Skip to main content

The Many Faces Of Google

Many bloggers are totally unaware of how many different domains make up the Blogger and Google address space.

Daily, we see passionate yet vague problem reports
  • My Followers gadget doesn't show any pictures.
  • The links in my Navbar don't do anything when you click on them.
  • I can't publish a post - the buttons don't work (aren't there in the toolbar).
  • The feed gadgets on my blog don't update.
Each of these complaints, phrased as they are, result in part from bloggers who don't understand how many addresses (domains) Blogger and Google use, in providing us the ability to publish and maintain our blogs, and in providing our readers with the ability to view and to enjoy our blogs.

Most of us are aware of the dual nature of Blogger / BlogSpot, hopefully when we setup and maintain security settings in our browser.
  • Blogger contains the code ("scripts") that lets us setup and maintain our blogs. We will have to trust Blogger, since it contains the code that lets us setup and maintain our blogs.
  • Blog*Spot contains the published versions of our blogs - when we don't publish to external URLs. We should not trust BlogSpot, to the same level as we trust Blogger, since it contains blogger modifiable code. There are similar Google domains, which we should trust only conditionally.

If you secure your computer, and your browser, you know about the need to designate trusted domains (or block some domains) - and there are more domains which you need to consider, besides the two described above.

If you use Firefox with NoScript (which is my hope), you may have seen mysterious domains show up in your NoScript popup menu. NoScript, which provides Unix like security ("deny by default, permit by exception"), sees many Blogger / Google scripts as potential clickjack or cross site scripting exploits.

If you use Internet Explorer, you have the Internet Properties - Security - Trusted sites wizard, where you may need to add (or remove) some entries.

All browsers - Firefox, Internet Explorer, and others - will need cookies enabled for these domains. Besides enabling these specific domains to create and read their own cookies, you will, quite likely, need to allow for access to third party cookies. Note that cookies (which you should enable for BlogSpot) are separate from scripts (which, as noted above, you should not enable for BlogSpot).

Note also that each browser contains native settings for both cookies and scripts. It's also possible to install add-on software which gives us greater control over cookies, and over scripts, in either browser. Additionally, some anti-malware and firewall suites, installed to the operating system, will contain cookie and / or script control software. All of these possible security components may need to be configured to allow for these many domains involved.

So check your browser security settings, and decide how much trust you can provide for scripts, provided by the various Blogger and Google domains.
  • blogger.com can (must) be trusted, if you wish to use the Blogger dashboard, and publish a Blogger blog.
  • blogspot.com can be trusted, but less so than blogger.com.
  • blogspot.co.uk, blogspot.de, blogspot.fr, and dozens of other country code aliases can (and must) be trusted, as blogspot.com is trusted.
  • The various custom domain URLs can and should be trusted, as blogspot.com is trusted.
  • google.com can always be trusted.
  • gmodules.com can be trusted.
  • google-analytics.com can be trusted.
  • googleads.com can probably be trusted - if you enjoy ads displayed on your computer.
  • googleapis.com can probably be trusted.
  • googlesyndication.com can probably be trusted.
  • googleusercontent.com must be very selectively trusted - it contains user contributed code, which has been used in malicious attacks. If you are viewing this article while configuring NoScript as a Firefox add-on, you should specifically not trust googleusercontent.com, while you are removing dodgy code from your blog.
  • gstatic.com can probably be trusted.


The next time that you (or another blogger - maybe one of your readers) needs to make a problem report similar to one of the scenarios enumerated above, ask yourself what domain is involved, and what security settings you use for that domain, before complaining to Blogger Help Group
It isn't working - again. What did Blogger break this time?

Take responsibility, for some problems, which you help to cause.

Comments

Popular posts from this blog

Adding A Link To Your Blog Post

Occasionally, you see a very odd, cryptic complaint I just added a link in my blog, but the link vanished! No, it wasn't your imagination.

Embedded Comments And Main Page View

The option to display comments, embedded below the post, was made a blog option relatively recently. This was a long requested feature - and many bloggers added it to their blogs, as soon as the option was presented to us. Some blog owners like this feature so much, that they request it to be visible when the blog is opened, in main page view. I would like all comments, and the comment form, to be shown underneath the relevant post, automatically, for everyone to read without clicking on the number of comments link. And this is not how embedded comments work.

What's The URL Of My Blog?

We see the plea for help, periodically I need the URL of my blog, so I can give it to my friends. Help! Who's buried in Grant's Tomb, after all? No Chuck, be polite. OK, OK. The title of this blog is "The Real Blogger Status", and the title of this post is "What's The URL Of My Blog?".