There's a couple of reasons why I think this doesn't seem quite right:
- "Large human effort" doesn't seem like Google's style - a screen scrape for info would be faster for them, and I'd assume that they already have tools built to do that.
- If the callers are lying about being affiliated with mocality, then why can't we assume that they might also be lying about being from Google?
- Google would likely have the entire site indexed and cached already, so there's very little reason for them to get actual people to manually screen-scrape the live site.
- OK, the second wave is coming from a Google IP, but why wasn't the first wave coming from one?
Yeah, it looks pretty bad, but this type of behaviour is so atypical of Google. It seems almost laughable to make the assumption that it's anything other than scammers trying to take advantage of Google announcements to try to make a quick/easy buck by selling Google services as an affiliate.
I'm assuming that they're offering google apps, which you can sell as an affiliate (naming your price). But reading through the transcript, and listening to the calls, they claim to be offering to "develop" a web site for the business, which I very much doubt google would ever do.
They have tools in google apps for making pages/simple sites, but everything about the call stinks of scam.
> Caller: Twenty one days. We're going to develop the website within twenty one days
When has google ever "developed websites" for independent companies?
Caller: XXXXX, and do you have a gmai account?*
Business owner: yes, I do have a gmail account.
Caller: Kindly give me your gmail account.
Caller: ... you will be given a personal password which you can use to log in and make changes in case you want to.
Caller: ... For photos, I will give you my gmail account so you can forward to me either the business logo or the photos you feel have nice looking clothes that can attract customers.
Yes, I've cherry-picked some of the transcript, but the point is that these are practices which aren't just against Google's "Do no evil" policy, but would be counter to how they would actually run. For a company like google, with their existing infrastructure, this would just be bad business.
Also, why ask for a gmail username, and then say later "Well we'll send you a username and password once we're done". It doesn't make any sense.
Oh well, I assume that at some point, Google will be forced to respond, will give a big "What the hell, guys, this wasn't us", and then everyone will look sheepish for a while until a year later where some blogger will stumble on it again, and try to expose the truth of "google being evil in africa".
Just a pedantic nit; Google's code of conduct catchphrase is not "do no evil", it's "don't be evil".
And I suspect they aren't, as a company. Even though these were Google employees, as Google has admitted, I doubt they were acting in accordance with anyone sufficiently high up in the corporate hierarchy.
The upsell is the part that makes me suspicious, because that doesn't sound like the type of thing that Google would do.
My guess is this. It is someone claiming to be Google and selling a service that is actually free. That's a pretty common thing to see in Africa, in Rwanda we see people 'selling' Google Apps for domains all the time.
It makes me believe that it is Google, though I still find the monthly hosting charge thing a bit strange, because I can't find any mention of that on their site.
Really curious to see Google's response. Joe Muchera (head of Google Kenya) says he's looking into it. That not being an immediate dismissal makes me think it is indeed a Google initiative, though one that went off the rails.
The post mentions that Google was violating their T&Cs:
When we started this investigation, I thought that we’d catch a rogue call-centre employee, point out to Google that they were violating our Terms and conditions (sections 9.12 and 9.17, amongst others), someone would get a slap on the wrist, and life would continue.
You are correct that it is all hypothetical based on who is responsible. However, you are incorrect that this is related in any way to Google's own T&Cs. The post links to the Mocality T&C page and says whoever is responsible is violating the sections mentioned in the paragraph I quoted above.
I think that transcript essentially proves that it wasn't Google. Everything he says about the program is completely wrong. I'll just pick out the things that are indisputably wrong, there is more that I would argue is wrong but may be viewed differently by others. You've already mentioned the false information about Mocality that the caller uses, so I don't need to repeat that.
"[The domain will be] ww.your business.CO.KE"
No, it will be www.your business.kbo.co.ke. This is something very important, you get a subdomain of Google's Kenyan Business Online site kbo.co.ke.
"Twenty one days. We’re going to develop the website within twenty one days"
No. Google's KBO does not develop the websites themselves, they provide a "Business Sitebuilder tool" that allows you to do it yourself.
"XXXXX dot XXXXX at gmail dot com."
This should be @google.com not @gmail.com.
"and also we go on facebook. People who log into facebook can see the clothes you are selling."
No. Google's KBO does not do anything with Facebook.
"When someone is on facebook, they’ll see your ad there."
Again, no. Google is not giving you advertising space on Facebook.
