Pamela Anderson is a well-known actress. The New Pornographers are an indie rock band. Women rapping are … well, presumably just females making music. All three are also part of a growing list of known “naughty” phrases that trip up Google Instant.

Danny Sullivan has already written about this topic here on Search Engine Land (see The Five Words You Can Never Suggest On Google Instant), but the folks at 2600 — a hacker community magazine — are compiling a Google Blacklist of words that Google Instant filters.

The list, which is not safe for work and perhaps not safe for other readers, too, contains a lot of words and phrases you’d expect. But it also shows how far Google has gone to err on the side of caution in some cases.

As the image above shows, you can’t even get to the first “n” in Pamela Anderson’s last name before Google Instant shuts down. The “women rapping” example is joined by “rapping women” and even “wrapping men” (with a “w”) as phrases that trip the filter … perhaps due to an overactive fear of bad spellers.

Google Instant’s naughty word list is evolving, too. The word “marijuana” was originally on a not-fltered word list, but Google later started filtering that, too.

(found via Gawker)

Like it or not, lots of people search for nude celebrities on Google. But with Google’s new Google Instant Search, those inclined to seek celebs in the buff have to figure out their queries without any help from Google. The same is true for those interested in nude beaches, famous nude artwork or “innocent” topics such as the Naked Brothers Band and nude lipstick. Below, a closer look at pros and cons to Google Instant’s filtering, including a nod’s to George Carlin’s famous “Seven Words You Can Never Say In Television” bit.

A Good Reason To Filter Adult Terms

As we’ve covered, Google Instant omits suggestions for terms it considers pornographic in nature. That’s been a long-standing policy for the predecessor to Google Instant, Google Suggest (also called Autocomplete), a feature which suggest things people might want to search on as they type in the search box.

Google Instant makes that policy even more important, since now rather than just suggesting search topics, Google automatically loads search results to match the suggested queries as you type.

Imagine a teacher doing a search in front of a class of children, looking for information about fuchsias. “Fuc….” they start to type, only to find Google automatically bringing up results for another and far more popular search topic that begins with those letters.

Trust me, the F-word is a far more popular query than “fuchia.” Don’t trust me? Here’s a chart of search activity for the two terms against each other. It’s no contest.

Filtering Nude & Naked Celebs, For Better…

Pick your celebrity, and there’s a good chance among the queries related to them is their name followed by “nude” or “naked” or specific terms like “upskirt.”

I’ll pass on making a list of the most popular naked celebrities people are interested in, according to Google’s public keyword data tools. But I’ve reviewed the data.

One popular celeb, with legions of young teenage girl fans, isn’t even an adult nor has actually posed nude. Without Google Instant’s adult-content filter, any of those fans searching for her by name might get a “nude” suggestion along with results purporting to have nude photos of her.

I think it’s hard to argue with having a filter in place, in situations like this. Moreover, if anyone really wants to seek naked photos of anyone, they can still directly type in what they want. Google’s just not helping them with these types of queries.

Or For Worse…

Still, there are other cases where omitting supposed pornographic suggestions might hurt in cases where people aren’t planning some web voyeurism.

For example, supermodel Jerry Hall is currently in the news because she plans to auction an Lucien Freud painting of that pictures her nude and pregnant. However, “Jerry Hall nude” is not something that Google will suggest searching for, for fear that searchers might get unintended pornographic results.

Ironically, Google Instant does automatically bring back results for “Jerry Hall,” after you type just “Jerry H,” which shows the painting in question:

Similarly, Google Instant won’t suggest searching for Demi Moore either nude or naked, even though she posed nude on the cover of Vanity Fair in 1991. The famous image, where she was pregnant, had her hands and overall pose strategically done to reveal little. It’s a picture some might indeed be seeking, in relation to her

Ironically, Google Instant’s adult feature completely fails to block a suggestion for “demi moore bush.” In fact, it’s the second thing on the list for her name, shown as you start to type “Demi M…”

In fact, it even comes up third on the list after typing only “Demi….”

The “Demi Moore Bush” search was made popular last year by Tosh.0 host Daniel Tosh, who made mention of the term in a segment on his show. Suffice to say, doing that brings back results that aren’t exactly what you’d want that aforementioned teacher stumbling across in a search in front of their classroom.

In another oddity, that teenaged celebrity I mentioned? While “nude” suggestions are blocked for a search on her name as potentially pornographic, “lap dance video” — the second suggestion currently after typing her first name — is not blocked.

