|CAUTION: PRmaster sends unique ID to Google|
Not a Trojan, but might as well be...
Caution: PRmaster sends a unique ID
The author of PRmaster apparently copied his own Google handshaking dialog into his program. As a result, his unique cookie ID is sent to Google every time his program is used. This ID is hardwired into his program.
I assume that this was an innocent mistake. But it means that Google can track who's using this program. This is insane, as you don't have to have a Google cookie in order to get a PR back from Google.
Here's what to do -- you need a Hex editor:
Find the place in PRmaster.exe where it says: Cookie: PREF=ID=[followed by 16 hex characters]:TB=1:LD=en: TM=[10 digits]:LM=[10 digits]:S=[11 chars] NULL cr/lf/cr/lf
Now write Hex 00 (NULL) over all this, starting with "Cookie" and up to but not including the cr/lf/cr/lf
Now it won't send out this unique ID during the dialog. It's about ten times faster, and the same PR comes back.
Risky, extremely risky.
It's risky using the real toolbar too if you're watching a handful of PR values closely. This nails you as a SEO dude right away. You have to delete your Google cookies several times a day to be safe.
If you don't have a Google cookie and the toolbar "phone home" is active, you'll have one the first time you visit any site. It will last 36 years or until you erase it, whichever comes first.
With PRmaster, if you don't send that cookie info, Google will try to plant one on you by sending back the next unassigned unique ID. But PRmaster doesn't know what to do with cookies, and it has no effect.
Here's a question: Why is PRmaster so blazingly fast once you don't send out a cookie? Could it be that there's no detour taken by Google to their SEO tracker box, which records all us bad guys who are interested in PageRank?
So where, exactly, is the risk when you look at it this way, once you stop sending out that PRmaster cookie?
Most humans live their entire life within 25 miles of where they were born.
Most surfers stick to the same territory on the web most of the time.
People have a start page, they have a morning run, they have a search site, and they really don't venture off their own well-worn path too much. Same as seo's checking a set of sites. Just from the sites you visit, you can't determine anything about a user. Style of searches maybe, and especially imitation toolbar glitches.
Dang! Doofus, you're putting a crimp in the fun! Now we have to deploy stage two... ;)
I'm joking, but yes, there are differences between the toolbar and a Delphi application such as PR Master. That's beyond just the cookie that Doofus mentioned. Personally, I wouldn't query google with any program that violates our terms of service. You run the risk of having all your queries highlighted in red on some engineer's console.
Remind me to take out the pages of WPG users for a couple days sometime, just as a joke.. :)
>take out the pages...just as a joke..
I knew it, I knew it!!
From this thread (and notice the sophisticated search technique):
|I'm on to them. I think every month when the update starts they all bring sack lunches to the office, eat their sandwiches at their computers, and have a good time watching everyone trying to figure out what they're doing. Then, after the update the Googlers all have a meeting to figure out what they can pull next time to get everyone going. |
Take notice. Every month or so there's something new and mysterious they come up with.
Straight from the horse's mouth, the truth has now been told. Now we know for sure!
I use PR Master. Please, Google, sue me -- it would make for high comedy. Google, if you don't like PR Master, then detect it and block it. If you can't detect it without the cookie, then say so. Don't insinuate that you're adding a black mark next to my name every time I use it. It may be cute, but it's also cheap and immature.
It's fairly amazing that this is even of interest to anyone, since the resolution of the toolbar PR is next to worthless.
I'm pretty close to reaching my goal anyway -- which is a "Disallow: /" for Googlebot. That would deprive you of 100,000 pages from a nonprofit database that took 20 years to compile and is unique on earth. It's this sort of content that makes Google look like a search engine to begin with.
I really don't know what's riskier -- allowing a Google toolbar on my disk that is self-updating (which technically means giving Google access to everything on my hard drive), or tolerating Google's 36-year cookies, or using a cookieless PR Master when I'm curious about some site's PR.
It's against MY terms of service to expose my computer to the extent that Google would like. And by now I'm not even worried about the 100,000 GETs from Google on our server in a single day -- after a year of effort I finally have that one under control by converting many pages to static files and using Status 304 for the rest of the dynamic ones.
I also had to move all my GIFs this past June because Google started stealing them, come to think of it, and had to add a NOARCHIVE meta to everything on the site.
I feel that Google's success has led to an attitude problem. This feeling of mine started over a year ago, when I tried writing to Larry Page about our load problem with respect to Google and suggesting a solution, but never got an answer. Then the next month your toolbar spyware came down the pike. By now Google has everyone in these forums slobbering over every word from Mountain View, and dissecting it like some committee of theologians.
I'm losing my self respect.
