December 27, 2011 / gbl08ma / 0 Comments
Do you remember the OpenID standard, that aims to describe “how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.”? Well, if you happen to frequently authenticate on a service or website that supports it, or if you happen to run or maintain one of these websites or services, most likely you remember. But the surprising part is, OpenID is used in more things than you can imagine.
Till some time ago, I don’t recall seeing much opportunity for logging in with an OpenID – except on the websites of the ID provider themselves. The first OpenID authentication method I recall using was using Twitter IDs, although in that case I could as well have used Google or Facebook. But people use OpenID without actually recognizing it as an implementation of that standard. Yes, OpenID is that “Login with Facebook” or “Login with Twitter” thing. These login methods are usually just not (visibly) branded as being OpenID.
So basically, that represents a win for OpenID, right? Well, in theory yes, but my opinion is different. While many websites carry out OpenID in such a way that it is comfortable for every user, others simply don’t. What do I call a “comfortable usage” of OpenID? An implementation of the standard in such a way that it allows you to choose the ID you want to use. Eventually, it also lets you not use OpenID, through the creation and authentication of a traditional account, where the chosen authentication parameters are isolated to the website or service in question, like we’ve seen before the OpenID boom.
This “comfortable implementation” fits the most users I can think of: by assuring authentication using accounts on the most popular OpenID providers, such as Google, WordPress and Facebook, and using simpler, standalone (i.e. not tied to any service in particular) and/or less-known providers such as chi.mp, claimID and myOpenID, the chances of the person willing to be authenticated having an ID with one of the providers supported is way bigger. But because not everyone likes the OpenID idea, or they might simply not have a registered account with one of the IDs supported, an additional “traditional” authentication method should also be provided, so people can create an account with the website or service in question, and not tie that account with an OpenID.
The advantages of what I call a “comfortable implementation” are very noticeable in my opinion: it increases the user base of a website, since if people find it easy to login with an account they already have on other service, it’s very likely they’ll login on that website. It also makes the act of engaging with the website a breeze, because people don’t need to go over the hassle of maintaining yet another user/password combination, there is no signup form, captcha or email validation. While this may change depending on the OpenID provider and on the service or website implementing OpenID authentication, in most situations the OpenID login process is easier. We just got to recognize another advantage: if users find registering and logging in easier, the website or service will not only get more users, as it will have its users more satisfied. As I said, for the user there’s not the hassle of not remembering the specific password and having to reset it, and for the website management, there can be also a reduction in the number of support requests, assuming OpenID is properly implemented. All I did here was point some of the advantages of OpenID, but it can also have a lot of disadvantages when its implementation is not so comfortable for the user.
A website that I remember having a proper implementation of open IDs is Blogger, at least when posting a comment on a blog – it allows you to choose which profile you want to comment under, from a Twitter, WordPress or Google account to a OpenID, discussed here.
But what is an “uncomfortable implementation”? From my point of view, OpenID can become a very negative thing if, for example, the website the user’s tying to authenticate to doesn’t offer the ID provider on which the user has an account. It is also possible that an OpenID implementation fits most, but not all. A very clear evidence of this problem is given with websites that offer “Login with Facebook” as their only authentication method – I don’t think this can be called an OpenID implementation, even though Facebook is an OpenID provider. But why is this a problem? People just start based on the premise that all the internet users have a Facebook account. False. I can illustrate this with personal situations… it’s not happened once nor twice, but dozens of times: *le me browsing the ‘net*, *le me finds a website he likes*, *thinks he should signup*, *looks for the signup link*… oh crap, looks like all we get is this:
Call me stupid, “forever alone”, or whatever you want: I might even have a Facebook account, but I may not use it and even if I do, I don’t want all dozens of websites being authenticated with that s*ht Facebook is, and eventually with these websites being able to post to my Facebook wall, access my status, photos or other things “normal” people put on Facebook.
I’m giving this example for Facebook, but the problem goes for other ID providers. There are websites that support open IDs, and a few even say they support OpenID (the standard), but then you’re presented with a “Login with XYX” link where XYX is a single ID provider of their liking. Sometimes you’re lucky enough and you have an ID from this provider, other times you just need to go registering for yet another ID, defeating all the purpose of open identification and OpenID.
Although, there are cases where requiring a login with a specific service is mandatory. For example, on services that are dedicated to changing your Twitter profile background with a generated one, a Twitter account is of course required, so a Twitter-only login makes all sense. Same goes for Google/Blogger/Facebook/WordPress dedicated services, but please, if it’s not required to be tied into a specific service, then just let people use whatever ID provider they want, or provide a traditional signup and login method. Else, open authentication and OpenID might become hassles that drive users away.
Other things can be discussed about OpenID – I can argue that it is unsafer than traditional user/password logins, because if the OpenID provider gets cracked and authentication information gets exposed, then all the accounts authenticated with OpenID on other websites are open to the crackers – much like an user that always uses the same password and username on multiple websites. We can also discuss about these shiny buttons provided by social networks and the like, that allow you to authenticate using your account on them, to “like” or to “share” posts – these are used for user tracking, and seeing what the crowd likes, helping on creating even more directed advertising. There are plugins that block these trackers, and usually some hosts file or iptable rules work well, fortunately (if you don’t use the service from which the shiny trackers are coming).
I do not represent the OpenID foundation, Facebook, Google, Twitter or other OpenID provider. I am not encouraging their use or otherwise; I’m just exposing my very irrelevant opinion on the subject. If you spot any factual or spelling mistake, please contact me or comment below. Thanks for spending some minutes of your life reading this post!
August 11, 2011 / gbl08ma / 0 Comments
Today I was going to add one of my new websites, http://webshuff.uni.cc , to Google webmaster tools and for my surprise, right after I verified the ownership of the website, it showed this message at the top of the dashboard:
[Image not available anymore due to data loss when forcibly changing servers on 1st December 2011]
Well, this exact same message is shown for this website gbl08ma.cz.cc I added some months ago. The message started appearing two or three weeks ago.
I thought immediately it was due to the fact that this website has a .cz.cc domain. I submitted a reconsideration request, after making sure this website was following all Google Webmaster guidelines, and some days ago Google said it had been processed, but so far this website, which previously appeared on Google search results, doesn’t appear anymore. Click for proof.
I didn’t bother much. nic.cz.cc started to give problems some time ago, when the first episodes of Google marking all the cz.cc domain and subdomains as containing malicious software or content. I thought: easy, just switch to another domain name like uni.cc. And I decided to myself: from on now, I will use uni.cc for new websites I create – even because uni.cc seems much stable and less abused than cz.cc.
So, for one of my new websites, Webshuff, I chose uni.cc network for my free domain service. From the part uni.cc is responsible for, I have no complaints… however, I only realized Google was also hiding uni.cc websites from Google searches when today I saw this warning on Webmaster Tools. I’m not even going for submitting a reconsideration request: all the uni.cc and cz.cc websites are being hidden from Google’s search results, and most likely any reconsideration request is being suppressed, because all these websites are just cz.cc or uni.cc subdomains and the rules not for showing these websites apply to all subdomains, and Google doesn’t seem to open exceptions.
Summing up, what’s the current state then?
- cz.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
- uni.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
Sure, there are many more free domain and DNS services. We have, for example, the old and very abused co.cc. But… Google is blocking co.cc since long ago (by long I mean, perhaps since the start of July this year). co.cc I perfectly understand because: a) when I used it for the first an last time, it sucked so hard… their website made it look like it all was a scam, not to talk about some of the websites the subdomains pointed to. From phishing websites to all the kinds of online scams and spams, they had of everything bad in great amounts, at that time… “at that time” was like two years ago. Things didn’t get better since that time (instead, the opposite happened), and Google kicked out co.cc of search results because 90% of the subdomains pointed to dangerous and not worthy websites.
Summing up again…
- cz.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
- uni.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
- co.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
By other words, all free domain services are not listed by Google except two… dot.tk and co.nr. Click for proof. If Google lists any more, they don’t have enough PageRank to appear on the first page. So, let’s analyse dot.tk cz.cc and co.nr in greater detail…
dot.tk
I used them with the first websites I created. My experience with them was great until to turned horrible the day one of my domains got lots of hits – turns out Google had just indexed it, and as I offered unlimited cloud space on a online desktop powered by eyeOS, lots of people visited the website. The day that could be a change in the way of my webservice and of my online reputation (not that I spend all my life thinking about online reputation, but whatever) turned out to be the day dot.tk pointed the domain goonawebtop.tk to SedoParking (yep, that horrible website where dead domains are parked to). Following goonawebtop.tk, all my dot.tk domains were pointed to SedoParking in a few hours.
Although the domains were pointed to SedoParking, they were listed on my dot.tk account as being pointed to the correct IP. I’m sure I followed dot.tk TOS/AUP. I tried deleting my domains to add them again, but when I tried to add them, they weren’t available anymore.
Other people have reported this behavior on high-traffic domains by dot.tk.
Conclusion: dot.tk points domains with a great amount of traffic to SedoParking in order to make money out of them, and doesn’t allow people to point them back. cz.cc has also pointed my domains to SedoParking-like websites for multiple times, although the IP in the A record was explicitly changed and I could change it back (and the admin of .cz.cc also promised me multiple times it wouldn’t happen again).
I’m not going for dot.tk after my first experience with them. And personal experiences apart, I’m not going for a domain service that drives traffic away from my website once I get many visitors. Would you? If yes, sure, go with them, you might be lucky and they might not point your domain anywhere (like what happened with freevps.tk). But if they do… don’t say you were not warned.
nic.cz.cc
I started using them when dot.tk failed. They have even more features than dot.tk, and they also have a way to pay for premium accounts and additions to domains internally, paying with “My Balance”. People could earn balance without spending money by doing paid2surf on cz.cc websites. I made more than “$30″ (with quotes) using this method, and bought myself a cz.cc VIP account.
cz.cc was great for some time, like four or five months, but after that, Google started marking all the subdomains as containing malicious content, without exceptions. Problem was solved some days later, and it was good for a month. But, in mid-June, Google was marking all websites as containing dangerous content – again. And more recently, cz.cc was kicked out of Google search results like what had happened with co.cc before.
co.nr
I never used them, and I don’t think it’s worth a try now that Google is motivated kicking free subdomains out of search results. I think we only need to wait some time until more spammers/phishers/abusers start using it more, and it will also be kicked out of search results like what happened with co.cc, cz.cc and uni.cc. Note that I don’t think this last one, uni.cc, is very abused, but anyways, Google doesn’t think, it computes. And thinking is completely different from computing.
So what?
Google seem to want us to buy a former TLD (top level domain). The question is, where in Google do I fill a form applying to get a free domain? Yep, because not everybody has the money to pay for a TLD, or sometimes we have the money but no way to get it online. Or else, people younger than 16 or 18 years old are denied from publishing their content on the web on an independent website, on a independent server, using a free domain service.
But are you so sure nothing will save us? [people cry]
Well, there’s the free DNS service by freedns.afraid.org. Yay! But wait, weren’t these blocking Google bots? Yes. In this case, Google doesn’t block them but they block Google. No chance your afraid.org-created subdomains will ever appear on Google except… if you contact the owner of afraid.org, Joshua Anderson, with a working website that isn’t likely to get abused.
I contacted the admin of freedns.afraid.org using the email at the bottom of their page (yep, that one for reporting abuses) asking him if he could move my subdomain 4.l.to to the separate DNS set that allows Google access. After some email exchange, and after I made sure my new URL shortener (which is what is at 4.l.to) wouldn’t get abused and would stay around for some time, and also after explaining I couldn’t pay for a TLD (like I explained to so many people on the web…), I finally got that nice blue “G” near the 4.l.to domain on my list of subdomains!
But, this doesn’t mean you are so lucky. You might not get Google access to your afraid.org subdomains. Anyways, afraid.org still seems better than those abused co.cc and cz.cc.
Summing up for one last time…
- cz.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
- uni.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
- co.cc website and subdomains not listed in Google’s search results. None of them. Click for proof.
- co.nr is listed on Google, but I’m not sure it will be listed for much time until Google decides to kick them out too.
- dot.tk is listed on Google, but a) I’m not sure for how much time that will remain that way; b) I have had a bad experience with them and c) they point some of the high-traffic domains to pages with sponsored links in order to make money from the visitors you gathered – not nice.
- freedns.afraid.org is free, stable and has not much abusers (if any), but they block Google access and you must ask the admin personally to let Google go your website’s way.
I hope you have liked this giant blog post! Hopefully it will be of some use to those looking for free domain services. Now the only problem will be getting people to this blog post, because this website is (like all the other .cz.cc websites) kicked out of Google’s search results. (Editor’s note: not anymore since I got myself a .com domain)
August 2, 2011 / gbl08ma / 0 Comments
I enjoy reading xkcd in these times I’m bored without anything to do, but at the same time, not willing to shutdown the computer. So basically, I get to xkcd, and go hit the Random button until it is so late that it’s mandatory to go to bed (in order to wake up soon early to still catch users from “distant” time zones online). I tend not to read the comic very often so the “Random” button still delivers me some unseen comics (hey, I haven’t seen all 900+ comics yet!).
Today the “Random” button delivered me a comic from Spring 2007. Its number is 256 (heh! the amount of MB the VPS that runs this blog has of guaranteed RAM). Here it is, click to see bigger:
Look at how much has changed to nowadays. To make this map more actual, I think Facebook and MySpace should swap positions. Orkut would need to be smaller (unless you’re considering only the accesses by Brazilian people, and even that is decreasing). We would need another fairly small island for Google+, and a bigger one for Twitter. Second Life would disintegrate. Sourceforge island would get smaller and an island slightly to the left of it would accommodate GitHub along with smaller islands for all the recently-born git-hosting websites.
Other interesting point is, The Icy North would get smaller (global warming? 🙂 ) and the Mountains of Web 1.0 would be renamed to Mountains of copy-cat Web “2.0″. And let’s not forget, the IRC isles would certainly keep the same size or even be bigger, but they would be much more idle and abandoned (IMHO a island for dead/98% idle IRC channels and users should be created, and another one for malfunctioning IRC bots).
And as I am really jealous, I’d also like a small island for this blog on the Blogipelago. 🙂
The “Gulf of Youtube” would get an island on the middle divided between Next New Networks, sorry, I meant YouTube Next Lab and Audience Development Group[¹] and VEVO (size based on watch count). And etc. This is just my view of the actual www vs. 2007′s www. You certainly disagree with me in some points. But, there’s something you must agree: in four years, the web has changed so much, and we only notice when we look back with wide open eyes and mind.
Now go read xkcd. Or go outside getting some Vitamin D (not really possible at the moment of writing of this post, as it’s midnight here).
[¹] I could write an entire, long blog post with my critic, perhaps skeptic, thoughts on the acquisition of Next New Networks by YouTube. Instead, let’s abbreviate and simply say that before, they were a successful independent project, now, they’re Google.
June 22, 2011 / gbl08ma / 0 Comments
Some time ago, I wrote on my other blog, written in Portuguese, that Facebook was wanting all users to provide their full name as the profile name – a position understandable in certain ways, but these people that keep on telling us the risks of the Internet tell us “don’t. providing your full name on the web is dangerous”. So, what should we do? Stop participating on the Internet’s biggest social network (as of 22/06/2011 DD/MM/YYYY), which by the way, I don’t like (hate), but it’s where all our “friends” and family are “connected”. Stop participating on many other websites of interest? Bah… better provide your full name and sacrifice the “security” the “web experts” say you have by not providing it.
(Noticed the quotes on the word “connected”?)
[Image not available anymore due to data loss that happened when forcibly changing servers on 1st December 2011]
Oh, and by the way, that thing of ”Alternate name” doesn’t allow me to put gbl08ma, it says it contains invalid characters (!).
Apart from Facebook, the web’s (and real life) giant Google now also wants us to provide our full name on their mini-social-network +1, where you can recommend pages to other users. When I tried to provide my webname “gbl08ma” as my profile public name, that will be visible to everyone, see below:
[Image not available anymore due to data loss that happened when forcibly changing servers on 1st December 2011]
Independently from being dangerous or not, providing our full name is not always necessary, so why should we? If we don’t, however, we aren’t exactly following the terms of Facebook, Google’s +1, and all those sites on the Internet (it’s not only Google and Facebook; I’m presenting those as an example because there are some of the biggest websites) that ask for your full name to be publicly visible – one thing is when your data is not going to be visible to nobody other than the site’s administrators and people of the same or more permissions as the admins, other is when it is asked to be part of your public profile that’s visible to everybody.
