Welcome to WebmasterWorld Guest from 54.226.58.177

Forum Moderators: Robert Charlton & goodroi

Featured Home Page Discussion

Google "Exploit" Allows for Visual Knowledge Graph Manipulation

     
10:02 pm on Jan 9, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38193
votes: 90


A Zdnet article details a new exploit anyone can run on Google Results. They kinda miss though by getting bogged down in politics:
[zdnet.com...]

You do a search that pops up an Answer Box - use the share link to copy the link - then go to that link url - cut the "kgmid=" parameter out of the url (which is the url to answer box trigger) - then add that to any search.

You can change the knowledge box content for any search. Here is a search for Cheese with mickey mouse in the knowledge box:
[google.com...]

And Google with Anti Trust Act:
[google.com...]
12:28 am on Jan 10, 2019 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38193
votes: 90


The rest of the story? It's two and a half years old. Thanks Aaron Bradley!
[plus.google.com...]
9:11 am on Jan 10, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25787
votes: 834


Doh!
It's so obvious, and very easily manipulated.
I'm surprised Google hasn't put a stop to this. [google.com]
12:00 pm on Jan 10, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:4965
votes: 40


&kponly


Using that in the URL is to better effect, as it displays only the knowledge graph result
2:54 pm on Jan 10, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25787
votes: 834


Using that in the URL is to better effect, as it displays only the knowledge graph result

But it's not so much fun, eh!

I really wonder how long before that goes away. Get it while you can.
4:10 pm on Jan 10, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2307
votes: 613


My guess is that it wont go away unless it is widely abused. It seems like a simple thing to fix but it really isn't. Fixing it would require an additional look-up to see if the param value can be shown with the search results. This is no easy task at scale and with high speed and efficiency. My guess is that they are hoping that this blows over and can simply be ignored.

I wonder whether there is a substantive benefit to ranking when one clicks a link in a knowledge graph. One could post links to search result in forum comments and include the param to your own knowledge graph even if it is completely unrelated to the search topic. Many user would likely click on the knowledge graph link thus driving some traffic but more importantly sending positive ranking signals. There would be no direct ties back to the offending website.
6:43 pm on Jan 10, 2019 (gmt 0)

New User

joined:Dec 18, 2018
posts:4
votes: 1


There is no way to abuse it, other than through hacked computer systems. Mostly, just something users with free time can do on their own end.
6:50 pm on Jan 10, 2019 (gmt 0)

New User

joined:Dec 18, 2018
posts:4
votes: 1


Take my previous comment back. Didn't realize how malicious it can be, when such links are sent out in media campaigns.
6:52 pm on Jan 10, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25787
votes: 834


There is no way to abuse it, other than through hacked computer systems. Mostly, just something users with free time can do on their own end.


Think again: The link facility is for e-mails, and it would be easy to include incorrect results. The examples given in this thread show how unusual a SERP and knowledge Panel can be, however, if you were to take a more subtle example most people probably wouldn't notice they were being served "fake" results.
7:15 pm on Jan 10, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2307
votes: 613


What limits the potential of this exploit is the existence of knowledge graph link for your website or business.
7:25 pm on Jan 10, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Apr 1, 2016
posts:2307
votes: 613


And that the knowledge graph is shareable. I have noticed that many business based knowledge graphs do not include a share button whereas entity based (politician, musician, etc) do have the share button required.
6:47 pm on Jan 14, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Oct 4, 2001
posts: 1274
votes: 15


What am I missing? I don't see Mickey Mouse in the knowledge box in the example search, I see cheese.

Fixing it would require an additional look-up to see if the param value can be shown with the search results. This is no easy task at scale and with high speed and efficiency.

At most you'd add overheard to one instance of a particular query every few minutes. It's trivial to cache a knowledge box identifier with a particular set of results.

Alternatively you could include an expiring key in the url which matches up to the knowledge box identifier algorithmically.

Or you could replace the knowledge box identifier completely with a hash that maps to the original query.

And etc..
7:45 pm on Jan 14, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member brotherhood_of_lan is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 30, 2002
posts:4965
votes: 40


It does seem like a fairly trivial fix. If the 'mid' value of the knowledge graph doesn't normally map to the provided search query words as per how Google decides such things, display something other than what's being shown just now. 'Natural causes' shouldn't be affected, having a knowledge graph ID and an unrelated search query has no use case other than this type of manipulation.

Seems like the worst case scenario is someone linking with kg params and at some point in the future the preferred knowledge graph value for a search term changes. Remains to be seen whether there's any use case for using those params other than displaying the knowledge graph result (anyone notice interesting differences in the SERPs?)

It does seem to highlight an interesting underlying issue with where Google is moving. You have your bag of words search terms, which are 'awkwardly' mapped to structured data in the knowledge graph. The meeting in the middle is no doubt where a lot of online marketers are interested.
9:11 am on Jan 15, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25787
votes: 834


Looks as if Google has made a fix.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members