I had an annoying German user last night, If users abuse sites, I ban the user and if they keep coming back using the same ISP then the next action is to block the whole ISP. In the end it falls on the ISP to police their users. ISP can't just release people into the world. As a website administrator I can't do anything to stop an abusive person. So if they keep being abusive then their whole ISP gets the axe. ISP should avoid this problem by having an abuse section on their main website where sites can report abusive behavior. If the ISP fails to get the user to behave then the whole ISP deserves being banned.

lisa: basically right, but T-Online serves around 4 Million DSL users... that axe is kinda huge...

Kinda hard for an ISP with millions of users to stop one of them running a bot to query Google.

If I report the IP to the ISP they should be able to take care of the user. If they can't back track the IP to an end user then the Big axe must fall.

Remember when they shut off a good portion of a few cable isp's in the states last winter - @home has 12mil(?) users. I don't think anyone can fault Google at all. I'm sure they took all the right steps to stem the abuse. When the isp won't do anything, they have to take matters into their own hands.

The interesting point for me is not if anyone can fault Google at all or not.

I'm not sure if there's anything a mass ISP like t-online can do to single out one user running a software like WPG - is there anything?

That's assuming running a software like WPG or any other ranking checker was enough for Google to ban those IP areas.

If so it poses another question: What if large ISPs (millions of users) say: so what? We can't and won't control all of our users. If a site choses to ban them, hey - that's not our problem.
Google would lose those users, in this case the most active part of the german internet crowd.That's a business loss. Whereas the ISP would damage their reputation.
Both sides would lose.

Given the correct time and IP address of the incident, a good isp sys admin could have the users account pulled up with in a couple minutes (or seconds). The only delay is the time it takes to search through log files.

> If a site choses to ban them,
> hey - that's not our problem.

I'd say a site like Google is pretty important. If a ISP values it's customers, they'll rectify the situation asap.

In the past, when ISP's turned a blind eye towards usenet spammers or IRC abusers, the Internet Death Penalty [computerbits.com] was applied. There were some pretty big ISP's cut off from Usenet and several IRC networks a few years ago.

In this case not only one ISP was hit but three. All dsl users coming from IP 80.131.XX.XXX were blocked. Involved ISPs: T-Online, 1&1, Tiscali. That's probably 90% of all dsl users in Germany.
How is Tiscali supposed to single out a T-online user running a ranking checker?
Does that make sense for Google to block them all no matter what?
The problem for Google is bandwidth, I suppose. But what about their adwords customers? Google loses money.

I don't know that Google is so big in foreign-language searches that they are "irreplaceable", as people imply. There's a lot of "education" going on over here about why it makes sense to use Google to search, but if people can't find Google they will go back to using Altavista or whatever (or, indeed, Google-powered local searches).

I must say I would have been interested to see the reaction had Google cut off 90% of all American DSL users....

Why can't Google block excessive use in real-time at the level of specific IP addresses? Obviously that could be a problem for organisations (or ISPs) that push web access through central caches (as the uni here does), but I would have thought it would work fine inside cable IP blocks.

Without going into too much detail - I know that in some cases google will ban the IP address of an individual user, then they will contact an ISP with DETAILED info on the abuser (at least in some cases that I have detailed knowledge of).

The ISP can then take action against the user.

If they fail to do so - google might cut off their access.

I know this happened to at least one ISP with a fairly decent member base.

Google's actions were appropriately measured in the past. Can't say about this one.

I have to agree with Lisa in that ISPs need to start going after abusive users.

ISPs like comcast and the like let their users run wild with trojan horses and the like and feel like they have no reponsibility to stop it.

I can say the one ISP I am familiar with seemed much more willing to assist with google's abuse complaint(s) after they got cut off....

DSL users in Germany do not have static ip adresses.

And in fact T-Online can not resolve which user did what.

I think its an exciting fact:
as german dsl-user you are totally anonymous

(me is not; but, hey, i got 10mbit:)

>see the reaction had Google cut off 90% of all American DSL users....

I don't think this is a qestion of nationalities, really. Google sees abuse coming in from a certain IP block, and wham - blocks it.
Brett points to a similar incident in US, that's what I remembered vaguely in my first post, The thread must be somewhere in the vaults.

What puzzles me is what triggers this harsh reaction. Google risks turning off lots of users (which are customers, lets not forget that. They don't pay, but they watch and click Google's PPC listings). Those users are not amused, I guess. They don't want me to use their engine? OK - there are lots of others! Is it really worth the saving in some bandwidth?

