Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Shortly after thie article was published, Google silently prevented my domain from using the API: > The client origin is not permitted to use this API. > Welp.

So some buttons stoped working, and now you have to believe that everything was as the blog said. Well, it was.

And a "mitigation" from google being just avoiding the access to the API just makes things more interesting.



I know I'm just one person - but I can confirm the content of the blog was accurate and the described attacks did work at the time I read it.


This is what you would see if it still worked:

https://twitter.com/LiveOverflow/status/994560352149999616


Quite a sketchy move from Google... Hope OP will eventually get a big bounty paid out.


> Google

Big companies trying to strangle hold the small ones -- nothing new, time to move on. Its pathetic.


API ban was probably automatic due to HN effect.


Actually Google temporarily shuts down the service as I've tried changing API keys/domains but received the same error


A lot of Google employees are reading HN and actively posting so no surprise. Did they at least contacted you to properly open a ticket now that they implicitely recognized the vulnerability? Otherwise very very dickish move as it solve nothing and you basically worked for free...


Nothing


And now if anybody from HN team is listnening. Can you explain why this thread is fastly slipping from the front page?

Currently it’s being devanced by articles that are olders, with less upvote and fewer comments. Can you guarantee that nobody is able manipulate ranking? It’s only a hunch, but it’s not the first time that I notice that google related "bad buzz" move away from main page slightly faster than other...

PS: I’ll gladly accept downvotes. But answers on why I’m wrong or paranoid would have been better


There appear to be quite a few flags on the article pushing it down. The ratio of upvotes to age compared to the rest of the front page is a strong indicator of this.

Also: lots of HN'ers work at google. It would be a nice rule if people were told to abstain from using their flagging privileges when the company they work at is the subject of a thread.


Thanks a lot for investigating. Otherwise I could’nt have excluded that it was only me being paranoid about that.


It looks like the situation has mostly corrected itself by now.


Power corrupts. Absolute power corrupts absolutely. Absolute power hates when it is challenged in any shape or form


It's probably because a lot of Google folks are on here - protecting their brand. Unfortunately that part isn't transparent, but its hopefully a minor issue.


HN has moderation, so some stories can be pushed back into the /New stack by staff, they can fall again if aren't liked by the community


Although I don't think this is some sort of conspiracy, HN front-page is curated content, ranking is not only based on votes.


Flags are a factor, and function as downvotes on articles but are much heavier weighted than upvotes.


Ho do I hack into google I'm a kid and I want to make it say giberish instead of Google


does anyone know?


That doesn't sound plausible; what sort of service would YOLO be if a popular website using it resulted in an API ban?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: