As a prologue, this post is about discovering the true depths that Google will go to, about learning how their current capabilities and the reach Google spam team have currently. Having Matt Cutts target me directly, we got an insight into just how far the Google spam team will go once you’re targeted. Later in the post I look at ways to protect our sites from an attack in the future and remain anonymous, these are things we will have to adapt to as Google becomes more aggressive.
Click here to discuss this post.
The importance of becoming anonymous to Google post 2013
I never like to speculate on something without it being at least a presumption, so I’m often finding myself holding back on saying something which I’ll later likely have to redefine. I remember not too many years ago how I said that Google will begin manually removing sites from their SERPs and was made a laughing stock for thinking such an “impossible” thought. Well here we are today, time and time again I keep being reminded that Google is prepared to take extreme steps to protect the kingdom from its people.
It wasn’t too long ago we saw the Grindstone and Rand Fishkin Dog Snuggie incident which caused some drama in the SEO world and was very bad press for Google.
I’m often talking with the Blackhat Underground Forum and Private Skype Group about the future of Google. We are of the churn and burn species, so we often see our sites penalized, just as we predict they will be. But we have to try and remain one step ahead of the game here and it occurred to us that over the past few months of tracking many niches across the net that the depth at which Google is manually altering search results has hit an all time high. I may even begin to think that Google is no longer just an algorithm, but it could be moving towards a group of people who control what ranks, this seems inevitable for any corporation with enough power for politics to become involved.
So the plan was to see how deep the rabbit hole goes. I’ve been passively goading Matt Cutts over the past months on BHW, waiting for him to bite. I know he would have seen the 301 redirect thread and will have taken note, such is his passion for BHW as a source for information. On the 12th of December I reached out to him on Twitter with a link to a BHW post directed towards him..
— Agent Blackhat (@AgentBlackhat) December 12, 2013
Considering the narcissist he often reveals himself to be(Just being truthful Matt!) he obviously had had enough of me and we get to see just how anonymous we really are to Google. Within two days he replied, but not on @agentblackhat, he replied on my personal twitter account which I hadn’t used properly in years, yet he had found it, he also replied with the title of one of my old websites which was sold on Flippa and a question mark.
Forgive my weak attempt at privacy here;
I was quite surprised to find that he’d dug this deep to be honest, they really do their homework when they begin to target someone. Like a US drone strike Matts Cutts hones in with precision.
So why did I do this?
We needed to understand how Google is taking the next step into penalizing sites and discovering sites. Google has created a vast network of online properties and software which they are recording user’s activity, your activity. The natural next step for Google is to begin targeting people, not just sites. If you are a big player in a specific niche, it won’t be just your site they target, they will begin doing homework on who you are, what you’re connected to and eventually your card will be marked. I even suspect a database, maybe even a “Most Wanted” database of marketers who cause Google the most trouble.
What we learned from this stunt
Matt Cutts has a personal hand in penalizing sites, he points the finger and you are a target, his team do the research on who you are and use all the tools at their disposal to track you. But how far do they go?
Anything connected to my webmaster tools account was penalized, including very very old sites which don’t even exist anymore. I even had unnatural link messages for sites that were deleted from my webmaster tools account. So we can safely say that Webmaster tools is a complete hazard to your sites if you’re targeted. Two, possibly three webmaster tools accounts were compromised by the attacker, in addition, my main personal account using my personal email was shutdown and I was asked to hand over my phone number, I had to contact Google support to reopen the account, no explanation was given by Google support. I found it odd that sites I don’t own or were removed from WMT were targeted and I was receiving unnatural link messages for them. This may also include other webmaster tools accounts you’ve logged into form the same IP, think your clients WMT account.
Your name is a target
I’m not completely sure how Matt Cutts found my name through my @agentblackhat twitter account, it could possibly that I don’t have privacy on some sites that this blog is connected to in WMT, either way, he spent the time and resources to find my name and then search it online(I wonder if they use Google SE for this or a hidden tool?). Through this they likely found the agency I work for and proceeded to penalize the main site. What is strange about this penalty is that we recently had a partial manual penalty removed from our site. Google’s spam team specifically said that our site is worthy of having a penalty removed, the penalty was removed a month or two ago. We hadn’t built any backlinks to the site in those months, but yet Matt Cutts has now deemed the site as violating the Google T&Cs, so the question is, does Matt Cutts not trust his Spam team? Or does he go as far as abusing his power and disregard his own T&Cs in a personal vendetta?