Beyond Nude Celebrities

The adult filter blocks suggestions of other “innocent” things people might seek. For instance, fans of the “Naked Gun” movies will find “instant” results denied to them.

Looking for information about nude beaches? Google’s keyword data tools show that there are over 550,000 nude beach-related queries in the US per month, but no suggestions will be provided for those.

Also lost to the adult filter are suggestions for things like:

• Nickelodeon’s “Naked Brothers Band” show
• “Naked” DSL services
• “Nude” lipstick and make-up

And while Google Instant will suggest “Picasso’s Blue Period,” it won’t suggest Picasso’s Blue Nude, which Artcyclopedia cites as the 17th most popular art poster it sells. Nor will it suggest Picasso’s Nude, Leaves & Bust, which sold in May for $106.5 million, the highest amount paid for artwork at an auction.

More oddities. It’s OK to show suggestions for Angie Dickinson. Heck, you can even start typing Dick… and get suggestions. But search for poor Ad Age reporter Irina Slutsky, and the “slut” part condemns her and others whose names begin with those four letters. Slutsky and the Register’s Cade Metz have more on this in the stories below:

• Google Cleans Up Its Act — and Erases My Identity
• Google Instant blacklists the Slutskys

The Seven Words You Can’t Say On TV … But Maybe On Google Instant

To further test some of the filtering strangeness, I thought I’d try George Carlin’s famous seven words you can’t say on TV. The * symbols show how far you can go with each word until the suggestions run out.

Shit: This shows “shitmydadsays,” a popular Twitter account, along with shite (a British way of saying shit), Shitzu puppies and more.

Piss: “Pissed,” “Pissed Off” and the Piss Christ photograph by Andres Serrano get suggested, along with other terms.

Fuc*: Once you hit the C, the suggestions go away.

Cun*: You can get suggestions through Cun. But try to add a T, and everything goes away.

Cocks*****: Cock is just fine, until you type the S. Then suggestions disappear.

Motherf*****: The minute you type that F, the suggestions stop. Oddly, while you get suggestions for mother-related terms before this, you don’t get shown any search results.

Tit*: It doesn’t even belong on the list, because it’s such a friendly sounding word. But what was true for Carlin’s time remains the case for Google Instant — no suggestions, at least if you try to add an S.

So, that’s five out of the seven original words you could never say on TV being blocked on Google Instant. Obviously, despite my headline, there are many more words than this that Google Instant will never suggest.

Thoughts On Moving Forward

Suffice to say, if the adult filter can’t figure out that it shouldn’t be suggesting “Demi Moore Bush” but still thinks showing suggestions for names like “Slutski” is too risky, there’s more work to be done.

One thought is that Google should let people control filtering themselves. Using the Search Settings area, searchers can already decide if they want to override the default setting that applies SafeSearch filtering to images. You can turn it off or make it even more strict, applying it to web searches.

Maybe by default, adult filtering of Google Instant suggestions should be on — but if users want to toggle this off, let them. That might bring the benefits of SafeSearch to those Naked Gun fans, nude beach enthusiasts and yes, I suppose, even the web voyeurs.

Postscript: Malcolm Coles pinged me on Twitter after this was posted about his story, Google Instant filters put gay and lesbian on a par with rape, racism and paedophilia. Some of the terms he found blocked as possibly pornographic include:

• gay
• lesbian
• clitoris
• rape (which also blocks suggesting things like “rape hotline”
• paris hilton

Search results for “Paris Hilton,” by the way, look pretty clean :)

When I checked “gay,” I could actually see that as a suggestion, and if I tabbed down to it, Instant results automatically appeared. Not so with “lesbian,” however.

Back in 2008 Google reported that malware infected pages had increased to more than 1% of all search results. Google posted a malware statistics update last week. Malware infections have more than doubled since April 2009. Search results containing a url labeled as harmful have remained level in the range of 0.5% to 0.9%, an improvement. While the web as a whole has become more dangerous, Google’s been doing an even better job clearing their search results.

I know one reason why there’s been a dramatic rise in malware on the Web since April. A nasty malware attack has been targeting web developers to steal their passwords. Stolen passwords are used by the bad guys to automatically deploy iframe injection attacks to innocent web page.

