enter into a dialog to actually partner with them? Or do they start using Tor nodes to scrape the site and stop telling people they are from Google?

When that next chapter plays out the true nature of the business is revealed.

Could the http requests be made from Google App Engine? Then again, why would the scammers go though such hoops.

For legitimacy. Don't make the mistake of thinking the only people who know about App Engine are San Franciscan hipsters with Macbook Pros. Blackhat hackers stay just as updated on technology trends as everyone else.

That still doesn't make sense. The only thing the scammers did with those IPs seems to have been searching the Mocality database.

The only reason why those IPs even got exposed is because of the thorough investigation Mocality has made (or, claims to have made): After the first wave of confused calls by their customers, they cross-checked their logs and found one IP with an uncommon UA accessing all these records, then they served a fake phone number to that IP and confirmed that whoever was making these fraudulent calls was indeed operating from that IP and claiming to be Google in cooperation with Mocality.

Now it could be that these are scammers that found a clever way to proxy through Google on the off-chance that Mocality would do this investigation and evidence would continue to point to Google? Ok I get "pretending to be someone else" is scamming 101, but "pretending to be someone else when the person you're pretending to be cooperating with finds out about and the scam is pretty much exposed" it just sounds like an incredible amount of trouble for an eventuality that is very unlikely and even then it doesn't seem to help much?

"No, let's somehow proxy through Google so that if Mocality becomes suspicious and tracks us they'll think it's Google and the whole Internet will get confused and the people of HN will get into arguments ... mwuahahahaha ... excellent ..."

Can't you see, this is what Google wants us to think! ;-)

Hide themselves? It's essentially a form of proxy.

I am hoping that this is a rogue group of local Google employees who are about to be smacked down by Google head office.

This kind of thing is going to happen occasionally with global organisations, but Google needs to do something public quickly to make it clear that this is against policy.

You can't have a "rogue group of local employees". You are accountable for all your employees action - legally and morally. How often has a company done something only to blame it on "contractors" or "a third party". That's not acceptable.

Google are responsible for their employees' actions. But there is still a difference between employees doing evil in defiance of management's orders, doing evil as instructed by management, and doing evil in a climate of management neglect.

Oh, absolutely. Google are responsible for oversight of their employees. Someone inside Google isn't doing their job, and heads need to roll here.

And the appropriate response is to publicly: admonish the behavior, investigate and report, then reprimand/dismiss the employee(s) who are found guilty.

If Google's management is innocent, then they need to prove so, and show it by acting ethically as described above.

That, and make sure it doesn't happen again. I'd be a little worried about how Google manages the business side of things; they have a good brand and the potential to make a lot of money, so of course someone will find it advantageous to take shortcuts turning one into the other. The philosophy and reliance on automation, which can be designed to dismiss complaints and block normal feedback, can be used to have some teams shield themselves from accountability. At a higher level, there's the possibility of selective blindness and negligence hiding some level of malice and irresponsibility.

Mnemotechnic for a proper apology: regret, responsibility, and reform.

I am hoping the opposite. I am hoping that this was sanctioned by head office, so it destroys their undeserved and harmful, "does no evil," reputation.

So you're hoping Google has done something evil so people will think they're evil?!

I am hoping that Google has been exposed for their "evil" business practices, so people start to realise that they're just another rich corporation trying to make profit at the expense of others.

I don't want them to do "evil" things. But they do. People are blind to this and need a wake up call.

EDIT: The downvotes only serve to prove my point

The downvotes only serve to prove my point

That is false. The cause of my reaction is actually revealed here quite explicitly:

trying to make profit at the expense of others.

The enterprise we're all engaged in on HN is making profit, paid for by someone else. This is a good thing, because a buyer's willingness to pay for a product signifies how important that product is to him. If someone is willing to give me a lot of money for something, it's because he thinks my product is going to improve his situation at least to that degree. Thus, if someone is making a lot of profit (honestly), it's prima facie evidence that they are delivering that much value to their customers.

And no, that's not corporatist propaganda. It's a necessary logical consequence of the idea that people who are free to choose, will make the choice that serves their own needs better. If we can assume that, it all follows automatically.

