Skip to main content

The Many Faces Of Google

Many bloggers are totally unaware of how many different domains make up the Blogger and Google address space.

Daily, we see passionate yet vague problem reports
  • My Followers gadget doesn't show any pictures.
  • The links in my Navbar don't do anything when you click on them.
  • I can't publish a post - the buttons don't work (aren't there in the toolbar).
  • The feed gadgets on my blog don't update.
Each of these complaints, phrased as they are, result in part from bloggers who don't understand how many addresses (domains) Blogger and Google use, in providing us the ability to publish and maintain our blogs, and in providing our readers with the ability to view and to enjoy our blogs.

Most of us are aware of the dual nature of Blogger / BlogSpot, hopefully when we setup and maintain security settings in our browser.
  • Blogger contains the code ("scripts") that lets us setup and maintain our blogs. We will have to trust Blogger, since it contains the code that lets us setup and maintain our blogs.
  • Blog*Spot contains the published versions of our blogs - when we don't publish to external URLs. We should not trust BlogSpot, to the same level as we trust Blogger, since it contains blogger modifiable code. There are similar Google domains, which we should trust only conditionally.

If you secure your computer, and your browser, you know about the need to designate trusted domains (or block some domains) - and there are more domains which you need to consider, besides the two described above.

If you use Firefox with NoScript (which is my hope), you may have seen mysterious domains show up in your NoScript popup menu. NoScript, which provides Unix like security ("deny by default, permit by exception"), sees many Blogger / Google scripts as potential clickjack or cross site scripting exploits.

If you use Internet Explorer, you have the Internet Properties - Security - Trusted sites wizard, where you may need to add (or remove) some entries.

All browsers - Firefox, Internet Explorer, and others - will need cookies enabled for these domains. Besides enabling these specific domains to create and read their own cookies, you will, quite likely, need to allow for access to third party cookies. Note that cookies (which you should enable for BlogSpot) are separate from scripts (which, as noted above, you should not enable for BlogSpot).

Note also that each browser contains native settings for both cookies and scripts. It's also possible to install add-on software which gives us greater control over cookies, and over scripts, in either browser. Additionally, some anti-malware and firewall suites, installed to the operating system, will contain cookie and / or script control software. All of these possible security components may need to be configured to allow for these many domains involved.

So check your browser security settings, and decide how much trust you can provide for scripts, provided by the various Blogger and Google domains.
  • blogger.com can (must) be trusted, if you wish to use the Blogger dashboard, and publish a Blogger blog.
  • blogspot.com can be trusted, but less so than blogger.com.
  • blogspot.co.uk, blogspot.de, blogspot.fr, and dozens of other country code aliases can (and must) be trusted, as blogspot.com is trusted.
  • The various custom domain URLs can and should be trusted, as blogspot.com is trusted.
  • google.com can always be trusted.
  • gmodules.com can be trusted.
  • google-analytics.com can be trusted.
  • googleads.com can probably be trusted - if you enjoy ads displayed on your computer.
  • googleapis.com can probably be trusted.
  • googlesyndication.com can probably be trusted.
  • googleusercontent.com must be very selectively trusted - it contains user contributed code, which has been used in malicious attacks. If you are viewing this article while configuring NoScript as a Firefox add-on, you should specifically not trust googleusercontent.com, while you are removing dodgy code from your blog.
  • gstatic.com can probably be trusted.


The next time that you (or another blogger - maybe one of your readers) needs to make a problem report similar to one of the scenarios enumerated above, ask yourself what domain is involved, and what security settings you use for that domain, before complaining to Blogger Help Group
It isn't working - again. What did Blogger break this time?

Take responsibility, for some problems, which you help to cause.

Comments

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.