"Ok, there’s a small fee for hosting of Ksh. 200 per month. [...] Only that for hosting. You know hosting is different from developing."
No, there is no hosting fee. The only possible fee is an optional one if you want your own domain and it isn't 200 per month.
There's more but I think that should give you the general idea. Given just this transcript and comparing it to the details of Google's program at kbo.co.ke I would say that this caller is definitely not working for Google but is rather a scammer. In fact, in this transcript the caller basically walks through the steps needed to use the Business Sitebuilder tool. This explains how the business who didn't agree to the thing would end up with a site anyway, the scammer did it while on the phone.
Now, I haven't considered the IP logs, but my best guess for that is that it is coming from Google Translate as discussed elsewhere.
Edit: I should clarify. I am not certain that Google was not involved with this, it's more that I am convinced that that particular caller wasn't working for Google. While I am unconvinced that these callers worked for Google, there is some rather damning evidence.
The main problem is that the Google representative incorrectly presented the offer as a partnership with Mocality. This is clearly fraud as the Google representative is using the business owners trust in Mocality to sell a competitors product, using a non-existing Google-Mocality partnership as a selling point.
"The upsell is the part that makes me suspicious, because that doesn't sound like the type of thing that Google would do."
You haven't worked with their sales team then. Sales people (Commissionus Salesdroidicus :-) live and breath to win, and winning means creating leads, converting leads, and booking business.
Hopefully the folks inside Google who believe in transparency and doing business competitively but honestly, will be able to pressure the teams who endorse this sort of activity.
The next step will be the more interesting one. Do they they stop scraping Mocality? Do they enter into a dialog to actually partner with them? Or do they start using Tor nodes to scrape the site and stop telling people they are from Google?
When that next chapter plays out the true nature of the business is revealed.
For legitimacy. Don't make the mistake of thinking the only people who know about App Engine are San Franciscan hipsters with Macbook Pros. Blackhat hackers stay just as updated on technology trends as everyone else.
That still doesn't make sense. The only thing the scammers did with those IPs seems to have been searching the Mocality database.
The only reason why those IPs even got exposed is because of the thorough investigation Mocality has made (or, claims to have made): After the first wave of confused calls by their customers, they cross-checked their logs and found one IP with an uncommon UA accessing all these records, then they served a fake phone number to that IP and confirmed that whoever was making these fraudulent calls was indeed operating from that IP and claiming to be Google in cooperation with Mocality.
Now it could be that these are scammers that found a clever way to proxy through Google on the off-chance that Mocality would do this investigation and evidence would continue to point to Google? Ok I get "pretending to be someone else" is scamming 101, but "pretending to be someone else when the person you're pretending to be cooperating with finds out about and the scam is pretty much exposed" it just sounds like an incredible amount of trouble for an eventuality that is very unlikely and even then it doesn't seem to help much?
"No, let's somehow proxy through Google so that if Mocality becomes suspicious and tracks us they'll think it's Google and the whole Internet will get confused and the people of HN will get into arguments ... mwuahahahaha ... excellent ..."
Can't you see, this is what Google wants us to think! ;-)
You can't have a "rogue group of local employees". You are accountable for all your employees action - legally and morally. How often has a company done something only to blame it on "contractors" or "a third party". That's not acceptable.
Google are responsible for their employees' actions. But there is still a difference between employees doing evil in defiance of management's orders, doing evil as instructed by management, and doing evil in a climate of management neglect.
That, and make sure it doesn't happen again. I'd be a little worried about how Google manages the business side of things; they have a good brand and the potential to make a lot of money, so of course someone will find it advantageous to take shortcuts turning one into the other. The philosophy and reliance on automation, which can be designed to dismiss complaints and block normal feedback, can be used to have some teams shield themselves from accountability. At a higher level, there's the possibility of selective blindness and negligence hiding some level of malice and irresponsibility.
Mnemotechnic for a proper apology: regret, responsibility, and reform.
That is false. The cause of my reaction is actually revealed here quite explicitly:
trying to make profit at the expense of others.
The enterprise we're all engaged in on HN is making profit, paid for by someone else. This is a good thing, because a buyer's willingness to pay for a product signifies how important that product is to him. If someone is willing to give me a lot of money for something, it's because he thinks my product is going to improve his situation at least to that degree. Thus, if someone is making a lot of profit (honestly), it's prima facie evidence that they are delivering that much value to their customers.