EDIT: I wasn't going to add this, but can't restrain myself. The line "your disagreement only proves my point" is perhaps one of the worst gambits I can imagine in a debate, possibly only surpassed by "they're just jealous". A person's agreement or disagreement has absolutely no bearing on the veracity of a statement.

I'll put you in with the group of people who misunderstood the point.

By my statement, "they're just another rich corporation trying to make profit at the expense of others," I made no judgement on whether or not this is a good thing.

I was trying to point out that they're no different to any other company. That they're motivated by profit, and do things that people consider to be evil in the pursuit of that profit. This is why I think they're undeserving of their reputation.

People are too quick to make accusations of anti-capitalism around here. Especially when it's to defend a company that they like. Especially when said company has an undeserved reputation for being all nice and fluffy. Bringing us back to my point of their rep being harmful.

My problem is that you seem to have implied that Google being a for-profit company automatically means that they must "do evil". I don't think anyone think Google is a saint, but you seem to have a vendetta against them and are looking for things to make them appear bad.

All for-profit companies eventually "do evil". If they don't, then they're not doing their job right for their share holders.

I have no vendetta against them. You're seeing something that isn't there. The reason you're seeing it, is because of their undeserved reputation as being less evil than other companies. You're merely demonstrating my point, yet again.

> It's a necessary logical consequence of the idea that people who are free to choose, will make the choice that serves their own needs better. If we can assume that, it all follows automatically.

I could assume that, but I couldn't keep a straight face while doing it! :-D

What planet are you from? This one we call "Earth" is inhabited by monkeys that habitually make irrational choices that are not the best or even harmful to themselves and others around them.

Rational free market forces are a fairytale, I can't believe you seriously made that argument. It's just as "out there" as the pacifist idea that if only we'd all be nice to each other we'd have world peace, or the anarchist idea that if only we'd just all work together, we wouldn't need government. Did you know Santa's not real either?

I'll grant some small part of your response, as empirical evidence does show that people systematically mis-estimate values (risks, large sums of money, etc.) that are either extremely small or extremely large. However...

monkeys that habitually make irrational choices that are not the best or even harmful to themselves and others around them

First, let's throw out the "monkeys" bit. Again, you're falling back to a style of argumentation designed to inflame emotions, but in fact adds no rational content to the discourse. If this were a debate competition, I'd ding you for it.

But more importantly, your assertion that the choices are not the best, etc., is unknowable by you -- yet you assert it as fact. These discussions always seem to assume that all actors ought to be working from the same set of values, yet that's clearly not the case. For example, if I choose a "live fast, die young" lifestyle, the choices I'll make -- BASE jumping, etc. -- may seem absurdly risky to you, but in fact, they really do bring to me a greater return than the alternative.

You can learn a lot more about this in Mises' Human Action. He shows how each person's actions can only be viewed as a black box, the rest of us have no way to gainsay them (nor right to do so, but that's a different discussion). Indeed, sometimes a person's motivations aren't even known to that person himself, but that does not prove that they're not there. Also, even when people are wrong in their weighing of the costs and benefits, that in itself is a rational action, because the cost of gaining greater knowledge or doing deeper analysis itself skews the computation (kinda like Heisenberg uncertainty, in Economics, I guess).

What's worse is that the idea that people do not act in their own best interest is generally attended by the conclusion that there needs to be some authority to watch over us. It's clearly bad to try to fit all of us into boxes of the same size and shape, but it's unavoidable from this approach. But more to the point, it doesn't actually provide a solution, because if we postulate that we're unable to correctly make our own decisions, then one must also conclude (in spades!) that nobody will be able to correctly make decisions for another person (or large groups of them).

And (in a bit of admitted snark -- I'll let myself get away with it because I'm labeling it as such) there's every reason to believe, judging by their own lives, that those people who our system has making these decisions for the masses are doing a worse job than the individuals would themselves.

How are downvotes proving your point?

Because people are blind to Google doing evil and immediately jump to defend them (by downvoting in this case)

This is exactly where their undeserved reputation is harmful. It lets them get away with things that other corporations wouldn't be able to.

If what the blog described is true. Then Google did Evil. It does not matter which branch of Google. If Microsoft did the same, they wouldn't be defended half as much as Google is being.

I downvoted you, not because "I'm blind to the fact that Google does bad stuff", or to defend Google, but simply because you sound like a malcontent with an axe to grind and not much substance to back up your personal crusade against Google.

