Google Maps and spam. These two have been moving together ever since one of Google’s most prominent products started gaining unrivaled popularity in the area of searching for immediate, real world information online. A few weeks ago, in an attempt to bring awareness to the problem, I conducted an empirical experiment and proved that there was at least one way to relatively easily create and verify a fake business entry of any kind and with any name on Google Maps.

 

Later on, Bryan Seely, a Google Maps enthusiast, who was indirectly involved in the article (through his “work”) went on a sort of rampage against Google, discussing, and proving, a number of exploits in front of national media. One of those caught the attention of the Secret Service. As it has been proven in the past, the alarm should start ringing really loudly for Google to pay attention. Thus, as a result of this sequence of events, Google started quietly making a number of changes to their internal systems and processes related to Maps.

 

I asked Dan Austin, one of the most vocal critics of Google Maps, and one of the most experienced anti-spam volunteers on Google Map Maker, to share his observations on what has been changed in that area in the past few weeks.

 

Note from Nyagoslav: There are a number of specific abbreviations frequently used in the interview, so I feel it would be useful to have them listed here, together with their meanings:

 

MM = Map Maker

GLE = Google Listings Editor

GR = Google Reviewer

SAB = Service Area Business

FBI = (OK, I guess you should know this one!)

 

1. Have you noticed any significant movement in Google Maps’ “backyard” after the wave of negative exposures in the media?


Google has apparently frozen edits in Map Maker (MM) to many listings that have a tendency to be spammy. Although they haven't officially announced anything on the forums, there have been many reports from mappers that their edits to locksmiths, bail bonds, and other spammy categorized POIs (points of interest) have been auto-denied, that is, if you make an edit, the edit itself is immediately rejected by the moderation algorithms. Since nothing has been announced, it's difficult to make the determination if this is related to a system-wide effort to curb spam or just yet one more MM moderation bug. For the last six months or so, MM has been plagued with moderation problems, in part because Places was using Google Listing Editors (GLEs) to moderate edits within MM to claimed listings, and in part because Google was attempting to have more edits auto-published without the intervention of Google Reviewers (Grs). Unfortunately, both efforts led to a lot of chaos, since spammers with brand new Google accounts were able to get their edits auto-published (without any manual review), and the GLEs prevented the newly claimed spammy listings from being deleted in MM. This led to thousands of spammy listings being published on Maps, and despite efforts by many mappers to bring this to Google's attention, Google ignored the reports for many months until Bryan Seely published his spam exploits on Valleywag and Mike Blumenthal's blog, after he intentionally hijacked the Secret Service and FBI offices to demonstrate how the exploit worked, and how easy it was to bypass whatever limited verification controls Google has had in place. Although Google initially tried to suppress both the media reports as well as Bryan's efforts to get attention for this problem, that obviously didn't work, and Google was forced to quickly act and temporarily end phone PIN verification on Places which, while helpful, is only one of several loopholes that spammers have exploited in the past to get their listing on Google Places. It was a perfect confluence of events that allowed spammers to easily publish their spam on MM, and then immediately claim it via phone verification on Places. In many cases, they hid the address in the Dashboard, making it even more difficult to remove, since SABs (service area businesses) are now hidden from Map Maker, which is another Places blunder. Not surprisingly, many of the bad decisions that have degraded the quality of Maps have come from Google's desire to automate processes that are very difficult to automate, such as reviewing the quality of listings, as well as specific Geo teams like Places desire to exercise more control over their claimed listings, despite employing a poorly trained and equipped workforce that had no idea what they were doing. It's really astonishing that a company like Google, who pride themselves on constant iteration and employing remarkably intelligent people, can consistently fail for years on end because they're incapable of focusing on significant problems that degrade the quality of their flagship products like Google Maps, like spam.

 

2. How have the internal moderation processes for Google Maps (Map Maker, Places for Business) changed after the negative media coverage?


It appears that all the GLEs (Google Listing Editors) from Places were removed (perhaps temporarily) from moderation in MM, and that some of the moderation algorithms that led to the auto-publishing of spam have been scaled back, with MM Google Reviewers taking the lead role in moderating edits. Again, it's difficult to tell, as Google doesn't like to announce these changes, even though they have a significant impact on the end user. I think there's a certain degree of embarrassment that comes from making mistakes at Google, and, of course, there's a disdain that Google engineers hold for the end users of their products, even if, as in the case of MM, the end users—mappers—end up contributing a significant amount of good data to Google's product (substantially improving their bottom line), and are motivated to produce high quality contributions to Maps in the belief that they can help make it better.  Often, this motivation is stronger than the paid contractors and employees who contribute to Maps, in that the mappers actually care about the quality of Maps, and have little tolerance for the many errors in the base layer data that Maps tends to ignore.