And no, that's not corporatist propaganda. It's a necessary logical consequence of the idea that people who are free to choose, will make the choice that serves their own needs better. If we can assume that, it all follows automatically.
EDIT: I wasn't going to add this, but can't restrain myself. The line "your disagreement only proves my point" is perhaps one of the worst gambits I can imagine in a debate, possibly only surpassed by "they're just jealous". A person's agreement or disagreement has absolutely no bearing on the veracity of a statement.
I'll put you in with the group of people who misunderstood the point.
By my statement, "they're just another rich corporation trying to make profit at the expense of others," I made no judgement on whether or not this is a good thing.
I was trying to point out that they're no different to any other company. That they're motivated by profit, and do things that people consider to be evil in the pursuit of that profit. This is why I think they're undeserving of their reputation.
People are too quick to make accusations of anti-capitalism around here. Especially when it's to defend a company that they like. Especially when said company has an undeserved reputation for being all nice and fluffy. Bringing us back to my point of their rep being harmful.
My problem is that you seem to have implied that Google being a for-profit company automatically means that they must "do evil". I don't think anyone think Google is a saint, but you seem to have a vendetta against them and are looking for things to make them appear bad.
All for-profit companies eventually "do evil". If they don't, then they're not doing their job right for their share holders.
I have no vendetta against them. You're seeing something that isn't there. The reason you're seeing it, is because of their undeserved reputation as being less evil than other companies. You're merely demonstrating my point, yet again.
> It's a necessary logical consequence of the idea that people who are free to choose, will make the choice that serves their own needs better. If we can assume that, it all follows automatically.
I could assume that, but I couldn't keep a straight face while doing it! :-D
What planet are you from? This one we call "Earth" is inhabited by monkeys that habitually make irrational choices that are not the best or even harmful to themselves and others around them.
Rational free market forces are a fairytale, I can't believe you seriously made that argument. It's just as "out there" as the pacifist idea that if only we'd all be nice to each other we'd have world peace, or the anarchist idea that if only we'd just all work together, we wouldn't need government. Did you know Santa's not real either?
I'll grant some small part of your response, as empirical evidence does show that people systematically mis-estimate values (risks, large sums of money, etc.) that are either extremely small or extremely large. However...
monkeys that habitually make irrational choices that are not the best or even harmful to themselves and others around them
First, let's throw out the "monkeys" bit. Again, you're falling back to a style of argumentation designed to inflame emotions, but in fact adds no rational content to the discourse. If this were a debate competition, I'd ding you for it.
But more importantly, your assertion that the choices are not the best, etc., is unknowable by you -- yet you assert it as fact. These discussions always seem to assume that all actors ought to be working from the same set of values, yet that's clearly not the case. For example, if I choose a "live fast, die young" lifestyle, the choices I'll make -- BASE jumping, etc. -- may seem absurdly risky to you, but in fact, they really do bring to me a greater return than the alternative.
You can learn a lot more about this in Mises' Human Action. He shows how each person's actions can only be viewed as a black box, the rest of us have no way to gainsay them (nor right to do so, but that's a different discussion). Indeed, sometimes a person's motivations aren't even known to that person himself, but that does not prove that they're not there. Also, even when people are wrong in their weighing of the costs and benefits, that in itself is a rational action, because the cost of gaining greater knowledge or doing deeper analysis itself skews the computation (kinda like Heisenberg uncertainty, in Economics, I guess).
What's worse is that the idea that people do not act in their own best interest is generally attended by the conclusion that there needs to be some authority to watch over us. It's clearly bad to try to fit all of us into boxes of the same size and shape, but it's unavoidable from this approach. But more to the point, it doesn't actually provide a solution, because if we postulate that we're unable to correctly make our own decisions, then one must also conclude (in spades!) that nobody will be able to correctly make decisions for another person (or large groups of them).
And (in a bit of admitted snark -- I'll let myself get away with it because I'm labeling it as such) there's every reason to believe, judging by their own lives, that those people who our system has making these decisions for the masses are doing a worse job than the individuals would themselves.
I downvoted you, not because "I'm blind to the fact that Google does bad stuff", or to defend Google, but simply because you sound like a malcontent with an axe to grind and not much substance to back up your personal crusade against Google.
Google is no more or less evil (or hypocritical) than other corporations that size.
"Google is no more or less evil (or hypocritical) than other corporations that size."
Exactly my point Therefore their "does no evil" reputation is undeserved.