Google is no more or less evil (or hypocritical) than other corporations that size.

"Google is no more or less evil (or hypocritical) than other corporations that size."

Exactly my point Therefore their "does no evil" reputation is undeserved.

At no point did I specify that Google is more evil than any other company, but only that their reputation is undeserved, and people need waking up to this fact. If this latest action was sanctioned by head office, then Googles "does no evil" reputation becomes impossible to defend.

Who cares what a group of people think? Especially on the Internet?

The only real use of 'public opinion' is trolling people with their own cognitive dissonance. Without strong evidence, you just sound whiny.

"Who cares what a group of people think"

Everybody. Every single person who has ever existed and every single person who will ever exist.

You're being downvoted because you have a very strong opinion and are providing no information to support it. What's so evil about Google? Open-sourcing Chrome? Personalizing search results? Free email hosting?

(I'm not being sarcastic with these examples. Gmail was terrible for Hotmail -- it was a lot better and nobody wanted Hotmail anymore. Chrome is similar; it gained traction a lot faster than Firefox, and is stealing developer mindshare. If you are Microsoft or Mozilla, I can see how this might be "evil". But if we compare it to the Holocaust...)

they wouldn't be defended half as much as Google is being.

I think you need to re-adjust your filter :)

In this thread, for example, the only defence is people questioning whether it is actually Google doing this.

That's reasonable; Google is a major target for scammers. I reckon we (a UK ISV) get about 2-3 calls a month from "Google" offering us various services. If you dig a bit they might admit to being "partnered with Google"; but it's all bullshit.

It doesn't seem an unreasonable assumption that the same might have happened here.

I don't, however, seeing anyone defending what has happened...

Google's initiative explicitly allows co-branding...ymmv as to what that means depending on if you are in Kenya or Arkansas.


That's certainly not why I downvoted you. So, how does my downvote prove your point?

PS - it may surprise you, but there are PLENTY of people on Hacker News who don't think Google is the epitome of all that is good.

I was only including people who understood my point. I can see how people who misunderstood my point might have downvoted me for other reasons.

What is your evidence of such things? Your argument is rather stupid. Did you not do so well in your interview there?

"Your argument is rather stupid."

"Did you not do so well in your interview there?"

Pot, meet kettle.

On a random note, is there a more timeless variation on that phrase? The pots and the kettle that I usually encounter are all made of shiny, silver-colored metal, except for their handles; I've seen a couple of black-metal pots, but not routinely. ...A Wikipedia article[1] suggests that a pot might have been blackened by smoke from being held over a wood fire, which obviously does not happen with electric stoves.

Anyway, at this point, in the spirit of George Orwell[2], I consider it to be a dying metaphor, and have no desire to put it into my writing. Hence my desire for alternatives. So, first off, there is the word "hypocrite". And then if you want a clever thing to say, I don't think "You see the speck in your brother's eye but ignore the plank in your own" will become obsolete, at least for a while. (As long as wood is used for construction, it will probably be put into planks, and people will probably encounter them at some point in their lives. And I don't think "plank" has any competing meanings at the moment.)

[1] http://en.wikipedia.org/wiki/Pot_calling_the_kettle_black

[2] "Politics and the English Language". In particular, do a text search for "dying metaphors". http://www.mtholyoke.edu/acad/intrel/orwell46.htm

Eh, there seem to be a good number of black pots for sale on amazon, though they are undoubtedly black for other reasons than pots used to be black for. I have a cast iron kettle that I use as a door stop that's also quite black, though I do suspect it's rather old.

First result for "pot": http://www.amazon.com/Cuisinart-619-16-Nonstick-Hard-Anodize...

You must not have gotten the memo--HN still has a creepy, starry-eyed obsession with Google and sacrilege like yours will have you burned at the stake :)

I left this comment on the original post, but it's been caught by the spam filter there:

Hi Stefan – apologies if I’ve missed something, but the only solid proof I can see that this is actually run by Google is that the IP address some calls came from was assigned to Google.

Last year Mark Turner was concerned that the Department of Defense was listening in on his phone calls because of an IP address that later turned out to not belong to them at all, but (I believe) was being squatted on by Sprint. Couldn’t the same thing be happening here? http://www.markturner.net/2011/11/08/why-is-the-defense-depa...

