Feeds

Google Oompa Loompas cloaking user agents?

Goobuntu rumor resurfaces

The smart choice: opportunity from uncertainty

Over 10 per cent of Google's internal machines are hiding their software makeup from the outside world, according to data collected by Net Applications, a web analytics outfit that captures user traffic on more than 40,000 sites across the net.

When visiting webpages, the firm says, 11 to 13 per cent of internal Google machines display browser user agents that are completely empty. And judging from the behavior of these machines, Net Applications is confident they're operated by real people. "We are quite certain it’s not the Google search spider," Net Applications' Vince Vizzaccaro tells The Reg.

Net Applications would not provide additional information, and when we contacted Google, the company declined to comment - multiple times.

Late last week, Net Applications told InternetNews - and The Reg - that these Google machines were leaving user agents where only the operating system was stripped out. Vizzacarro has now told The Reg that this characterization was not true, that the user agents in question are stripped of everything. But his initial claim led InternetNews to speculate that Google was testing some sort of new-fangled operating system behind its firewall - and the rumor was off and running.

A browser user agent not only identifies the browser a machine is using, but also its operating system.

It's well known that Google uses its own version of Ubuntu Linux - dubbed Goobuntu. And at one point, according to a former employee, engineers also used a customized version of RedHat known as GRHat. But this employee - who did not work with the core engineering team - was unaware of Google using a proxy server or any other means of blanking out user agents.

In the past, Google and Ubuntu boss Mark Shuttleworth have denied that Mountain View has any interest in distributing Goobuntu outside the company.

But as Google beefs up its online office apps and builds out massive data centers across the planet, the world has long assumed that the search giant would one day build its own "cloud OS" - an operating system that depends heavily on web-based services.

And that may be the case. But blank user agents are no proof of it. If Google were attempting to hide an internal operating system, it could just as easily change the OS identifier in its user agents to something run-of-the-mill rather than blank the agents out entirely.

Johann Burkard, a programmer and webmaster who closely tracks browser user agents, says that empty agents account for less than one per cent of the traffic he sees. But he tells us he has not seen the Google traffic Net Applications speaks of, and he doesn't see why Google would do such a thing.

Burkard blocks traffic with empty user agent headers and many other webmasters do the same. And he agrees that if Google were testing a top secret OS, disguising it as Windows or an ordinary Linux would make the most sense.

So why is Net Applications seeing what it's seeing? ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.