Google Updates Search Results For News Stories On Desktop
Google changes how search results for news stories are presented on desktop by grouping together multiple results for the same story.
This update is now in effect, which brings news results on desktop in line with how they’re presented in Google Search on mobile devices.
In an announcement on Twitter, the official @GoogleNews account states:
“Now, when there are multiple stories related to your search, we’ll organize results by story so it’s easier to understand what’s most relevant and you can make a more informed decision on which specific articles to explore.”
What Exactly Has Changed?
The search community may have to decide on a new term, because the carousel is now more of a box with stories displayed as different tiles.
As an example, Google’s tweet links to search results for the keyword “covid.”
Here’s how it looks:
Why Has Google Changed News Results On Desktop?
Google offers this explanation on Twitter for changing the layout of news results:
“This new structure will make more room for quality content–beyond just the most recent coverage–as well as a range of sources to bring more context and perspective to the day’s news.”
In addition, this changes makes news results on desktop similar to what people are accustomed to seeing in mobile search.
Source: Google Updates Search Results For News Stories On Desktop
Gravatar “Breach” Exposes Data of 100+ Million Users
The security alert company HaveIBeenPwned notified users that the profile information of 114 million Gravatar users had been leaked online in what they characterized as a data breach. Gravatar denies that it was hacked.
Gravatar Enumeration Vulnerability
The user information of every person with a Gravatar account was open to being downloaded using software that “scrapes” the data.
While technically that is not a breach, the manner in which user information was stored by Gravatar made it easy for a person with malicious intent to obtain user information which could then be used as part of another attack to gain passwords and access.
Gravatar accounts are public information. However the individual user profile accounts are not publicly listed in a way that can easily be browsed. Ordinarily a person would have to know account information like the username in order to find the account and all the publicly available information.
Data Scraping Event
A data breach is defined as when an unauthorized person gains access to information that is not publicly available.
The Gravatar information was publicly available but an outsider would have to know the username of the Gravatar user in order to gain access to the Gravatar user profile. Additionally the email address of that user was stored in an insecure encrypted manner (called an MD5 hash).
An MD5 hash is insecure and can easily be unencrypted (also known as cracked). Storing email addresses in the MD5 format provided only minor security protection.
That means that once an attacker downloaded the usernames and the email MD5 hash it was then a simple matter for the user’s email address to be extracted.
According to the security researcher who initially discovered the username enumeration vulnerability, Gravatar only had “virtually no rate limiting” which means that a scraper bot could request millions of user profiles without being stopped or challenged for suspicious behavior.
Gravatar Minimizes User Data Collection
The last tweet in the series from Gravatar encouraged readers to learn how Gravatar works:
“If you want to learn more about how Gravatar works or adjust the data shared on your profile, please visit http://Gravatar.com.”
Ironically, Gravatar linked to an insecure protocol of the URL, using HTTP. Upon reaching the URL there was no redirect on Gravatar to a secure (HTTPS) version of the web page, which only undermined their efforts to project a sense of security.
Were Gravatar Users Pwned?
An argument could be made that a Gravatar account can be public but not easily harvested as Step One of a hacking event by people with malicious intent.
Gravatar asserted that after the enumeration attack vulnerability was disclosed that they took steps to close it to prevent further downloading of user information.
So on the one hand Gravatar took steps to prevent those with malicious intent from harvesting user information. But on the other hand they said reports of Gravatar being hacked is misinformation.
But the fact is that HaveIBeenPwned did not call it a hacking event, they called it a breach.
An argument could be made that Gravatar’s use of the MD5 hash for storing email data was insecure and the moment hackers cracked the insecure encryption, the abnormal scraping of “public information” became a breach.
Source: Gravatar “Breach” Exposes Data of 100+ Million Users
Bing launches Ethical Shopping hub in UK
Microsoft Bing has launched its Ethical Shopping hub, which enables users to shop eco-friendly, upcycled or fair-trade fashion, the company announced Wednesday. The Ethical Shopping hub is currently only available to desktop users in the UK. “Currently, we are looking at a horizon of at least another quarter before a significant release in the U.S.,” Sumit Chatterjee, lead product manager at Microsoft, told Search Engine Land.
How it’s different from Bing Shopping. Consumers can use the Ethical Shopping hub to browse by ethical fashion brands or products as well as trending and featured items. As mentioned above, they can also narrow down their options using the eco-friendly, upcycled and fair-trade options. Additionally, the hub will also feature articles about “informed fashion choices and other planet-friendly news topics,” according to the announcement.
The price drop and sales labels that are available on Bing’s traditional shopping experience will also be shown in the Ethical Shopping hub, so product feed data will continue to play an important role here as well.
How products eligibility is determined. Sustainable and ethical ratings are powered by Good On You, an organization that compiles and rates fashion brands based on their impact on people, animals and the environment.
“Information is gathered from brand and parent company credible reporting, third-party indices (e.g., the Fashion Transparency Index and CDP Climate Change and Water Security projects), and independent certifications, accreditations, and other standards-based systems (like Fair Trade, Cradle to Cradle, OEKO-TEX STeP and the Global Organic Textile Standard),” Microsoft said in the announcement.
These ratings are integrated into Bing Shopping filters and users can apply them when searching for fashion products.
Source: Bing launches Ethical Shopping hub in UK
Microsoft Advertising now supports Spanish language ads in the US
Beginning this month, advertisers can serve text ads from Spanish ad groups in the U.S. on all devices and publishers, Microsoft Advertising announced Tuesday. The company also announced updates to the Microsoft Audience Network, including support for Video Ads and Feed Ads in the Audience Network Planner and the ability to choose between CPC or CPM pricing.
Spanish language ads. Any campaign that has Spanish selected as the language can now serve in the United States. Spanish language ads serve when the user self-identifies as Spanish-speaking or the query is in Spanish.
Microsoft offered the following recommendations for advertisers just starting out with Spanish language ads:
- Separate your Spanish and English ad copies into different ad groups and choose the corresponding language at the ad group level.
- Create Spanish extensions for your Spanish ad group.
- Bid boost for your Spanish ad groups, or have a higher base bid, so that your Spanish ad can be shown over your English ad.
For branded campaigns, Microsoft recommends keeping the same keywords in both ad groups. For non-branded campaigns, the company recommended choosing the appropropriate keywords for each corresponding ad group. All other settings (automated bidding, targeting, etc.) should be kept the same.
Audience Network Planner extends support to Video and Feed Ads. In addition to Image Ads, the Audience Network Planner now supports Video Ads and Feed Ads as well.
CPM pricing is now available. First announced in October, advertisers on the Microsoft Audience Network can now specify a maximum amount they’re willing to pay per 1,000 impressions (CPM). CPC pricing remains available, should you want to switch between the two bidding strategies.
Source: Microsoft Advertising now supports Spanish language ads in the US
Surge: A New Page Caching Plugin for WordPress with No Configuration Required
WordPress Core Contributor Konstantin Kovshenin has released a new page caching plugin called Surge. Searching the WordPress plugin directory, you will find hundreds of caching and cache purging plugins, but this one stands out from competitors in that it requires no configuration. The plugin starts working as soon as it’s activated, and there are no options.
What kind of performance improvements can you expect with Surge activated? Kovshenin’s tests indicate that WordPress site performance on cheap hosting can be significantly improved with the plugin:
Surge stores cache files on the filesystem, leveraging the Linux kernel page cache for efficient in-memory caching and invalidation. In various load tests, Surge has shown to easily handle 1000-2500 requests per second at 100 concurrent, on a cheap single-core virtual server with only 1 GB of memory. That’s over 70x faster than a stock WordPress install with a default theme and no plugins.
Kovshenin built Surge because he could not find a suitable plugin to work well Sail, the CLI tool he has been developing for deploying WordPress apps to DigitalOcean.
“The biggest blocker for me was the configuration, screen after screen after screen, the amount of hoops I had to jump through just to get things working,” he said. “And sure, there are on-screen guides and wizards, video tutorials, hundreds of documentation articles, but all I wanted was a page caching plugin, not a rocket (no pun intended). I had to roll my own.”
Source: Surge: A New Page Caching Plugin for WordPress with No Configuration Required