In the tweet he specifically pointed out a site I sold on Flippa, I don’t really understand the purpose of his tweet, more than likely a “your card is marked” type warning, but it does indicate just how they will look past the information they know about you in their system and take an interest in what you do outside of Google’s own properties. Judging people by what they do outside of Google doesn’t seem like something Google should be interested in, but we are learning the true depth of how they operate here and the barriers they cross.
Domain contact information
As far as I can tell, only one site was hit which didn’t have my contact information in the domain and was not in my WMT account. I don’t believe domain privacy hides your information securely, it is unreliable. I would bet my left testicle that Google has managed to record the domain contact information somehow and will be able to track all online properties with your name. Using web 2.0s as moneysites and dropping in iframes or faking the domain contact information may be the only ways of stopping an attack if you’re targeted.
What was not attacked
Whether he found these sites or not is hard to prove, it could be that he simply eased off going full retard, but there is a pattern in the attacks and it is fairly simple in essence. All of my sites which ticked these boxes were hit with manual penalties;
Sites which did not have my name in the domain contact information(including those without privacy) and sites which I did not have Google analytics or webmaster tools installed and sites which did not have a connection to my name were not hit.
What this proves is that Google DOES track your your webmaster tools accounts and will put effort into attacking you on a level beyond their own services by searching for your name online, which includes your activity on sites not related to Google. Most seasoned marketers may already feel they knew this, but it is important to get the facts on these things and see just how far Google has come.
How to protect sites and remain anonymous to Google post 2013
I think if you’re a big player in the SEO industry you have to be extra careful not to become a target for Google. You need to plan your strategy before you even attempt to enter a big niche, if Google identifies you as someone making waves and ranking for very tough keywords, they will target you and you will be in the most wanted database.
Never reveal yourself as the owner of a domain or property
Fake the contact information in your domain, I would suggest using friend’s details, but considering how Google will go further than their own properties in search of your online history, such as your Twitter and Facebook, it may not be a good idea to leave this footprint. Another possibility, and something I’ve noticed is recently being deployed by marketers on a greater scale is how using ranking pintrest pages and web 2.0s keeps you anonymous to a degree.
Keep your personal name and your SEO/Blackhat name completely separate
Create Separate online personas for each new website and do not make any connection between your real name and your online name, including posting affiliate site stuff to your personal Facebook or Twitter accounts. We don’t realistically know what level of information is passed to Google from domain registrars and social networks. This is especially important if you work for an SEO agency during the day and your own business during the night, Google will make that connection and go down that road if the sites mention your name.
Webmaster Tools, Google Drive, Google analytics and Chrome are off limits
Got SEO client information in your Google Drive? Get rid of it, host it elsewhere, this goes for Webmaster Tools too. If you’re targeted and you have information about these sites on a Google property, then they will begin connecting dots and pushing out very harsh penalties. I vaguely remember hearing an ex-Google employee regarding Chrome say something along the lines of “If Google Chrome can track it, it does”. I would not hesitate to think that Google has a database of user activity should they ever need it, such as if they want to clean someone they don’t want creating sites in their search engine.
Domain hosting and prepaid credit cards
Host domains using several sets of accounts or with a relatively small registrar, its time to create several personas. If you truly want to go a step further and ensure Google can’t track you then prepaid credit cards are the way forward. Welcome to the new way things need to work in order to protect yourself from attacks. Register these accounts using separate emails addresses, save the passwords in an encrypted mega.co account in case you forget them.
Be anonymous in everything you do
The real lesson and concession from Google in this instance has been that Google has moved from looking at specific sites, to monitoring specific people online who could be a danger to their police state “utopia” of SERPs. You are not safe hiding your sites, you have to hide your identity as well.