Does anyone know what it takes to mitigate DDoS, at this kind of scale?
Cynicism is warranted when it comes to Google. The fact that they gave NSA direct access to their systems; the fact that their Street View cars collected personal information through wi-fi networks, etc. means that "Don't be evil" is just a facade.
It's the equivelant of the the Streetview car capturing 'public property', if you want 'privacy', put up a big fence and don't broadcast your SSID.
As for the NSA issue, I'm not going to defend google too much there, but you've seen what happens to providers who didn't comply... I would put that down to more a 'The US govt is pretty hostile to privacy' more than "Google is evil".
On the scale of 'evil shit' happening in the world. Google collecting my Wifi network name ranks about similarly to 'J-Walking'...
As opposed to the multiple vehement denials of that "fact" from Google's executive officers (see David Drummond's interview in The Guardian, for example)
Can you think of one thing Google could do for you to think that they are not evil?
The simplest way to mitigate a DDOS is to just have way more resources than your attacker. If you're getting hit with 10Gbps, and your site can handle 100Gbps, you're not going to go down. Google obviously has plenty of capacity.
On top of that there are filtering technologies that can block obviously fake traffic or well-known signatures like the LOIC.
The most sophisticated attacks occur at the application level. A Google service would not be able to help configure your install of Wordpress to resist this. But they could probably serve a static cache of your site. Interactive features like login or search would not work though.
Cloudflare does all of these things and more.
The way I read this, Google would not charge for this service. They would select "worthwhile" sites to protect out of the goodness of their heart.
The cynical take is that it is a PR project to help repair their "defenders of the Internet" brand. They built it up with SOPA, but it's been damaged by PRISM.
>A protection racket is an operation where criminals provide protection to persons and properties, settle disputes and enforce contracts in markets where the police and judicial system cannot be relied upon.
Of course, Google isn't threatening anyone with DDoS, (even assuming that they somehow make money of you).
Otherwise though, it's somewhat of an interesting analogy. This is a form of protection (of online property). And you can't really rely on the police to protect you from DDoS. I suppose it would be more reasonable to just compare it to a security firm though.
That's why the analogy is not interesting; the use of "mafia" is silly because it implies there's some criminal element to Google's intensions. For example, here's the opening line of that Wikipedia page:
> A protection racket is a scheme whereby a criminal group provides protection to businesses through violence outside the sanction of the law.
The only word this has in common with what Google is doing is "protection". The analogy captures nothing useful that "hiring a security guard" doesn't. But it also captures a whole universe of other implications that are entirely unwarranted and laughably unfair. It's a terrible analogy.
"You're just like a mafia don in that you also drive a car."
I should disclaim that I don't think the offering is above suspicion and criticism, just that the comparison to a protection racket is absurd.
What? These websites are unlikely to be hosting their ads ("election sites" is one of the examples ffs). It's free while they're beta testing it with humanitarian/similar websites, it may be a driver for people to pay for the Page Speed service in the future when they roll it out to more people although they say they'd like to keep it free for non-profits.
All of which you'd know if you'd read the site rather than making ludicrous comparisons to the mafia.
Google may have great lawyers and a lot of money, but what if they tell them "hey, you know that tax-free money you're sending to the Bermuda [2]? Yeah, FTC will be knocking on your door tomorrow to ask you about that".
So I guess what I want to know is if Google will actually stand their ground and protect their users till the end by doing the right thing, or they'll "compromise" if the potential cost to their business is too great. Maybe in the past it was easy to believe Google would actually do the right thing, but it's becoming increasingly harder to believe that.
[1] http://www.theguardian.com/media/2010/dec/01/wikileaks-websi...
http://www.google.com/transparencyreport/userdatarequests
If you think any U.S.-based company is able to do better, I'd love to hear how.
>I’m not sure I can say this more clearly: we’re not in cahoots with the NSA and there’s is no government program that Google participates in that allows the kind of access that the media originally reported. Note that I say "originally" because you'll see that many of those original sources corrected their articles after it became clear that the PRISM slides were not accurate. Now, what does happen is that we get specific requests from the government for user data. We review each of those requests and push back when the request is overly broad or doesn't follow the correct process. There is no free-for-all, no direct access, no indirect access, no back door, no drop box.
We’re not in the business of lying and we’re absolutely telling the truth about all of this. Our business depends on the trust of our users. And I’m an executive officer of a large publicly traded company, so lying to the public wouldn’t be the greatest career move.
http://www.theguardian.com/technology/blog/2013/jun/19/googl... http://googleblog.blogspot.com/2013/06/what.html
Microsoft really should have patented the `Embrace, Extend, Extinguish' business method back in the day ;-)
- Chromebook mobile site: http://us.chromebook.withgoogle.com
- Developer Bus: http://developerbus.withgoogle.com
- Full Value of Mobile: http://www.fvm.withgoogle.com
- Google Analytics Academy: https://analyticsacademy.withgoogle.com
- Google Expert: http://expertbrasil.withgoogle.com
- Google Wallet Instant Request Form: http://getinstantbuy.withgoogle.com
- Mapping: https://mapping.withgoogle.com
- Online Marketing 101: https://onlinemkt101.withgoogle.com/preview
- Royal Baby Congrats Card: https://royalbabycard.withgoogle.com
- Tour Builder: https://tourbuilder.withgoogle.com
- Web Accessibility: https://webaccessibility.withgoogle.com
- YouTube Creator Academy: https://creatoracademy.withgoogle.com
- Your Tour (Tour de France): http://yourtour.withgoogle.com
Non-English:
- http://vpered.withgoogle.com
- http://docchinogame.withgoogle.com/pc/
- http://minchizu.withgoogle.com
As wonderful as Project Shield sounds, there is a fundamental risk of it being undemocratic.
Content that will certainly not be protected: - Content that violates the Digital Millennium Copyright Act
- Illegal pornography, snuff videos ...
- sedition,incitement
- confidential NSA stuff (you know, because it helps terrorist )
http://techcrunch.com/2012/03/29/google-now-using-recaptcha-...
But the interesting tidbit coming out of this project's going to be the internal packet/traffic scrubbing system they've developed. Will it be commercialized or will it spawn a new startup. So many positive outcomes however it ends up.
How peculiar. The tech is DDoS mitigation, but the PR focus is on "free expression online", Syrian gas attacks, and evil Iran.
Wonderfully executed. The internet crowd is cheering the "free speech", the government approves of the Middle East angle.
Meanwhile, PRISM keeps working and very few care about it.