On the Places side, there's been many reports in the Places for Business forums phone verification had temporarily ended. As of April 1, Google, reinstated phone verification, preventing spammers from using that option to verify their listings if they have a VOIP forwarding number.  Of course, spammers have merely switched to using mail fraud as a means of verifying their listings, and spam listings continue to grow (it's actually increased considerably after phone verification was taken offline). The "newest" ploy, which has been in development for several years now, is to use real estate listings on sites like Trulia, and have the PIN card sent to homes for sale or rent, and then go to the post office and have the PIN cards diverted in transit, through a change of address card to a central location, which the Post Office is more than happy to oblige. There's nothing on Google's PIN cards to indicate that it should only go to the address in question. Mail fraud, incidentally, is a federal crime punishable with up to 20 years in prison. Since the spammers are inputting the PIN code into Google's system, they're also engaging in wire fraud, another federal crime. This doesn't get Google off the hook, either, since they're facilitating this system, knowingly or not, and have made almost no effort to verify whether a business is legitimate or not, even though it takes all of 30 seconds or less to do so, using existing public government and trade group databases on the web. A legitimate locksmith 'following the rules' has the almost impossible task of getting on Maps, and has to wait months, whereas spammers, even as we speak, are creating hundreds of new listings that they're uploading to Maps. Even though it still takes days to get the initial PIN card, they can easily afford to do mass mailings, and since Report a problem is essentially ineffective, and focused only on whatever Google wants to focus it on, with the exception of a very specific pathway in MM, there's almost no way to presently takedown any spam, much to the frustration of everyone. I understand that Google is disdainful of whack-a-mole, but the problem is that Google's Local Data Quality team, which is responsible for guiding the fight against spam, has taken little interest or effort in developing effective and immediate strategies to mitigate spam. With the exception of mappers on MM, no one at Google is actively removing spam listings, and they're almost entirely dependent on volunteer mole whackers to do the dirty work they don't want to do.

3. What steps do you think Google should take to fight spam more efficiently?


I've listed a series of problem areas that Google can focus on, not just with MM, but their entire approach to spam, based on the problems that have been caused by their present approach:

 

  • Verification of legitimate listings only takes 30 seconds or less. It takes 30 seconds for locksmiths because I'm cross-verifying using three different authoritative, public web databases, which is admittedly, overkill. If you include checking street view, quality guidelines, and common sense, you should only have to spend one minute to verify each spam POI.
  • Google employees, outside of MM reviewers, seem oblivious to spam. Obvious spam is obvious. Once everyone knows what it is, it's easy to identify and remove.
  • Maps Report a problem is the problem, not just spam. In my experience, Report a problem only works for high value POIs, like hotels or the Statue of Liberty, or anything that gets a lot of traffic or attention, such as Secret Service listings that have been hijacked. Everything else is ignored or discarded, and it obviously doesn't work with locksmith or other kinds of spam. I've filed literally thousands of reports via Report a problem over a three year period, and the results have been dismal, in the range of 5% effectiveness or less.
  • Hiding SABs from MM only hides one thing, spammers. The chief justification has been that it protects the privacy of the business owner. Business records are a matter of public record, which is how the business can be verified online. If a business wants to protect its privacy, don't have a Place page. The only reason left to hide it is to prevent people from going to that location, and MM is not really used for directions (unless you're trying to correct them). Making the SABs transparent on MM is the only way to keep shady business owners, SEO operators, and spammers honest.
  • MM is the most efficient tool for crowdsourcing the removal of spam, but it suffers from several outstanding bugs, including moderation/auto-denial and incomplete takedowns that don't cascade to the Place page.
  • Locking the Locksmith category has been wholly ineffective at preventing the spread of spam. It's only slowed the takedown of spam.
  • Report this on MM doesn't work for spam. The GRs should be empowered to remove spammy POIs at their discretion, immediately.
  • None of the spam algorithms work.  Whoever is building those algorithms, unfortunately, doesn't know what they're doing, and the algorithms they're building take months to actually take effect, and are fairly useless even when they do take effect. 

The most obvious takeaway is to fix the problems that are causing the problems. Some are simple and easy, like returning SABs to MM, training Googlers in spam detection and mitigation, unlocking the Locksmith category, and responding to all the spam reports within a reasonable time frame (72 hours seems reasonable), whereas others will require more work because they're more technical in nature, such as rapidly creating adaptive spam algorithms that are focused on specific segments of spam. 

 

A thoughtful person could also conclude that many Googlers involved in the spam project should be either fired or reassigned, not only because they've been dragging their feet on spam for years, but also more importantly, they're incapable of thinking like a spammer, and don't have the aggressive, take-no-prisoners approach necessary to combat spam.  Unless you're a white shark, the spammers are just going to eat you. 