Everyman, your domains are whitelisted in Google as far as I'm concerned. I also share your interest in reducing the server load on sites like yours. That's why we've introduced better crawling using If-Modified-Since to reduce the bandwidth that Googlebot requests. I think we talked about that a while ago?
I feel your pain partly because Google gets hit by bots very hard. We hate queries from automated programs because they take away resources from actual users. I was sad to see the PRmaster program because if someone were to automate it, it would mine PageRank from Google. PageRank is one of Google's important accomplishments, it takes a *lot* of work to compute, and it wouldn't be fair if someone stole a large chunk of that computation and exploited it.
Of course a few googlers dissected the PRmaster program to find out what we could. We tracked down the earliest person to send those queries, and I quietly asked him to take down the program. We had a really constructive dialog back and forth--he had many good points. I told him how worried I was that someone would abuse the PRmaster program, and he very generously agreed to take down the program. I respect his decision very much.
I would really appreciate it if other people would also respect his decision and refrain from using the PRMaster program. Everyman, feel free to use the toolbar or not. But I hope this explains why Google does not like a program that just does pure PageRank queries. It's your choice whether to put a Disallow on Googlebot, but I know you have good content and hope you'll let Googlebot keep visiting.
> I would really appreciate it if other people would also respect his decision and refrain from using the PRMaster program.
OK, I for one have just deleted it.
However, it would be nice to have a way to check the PageRank of individual URLs that can't be kept open in IE4/5. PRMaster has become a useful tool over the last 12 days for debugging the cache, backlink & PageRank confusion/penalty/whatever that's been upsetting visitors to the public support group since December 27.
I've only just got a copy of PRMaster mainly because i use Opera for browsing and i am interested in what google gives PR too.
How about you add PR to the google SERPS (like the directory but with mouseover for Number) and I delete PRMaster.;)
I think that you should use a secure way to communicate between the toolbar and the Google backend. I was very surprised to find so much information about the way the toolbar work using only a ressource editor and freeware tools.
I wish to talk with you about other things I think about and I saw that your Sticky Mail is disabled can you contact me ?
GoogleGuy, you have nothing to worry about from me. I may use PR Master to do perhaps a half-dozen isolated, single queries per week. Since our site has no competition (it's all unique content), I have no reason to do the typical SEO thing and flood Google with inquiries by using some sort of automated program.
But look at the larger issue.
The problem isn't PR Master. While the URL checksom may be too sophisticated for me to crack, it appears that for a given URL the checksum never changes. You don't have to crack the checksum to automate inquiries. All you have to do is use Junkbuster or something, and collect a list of checksums for the sites you want to track. Then you can plug this list into a program and get the PR back. Surely you aren't going to claim that I have no right to use Junkbuster to see what your toolbar is sending to Google.
Google's initial decision to strip out most of the useful resolution on the toolbar PR was the correct one, from your perspective. But you can't have your cake and eat it too. Once you set up a system whereby this low-res PR can be fetched from Google, you should forget about programs like PR Master. I think it was out of bounds for you to request that the author of PR Master pull his program. It would have been more ethical to fix the situation on your end.
I believe this gets into the same issues that involved that Russian programmer that Adobe asked the FBI to arrest. And the only thing that's clear from that case, at this point, is that it's always the little guy who gets screwed.
Anyway, it's between you and the author of PR Master. If he won't distribute it, then I won't either, out of respect for him. I'm glad you clued me into why his site disappeared. I hope you didn't make any threats to get him to close it down. It sounds from your description that you were reasonable and polite, and I assume that I won't be hearing anything to the contrary.
I must say, though, that the news that you tracked him down is something that worries me. Maybe we should call it the Google trackerbar instead of the Google toolbar.
I may still use PR Master for several queries per week. It's easier than worrying about what your toolbar is up to, and it's easier than using Junkbuster to collect URL checksums from sites that interest me, and writing my own socket program to use one or more of these checksums in a dialog with Google to get the current PR for that site.
By the way, this is a very interesting thread and I hope we can keep it going. You deserve credit for rising to the occasion.
Thanks everybody. I guess in my mind the issue is that we have a set protocol we'd like people to follow to retrieve info from Google, kinda like robots.txt. If somebody ignored robots.txt on your site, well, you can see why I get a little ruffled.
But I can also sympathize with people who want to know PageRank from Google. I thought that the toolbar display would be more than enough info. But I often underestimate how interested people are in Google. I promise that I was polite though, Everyman :)
If I get a PR from Google without using a method approved by Google (i.e., without using the toolbar), it is superficially similar to Google violating my robots.txt to get content from my site. Google would never do this, of course, so I should always use the toolbar if I want a PR number.
