Hey google you what
On Saturday, the following article appeared in the blog of the Kenyan startup Mocality, which made a lot of noise:
I am proud of the work that we organized at Mocality, but especially two things:
As you read, keep the following in mind:
Our database is the essence of our business, and we are sensitive and protect it. Among other things, we track and block automated attacks. We constantly contact customers so that their data is not out of date, and we ask you to call our call center for any questions, anytime.
')
In September, Google launched the Getting Kenyan Businesses Online program (Kenyan Organizations Networking, GKBO). Although we have seen that in some aspects it is competing with us, we welcomed this undertaking, because in Kenya there is enough potential for everyone, and each new entrant helps the market grow. And, of course, we are confident enough in the product, in our local team and in our dedication to compete with any opponent, provided we play fair.
Shortly after the launch of that program, oddities began. A couple of organizations were clearly deceived, asking us to help with their sites, although we do not provide site creation services — just list maintenance. At first we did not attach any importance to this, but the puzzling calls continued to be received throughout November.
In early December, we looked at our server logs in search of common features of organizations that called us with strange questions. We found a unique IP / User-Agent combination with which all these organizations were viewed:
Unusual configuration for Kenya: a stable version of Google Chrome, released on September 20, on a computer running 32-bit Linux. Apart from this IP, such a combination is rarely found in the logs.
We looked at the owner of the address 41.203.221.138 through WHOIS:
Kenyan provider. And what did they want from us? We continued the analysis.
Of the 65,851 queries, 33,261 were to the pages with the profiles of organizations, that is, they looked at the contact details of the organizations.
Further details:
So, a person or (judging by the number of requests) a group of people made systematic sampling from our database during working hours, and it seems that in early November they moved to a new office. But who was it, and what did they want?
We decided to find out, and made a couple of changes to the site code:
December 21, we included this code.
Listening to the call records, we were extremely shocked.
Get to know Douglas. On this record (in the first two minutes), you can clearly hear that Douglas is represented by an employee of Google Kenya, confirms and later confirms that GKBO is cooperating with Mocality, and that we help them with this project, then tries to offer the website owner to the organization (and sell Domain name). For 11 minutes of conversation, he constantly claims that Mocality works with or on (!) Google.
Between 10 and 13 hours on December 21, we received six more calls like this (from 5 different Google Kenya employees), then returned the normal code. According to our estimates, these employees called 20-25 organizations from the Mocality list per hour (7 calls in 3 hours, 10% were redirected: 7 * 10/3 = 23.3 calls per hour).
All conversations took place according to the same scenario: a Google Kenya employee calls the organization and tries to lure them into a competing project, claiming that we work together with them.
Next - worse: Look at the full transcript (with translation of Swahili phrases) of another call , where the caller goes even further, accusing Mocality of practicing the “bait” that we are trying to shake up to 20,000 Ksh ($ 200) from organizations for the right to be on lists. Mocality has never claimed, and will not, pay to add to the list . Ironically: in the same call, the caller deals with this, hinting at the payment for hosting in GKBO.
I removed unnecessary details (except for the names) for both sides, and highlighted the key places in yellow.
Having collected evidence and waiting for decryption and translation (since some phrases were in the local African dialect) of records, feeling the satisfaction of the detective work, we went on the Christmas holidays. I started writing this note.
Having the most up-to-date data, on January 9 we re-analyzed the logs.
Inquiries from the IP address 41.203.221.138 have not been received since 4 pm on December 23. Coincidence? Or someone guessed what we noticed?
However, NEW calls were received from the owners of the organizations: it seems that they were contacted by a call center in India, with the same promises of the website.
We restarted the analysis, and quickly found a new combination of IP / User-Agent.
We found a different IP address and User-Agent that looked through the data of those two organizations:
WHOIS data:
New visitors came directly from the Google network.
From the address 74.125.63.33, 17,645 requests were received (15,554 - to the profile pages). The frequency increased significantly on December 22, when there were 8 different User-Agents, mostly Chrome for Linux. Three popular:
We are looking for “tag = mo.request 74.125.63.33” from December 20, 2011 to January 9, 2012. Found 17,049 requests:
On January 10, we turned on the trap again. And within a few hours our fake numbers were called from the new call center.
Meet Dipty, from Google India. On this post, she talks about her connections to Mocality and offers us a free website.
Looks like Google is outsourcing Getting Kenyan Businesses Online to India!
Since October, the Google GKBO project systematically wool the Mocality database and tried to sell its competing product to our customers. They told a lie about our relationship with them, about our business practices, in order to poach customers. On January 11, they called about 30% of organizations from our base.
Moreover, they transferred this work from Kenya to India.
When we first started the investigation, I thought to find a freaked-out call center employee and tell Google that they were violating our terms of use (in particular, clauses 9.12 and 9.17), someone would get over the ears, and everything would be fine.