I wonder whether the scammers aren’t actually employed by Google and are simply out to make a quick buck by pretending they are.

Can anyone speak to the technical aspects of his analysis? I'm not seeing any truly compelling proof that this is run by Google. Just the one IP address that's registered to Mountain View.

That Sprint problem was caused by Sprint "borrowing" DoD addresses to use in their internal NATed mobile network. This wouldn't be an issue with a standard web site like Mocality which is directly connected to the Internet, instead of via NAT.

I trust Mocality's technical chops enough to believe that the IP traffic is coming from where they say it's coming from.

As additional proof, the callers claim to be from Google, and Getting Kenyan Businesses Online is a genuine Google initiative. So a lot of things wouldn't add up if it turned out not to be Google behind it.

I trust Mocality's technical chops enough to believe that the IP traffic is coming from where they say it's coming from.

I agree with this.

the callers claim to be from Google, and Getting Kenyan Businesses Online is a genuine Google initiative

Claiming to be a member of something legitimate on a phonecall is scamming 101 - it's usually very hard for the person on the other end of the line to verify it immediately.

So a team of rogue callers (some of them with indian google ips) pretending to be google pretending to be partners of mocality call numerous kenyan business numbers and promote google initiative. What's the point and who pays for that nonsense?

I'm not arguing with that at all - I think there is a very good chance someone at Google Kenya is about to get very fired.

BUT I do want to point out that relying on what unverified people say on the phone is very bad practice, and leads to an enormous number of social engineering security problems.

Yes, if you're going to try to make money by scamming people, obviously you're going to try to seem as legitimate as possible. And they are not necessarily trying to "promote google initiative." According to the transcript, they have you come into their office and presumably sign up for their hosting after they developed the website. All they have to do is throw up a couple signs in their office that say google and no one is going to know the difference.

edit: i'm also not saying google is NOT behind it, im just saying wait to hear all the facts.

Thanks for clarifying - ok, so there was lots of traffic from a Kenyan IP resulting in phone calls from a "Google employee", followed by traffic from a Google IP resulting in the same.

Perhaps I'm trying too hard to find a way out for Google, but this doesn't add up for me. Things like the Google callers giving out gmail.com addresses rather than their google.com addresses (transcript page 8).

http://blog.mocality.co.ke/2012/01/13/google-what-were-you-t... clickable

Must have been submitted at least a hundred times this morning.

I'm really surprised that nobody from Google has made a statement yet. Even if the detective work was wrong, Google has suffered a huge PR blow. This story is all over HN, all over G+ (at least the HN circle), all over my Twitter stream (which includes some top tech journos from South Africa) and is slowly being republishing on various blogs.

Google needs to respond now!

Anyone who thinks this is an actual plot by Google, seriously, you need to notice your own confusion. It doesn't fit the modus operandi of any other way they make money.

If Mocality's assertion that the only way to directly build a directory of Kenyan businesses is boots on the ground, then either Google must put boots on the ground or build their directory indirectly.

Let's assume that Google chose to put boots on the ground - what then is the most efficient way for those people to build a directory? It seems to me that utilizing Mocality's existing directory would at least be considered - Google's modus operandi has always been aggregating whatever is on the web and presenting it as their product.

"Getting Kenyan Businesses Online" is a Google project and among it's partner benefits are:

    Opportunity to offer relevant value-added 
    products/services that bolt onto the Google offering
    in support of SMB business growth

    Ability to run own events and drive participation
    across own customer base co-branded with Google

The Next Web's Coverage of Google's kickoff stated:

According to Google, together with its partners, “GKBO will provide free or subsidized services to help businesses to use web and internet technologies. This includes supporting organizations that provide assistance for small and medium businesses, as well as other industry organizations that are aligned with the aims of the initiative.”

Note that the services are not necessarily free and that Google will partner with whoever it sees fit.


There's nothing in the allegations which is inconsistent with Google's M.O. of aggregating other people's data on the web and encouraging people to put more information online.

It would be a million times cheaper and simpler for Google to acquire Mocality outright than to do what is being claimed they have done.

I also don't believe that they have actually done this (but it'll be interesting to see this story unfold).