If you access web sites via File Transfer Protocol (FTP) or Secure File Transfer Protocol (SFTP), this attack is targeting you. All you need to do is browse an infected page using an insecure browser. Badware will be deployed to your machine, and it will find the files used by FileZilla, or possibly other FTP programs to store passwords, and silently send those files back to a server in China. Then an automated bot attack will use FTP to edit your web pages, infecting them with malware. Then your sites will drop out of the search results. Can you image the uncomfortable conversations when all your sites get hacked at once and you have to admit responsibility?

What can be done to reduce this risk of search Armageddon?

1. Use a more secure browser such as Chrome or Firefox with the NoScript add on for routine browsing.
2. Don’t use any FTP program that stores passwords locally in plaintext, such as FileZilla. To date, Dreamweaver has not been reported to have been compromised. Dreamweaver encrypts passwords and stores them in the Windows registry.
3. Consider using a Mac or Linux instead of Windows. As the most popular operating system, Windows is the most popular target for attacks.
4. Make sure your machine and server are fully updated and patched. Turn off unnecessary services and software to reduce the attack surface.
5. Register your site with Google Webmaster Tools and Bing Webmaster Center. Check regularly to see if there are any malware reports (or other issues) with your sites.
6. If you suspect a malware infection, check Unmask Parasites,
7. View your site’s reputation at McAfee SiteAdvisor.
8. Reduce the number of people and computers that have access to your web server.
9. Keep a backup copy of your web pages. In case of infection, it’s a race to see if you can fix the site before search engines (and users) discover the problem and dump you.
10. Choose the hosting provider that has the quickest response time, not the cheapest price. If your site gets hacked, you may need their help to change all the passwords.

As the web becomes more dangerous, customers become more suspicious, reducing opportunities for everyone. Please do your part to make the web safer, and to reduce your risks.

Google wrote to the FCC:

Google Inc. (“Google”), by its attorneys, files these comments in response to the Notice of Inquiry (“NOI”) issued by the Federal Communications Commission (“FCC” or “Commission”) initiating a proceeding as required by the Child Safe Viewing Act of 2007 (“CSVA”) to examine the existence and availability of advanced blocking technologies compatible with various communication devices and platforms for programming parents deem indecent, violent or otherwise objectionable.2 As we explain, Google is committed to empowering and educating parents so that they can create a positive and safe online experience for their children.

A number of initiatives designed to give users and families greater control to moderate their YouTube experience, including the ability to filter video comments they find inappropriate.

Previously, YouTube had to create sophisticated software to protect copyright over music and videos. That software has been doing a pretty good job identifying videos or music on YouTube and quickly removing such video.

In other YouTube news, YouTube has been testing a super seekrit channel design.

The toolbar works on both Internet Explorer and Firefox, and is set by default to not display “red” or potentially malicious web site in search results. There are options allowing you to tune the settings to meet your own comfort level when viewing search results.

The announcement is another part of Ask’s strategic focus of working with partners, in an effort to increase its market share among its target audience of families and kids. Danny wrote about this new focus a few weeks ago in Ask.com Partners With NASCAR, Says “Super Verticals” Will Put It Back In Search Race. The idea is that by leveraging the strength of its partnerships, Ask will be able to successfully compete with Google et al without necessarily doing battle directly with the major search engines.

Ask can use the help in acquiring new traffic. According to comScore, Ask’s share of the search market in the fourth quarter of 2008 declined to 4.0%, down from 4.4% in the third quarter of the year. Andrew Moers, president of the Ask partner network, declined to discuss specific traffic share the company hopes to gain, but said “It’s a big win for the Ask partner network. Symantec ships tens of millions of pieces of software per year, so it’s a very meaningful relationship.”

Google led the way in displaying malware warnings in search results when it began issuing warnings about potentially dangerous sites in February 2007. No toolbar is required to view these warnings—they show up automatically on a Google search result page when malicious sites are detected. Over the past weekend, Google’s system went haywire, briefly labeling all search results as malware.

Yahoo has had a partnership with McAfee since May of last year with SearchScan, which uses McAfee’s SiteAdvisor technology to flag URLs it deems “risky” in the search results. And Microsoft added malware warnings to Live Search results in December 2008.

The new Safe Search toolbar is part of the Norton 360 security suite, version 3.0, and will be available by download. The final version of the security suite will be released by the end of the quarter, according to Moers.

How can you find out if Microsoft has flagged your site for malware and how can you let them know you’ve fixed the problem? As part of this update, Microsoft Live Search also launched an update to their Webmaster Center that added alerts about malware. You can generate a report of all pages on your site that have malware on them, see if you link to any external pages that contain malware, and submit a review request once you’ve fixed any issues.

