Dan Price’s blog
Weblog of a cyber-geek

Before today, I knew that Google gave Mozilla, the corporation behind the Firefox browser, a reasonable amount of it’s money. However, I had no idea it was as high as 85% - this begs the question that if there was a conflict of interest between Google and Firefox, would Google use it’s power to manipulate the browser to it’s own gains? According to Christopher Soghoian’s article, Google has already been playing with Fire.

You’re probably wondering why Google is even interested in promoting Firefox.

Here’s a couple of quick facts regarding the browser and the search engine:

• Firefox comes preinstalled with a Google search box as it’s default search engine.
• If a user mispells a domain name or types in a query in the address bar, the default behaviour is to run an “I’m feeling lucky” Google search and show the result as the web site.
• When user’s use the Google search box and click on a sponsored link (Adwords at the side of the page), Firefox gets a percentage of the revenue.
• To encourage the spread of the browser, web site owners can advertise a download that will install Firefox and the Google toolbar - the incentive is that webmasters get $1 per download.
• The phishing filter that is used to check if a web site is suspected of forgery is ran by Google - the search giant maintains the web site blacklist and if a user visits a phishing site, a popup appears telling the user of the dangers.

So there you have it - Google and Firefox are already deeply intertwined and with 85% if your income coming from a single company, you are hardly likely to disagree with what they say much of the time.

Then comes the Google vs Open Source battlefield. A number of developers have made addons for the browser that block advertising on web sites and these have rapidly become very popular. Adblock, which I use myself, stops flash adverts appearing unless I tell them to. Adblock itself doesn’t have any effect on Google Adsense, but another addon, CustomizeGoogle does. This blocks Google Adsense from displaying which is part of Google’s grand advertising system. Firefox is currently allowing this addon to be installed, but how long will it be before the big G steps in to stop it losing out on it’s revenue?

However, it gets worse. The last point in the list showed that Google actually has control over who gets blacklisted as a phishing site and who doesn’t. It’s not in Google’s interests to deceive users, right? Wrong. If a Google site had a flaw, which I’ll come on to, is it going to add it’s own site to a blacklist….I doubt it.

So what is this flaw? Well it allows hackers to prey on webmasters that embed some code into their web site from Google. When used, hackers can manipulate this code and end up redirecting users to other sites that can be used to extract private information.

The interesting part is though that Google hasn’t fixed this flaw, and that it can still be manipulated to phish information from visitors. Google wouldn’t of course blacklist it’s own site or code, even if it can cause security vulnerabilities.

To conclude, I must mention that this reminds me of a Simpsons episode (as do many things these days…). In the episode Lisa the Skeptic, a judge tries science and religion, and comes to the decision to “issue a restraining order that religion stays at least 500 yards from science at all times”. I don’t entirely agree with that, but I do think that it relates to this topic nicely - commercial organisations should stand away from the Open Source movement and not interfere. By all means businesses should promote Open Source projects, but not for their own gain but instead for their customers satisfaction. If Open Source ideals clash with cold capitalist initiatives, then it should be the Open Source plans that prevail.

This entry was posted on Thursday, November 1st, 2007 at 2:38 pm under Open Source, Web geekery. You can follow any responses to this entry through the RSS feed. You can also leave a response