I did not expect to find a command, systematic, fraudulent (with statements of cooperation with us, and even worse) an attempt to destroy our company, organized from call centers from two continents.
Google is a key part of our strategy. Mocality will be more successful if our customers can be found through Google. We even track how well our organizations are represented on Google, and have always considered this a symbiotic relationship. We’re busy creating local, Kenyan content and Google will be able to sell ads using keywords. More than half of our indirect traffic comes from Google. For us, the cost of transition is not zero.
Moreover, we spent a very significant amount to advertise on Google Kenya. I would not be surprised if we are among their largest local customers, together with the partner site Dealfish.co.ke .
Kenya has a fairly well-educated, but poor, and high unemployment rate. Mocality organized a crowdsourcing program to give people a chance to help themselves by helping us. Through systematically combing our database, and then outsourcing this combing to another continent, Google harms not only us - it harms every Kenyan who participated in our program.
I moved to Africa from the UK 30 months ago to work as CEO of Mocality. When I moved, Kenya’s reputation as a corrupt country frightened me a little. But I was positively surprised: so far I have not dealt with organizations that would somehow try to deceive us. It is important for global companies to adapt to local conditions, but ethics is invariant. As an admirer of Google's hard ethical principles, discovering that they do not apply in Kenya ... sadly.
Some people will have to answer some questions in some places.
Here are my three most important:
Stefan magdalinski
Nairobi, Kenya
Google apologized to Mocality, both via the network and directly: I personally received a few calls from Joe Mucheru, the head of their Central African unit.
I appreciated the speed and honesty with which Google and Joe responded to the incident, but there are a few trifles I want to pay attention to:
Yesterday, in one of the unofficial blogs of the project, OpenStreetMap posted a similar note, but already with Google's accusations of vandalism, the intentional corruption of geodata around the world. Translation on the scum . Employees of the company reported that an investigation is underway.
I am proud of the work that we organized at Mocality, but especially two things:
- Our crowdsourcing program. When we started, we understood that (unlike the United States or the United Kingdom, where you can simply buy a catalog for uploading to the network), if we want to get a decent database of Kenyan enterprises, we will have to fill it from scratch. It was also obvious that for the rapid growth of the enterprise we would need the help of many Kenyans. Therefore, we have created a system for collecting information that uses M-PESA (local popular payment system) to reward every Kenyan with a mobile phone who reports data for our database, and they are confirmed by verification. In two years, we paid 11 million Kenyan shillings (more than $ 100,000) to thousands of people, and built the most comprehensive catalog in Kenya, including more than 170 thousand verified records. From myself, I consider this job the most important achievement of my 18-year online career.
- From the first day, we targeted every Kenyan organization, regardless of size. As a result, for approximately two thirds of the enterprises in the Mocality list, this is their first step into the Network. We have put online about a hundred thousand organizations.
As you read, keep the following in mind:
Our database is the essence of our business, and we are sensitive and protect it. Among other things, we track and block automated attacks. We constantly contact customers so that their data is not out of date, and we ask you to call our call center for any questions, anytime.
')
In September, Google launched the Getting Kenyan Businesses Online program (Kenyan Organizations Networking, GKBO). Although we have seen that in some aspects it is competing with us, we welcomed this undertaking, because in Kenya there is enough potential for everyone, and each new entrant helps the market grow. And, of course, we are confident enough in the product, in our local team and in our dedication to compete with any opponent, provided we play fair.
Shortly after the launch of that program, oddities began. A couple of organizations were clearly deceived, asking us to help with their sites, although we do not provide site creation services — just list maintenance. At first we did not attach any importance to this, but the puzzling calls continued to be received throughout November.
Clues and Investigation
In early December, we looked at our server logs in search of common features of organizations that called us with strange questions. We found a unique IP / User-Agent combination with which all these organizations were viewed:
IP Address: 41.203.221.138 User-Agent: Mozilla / 5.0 (X11; Linux i686) AppleWebKit / 535.1 (KHTML, like Gecko) Chrome / 14.0.835.186 Safari / 535.1
Unusual configuration for Kenya: a stable version of Google Chrome, released on September 20, on a computer running 32-bit Linux. Apart from this IP, such a combination is rarely found in the logs.
We looked at the owner of the address 41.203.221.138 through WHOIS:
% Information related to '41 .203.220.0 - 41.203.221.255 ' inetnum: 41.203.220.0 - 41.203.221.255 netname: Fixed_Wimax-Fiber-Rollout-Central-Kenya descr: Fixed Wimax and Fiber Roll Out for Kenya Region country: KE admin-c: OC406-AFRINIC tech-c: OC406-AFRINIC status: ASSIGNED PA mnt-by: ONECOM-MNT remarks: Wimax and Fiber Roll Out for Kenya Region source: AFRINIC # Filtered parent: 41.203.208.0 - 41.203.223.255
Kenyan provider. And what did they want from us? We continued the analysis.