At least, on twitter I’m still able to put gbl08ma or just Gabriel as my screen name 🙂
June 16, 2011 / gbl08ma / 0 Comments
Nowadays, people who visit my (this) website will find that it is being marked as malware by no feasible reason, again – see the first chapter here.
I repeat, this website has no malware or other harmful content. Feel free to scan it as you can, with all the bots you can, I can even give you a read-only SFTP account for you to see there’s no malware in here. Only Ubuntu Server with Apache, PHP, MySQL, with this blog running on WordPress and some free (as in speech and as in beer) licensed fonts in Rockbox format for download.
I have just request Google another site review. This time, instead of writing a long letter explaining everything on the comments box, I sum up everything on a single sentence with the most important data in capital letters (not that I like using capital letters all the time, but having to way to format, I had to do it this way):
It’s the second time Google marks my website as malware, although I HAVE NO MALWARE ON THE SITE AND THERE NEVER HAVE BEEN any malware or harmful content there. Please make sure this DOESN’T HAPPEN AGAIN or I’ll start to think that there are enough reasons to blame Google with its malware advisor tools that mark a site as malware just because it uses a .CZ.CC DOMAIN!
Yes, because I still believe these malware traces Google bots find are due to malware found on other .cz.cc sites and servers. Please, but please, don’t make me switch to a uni.cc domain. I have no money to pay for a formal top level domain name (.com, .net, .org, etc.), even more if the site in quesion is this personal blog which has no (z-e-r-o) revenue.
Here’s a proof screenshot of Google’s classification of my site and review request:
[Image not available anymore due to data loss, when forcibly changing servers on 1st December 2011]
And the confirmation from Google:
[Image not available anymore due to data loss, when forcibly changing servers on 1st December 2011]
What do you think? Has this ever happened to you? Do you know of a solution, or at least something that can minimize the problem? Have your say on the comments!
EDIT (right after posting): Google also marked another site I have on another server as malware. This one is also a .cz.cc domain, s.cz.cc. I’ts my new URL shortener. I have a message for Google (and a rhetoric question):
Google, STOP! You are killing lots of .CZ.CC websites, many of them have NO malware! This is censuring inoffensive parts of the web! Or… is that your goal?
EDIT 17/6/2011: I’m not the only one suffering from this issue. Lots of people are too. Acoording to stats, this blog post is getting lots of hits from people searching for “cz cc malware”, “cz cc malware banned” and similar. There are people on “Google Help Center” forums complaining about this. How many hours, days, weeks, will it take for the issue to be solved?
EDIT 2 17/6/2011: Good news, at least for this domain, as “said” by Google Webmaster tools on this website:
[Image not available anymore due to data loss, when forcibly changing servers on 1st December 2011]
“A review for this site has finished. The site was found clean. The badware warnings from web search are being removed.” 🙂
May 20, 2011 / gbl08ma / 0 Comments
Following the problems I had with the domain “company” nic.cz.cc, which consisted of having this domain pointed to a site similar to SedoParking for several days (3 or 4, OK, perhaps not several), without my consent, Google decided to mark this site as malware.
Not that this server has malware: after this, I’m even inclined to show the tree of directories of all things under /var/www on this server just to show the world there’s nothing illegal or dangerous in it. The problem is that the server nic.cz.cc (or whoever has control over the .cz.cc domains) decided to point this domain to had malware. Because I’m very lucky (ironic, obviously), Googlebot happened to look to the domain right when it was pointed to a malware site. And now, the site is marked as malware! Damn!
I’m not very angry with Google, but with nic.cz.cc. I have G. Webmasters Tools enabled for this website, and I already sent Google a request for revision of this site, along with a huge comment on the filed reserved for it. Let’s just see if they take a look at it – I can imagine the thousands of revision requests they have to handle every day.
I wonder, will the domain gbl08ma.cz.cc ever get out of all blacklists, or should I just send .cz.cc to the waste (which is where they are already, anyways) and use gbl08ma.uni.cc as the main domain?
I need some comments to make me happy… and make sure they are not against StopBadware’s recommendations! Google’s watching us… well, I think it needs glasses. But that’s another story.
EDIT 21/05/2011: The problem seems solved now… please help me confirm.
EDIT: The story continues…