To me it looks like it's more of a fight between Google and ISPs over who is to carry the burden of single users misbehaving.

Google is big in Germany. Have a look at Top 10 [Global] Domains in Germany [de.jupitermmxi.com]. T-Online is still using FAST but Web.de and Yahoo display Google results.

So maybe it was a special promotion agreement between T-Online and FAST. ;)

I didn't mean it as a question of nationalities - more as a question of proportion. Google may well have cut off a cable provider in the USA in the past, but did it have the proportionate effect that it has had in Germany?

X million users in Germany and x million users in the USA are different proportions - unless you just look at it as a IP block. Had the members with English-speaking sites here had 90% of their potential cable customers cut off from Google access to all of their top 3 positions, then the reaction may have been louder and stronger. As it is, the probability is that most non-German sites won't even notice.

Given the correct time and IP address of the incident, a good isp sys admin could have the users account pulled up with in a couple minutes (or seconds)

I once tried to get another large german ISP (now defunct) to do that, because a fellow user had managed to get me blocked from my hosting account. Note that as their customer I started with a much better position than an arbitrary disgruntled webmaster out there. Result: Zero.

The thing is, that in most of Europe, there are very solid privacy protection laws in place, that simply prohibit them from doing this. An ISP in Germany that monitors the individual traffic of any of its customers without a court order is in serious legal trouble. It may be easier with e-mail violations that generate their own inbuilt evidence and can be selectively compared against the SMTP server log files, but someone running a portscan or using WPG is pretty safe.

Google is certainly in a slightly better position, as they can put up a lot of pressure by blocking large address ranges. But in general, if you were the ISP and had "some bozo" overseas complaining about one of your paying customers, without the possibility to verify their evidence, What would you do? It's really a no-win situation for them.

I have worked at an ISP, monitoring which user is using which IP at which time has nothing to do with Privacy, That is simply resource monitoring. It was easy for us to find an end-user when we got notices of abusive behavior. We would not turn the person over or share any information about the user, but we would tell the user it was against our TOS and they should stop doing that or they would be expunged as a customer. Even when the FBI came to us with an IP and exact time we would not turn over the customer information unless they had a warrant. Even if we saw the evidence that the FBI had and we knew the person was guilty. Legally the FBI could not use that evidence unless they gained it properly. So any agency that wanted information first got a warrant.

> I once tried to get another large German ISP (now defunct) to do that

If I was that ISP I would not give you the user's info, I would contact the end-user and warn them they are close to being expunged if they continue their action.

> german dsl-user you are totally anonymous

Nothing is totally anonymous on the net, someone somewhere can track you down. I would like to see a German user make threats against killing the US president and tell the Secret Service that they are a terrorist and will blow things up soon. Then you will find out how anonymous you really are.

Two thumbs up for Google!

I've given up on contacting most ISPs. All that ever amounted to (for me) was time wasted and an inbox full of autoreponding E-mails.

With the right software, nearly all robots hitting your site can be detected and dealt with on an individual basis. Given the demands on the server to process this kind of information I'd venture a guess that Google finds it resources better suited to simply banning the offending IP block.

> I once tried to get another large German ISP (now defunct) to do that

If I was that ISP I would not give you the user's info, I would contact the end-user and warn them they are close to being expunged if they continue their action.

They wouldn't even do that (I asked them explicitly), claiming that they weren't even allowed to dig up that information themselves without a warrant, or at least clear evidence of illegal activities. I don't know if that is actually true to that extreme degree, of if they were using it as an excuse, but the situation is really a lot different to that in the US. And no court will ever issue a warrant just because someone ran WPG against Google.

It is also worth to realize that in the case we're discussing here the user didn't violate the ISPs TOS, but those of Google. And I have yet to see an ISP put a clause into their TOS saying: "We'll kick you if you happen violate someone elses TOS".

I'm not even going to try to put the blame on one side or the other with regards to Googles blanket blocking activities. I'm just trying to show that the issues are not even remotely as black and white as they might seem to be at first glance. An ISP *does* have contractual obligations towards its customers, and it has none towards foreign web site owners. Most of what they can legally do to help Google in such a case is really just based on goodwill.

Of course, as soon as law enforcement comes into the picture, the situation will be very different. Luckily for us all, Google is not the secret service... ;)