 

Considering that Google listened to the wisdom of the crowd and curbed some of the most obvious moderation problems by removing GLEs from MM, as well as pulling phone verification offline, it stands to reason that they'll eventually and reluctantly come around to some of the other suggestions for improvement, if for nothing else than what they're doing doesn't work, and the methods that have been developed within MM do. One of Google's best resources for spam removal is the wisdom of the crowd. I know of a few spam fighters on MM whose hobby is to do nothing but delete spam, and like people who spend hours playing WOW or Pokemon or Magic: The Gathering or EVE Online for fun, they'll spend hours cleaning up Google Maps for free, and they're really, really good at it. 

 

4. Do you see Google winning the war against spammers and scammers and if yes, when?


Yes, no, maybe. It all depends on their motivation. It can be won, if they're focused. But if they're not, or they let their attention flag, or employ shrimp instead of sharks, the spammers will destroy and humiliate them. Google has to be very responsive to spammers by adapting to whatever loopholes have been discovered and immediately closing them. Right now the Spam Dept. is out-of-sync with the cycles of the spammers. Spammers take about three months to escalate whatever exploit they find, so that it becomes widespread and has a meaningful impact, and the Local Data Quality team takes about six months to never in adapting their tactics to the new spam, which, by the time they've geared up, is too late for the 100,000's of new listings that have already been added (and will likely never be removed). The Local Data Quality team has to close that cycle to one month or less in order to stay on top of the spam, and they have to both monitor and be accountable for specific spam metrics in specific spam categories, instead of allowing themselves the luxury of depending on mappers on MM to keep the spam counts down to a tolerable level. You can't win a war if you're always fighting the last battle and the enemy has already moved on to the next village.

 

Google is a very myopic company. They have a difficult time understanding people, which is why Google+ and Glasses have been such spectacular flops. They don't understand the motivation of spammers, and they certainly don't understand the motivation of SMBs who are struggling to survive in an environment not of their own making. Google has created an environment on Maps and Search that is favorable to their bottom line, but it's not terribly favorable to businesses that can't afford to pay for large scale spam or SEO efforts. Google obviously doesn't care so long as the ad dollars roll in, and government stays out, but the recent scandal with Bryan Seely shows that they do care quite a bit when they get a phone call from the Secret Service asking why their Maps listings have been hijacked.

 

I think there's another reason that Google should care: they're facilitating a highly organized criminal enterprise. PIN card verification is mail and wire fraud; bait and switch PPC and click-to-call are wire and consumer fraud. This is a multibillion business, and that's just the illegal aspect of it. Google is profiting from it by taking their AdWords tax from the spammers, and since Google is the primary means of marketing for service businesses, spammers are doing everything they can to get at the top of the search results, and naturally, Google is positioning their own Maps products for Local searches at the top. They have not only a legal responsibility to ensure the integrity of their products, but an ethical one as well. You don't run a marketplace and somehow expect everyone to behave themselves and follow the rules that you laid down without enforcing those rules, because all it takes is one person cheating and then everyone has to cheat just to compete. Of course, since we're talking about locksmith scammers, there's no way a mom-and-pop locksmith can compete in SEO with the spammers, because the spammers can charge $200-$600 on one call, and easily recoup their costs on AdWords ($15 in 15 min.!), whereas SMBs that follow the law can't, and have to charge somewhere in the neighborhood of $70 of less.

 

Not to mention that Google is cheating themselves out of money.  Maps is about places you go to. AdWords is about advertising. Many clever businesses have figured that they can cheat the system and use Maps as an ersatz AdWords, extending their presence in markets that they don't actually have a presence in, through private mailboxes and virtual offices, or just outright fake locations. Google, instead of leveraging that, and forcing businesses to use AdWords as their primary means of 'advertising' themselves in the markets the SMBs they want to be in (instead of the market they're actually in), is instead allowing these SMBs to get a free ride on Maps, at Google's expense. The more competition for those AdWords slots, the more money that Google can earn, but the only way that can happen is if Google makes more of an effort to remove the spammy listings and direct businesses to AdWords. The ideal situation here is that Maps is an accurate model of the physical world, and AdWords is what you want to be, but given my experience working with MM, at this point, Maps is more of a highly fictional representation of the real world that has more in common with 15th century "Here be dragon" maps, if nothing else than the propensity of unsuspecting consumers' tendency to get 'burned' by false and misleading listings, and the largely speculative nature of the maps themselves. You just can't trust Google Maps, at this point, to produce either relevant or accurate results when much of it is just pure spam.