Of the 65,851 queries, 33,261 were to the pages with the profiles of organizations, that is, they looked at the contact details of the organizations.
Further details:
- There are no signs of automatic download - it was clearly a team of living people.
- After November 3, requests went through a WIMAX connection in Nairobi. Before that, the addresses vary.
- Requests to organizations' profiles came from search results for them, where 100 records per page are issued.
- At the most loaded time, about 2500 pages per day were viewed.
- This configuration of the system and the browser appeared, with different IP, on September 4, October 12, the massive loading of pages began and suddenly stopped on October 29, then continued on November 3 from an address belonging to Safaricom Wimax.
- Requests were made 8 am to 6 pm on weekdays, several hours on Saturdays and never on Sundays.
- No other user showed such a pattern of activity on such a scale (2500 requests per day).
So, a person or (judging by the number of requests) a group of people made systematic sampling from our database during working hours, and it seems that in early November they moved to a new office. But who was it, and what did they want?
Trap
We decided to find out, and made a couple of changes to the site code:
- For visitors from the address 41.203.221.138 in 10% of cases a slightly modified page was issued.
- Instead of the real phone number of the organization, the number of our call center was indicated on it, where all calls were recorded. We instructed employees to act as owners of organizations.
December 21, we included this code.
Listening to the call records, we were extremely shocked.
results
Get to know Douglas. On this record (in the first two minutes), you can clearly hear that Douglas is represented by an employee of Google Kenya, confirms and later confirms that GKBO is cooperating with Mocality, and that we help them with this project, then tries to offer the website owner to the organization (and sell Domain name). For 11 minutes of conversation, he constantly claims that Mocality works with or on (!) Google.
Between 10 and 13 hours on December 21, we received six more calls like this (from 5 different Google Kenya employees), then returned the normal code. According to our estimates, these employees called 20-25 organizations from the Mocality list per hour (7 calls in 3 hours, 10% were redirected: 7 * 10/3 = 23.3 calls per hour).
All conversations took place according to the same scenario: a Google Kenya employee calls the organization and tries to lure them into a competing project, claiming that we work together with them.
Next - worse: Look at the full transcript (with translation of Swahili phrases) of another call , where the caller goes even further, accusing Mocality of practicing the “bait” that we are trying to shake up to 20,000 Ksh ($ 200) from organizations for the right to be on lists. Mocality has never claimed, and will not, pay to add to the list . Ironically: in the same call, the caller deals with this, hinting at the payment for hosting in GKBO.
I removed unnecessary details (except for the names) for both sides, and highlighted the key places in yellow.
What happened next?
Having collected evidence and waiting for decryption and translation (since some phrases were in the local African dialect) of records, feeling the satisfaction of the detective work, we went on the Christmas holidays. I started writing this note.
Having the most up-to-date data, on January 9 we re-analyzed the logs.
Inquiries from the IP address 41.203.221.138 have not been received since 4 pm on December 23. Coincidence? Or someone guessed what we noticed?
However, NEW calls were received from the owners of the organizations: it seems that they were contacted by a call center in India, with the same promises of the website.
We restarted the analysis, and quickly found a new combination of IP / User-Agent.
Results (2)
We found a different IP address and User-Agent that looked through the data of those two organizations:
IP Address: 74.125.63.33 User-Agent: Mozilla / 5.0 (X11; Linux x86_64) AppleWebKit / 535.7 (KHTML, like Gecko) Chrome / 16.0.912.63 Safari / 535.7
WHOIS data:
NetRange: 74.125.0.0 - 74.125.255.255 CIDR: 74.125.0.0/16 OriginAS: NetName: GOOGLE NetHandle: NET-74-125-0-0-1 Parent: NET-74-0-0-0-0 NetType: Direct Allocation RegDate: 2007-03-13 Updated: 2007-05-22 Ref: http://whois.arin.net/rest/net/NET-74-125-0-0-1 OrgName: Google Inc. OrgId: GOGL Address: 1600 Amphitheater Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2000-03-30 Updated: 2011-09-24 Ref: http://whois.arin.net/rest/org/GOGL OrgAbuseHandle: ZG39-ARIN OrgAbuseName: Google Inc OrgAbusePhone: + 1-650-253-0000 OrgAbuseEmail: arin-contact@google.com OrgAbuseRef: http://whois.arin.net/rest/poc/ZG39-ARIN OrgTechHandle: ZG39-ARIN OrgTechName: Google Inc OrgTechPhone: + 1-650-253-0000 OrgTechEmail: arin-contact@google.com OrgTechRef: http://whois.arin.net/rest/poc/ZG39-ARIN
New visitors came directly from the Google network.
