Friday, February 16, 2007

Google Redirect Notice

Let's say I have a site that sells Cialis, and I have to use spam to promote it. Wouldn't be nice to use a trusted site like google.com to make a redirect to my site? For a very long time, if you used a URL like http://www.google.com/url?q=http://www.mysiteaboutcialis.com , Google sent you to mysiteaboutcialis.com without a notice. Many people were tempted to think that this must have been a Google site (it starts with google.com).

Google's redirection URL was also used for phishing to fool people or phishing filters. But it also had a valid reason for being there: tracking user clicks. If you go to a search results pages and copy the address of a result, you'll notice a long URL that starts with http://www.google.com/url?q=. Google uses that information to improve search results and to aggregate information about users.

Well, Google thought about that and decided to show a warning (similar to the malware warnings for pages that install malicious software) if you use the redirect directly. The redirects from search results pages use some complicated hashes, so it's difficult to bypass the warning, unless you know to build those hashes. The redirect notice says:

"The previous page is sending you to [new address].

If you do not want to visit that page, you can return to the previous page."


This is a clear sign that Google decided to do more to protect its users.

No comments:

Post a Comment