At no point did I specify that Google is more evil than any other company, but only that their reputation is undeserved, and people need waking up to this fact. If this latest action was sanctioned by head office, then Googles "does no evil" reputation becomes impossible to defend.
they wouldn't be defended half as much as Google is being.
I think you need to re-adjust your filter :)
In this thread, for example, the only defence is people questioning whether it is actually Google doing this.
That's reasonable; Google is a major target for scammers. I reckon we (a UK ISV) get about 2-3 calls a month from "Google" offering us various services. If you dig a bit they might admit to being "partnered with Google"; but it's all bullshit.
It doesn't seem an unreasonable assumption that the same might have happened here.
I don't, however, seeing anyone defending what has happened...
You're being downvoted because you have a very strong opinion and are providing no information to support it. What's so evil about Google? Open-sourcing Chrome? Personalizing search results? Free email hosting?
(I'm not being sarcastic with these examples. Gmail was terrible for Hotmail -- it was a lot better and nobody wanted Hotmail anymore. Chrome is similar; it gained traction a lot faster than Firefox, and is stealing developer mindshare. If you are Microsoft or Mozilla, I can see how this might be "evil". But if we compare it to the Holocaust...)
On a random note, is there a more timeless variation on that phrase? The pots and the kettle that I usually encounter are all made of shiny, silver-colored metal, except for their handles; I've seen a couple of black-metal pots, but not routinely. ...A Wikipedia article suggests that a pot might have been blackened by smoke from being held over a wood fire, which obviously does not happen with electric stoves.
Anyway, at this point, in the spirit of George Orwell, I consider it to be a dying metaphor, and have no desire to put it into my writing. Hence my desire for alternatives. So, first off, there is the word "hypocrite". And then if you want a clever thing to say, I don't think "You see the speck in your brother's eye but ignore the plank in your own" will become obsolete, at least for a while. (As long as wood is used for construction, it will probably be put into planks, and people will probably encounter them at some point in their lives. And I don't think "plank" has any competing meanings at the moment.)
Eh, there seem to be a good number of black pots for sale on amazon, though they are undoubtedly black for other reasons than pots used to be black for. I have a cast iron kettle that I use as a door stop that's also quite black, though I do suspect it's rather old.
I left this comment on the original post, but it's been caught by the spam filter there:
Hi Stefan – apologies if I’ve missed something, but the only solid proof I can see that this is actually run by Google is that the IP address some calls came from was assigned to Google.
Last year Mark Turner was concerned that the Department of Defense was listening in on his phone calls because of an IP address that later turned out to not belong to them at all, but (I believe) was being squatted on by Sprint. Couldn’t the same thing be happening here? http://www.markturner.net/2011/11/08/why-is-the-defense-depa...
I wonder whether the scammers aren’t actually employed by Google and are simply out to make a quick buck by pretending they are.
Can anyone speak to the technical aspects of his analysis? I'm not seeing any truly compelling proof that this is run by Google. Just the one IP address that's registered to Mountain View.
That Sprint problem was caused by Sprint "borrowing" DoD addresses to use in their internal NATed mobile network. This wouldn't be an issue with a standard web site like Mocality which is directly connected to the Internet, instead of via NAT.
I trust Mocality's technical chops enough to believe that the IP traffic is coming from where they say it's coming from.
As additional proof, the callers claim to be from Google, and Getting Kenyan Businesses Online is a genuine Google initiative. So a lot of things wouldn't add up if it turned out not to be Google behind it.
So a team of rogue callers (some of them with indian google ips) pretending to be google pretending to be partners of mocality call numerous kenyan business numbers and promote google initiative. What's the point and who pays for that nonsense?
Yes, if you're going to try to make money by scamming people, obviously you're going to try to seem as legitimate as possible.
And they are not necessarily trying to "promote google initiative." According to the transcript, they have you come into their office and presumably sign up for their hosting after they developed the website. All they have to do is throw up a couple signs in their office that say google and no one is going to know the difference.
edit: i'm also not saying google is NOT behind it, im just saying wait to hear all the facts.
Thanks for clarifying - ok, so there was lots of traffic from a Kenyan IP resulting in phone calls from a "Google employee", followed by traffic from a Google IP resulting in the same.
Perhaps I'm trying too hard to find a way out for Google, but this doesn't add up for me. Things like the Google callers giving out gmail.com addresses rather than their google.com addresses (transcript page 8).