From the address 74.125.63.33, 17,645 requests were received (15,554 - to the profile pages). The frequency increased significantly on December 22, when there were 8 different User-Agents, mostly Chrome for Linux. Three popular:
- Mozilla / 5.0 (X11; Linux x86_64) AppleWebKit / 535.7 (KHTML, like Gecko) Chrome / 16.0.912.63 Safari / 535.7 11249 64.268982
- Mozilla / 5.0 (Ubuntu; X11; Linux x86_64; rv: 9.0.1) Gecko / 20100101 Firefox / 9.0.1 4247 24.264412
- Mozilla / 5.0 (X11; Linux x86_64) AppleWebKit / 535.2 (KHTML, like Gecko) Ubuntu / 10.04 Chromium / 15.0.874.106 Chrome / 15.0.874.106 Safari / 535.2 1000 5.713306
We are looking for “tag = mo.request 74.125.63.33” from December 20, 2011 to January 9, 2012. Found 17,049 requests:
On January 10, we turned on the trap again. And within a few hours our fake numbers were called from the new call center.
Meet Dipty, from Google India. On this post, she talks about her connections to Mocality and offers us a free website.
Looks like Google is outsourcing Getting Kenyan Businesses Online to India!
Conclusion
Since October, the Google GKBO project systematically wool the Mocality database and tried to sell its competing product to our customers. They told a lie about our relationship with them, about our business practices, in order to poach customers. On January 11, they called about 30% of organizations from our base.
Moreover, they transferred this work from Kenya to India.
When we first started the investigation, I thought to find a freaked-out call center employee and tell Google that they were violating our terms of use (in particular, clauses 9.12 and 9.17), someone would get over the ears, and everything would be fine.
I did not expect to find a command, systematic, fraudulent (with statements of cooperation with us, and even worse) an attempt to destroy our company, organized from call centers from two continents.
Google is a key part of our strategy. Mocality will be more successful if our customers can be found through Google. We even track how well our organizations are represented on Google, and have always considered this a symbiotic relationship. We’re busy creating local, Kenyan content and Google will be able to sell ads using keywords. More than half of our indirect traffic comes from Google. For us, the cost of transition is not zero.
Moreover, we spent a very significant amount to advertise on Google Kenya. I would not be surprised if we are among their largest local customers, together with the partner site Dealfish.co.ke .
Kenya has a fairly well-educated, but poor, and high unemployment rate. Mocality organized a crowdsourcing program to give people a chance to help themselves by helping us. Through systematically combing our database, and then outsourcing this combing to another continent, Google harms not only us - it harms every Kenyan who participated in our program.
I moved to Africa from the UK 30 months ago to work as CEO of Mocality. When I moved, Kenya’s reputation as a corrupt country frightened me a little. But I was positively surprised: so far I have not dealt with organizations that would somehow try to deceive us. It is important for global companies to adapt to local conditions, but ethics is invariant. As an admirer of Google's hard ethical principles, discovering that they do not apply in Kenya ... sadly.
Some people will have to answer some questions in some places.
Here are my three most important:
- If Google needs our data, why didn't they ask? In conversations with various employees of Google Kenya / Africa, I raised the topic of closer cooperation in Kenya. Putting Kenyan organizations online is exactly what we do.
- Who allowed it? While we did not open the perspective “India on the orders of the Mountain View”, I would believe that this is an initiative of the local team, which for some reason forgot about the corporate slogan , but not now.
- Who knew, and who SHOULD know about it?
Stefan magdalinski
Nairobi, Kenya
Update: Google apologized
Google apologized to Mocality, both via the network and directly: I personally received a few calls from Joe Mucheru, the head of their Central African unit.
I appreciated the speed and honesty with which Google and Joe responded to the incident, but there are a few trifles I want to pay attention to:
- My three questions above are important for understanding what happened, and I look forward to the results of Google’s internal investigation.
- The most important thing is not the use of our database, but the behavior of Google representatives during negotiations.
- The main criterion will be the actions that Google will take to resolve the situation, the openness with which they explain what went wrong, and the steps that they will take so that this will never happen again in another country with another startup.
- Looks like the calls were made by a third party. I can make sense of calls from Kenya, but Indian calls came from within the Google network. I know (from friends from Google) how seriously this network is protected. How did a third party manage to access it?
- And if they ask us - no, we have not yet appealed to the court (for now).
Yesterday, in one of the unofficial blogs of the project, OpenStreetMap posted a similar note, but already with Google's accusations of vandalism, the intentional corruption of geodata around the world. Translation on the scum . Employees of the company reported that an investigation is underway.
Source: https://habr.com/ru/post/136425/
All Articles