Blindly assuming that Mocality is worth $10,000,000 and negotiations take 6 months - I'm not sure I see a positive ROI from a purchase given the labor and technology costs that appear to be involved based on Mocality's account of events.

And that's before considering the uncertainty involved in a buyout and the relative certainty of acquiring the information directly off the web (and that this is Google's standard method for acquiring data to aggregate).

Personally, I currently am leaning towards the belief that was Google subcontracting or partnering with boots on the ground, and the boots on the ground found the most efficient way of fulfilling Google's contract requirements - the move from Kenya to India is somewhat indicative of this in my mind.

Now that they've officially admitted that they were doing it, have you "noticed your confusion"? No amount of poor fit with previous actions offsets admitting that a Google team was actually doing this, no matter how inefficient it seems to us to have been doing it. :/

Yep, I confess I take a probability-hit on this one. I'm surprised; it's hard to make out who within Google was benefiting by going rogue. (I maintain that if Larry Page knew about this I'll eat a small edible hat.)

I still don't feel like I know the relationship between the perpetrators and google. Subcontractors, employees, or what? But I would be surprised for that apology to happen if there was no relationship other than impersonation.

This is rather indirect, but didn't Google try to purchase Yelp a while ago? And isn't Yelp known for trying to extort business owners?

Seems a very odd situation, I assume the URL has been manually flagged enough times that all submissions to that URL are now marked as spam automatically.

I'd be curious to know who's flagging it though.

According to this post Google knows and will have a statement soon.


It looks like HN auto-kills *.co.ke links.

Impressive, given that's the country code for Kenya :)

.co.ke for companies .or.ke for NGOs .me.ke for personal websites and emails .ac.ke for academic institutions

I wonder if HN had a big spam issue in the past from Kenyan domains?

Doubtful. .ke domains don't pack that much SEO juice and are a little more expensive than generic TLDs, so I don't see them being appealing for spammers.

Ha, ha - thank you. I learned something!

Now to go buy some co.ke (domains) to amuse myself.

or if google employes where downvoating negative stories it would be interesting to see the ip addresses of any down votes.

normal companies ban employees from participating in online discussions about their company certinaly at British telecom uk.telecom and alt.2600 where off-limits.

Though I was asked by our press office to post an oficial respose to alt.2600 once but SD (security directoy) put a stop to that :-)

Really? That seems very bad form, since it's the country code for a medium sized country with a higher population than Canada.

You don't think it is a bit ridiculous that somebody, pretending to be Google, would go to the effort of running requests through Google App Engine, just in case somebody ran a trace against the logs in the hope of figuring out where the IP address was? All evidence points at Google and the likelihood that that's as a result of some serious planning by a paranoid scammer is unlikely.

This is what I don't like about Google. They would like to extract content from others for free and then use it for their own profit. But they don't allow others to extract content from their sites or charge exorbitantly to use their APIs. They give something for free only if they can make money by selling ads or if they can capture user behavior.

They are also a public company that generates profits for shareholders.

Oh, malarky.

Here. I set up a page at http://lab2.gibsonandlily.com/google.html

Then I ran it through google translation services. Here is the result in apache's log: - - [13/Jan/2012:10:45:37 -0600] "GET /google.html HTTP/1.1" 200 327 "http://translate.google.com/translate_p?hl=en&sl=fr&... "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7,gzip(gfe)

Look familiar? This one is tossing up windows NT, which is strange, but it doesn't seem like a stretch that some of the machines at google for stuff like this are running linux.

The scam here isn't being done by google, it's just a run-of-the-mill scammer scamming and using google's name.

Dearest mocotality. Turning on referals in apache logs and you'll see where on google this is coming from (if you care to).

Here is how:

in: /etc/apache2/apache2.conf (or whereever your apache configuration sits) change the "Logformat" option to the following:

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

and then use option:

CustomLog /var/log/apache2/access_log combined

(or whatever log path you want).

> Look familiar? This one is tossing up windows NT, which is strange, but it doesn't seem like a stretch that some of the machines at google for stuff like this are running linux.

This is actually your user agent, isn't it? Google is probably forwarding your user agent string, so that you get a page that is optimized for your browser.

For me it did forward my user agent.

That's an excellent point, and actually complete's the loop on the story.

