Google, don’t be evil; leave that to blogger

This comment on dcubed, by someone apparently replying to himself, flummoxed me momentarily: “Can you please stop using my id. I thought you had stopped after my last appeal, but you have showed up agin.”

Had this poster given out his password to an unpleasant character? Why didn’t he just change it? Or is blogger trivially crackable? Can I log in as anyone I like?

Then I realised that while I can’t do that, I can impersonate anyone I like, and the results are indistinguishable from genuine comments. (I’m not telling how, but it’s trivial.) While one can forge email headers, the results can be detected by the savvy; here, there seems no way to do so, unless one has access to Google’s internal logs. There seems, also, no way to disable this “feature”, short of disabling anonymous comments totally.

Blogger sucks. It sucks in many, many ways (one of these days I shall count the ways), but this one is the most egregious I’ve seen so far.

Advertisements
Leave a comment

16 Comments

  1. rahul,just out of interest, i’d like to know how? (you could mail me?) i had a case of someone who would imitate my blog name, template etc. a couple of years ago. i deleted that blog, and subsequently, opened comments on ym current one only to bloggers. i find this kind of thing a little weird and frankly, scary. you don’t have an email on your profile, or i’d mail this to you.

    Reply
  2. Space Bar

     /  March 26, 2007

    rahul,

    just out of interest, i’d like to know how? (you could mail me?) i had a case of someone who would imitate my blog name, template etc. a couple of years ago. i deleted that blog, and subsequently, opened comments on ym current one only to bloggers. i find this kind of thing a little weird and frankly, scary. you don’t have an email on your profile, or i’d mail this to you.

    Reply
  3. Rahul, actually the results are distinguishable from genuine comments by someone who has logged in: if you have a picture associated with your blogger id. See comment below, you’ll know what I mean.

    Reply
  4. Rahul, actually the results are distinguishable from genuine comments by someone who has logged in: if you have a picture associated with your blogger id. See comment above, you’ll know what I mean.

    Reply
  5. Dilip D'Souza

     /  March 26, 2007

    Rahul, actually the results are distinguishable from genuine comments by someone who has logged in: if you have a picture associated with your blogger id. See comment below, you’ll know what I mean.

    Reply
  6. Dilip D'Souza

     /  March 26, 2007

    Rahul, actually the results are distinguishable from genuine comments by someone who has logged in: if you have a picture associated with your blogger id. See comment above, you’ll know what I mean.

    Reply
  7. Damn, you are right! It *is* trivial.I realize that Dilip has got here first, with an insight about the pictures associated with the blogger account.

    Reply
  8. Abi

     /  March 26, 2007

    Damn, you are right! It *is* trivial.

    I realize that Dilip has got here first, with an insight about the pictures associated with the blogger account.

    Reply
  9. space bar — I guess you can’t do anything about someone opening a new blog in your name copying your template. If they are using your real-life name, you could conceivably make a complaint to blogger about impersonation (it is probably illegal). But I don’t know how easy it would be to pursue it.As to how to spoof comments, figure it out… dilip’s comment should offer a clue.dilip – good point. I should upload a picture of my own. However, I see the picture only on the “post a comment” page, not on the original page (where your two comments seem indistinguishable to me).

    Reply
  10. Rahul

     /  March 26, 2007

    space bar — I guess you can’t do anything about someone opening a new blog in your name copying your template. If they are using your real-life name, you could conceivably make a complaint to blogger about impersonation (it is probably illegal). But I don’t know how easy it would be to pursue it.

    As to how to spoof comments, figure it out… dilip’s comment should offer a clue.

    dilip – good point. I should upload a picture of my own. However, I see the picture only on the “post a comment” page, not on the original page (where your two comments seem indistinguishable to me).

    Reply
  11. dilip, ps – and before you ask, I do have “yes” for “Show profile images on comments?” in my settings. I suppose it applies only to the “post a comment” page. Maybe it’s to do with my template (it’s true of your blog too).

    Reply
  12. Rahul

     /  March 26, 2007

    dilip, ps – and before you ask, I do have “yes” for “Show profile images on comments?” in my settings. I suppose it applies only to the “post a comment” page. Maybe it’s to do with my template (it’s true of your blog too).

    Reply
  13. Rahul,I am the blogger that is being stalked there- usually the first in the series of “Jai” comments is mine, the rest are this guy asking me to quit, and talking to himself since I dont bother to respond. As space bar said here, its scary.Thank you for working out how it is done. I am authentic enough not to want to know how to do it, but could you please tell me how to stop it if there is a way.Does the photo feature help? I’ll try linking an image. I dont know enough of blogger to even do this.If there is a safe way to exchange email IDs to correspond with you privately if possible, I would really appreciate it.regards,Jai

    Reply
  14. Jai_Choorakkot

     /  March 26, 2007

    Rahul,

    I am the blogger that is being stalked there- usually the first in the series of “Jai” comments is mine, the rest are this guy asking me to quit, and talking to himself since I dont bother to respond.

    As space bar said here, its scary.

    Thank you for working out how it is done. I am authentic enough not to want to know how to do it, but could you please tell me how to stop it if there is a way.

    Does the photo feature help? I’ll try linking an image. I dont know enough of blogger to even do this.

    If there is a safe way to exchange email IDs to correspond with you privately if possible, I would really appreciate it.

    regards,
    Jai

    Reply
  15. Jai,If this is your real name, you could complain to blogger and/or the police. It is certainly a crime to impersonate you, and recently Google has been cooperating with the Mumbai police on fake Orkut profiles. The only question is whether they’ll consider your complaint serious enough to investigate.For a less extreme step, of course, there’s the photo (as Dilip suggests).

    Reply
  16. Rahul

     /  March 26, 2007

    Jai,
    If this is your real name, you could complain to blogger and/or the police. It is certainly a crime to impersonate you, and recently Google has been cooperating with the Mumbai police on fake Orkut profiles. The only question is whether they’ll consider your complaint serious enough to investigate.

    For a less extreme step, of course, there’s the photo (as Dilip suggests).

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s