I'm really surprised that nobody from Google has made a statement yet. Even if the detective work was wrong, Google has suffered a huge PR blow. This story is all over HN, all over G+ (at least the HN circle), all over my Twitter stream (which includes some top tech journos from South Africa) and is slowly being republishing on various blogs.
If Mocality's assertion that the only way to directly build a directory of Kenyan businesses is boots on the ground, then either Google must put boots on the ground or build their directory indirectly.
Let's assume that Google chose to put boots on the ground - what then is the most efficient way for those people to build a directory? It seems to me that utilizing Mocality's existing directory would at least be considered - Google's modus operandi has always been aggregating whatever is on the web and presenting it as their product.
"Getting Kenyan Businesses Online" is a Google project and among it's partner benefits are:
Opportunity to offer relevant value-added
products/services that bolt onto the Google offering
in support of SMB business growth
Ability to run own events and drive participation
across own customer base co-branded with Google
The Next Web's Coverage of Google's kickoff stated:
According to Google, together with its partners, “GKBO will provide free or subsidized services to help businesses to use web and internet technologies. This includes supporting organizations that provide assistance for small and medium businesses, as well as other industry organizations that are aligned with the aims of the initiative.”
Note that the services are not necessarily free and that Google will partner with whoever it sees fit.
Blindly assuming that Mocality is worth $10,000,000 and negotiations take 6 months - I'm not sure I see a positive ROI from a purchase given the labor and technology costs that appear to be involved based on Mocality's account of events.
And that's before considering the uncertainty involved in a buyout and the relative certainty of acquiring the information directly off the web (and that this is Google's standard method for acquiring data to aggregate).
Personally, I currently am leaning towards the belief that was Google subcontracting or partnering with boots on the ground, and the boots on the ground found the most efficient way of fulfilling Google's contract requirements - the move from Kenya to India is somewhat indicative of this in my mind.
Now that they've officially admitted that they were doing it, have you "noticed your confusion"? No amount of poor fit with previous actions offsets admitting that a Google team was actually doing this, no matter how inefficient it seems to us to have been doing it. :/
Yep, I confess I take a probability-hit on this one. I'm surprised; it's hard to make out who within Google was benefiting by going rogue. (I maintain that if Larry Page knew about this I'll eat a small edible hat.)
I still don't feel like I know the relationship between the perpetrators and google. Subcontractors, employees, or what? But I would be surprised for that apology to happen if there was no relationship other than impersonation.
You don't think it is a bit ridiculous that somebody, pretending to be Google, would go to the effort of running requests through Google App Engine, just in case somebody ran a trace against the logs in the hope of figuring out where the IP address was? All evidence points at Google and the likelihood that that's as a result of some serious planning by a paranoid scammer is unlikely.
This is what I don't like about Google. They would like to extract content from others for free and then use it for their own profit. But they don't allow others to extract content from their sites or charge exorbitantly to use their APIs. They give something for free only if they can make money by selling ads or if they can capture user behavior.
> it's just a run-of-the-mill scammer scamming and using google's name
A scammer selling a Google service for which their is no affiliate program?
I wouldn't file this one away due to having a Google crawler on an IP address that’s on the same B block (that's like having the same car brand, not the same make/model)... An IP address that's not even related to the original investigation, but to some anecdote at the very end of the story.
We need more info about the service being sold, and how it's being sold, who's the billing party, etc.
Caller: No, it’s absolutely free, free of charge. Ok, there’s a small fee for hosting of Ksh. 200 per month.
This seems like an incredibly simple scam, and it looks like blhack's nailed it.
There is nothing connecting this to Google apart from that one IP address. I could phone up half a dozen companies and claim to be from Google, too. Hell, I get phone calls from "Windows Security Centre" every few weeks telling me to do something to my non-existant XP install.
Curious: If I had a Google App Engine account, a) could I open outbound HTTP connections, and b) what IP range would I appear to be coming from?
Not that I find it unbelieveable that Google, multinational megacorp, could and would do this thing, but this evidence still seems kinda circumstantial. I mean, here's hypothesis two: One compromised PC in Google's HQ, running a proxy.
Something like that. Or send it to this PayPal address or post the cash to here, or ring this premium number, or put your credit card details into http://random.something.sdfsdfsd.com, etc.
There are many people who are flumoxed and confused by computers that we've trained them to let most of their guard down, and scammers can get away with "Oh our system is broken, just use this paypal address" will probably work.