The machines that this scammer is using run linux, which explains why the user agent reported this both when they were reading the pages directly, and when the started using google translate.

Neat. I hope they follow up by taking my advice and including the referal so we get to see exactly where it's coming from.

> it's just a run-of-the-mill scammer scamming and using google's name

A scammer selling a Google service for which their is no affiliate program?

I wouldn't file this one away due to having a Google crawler on an IP address that’s on the same B block (that's like having the same car brand, not the same make/model)... An IP address that's not even related to the original investigation, but to some anecdote at the very end of the story.

We need more info about the service being sold, and how it's being sold, who's the billing party, etc.

From the PDF transcript, page nine:

Caller: No, it’s absolutely free, free of charge. Ok, there’s a small fee for hosting of Ksh. 200 per month.

This seems like an incredibly simple scam, and it looks like blhack's nailed it.

There is nothing connecting this to Google apart from that one IP address. I could phone up half a dozen companies and claim to be from Google, too. Hell, I get phone calls from "Windows Security Centre" every few weeks telling me to do something to my non-existant XP install.

The scammer invented their own referral program by charging the businesses for a website.

The only real tie to google here is that some person on a telephone used google's name.

Not sure if I'd jump straight to malarky, but I definitely think it is very plausible that a scamming outfit is running the pages through translate, either as an obfuscation or actual translation.

That sounds very plausible.

Curious: If I had a Google App Engine account, a) could I open outbound HTTP connections, and b) what IP range would I appear to be coming from?

Not that I find it unbelieveable that Google, multinational megacorp, could and would do this thing, but this evidence still seems kinda circumstantial. I mean, here's hypothesis two: One compromised PC in Google's HQ, running a proxy.

You can fetch web pages and you'll appear as coming from a Google IP, but your user agent header will contain "AppEngine-Google".

And "AppEngine-Google" user agents were not logged:


I'm not familiar with AppEngine at all, but could you really not craft your own headers? Isn't it python's urlib or similar?

How would you make money from that though? "Please make the cheque out to Google Kenya, spelled C-A-S-H."

Something like that. Or send it to this PayPal address or post the cash to here, or ring this premium number, or put your credit card details into http://random.something.sdfsdfsd.com, etc.

There are many people who are flumoxed and confused by computers that we've trained them to let most of their guard down, and scammers can get away with "Oh our system is broken, just use this paypal address" will probably work.

"SMS your payment to this number..."?

The history tells us that Google subsidiaries have quite a level of freedom to have their own strategy to achieve the desired outcomes. You can remember the paid blog posts for google.jp for example. So, Google Kenya will be kind of banned or whatever and mea-culpa will come out, life will go on.

What I find more interesting if everything is true, is that they have cheap manual workers in India doing the scrapping manually to then cold call. It means that if their "crawlers" are not smart enough, they are ready to go "manual" to enter a market.

For me this is really an interesting piece of news and this is where I am a bit afraid of Google hegemony.

Is there any actual proof that it was google? It sounds to me like someone is borrowing their name for legitimacy.

Scroll down a bit to "Results (2)": These new accesses were coming directly from Google’s network. The IP address made 17,645 requests (15,554 to BusinessProfile.aspx)

"Google's network" could also just mean an App Engine user.

GKBO appears to be a genuine Google initiative - its domain is registered to Google and served from their nameservers: http://www.kbo.co.ke/

This doesn't mean that the people on the other end of the phone actually are employed by Google. They could have heard of the Google initiative and attempted to capitalize on the opportunity.

And yet the people on the other end of the phone are somehow able to create phony websites you didn't ask for as subdomains? (FSM only knows what the Google search ranking consequences of that might be.)


Exactly, Pretending to be Someone Else™ is Scamming 101.

Google monopoly hard at work, its only a matter of time till we start viewing Google as the next Microsoft.

As an aside, there's a good business idea hidden in this: a website monitoring service that monitors for scrapers, showing you hit rates for IPs, which countries, user agents, what pages, etc. Sends you a SMS or email when it detects a scraper and you can take action.

Well, somebody will either get a smack upside the head or a raise. This is a blemish if proven to be a Google operation and there's no way subversive tactics of this kind are looked upon with good grace.

Are you sure some other entity didn't just figure out how to use google as a proxy, ie. via their translator tool?

