My interpretation, based on a comment on orange Reddit, is that they read this slide and interpreted it the wrong way around.
The claim was that Google was taking a query for “kids clothing” and turning it into “$brandName kids clothing” to get more ad revenue from $brandName, but the slide shows the exact opposite: “$brandName kids clothing” is turned into “kids clothing”. I can’t find much about ads, I’m not sure if the ads were ever affected by this keyword transformation, but if they are then the ads you see will be more generic (and worth less, and less profitable).
The claim was that Google was taking a query for “kids clothing” and turning it into " kids clothing" to get more ad revenue from , but the slide shows the exact opposite: " kids clothing" is turned into “kids clothing”.
I assume it has to do with code filtering out attempts to inject HTML / scripts into comments. Lemmy had a bunch of bugs that allowed hackers to inject Javascript so they turned on quite an aggressive filter.
They fucked it up completely in a way that raises questions of competence.
HTML has ways to display angle brackets specifically intended to never be interpreted as tags. “Entity names” will never be code. There’s not even a sensible way to do it deliberately, like %20 nonsense.
Allowing tainted data in to the dataset means every single client has to do every single spot of content rendering correctly or else be vulnerable to easy hacking. Keeping it out of the dataset means not all clients have to be perfect for Lemmy to be a secure place.
I’m a fan of the swiss cheese model of safety. While blindly blocking arbitrary characters is a bit silly, not filtering/encoding the data even on the output from web services can end up in disaster.
It’s an open API that serves publicly-sourced data. I’d not want to serve up anything more than markup content even if every single API call had perfect handling. At least not without a lot more sophisticated filtering in front of it. Even certain totally valid arrangements of HTML can be vulnerable as all hell.
Even certain markup systems have problems, but I doubt this one has huge vulnerabilities to exploit. Certain wiki systems in the past had to be completely retired over such things.
The slide shows neither. It shows that they use synonyms to get more results. They take a search for “kids clothing” and add results for “children’s clothing” and “kidswear”
My interpretation was this + in terms of the actual “sponsored” results work by matching “kids clothing” with advertisers who match for that term, and Google “changing” it into “$brand_name kids clothing” which seems entirely obvious when spelling it out.
I haven’t used Google as my primary search engine for many years but occasionally I do run a search on it. While the quality of results is extremely low, I never noticed anything obvious like a generic search term only returning results for a specific brand + that search term like the original article implied.
It seemed like a giant misunderstanding of how it all works from the start but made for a great headline.
My interpretation, based on a comment on orange Reddit, is that they read this slide and interpreted it the wrong way around.
The claim was that Google was taking a query for “kids clothing” and turning it into “$brandName kids clothing” to get more ad revenue from $brandName, but the slide shows the exact opposite: “$brandName kids clothing” is turned into “kids clothing”. I can’t find much about ads, I’m not sure if the ads were ever affected by this keyword transformation, but if they are then the ads you see will be more generic (and worth less, and less profitable).
Am I having a stroke?
Lemmy removed part of my content, apparently putting stuff between < and > breaks it? I’ll edit my comment.
weird
> is for block quotes
I don’t about that other one though
I assume it has to do with code filtering out attempts to inject HTML / scripts into comments. Lemmy had a bunch of bugs that allowed hackers to inject Javascript so they turned on quite an aggressive filter.
They fucked it up completely in a way that raises questions of competence.
HTML has ways to display angle brackets specifically intended to never be interpreted as tags. “Entity names” will never be code. There’s not even a sensible way to do it deliberately, like %20 nonsense.
hm, thanks for the information
Could have done it with proper encoding, don’t need to remove it lol o.O
Allowing tainted data in to the dataset means every single client has to do every single spot of content rendering correctly or else be vulnerable to easy hacking. Keeping it out of the dataset means not all clients have to be perfect for Lemmy to be a secure place.
The point of encoding, the process of representing data in a different way, is to have the data set not be tainted. :)
Here, for example: https://www.w3schools.com/html/html_entities.asp
I’m a fan of the swiss cheese model of safety. While blindly blocking arbitrary characters is a bit silly, not filtering/encoding the data even on the output from web services can end up in disaster.
It’s an open API that serves publicly-sourced data. I’d not want to serve up anything more than markup content even if every single API call had perfect handling. At least not without a lot more sophisticated filtering in front of it. Even certain totally valid arrangements of HTML can be vulnerable as all hell.
Even certain markup systems have problems, but I doubt this one has huge vulnerabilities to exploit. Certain wiki systems in the past had to be completely retired over such things.
we’re having a stroke together
Am all in on this stroke as well.
The slide shows neither. It shows that they use synonyms to get more results. They take a search for “kids clothing” and add results for “children’s clothing” and “kidswear”
I hope they also add results for “kids swear”.
My interpretation was this + in terms of the actual “sponsored” results work by matching “kids clothing” with advertisers who match for that term, and Google “changing” it into “$brand_name kids clothing” which seems entirely obvious when spelling it out.
I haven’t used Google as my primary search engine for many years but occasionally I do run a search on it. While the quality of results is extremely low, I never noticed anything obvious like a generic search term only returning results for a specific brand + that search term like the original article implied.
It seemed like a giant misunderstanding of how it all works from the start but made for a great headline.