Bug in Google's Censorship

Seems that the censorship service that Google has set up at China's request suffers from a trivial bug: if you type your searches using capital letters, you bypass the censor.

This'll be fixed real soon, I'm sure.

Posted on January 31, 2006 at 3:00 PM • 19 Comments

Comments

AnonymousJanuary 31, 2006 3:37 PM

Has anyone else wondered if Google agreed to abide by the Chinese government restrictions but is putting in the minimum effort possible to meet the restrictions, allowing several easy ways around the restrictions?

A. ProhiasJanuary 31, 2006 4:08 PM

I think that the powers that be at Google intentionally allowed this to slip through - where the usefulness of the "bug" to the moral cause dwarfs its limitatations / potential embarassment. In spite of the positive impact to the revenue stream, I am sure the best engineers at Google are ashamed at having to bend backwards for the Chinese nonsense. This is a fitting reply.

I'm curious to see how quickly the Chinese will respond, and how long it will be before the relationship sours. I do believe Google is a different sort of company, and unless the Chinese show a pliable side, it is only a matter of time before there is a rift.

aikimarkJanuary 31, 2006 4:32 PM

Those Google guys have a sense of humor too. Do a Google search on:
french military victories

Click the "I'm Feeling Lucky" button.

ReptonJanuary 31, 2006 6:12 PM

You realise that Google has nothing to do with that? The albinoblacksheep people put up the page and then enough people linked to it that they got top pagerank for that phrase...

(it's looking a bit dated, too — Google has evidently updated their look since they did the parody)

Emmanuel PirschJanuary 31, 2006 6:21 PM

Remember that Google logs IP addresses for each search query they process. So this little "bug" does not mean it is safe for a chinese citizen to exploit it to bypass the filters.

In fact, it can even make them more vulnerable if the government know the bug asks for IP addresses for which the "bad" search terms where queried.

DaveJanuary 31, 2006 7:00 PM

I can't get to the article you linked to, but a few simple searches on google.cn pretty quickly debunks the concept that caps fixes things.

For instance, "tiananmen" and "Falun Gong" show no difference based on capitalization.

SmeagolJanuary 31, 2006 8:28 PM

How do the filters fare with misspellings? Spammers use this tactic all the time to bypass junk email filters. Google can't possibly cover every permutation. The only thing is that "Frreedomm" won't produce as many hits as the real thing.

ZapgodFebruary 1, 2006 12:58 AM

@Dave - follow Bruce's link. Use the two image search URLs provided on that page. There is indeed a difference (at 07:00 GMT).

Z

vwmFebruary 1, 2006 4:23 AM

@Z and Dave:
I can see no difference there, too. But I get my reply form google.COM. Guess I am redirected to a non-censored version on the base of my (European) IP or Browser setting.

I get a completely different result when I use a anonymizer such as
http://anonymouse.org
Then it is Families with a t and Tanks with a T...

Richard VeryardFebruary 1, 2006 4:51 AM

Bruce, you have often discussed the ethics of publishing security vulnerabilities. What you are doing here is revealing a hole in the security mechanism Google has built for the Chinese government. (We can leave aside the question as to whether this hole is a deliberate act, or merely carelessness.) Do you think that publishing this vulnerability will result in the Chinese government putting pressure on Google to close this security hole, and would you regard this as a good outcome?

Ed T.February 1, 2006 6:39 AM

@Richard Veryard,

In this instance, Bruce is not the one who is disclosing the vulnerability (as the original publisher) -- rather, he is reporting that which has already been disclosed. So, *I* would not consider this an "irresponsible" disclosure.

Oh, and I think the bug disclosed is in fact a bug, and not a "security vulnerability".

BTW, I think that the debate around "publishing" vulnerability information in fact refers to disclosure -- once it is in the public arena, it is silly and futile to ignore it and hope nobody will notice.

-EdT.

Brian ThomasFebruary 1, 2006 9:00 AM

And now the perpetual disclosure controversy ensues again; if only you could inform the citizens and not the watchers...

jammitFebruary 1, 2006 11:15 AM

I've had pretty good luck on goole.cn by mispelling words. I don't get as many hits as I do using google.anything_not_cn, but I do get some pretty good stuff. Due know evel.

aFebruary 1, 2006 7:13 PM

"I think that the powers that be at Google intentionally allowed this to slip through"

Of course they did. And if it'd been micro$oft you'd be ranting about their lack of ability to code something correctly.

Don't forget Google IS an american multinational company. They are driven by shareholders to screw rest of the world over in the chase for $$$$

Jacob DaviesFebruary 1, 2006 7:23 PM

I'm sure this was a mistake, but it does put Google in an interesting position.

Essentially, every time something like this happens, the threat will come from the Chinese to fix it - to increase the effectiveness of the censorship - or be cut off. Every time, Google will give in, of course. It puts Google in the position of developing ever-more-effective and easy-to-use tools for government censorship. Censorship isn't a one-off, it's a process, and Google just got heavily involved in it - I'm not saying, ultimately, for good or ill - just that they are in that business now.

CepheusFebruary 27, 2006 1:44 AM

Is Google censoring in the US also? Google de-indexed SpaceWar.com for a number of days for an as yet unknown reason(to me).
SpaceWar reports on the latest publicly available info about military/aerospace technology worldwide and pays some particular attention to Chinese advancements in this area. As of Feb. 25, 2006 it has been re-indexed by Google maybe in part due to public uproar over the matter. Infowars.com tipped me off to this little news item and I am pleased to have confirmed its validity.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..