Find out if your site has been flagged

To find out if your site has been flagged for malware, log in to the Webmaster Center (you have to verify site ownership) and access the Crawl Issues tab. Select the Malware Infected issue type and click Search. You’ll see a list of any flagged pages on your site that you can download for offline processing.

The Malware Infected report has been added to the existing crawl errors reports in the tool (File Not Found, Block by REP, Long Dynamic URLs, and Unsupported Content Types).

Request review

If you find that any pages are infected, you can request review once you fix the problem. Microsoft says the reinclusion  process should “take days, not weeks”.  Once they’ve determined that the pages are no longer infected, they’ll remove alert from the search results.

Find out if you’re linking to malware

The webmaster tools also include a new Outbound Links report that lists any external malware-infected pages that your site links to. This is important information to have, as you don’t want to send your customers to infected sites. To generate this report, simply access the Outbound Links tab, choose Show All Outbound Links, and select the Show only outbound links to malware option.

Learn more about malware and how to prevent it

Microsoft has added information to their help center that provides details on what malware is, how to protect your site from it, and steps to take if your site has been infected. This document notes the importance of fixing any security holes in your website that enabled the malware infection.

What about Yahoo! and Google?

Both Google and Yahoo also offer methods for requesting evaluation once malware issues have been fixed, but neither provide the robust reporting that Microsoft now offers.

Google alerts you to malware issues on the summary page of the site in webmaster tools and provides a sample list of URLs. Microsoft’s report may contain a more complete list of infected pages. However, once you fix the problem and request review, Google will let you know of any remaining pages with issues. Google has also published several blogs about what to do if your site’s been hacked and a how to prevent it.

Yahoo! doesn’t provide this type of alert or reporting in Site Explorer. When I asked about this earlier in the year when they launched “SearchScan Alerts”, they told me:

If your site shows up in that experience, but not in the SearchScan On mode, (all other options such as SafeSearch remaining same) then you can believe that it is due to exploit rating on your site.

Note, to make this work, you should ensure that you keep all other elements of the search experience constant between the test with SearchScan off and on. That is

a) make sure you don’t change any other preferences

b) make sure you don’t change the computer you are searching from in case source IP or other changes affect the query routing

c) make sure you use the same Y! search destination – .com, co.uk etc. because sometimes there are regional rules which cause filtering (for example, france has stricter rules around nazi memorabilia sites etc.)

d) check multiple times across a couple of days. This is important because sometimes there is some localized maintenance going on which might temporarily affect what you see.

Use Yahoo’s SearchScan form (linked to in the search results alert) to request review once you’ve fixed any issues.

Ultimately, search engines want to provide the best possible experience for searchers and don’t want to send searchers to sites that will infect their computers. By providing site owners with detailed information about pages on their sites that are infected, external links to malware, and how to prevent infection, Microsoft is going a step further beyond just alerting searchers to infected sites by helping keep the results free of malware in the first place.

MSN’s Live Search has announced the addition of malware warnings to their search results pages. In doing so, Live Search joins Google and Yahoo in taking a proactive stance against potentially dangerous sites; Google began adding malware warnings in early 2007. Yahoo added SearchScan alerts in May of this year.

The Live Search implementation is different from how the other two search engines show malware warnings. When a potentially harmful page shows up in the Live Search results, users see no warning until they actually try to click on the link. When they do click, a small “pop-up” box appears to the far right of the listing. Here’s what it says:

On the other hand, both Google and Yahoo show the warning immediately, without the need for a user click:

Google Malware Warning:

Yahoo SearchScan Warning:

It’s good that Live Search has joined Yahoo and Google in warning users about possibly harmful sites. But to be frank, the Live Search implementation of this warning suffers from poor usability. By placing the alert to the far right, it’s not where users are looking as they click. Because of that, and because the warning is in small text on a white background, searchers may miss the message altogether.

Webmasters whose sites are flagged by Live Search as being dangerous are encouraged to sign up for Live Search Webmaster Tools to get more information about fixing and securing their web site.

A search for Astalavista at Yahoo returned what appeared to be a Google.com result in the 10th position. But in reality, Yahoo somehow mixed up the astalavista.ms URL with a Google.com URL, and since astalavista.ms had signs of Malware on it, it appeared that Google.com had malware on it.

Here is a screen capture of what the search results originally looked like, when Yahoo labeled the astalavista.ms result and a google.com result:

But now, the same result is labeled correctly and looks like this:

Amit Bhawani commented at TechCrunch, explaining that if you clicked through to the detailed warning, it showed the warning was for astalavista.ms and not for google.com.

It now appears that Yahoo fixed the issue with the search result showing google.com instead of astalavista.ms. Yahoo has been known to mix up the display URL in the search results in some cases, specifically in the past. But I have been hearing some recent noise in the search forums that there are more signs of these Yahoo issues.

Yahoo Search has begun a partnership with McAfee, Inc. to provide SearchScan, which uses McAfee’s SiteAdvisor technology to flag URLs it deems "risky" in the search results. Results are flagged with the type of danger below the title. This new feature is primarily aimed at preventing spyware and other malicious software from being downloaded on searchers’ computers, as well as at preventing searchers from falling victim to sites that employ spammy email tactics.

The Yahoo Search Blog provides more information. Below, more details on what types of pages are flagged and how site owners can dispute incorrect flagging.

The types of behavior that causes a page to be deemed risky include:

• Download triggered upon page visit (these types of pages are removed from the search results entirely)
• User-initiated download includes spyware or other malicious sofware
• Site engages in spammy email tactics, such as flooding inboxes with mail

SearchScan is on to alert by default, but searchers can turn it off (or specify that flagged sites shouldn’t display at all) in their Yahoo preferences.

Why has Yahoo implemented this feature?
The press release being released tomorrow morning quotes a Decipher Inc Online Security & Web Search consumer survey from March of 2008 and says, "After children’s safety, 65 percent of Americans online are more worried about clicking unsecured search listings than the threat of neighborhood crime, getting ones [sic] wallet stolen or email scams." That’s an interesting claim, as I don’t know that 65% of online Americans know what an "unsecured search listing" is, but the point remains a valid one. Search engines present the web as a whole, and as the web include lots of malicious activity, search engines end up serving up malicious suggestions. This partnership is an attempt to serve up "safe" results without engaging in web censorship.

Google’s approach
Google has taken a similar tactic with a partnership with StopBadware.org. Any sites flagged by StopBadware.org include a message below the search result and Google directs searchers who click on these results to a page that provides more information and enables them to either continue to the page or go back to the search results.

If a site is flagged in Google’s search results, Google alerts the site owner via email and a Google Webmaster Tools message. Google also provides a dispute and resolution process in the cases where the site owner doesn’t agree with the label or makes changes to the site to abide by the StopBadware.org guidelines. In addition, the site owner can obtain more information from the page that Google directs searchers to for flagged pages in the search results.

The dispute and resolution process is actually forwarded to StopBadware.org and site owners can follow the process there.

Yahoo’s dispute process
Yahoo has a dispute process for site owners as well. When you hover over an alert in the Yahoo search results, an information box appears that includes a site owner link.

That links leads to the SearchScan form, which seems to be for both site owners and searchers. When I talked to Yahoo about this process a month ago, they said that, like with Google’s process, they forward the information to McAfee to resolve. I’ve asked them if they also provide proactive alerts to site owners and they said that if site owners are concerned that their pages may be missing from the search results due to SearchScan, they can turn off SearchScan and check the results:

If your site shows up in that experience, but not in the SearchScan On mode, (all other options such as SafeSearch remaining same) then you can believe that it is due to exploit rating on your site.

Note, to make this work, you should ensure that you keep all other elements of the search experience constant between the test with SearchScan off and on. That is

a) make sure you don’t change any other preferences

b) make sure you don’t change the computer you are searching from in case source IP or other changes affect the query routing

c) make sure you use the same Y! search destination – .com, co.uk etc. because sometimes there are regional rules which cause filtering (for example, france has stricter rules around nazi memorabilia sites etc.)

d) check multiple times across a couple of days. This is important because sometimes there is some localized maintenance going on which might temporarily affect what you see.

As part of the agreement, McAfee will distribute Yahoo Search to its user base. Distribution is arguably more important to gaining search market share than user interface improvements, and this distribution deal may provide clues to Yahoo’s strategy. (Two different hotels I’ve stayed at in the last month have featured a Yahoo search box on the wifi landing page — more signs that Yahoo is working hard at increasing distribution.)

Google Cleans Up Returns; Yahoo Not So Much from eWeek has a look at how Google has quickly cleaned up the malware from their search results, while Yahoo has taken a slower approach.