Coming from a Google IP isn't the biggest clue (though the second one from India seems pretty damning), they also say they work for Google and then try to sell those businesses websites from Google.

If it was some other entity, why'd they sell Google-built websites?

Well, it will be interesting to hear what google has to say but meanwhile there seems to be a lot of people with axes to grind with google.On the other hand, what's taking so long, google should have given a statement on the issue.

If Google has become so huge that theoretically they cannot enforce the "Do No Evil" motto throughout the whole company, they can remove that motto and publicly admit they are just the same as any other one.

Are those known Google IPs? Otherwise I suppose anybody could just register something as "Google"? Just saying, WHOIS might not be very reliable.

WHOIS is generally very reliable - there are identity checks when you register for IP space (especially with ARIN, which is who provides Google's IP space).

One other way you can check is by looking at the organisation handle in the WHOIS - it's GOGL, which is the same org handle as you'll find on all their IP addresses if you WHOIS them. That ties up with the ARIN site:


I've done a fair bit of network engineering and I'm convinced that this is actually a Google address.

I upvoted you, but WHOIS is quite reliable for checking domain names. It's also part of a /16 block, i.e. 65,000 IP addresses. They don't just give those out willy-nilly, you need to explain how and why you need them. A 2 bit operation with a name that sounds like a massive internet company can't just get a /16.

Those IP addresses are assigned to Google.

(Obvious caveat, just cause they're assigned to Google doesn't mean this is a Google mandated operation. Other explainations: Rougue Employees, Rouge Outsources, compromised PC in Google office, Google App Engine, etc.)

OK, now this is just exploring an idea about WHY this might have been done.

Rough details:

Google doesn't develop business web sites, but the callers were offering that service.

Obtaining their business contact database, and misrepresenting themselves, in a very un-Google way.

Since early November 2011. And the call operation switched to India when spotted.

The businesses being called were all in Kenya. KENYA - now why does that ring a bell?

Google admits it happened, but is vague about who did it. "a team of people working on a Google project"

Hmmm... You'd think if there was a clear relationship that Google could admit to, they would have. I smell something a bit more intense than mere bad business choices.

How about this:

Suppose you were a current US President, who (for whatever reason) very very strongly desired to eliminate (or 'modify') a specific piece of paper held at the Coast Province General Hospital, Kenya. A birth certificate, from 1961. This one: http://everist.org/pics/Obama_bc/lucas_Obama_bc.jpg

Someone comes up with the bright idea to offer a document digitizing and cloud archiving service to the hospital. Just to get hands-on for that one piece of paper.

But as cover... you'd need something much more general. Like offering web hosting to all businesses in Kenya. Comes with document scanning at low low prices! You can trust us, we’re GOOGLE! And we are associates of your widely liked Mocality.

So why now? Because finally a lawsuit about Obama's eligibility established legal standing and made it to the supreme court. Document discovery begins. Stuff's about to hit the ventilators...

20120113 VERY QUIETLY OBAMA’S CITIZENSHIP CASE REACHES THE SUPREME COURT http://www.pakalertpress.com/2012/01/09/very-quietly-obamas-...

That and other cases have been working their way through slowly. Takes months, and someone maybe saw a need and activated some emergency contingency plans.

Just a thought. There’s always a reason, and it's often not the most obvious one.

Why would any actual Google team, even rogue, offer web services Google simply does not do?

Those Kenyan businesses don't represent enough money to be worth bungling into a crushing PR nightmare. That would be stupid, and stupid is the one thing that I know to be absent at Google. I predict that Google will get to the bottom of this very quickly in order to protect their name.

The first part sounds pretty circumstancial, since pretending to be from a big company (Google) is a basic scamming technique.

However the second instance is from part of a /16 IPv4 block assigned to Google. It could just be a compromised proxy on someone's machine.

Google's statement via: http://paidcontent.org/article/419-google-investigating-keny...

We were mortified to learn that a team of people working on a Google project improperly used Mocality’s data and misrepresented our relationship with Mocality to encourage customers to create new websites.

We’ve already unreservedly apologised to Mocality. We’re still investigating exactly how this happened, and as soon as we have all the facts, we’ll be taking the appropriate action with the people involved.

