Sunday, May 16, 2021

Things happened to me this time

I did not break this blog again, nor did I do anything wrong or improper. Nevertheless, I had problems with this blog yesterday that took me hours to work around and forced other changes. This time, at least, none of that was my fault.

Last night I posted an “Important Announcement”, the purpose of which was just to warn readers that there was a change to the commenting system, specifically, that I’d turned on comment moderation “due to a problem with Blogger.” And then the story gets very weird.

I went to my computer yesterday afternoon to finish the blog post I published last night, and I intended to return in the evening and finish another post. Things didn’t work out that way.

I checked my emails first, and saw that I received eight from Google’s Blogger unit (the division that hosts this blog, among thousands of others). Each email told me that Blogger had deleted a particular blog post because “Your content has violated our malware and viruses policy.”:

And how on earth did I do that? I didn’t—it’s all Google’s fault.

The specific policy they were referring to, buried deep within the overall “guidelines” was no clearer on why they’d killed eight of my posts:
Malware and similar malicious content: Do not transmit malware or any content that harms or interferes with the operation of the networks, servers, end user devices or other infrastructure. This includes the direct hosting, embedding or transmission of malware, viruses, destructive code or other harmful or unwanted software or similar content. This also includes content that transmits viruses, causes pop-ups, attempts to install software without the user’s consent or otherwise impacts users with malicious code. See our Safe Browsing policies for more information.
Yeah? And… what does that mean?

First, it’s important to know that I had absolutely no way of knowing what their issue with the posts was because they were deleted. Was there some sort of weird code that was inserted into my post? Did a scammer/spammer/cyberjerk manage to post a comment with “malware and similar content”? I had absolutely no way of knowing, but the one thing I knew for certain that whatever the problem, it was entirely Google/Blogger’s fault.

The whole point of using a hosted blog service like Blogger or Wordpress isn’t just because they’re free, it’s that the service takes care of all the nuts and bolts of running the site—including security. Not only is security not the problem of users by design, there also no direct way for a user to take control of it even if we wanted to.

One would logically assume that Google/Blogger has robust systems in place to prevent hackers and hacker bots from gaining access to the code for Blogger generally or specific posts published to it. If someone manages to hack a password they could do that—and data breaches are common enough, but Google hasn’t notified me of any data breaches so it was reasonable to assume my own blog’s HTML code was safe. That, then, left me to assume that whatever “malware and similar content” they were reacting to must’ve been in a comment. Spam comments ordinarily get caught in a queue to be reviewed manually, and the sort of comments that might contain “malware and similar content” would, one would hope, trigger the algorithms that send comments to that digital purgatory. Maybe not? Why did it catch some spam comments and real, legitimate comments, but let those with the “malware and similar content” through?

With nothing to go on, and with an abundance of over-caution, I switched on comment moderation, which means that I have to approve all comments before they’re posted. I was reluctant to do that because I remembered how much work that used to be, but I also realised that there actually hasn’t been nearly as much traffic in legitimate comments for several years now.

Yesterday afternoon, instead of working on the post I’d planned to publish, I instead worked on re-publishing the deleted posts using the back-up copies I keep on hand. My normal procedure is to write my posts on my Mac, adding some basic HTML code, then I copy the text and paste it to the HTML View of the “New Post” function in Blogger. Then, using Compose View (the visual post editor), I finalise the formatting (adding links, photos/images, etc). When I’m all done, I go back to HTML View and copy the text and then paste that in my document file. This gives me is a fully-formatted back-up copy of the post, one with all the styles, links, and images properly coded. And I do all that precisely so I can restore a post that gets munted in any way.

All of that means that all I had to do was to go to my back-ups and copy the text and paste it in a New Post. Blogger allows users to set the publish date, even one in that past, so I did my best to work out when the deleted post was originally published, both date and time. Then I hit publish and moved on to the next one. There was only one post where I’d forgotten to copy the fully-formatted final version, and that one took more time to do, of course.

While the process of publishing copies of the original posts was relatively straightforward for me, it wasn’t quick: It took me some three hours to re-publish those 8 posts, in part because I knew I’d linked to some of the eight in later posts, so I had to update those later posts with the new URL—and I also had to update their back-up copies.

I stopped there and went to my cousin-in-law’s for dinner, which was a very welcome break. When I got back home, I fed the dogs and went back to the post I was going to work on that afternoon. I published it, decided I was too tired to do any more, and just kind of surfed around for awhile.

Just before I went to bed, I checked my emails again: There were another eight emails from Google/Blogger. Each one said:
We have re-evaluated the post titled [post name] against community guidelines… Upon review, the post has been reinstated.
The last email arrived at about 11:50pm last night, and my honest first reaction was ”WTF?!”, but with the words, not the initials. By then I’d republished all the posts using my back-up copies, turned on comment-moderation, and even downloaded a back-up of my entire blog in case they really did boot me out over this as their earlier emails threatened could happen. I puzzled for a few minutes on what to do, and in the end I posted the “Important Announcement”, revising it several times along the way (mostly cutting a lot of stuff).

As of the time I’m writing this (shortly before it’s published), those eight posts have NOT actually been “reinstated” (I’d know because I’d have two copies of the same posts, since the restored versions have different URLs from the originals). Is this a case of Google/Blogger sinning in haste and repenting at leisure? I guess time really will tell, though, understandably, I’m a bit doubtful that those posts will, in fact, be “reinstated”.

When all this started, the first thing I thought of was that I should just quit blogging altogether because if the “guilt upon accusation” model used by most of Big Tech would make me a victim because of their own security shortcomings, then what was the point of using a hosted service? Hosting my blog myself would cost money and I’d have to do most of my own security work, so that isn’t an attractive option. Moving the blog to Wordpress is an option, but even that seems like more trouble than its worth.

I have absolutely no idea what more, if anything, I’m going to do about all this, but I’ll try to remember to make a new complete back-up every night just in case I do get kicked out because of their own sins. Oddly enough, I don’t particularly want to lose nearly 15 years worth of blogging, nor would I be willing to re-create the blog like I did with those eight posts yesterday.

I guess it’s still the same as it was in the last words of my first blog post: “Let’s see where this leads.” As good an idea as any.

1 comment:

Roger Owen Green said...

Well, I know my blog will continue to exist through my last birthday on the Wayback Machine, so there's that...