The operative word here is "superficially." It sounds good on the surface, but you have to consider who's the big guy and who's the little guy. Google is big, and I'm little. My actions toward Google are a mere ripple that Google won't even notice. Google's actions on my site are inevitably a tidal wave.
Google is on the offensive, while my actions are defensive. Google started it.
It's like the just war theory -- you have to consider violence in the context of whether it is offensive or defensive. The argument quickly becomes difficult, because it depends on one's perspective. Thousands of U.S. vets today still feel that wasting those kids with napalm was the same as defending the U.S. against all those Communist dominoes waiting to fall. Others, like myself, still feel that the Vietnamese were defending their homeland. It's never all that clear-cut. At the time that I was prosecuted for draft resistance, for example, I considered myself a pacifist and thought that all violence was always wrong. Then I decided that this was too easy and a cop-out, and the only thing I could come up with was some sense of who's being offensive and who's being defensive.
What impresses me most about this discussion is the curiosity of people. I think curiosity has driven humanity to some of the greatest inventions of our time, and also to some great hazards.
What am I talking about? Let's try to stay on topic here!
I think it is fabulous the coincidences that I have perceived with this program you are discussing about and so many cases I've read about from John Markoff and other cyberjournalists. I was one of the first to try PRMaster...I would like to post some of my views on it.
Search engines are such fabulous works of programming that it seems every hacker has interest in them :). The ability to find information on the Web attracts the seekers of knowledge, AKA "hackers".
Hackers are all about curiosity. You know, some become myths, some go to jail, but in the end it is all about curiosity.
Google could have committed one great mistake with this Toolbar if it ever expected the thingy there to remain a secret. In my humble opinion I do not think Google made any mistakes. All the information on the bar is public and they know what they are doing all along. Of course there is so much to their search technology that some rounded integer between 1 and 10 cannot be the secret to it all.
The elite of the underground world uses Google everyday for their research, and I must defend freedom of information here by saying that they are unjustly on the underground. Information seekers should be the mainstream, and please do not confuse hackers and the evil system intruders that steal.
Wrapping up, though I feel like going 100 lines defending freedom of information : security by obscurity is no path to success. I think the information on Toolbar is public because no password is needed to access it. The author of the program did nothing wrong because no system has been hacked, no password bypassed. Google either gave the number away, or it seriously underestimated their excellent audience. Google is A Good Company(TM) - they gave the number away.
Just don't crimp their seriously expensive bandwidth is the message here, don't take their hours of work and steal it with some automated tool. It applies much more to others with high bandwidth than to most of us here, I am sure that if the few queries we all made through the program were harmful Google would have cloaked the program out of functioning real quick.
Now, like Everyman said, I will also respect the will of the author of PRMaster and not redistribute it. I have searched the web for other versions and it seems nobody is distributing it so I guess we all like Google and we're not going to be hurting them. Matter of fact I haven't used it at all anymore and I really have lost interest in PageRank and all...my site got dropped and came back up on the next dance, what the heck do I care about a few positions when I can simply dissappear!!!?? (Or get dissapeared with.....but conspiracy theories I leave for another occasion :)!)
So there you have my 300 cents on the subject(large message, 2 cents was too cheap ;)), you know...congratulations to the author for finding the thingy there, keep information free, and Google is still the best tool on the internet today, let's respect it.
PS >> WmasterW admins sorry for the long message, I post so rarely that I hope you understand!
Where might I get the PRmaster software?
I can not find the address here in the forum.
It's been removed from the web.
Interesting, Google prying into people's activities. A thirty six year cookie is an old cookie, be stale in a week. As my machine is primarily mine, I feel that when organizations start putting stuff on it which will last the lifetime of the device, they are prying.
I delete my cookies about once a week, manually. Cookies were intended to provide 'default' information about page settings, not to track me around the web. Talk about perverted sense of logic, ban something citing invasion of privacy, turning around and perverting the use of existing technology to spy on someone else.
I admit Google has one of the best things going as far as searching the web, but there is more than one way to skin a cat, as we say here in West Virginia. Pride comes before the fall, particularly in a 'free' society. The web is still pretty much free.
GoogleMan, don't let pride ruin Google. It is something good on the net, but there is another concept in the works. Not so much because of Google's activity but the majority of search sites. They return spam with little or no relavance to the searcher's need.
Those brains which have been pounding against the wall trying to figure out Google will probably decide to find a better, more dependable means of accomplishing the overall goal, that of hooking the buyer up with the seller.
GoogleGuy, it's all very well asking people not to use programs like PRMaster, but WTF are people who can't run IE supposed to do? It's painful enough running PRMaster under emulation...
And isn't Google a Linux-shop, anyway?