This needs to be at the top. Google confirms that it was their representatives who pulled off the scam, not someone posing as Google. We can all stop making excuses for them now

The funny thing is everyone continues to make excuses. Already 2 in the past 5 minutes...

Maybe it's the Google employees on here trying to make excuses for their employer?

To summarize what we know, think we know and the open questions are:

What we know:

1: Google employees or contractors or partners did this (called Mocality listed businesses, said they were from Google/Mocality and sold websites etc.)

2: Apparently they were a rogue person/team/unit inside of Google

3: But there seemed to be a lot of callers involved

4: They moved the calling unit to India

5: Google HQ now knows about this


1: Nobody in Google HQ knew about this at the time

2: The person or people involved in Google Kenya were quite high up to be able to motivate that many people

3: The India team was not part of Google's team. (or perhaps they were). They got involved because the heat was on in Kenya.

4: Mocality suffered a loss here (e.g. use of data to be used to solicit businesses against their terms and conditions), the people doing so were at Google and representing Google and thus Google has opened themselves up for a considerable legal mess.

5: The Nigerian courts and legal system are too hard/expensive/slow for Mocality and Google to navigate, so Mocality have turned to PR to motivate Google to change.

6: That approach is working, and it should be working. Google needs to do something urgently to fix this.

7: Getting rid of the partners is insufficient remedy for Mocality. There needs to be some compensation involved for the solicitation of a considerable percentage of Mocality's listings.

8: Ultimately the best way for Google to handle this is to purchase Mocality.


1:Was the India team a Google team one or outsourced to some rascals there?

2: What will Google do to compensate Mocality of this scam?

3: Has Mocality retained a lawyer in Nigeria, have they formally asked Google to Cease and Desist and requested compensation?

4: Why has Google not approached Mocality wrt purchase of their data?

5: Who has the relationship with any businesses that did sign up to the scammers? What will happen to that relationship and to the money paid?

> 5: The Nigerian courts and legal system are too hard/expensive/slow for Mocality and Google to navigate, so Mocality have turned to PR to motivate Google to change. ... > 3: Has Mocality retained a lawyer in Nigeria, have they formally asked Google to Cease and Desist and requested compensation?

Kenya is sorta different country.. :)

It is at the top. And also in the article. Please don't make "this needs to be at the top" comments, and just use the arrows. That's what they're for.

We should accept that Google has many employees and some of them are black sheep.

They are not perfect, but they seem very transparent by admitting it.

Any large company can use that excuse though, they still benefit greatly from the activity. It's pretty rare you see a big company not try an shift the blame to contractors or a small international office. If you can't have effective oversight over all your operations then maybe the company is to big.

But what did Google do about it other than issue an apology? Are these "black sheep" going to continue to be employed? Is the culture in which they were enabled going to be allowed to persist in the company? Is Google going to make any real effort to repair damage to the offended party?

Exactly. As I'm reading over all the aftermath I get the feeling that this is overblown. With organization of this size there will always be some black sheep at some point in time. Google should be judged not by what happens, but how they react.

Well some people at Google were dishonest, like in any other organization in the world.

I wonder if its also dishonest people working in search results...

Kudos to Google for owning up to it rather than shifting blame to others. I wonder what kind of internal control Google has. Google is big enough that some of the internal/external auditing controls needed to be in place.

Indeed, since they are on US SE (NYSE?), they are required to implement internal controls under Sarbanes-Oxley Act and they should be indeed audited by a third-party auditor (E&Y, if i recall correctly), including attestation of the controls. And, to best of my knowledge, the actions described in this article do have to be authorized by the top management of Google or by Head of the respective Department (the Control procedure), since this involves a material amount of expenses and also represents a revenue component. Now, E&Y should do they work and investigate the reason for this 'failure' of controls, as Google states and it wouldn't be bad if the PCAOB will be involved with a review of E&Y.

I'm assuming it was flagged because the headline was in ALL CAPS.

    text-transform: uppercase;
There's lowercase text in the DOM.

Strangely though, if you copy and paste in Chrome, you get uppercase text, even if it's lowercase in the DOM.

I would file a bug for that...

That is why it has the "Paste as plain text" option.

"Do no evil"

There is a saying in spanish that roughly translates "beware of unrequested affirmations"

I think it applies here..

No need to circumvent. This is already the top story.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact