Tag Archive | "User"

SearchCap: Google tests AMP labels, AdWords personalization & understanding user intent

Below is what happened in search today, as reported on Search Engine Land and from other places across the web.



Please visit Search Engine Land for the full article.


Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

Google Tests New User Interface In Search For Google Posts

Google seems to be testing multiple variations of how Google Posts show up in the Google search results recently. In the past week or so…


Search Engine Roundtable

Posted in IM NewsComments Off

Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability

Google Chrome and Mozilla Firefox might have inadvertently leaked the Facebook usernames, profile pictures and even the likes of their users because of a side-channel vulnerability.

A side-channel vulnerability was discovered in a CSS3 feature dubbed the “mix-blend-mode.” This allowed a hacker to discover the identity of a Facebook account holder using Chrome or Firefox by getting them to visit a specially-designed website.

This critical flaw was discovered in 2017 by security researchers Dario Weißer and Ruslan Habalov and also by independent researcher Max May.

The researchers created a proof-of-concept (POC) exploit to show how the vulnerability could be misused. Weißer and Habalov’s concept showed how they were able to visually harvest data like username, profile picture, and “like” status of a user. What’s more, this insidious hack could be accomplished in the background when the user visits a malicious website.

The visual leak could happen on sites using iFrames that connect to Facebook in via login buttons and social plugins. Due to a security feature called the “same-origin policy,” sites can’t directly access iFrame content. But the researchers were able to get the information by developing an overlay on the cross-origin iFrame in order to work with the underlying pixels.

It took Habalov and Weißer’s POC about 20 seconds to get the username and about five minutes to create a vague copy of the profile picture. The program also took about 500 milliseconds to check the “like” status. Keep in mind, however, that for this vulnerability to work, the user should be logged into their Facebook account.

Habalov and Weißer privately notified both Google and Mozilla and steps were taken to contain the threat. Google was able to fix the flaw on their end when version 63 was released last December. On Firefox’s end, a patch was made available 14 days ago with the release of the browser’s version 60. The delay was due to the researchers’ late disclosure of their findings to Mozilla.

IE and Edge browsers weren’t exposed to the side-channel exploit as they don’t support the needed feature. Safari was also safe from the flaw.

[Featured image via Pixabay]

The post Google Chrome, Mozilla Firefox Leaked Facebook User Data Caused by Browser Vulnerability appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

Facebook ‘Weaponized’ User Data, Says Bikini Photo-Finding App Developer

Facebook is facing accusations of gathering more user data than disclosed. According to court filings, former start-up Six4Three claimed that the social media company conducted mass surveillance on its users and their friends alike.

Based on the lawsuit documents, Facebook reportedly had access to its users’ text messages, photos, and microphones. It can even track their locations by remotely activating the Bluetooth on mobile devices without permission. All of these accusations were detailed in Six4Three’s fifth version of the complaint, initially filed in 2015.

The court document read, in part:

“Facebook continued to explore and implement ways to track users’ location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls.”

In response, Facebook refuted the claims by saying that these “have no merit and we will continue to defend ourselves vigorously.” The company clarified rumors back in March that it was monitoring calls and messages of its users. Rather, they only collected call and text message history as part of its opt-in feature under Facebook Lite and Messenger on Android.

The former start-up also contended that Facebook had access to several photos on iPhones. But the social media company pointed out that users can opt-in to the photo syncing feature of the app for easier uploading.

Allegations of breaching user privacy and data collection remain touchy subjects for Facebook,  following its involvement in the Cambridge Analytica fiasco. Prior to the scandal, the social media giant has removed the access of third-party developers to personal information. This policy change reportedly led to the failure of Six4Three’s controversial paid app Pikinis, where users can find their Facebook friends’ swimsuit photos.

Along with accusations of causing its financial ruin, Six4Three claimed that Facebook ‘weaponized’ its ability to access user data, sometimes without explicit consent, to earn billions of dollars. There was also a mass surveillance scheme, details of which were redacted from the latest filings per Facebook’s request. These documents, such as email correspondence among senior executives, contain confidential business matters and were sealed from public view until further notice. 

Facebook has continued to deny the purported claims, filing a motion to have the case dismissed by invoking the free speech defense under the law in California. Six4Three, on the other hand, is trying to stop the social media giant from getting the case thrown out. As the legal battle wages on, Facebook still faces continued scrutiny over its users’ paranoia on weak data privacy and protection controls.

The post Facebook 'Weaponized' User Data, Says Bikini Photo-Finding App Developer appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

Search Buzz Video Recap: Google Search Console News, Google User Interface Changes & AdWords Report Editor

This week in search, we saw a preview of the new Google Search Console that is in beta. Google also changed how they report in Search Analytics the impressions and average…


Search Engine Roundtable

Posted in IM NewsComments Off

JavaScript & SEO: Making Your Bot Experience As Good As Your User Experience

Posted by alexis-sanders

Understanding JavaScript and its potential impact on search performance is a core skillset of the modern SEO professional. If search engines can’t crawl a site or can’t parse and understand the content, nothing is going to get indexed and the site is not going to rank.

The most important questions for an SEO relating to JavaScript: Can search engines see the content and grasp the website experience? If not, what solutions can be leveraged to fix this?


Fundamentals

What is JavaScript?

When creating a modern web page, there are three major components:

  1. HTML – Hypertext Markup Language serves as the backbone, or organizer of content, on a site. It is the structure of the website (e.g. headings, paragraphs, list elements, etc.) and defining static content.
  2. CSS – Cascading Style Sheets are the design, glitz, glam, and style added to a website. It makes up the presentation layer of the page.
  3. JavaScript – JavaScript is the interactivity and a core component of the dynamic web.

Learn more about webpage development and how to code basic JavaScript.

javacssseo.gif

Image sources: 1, 2, 3

JavaScript is either placed in the HTML document within <script> tags (i.e., it is embedded in the HTML) or linked/referenced. There are currently a plethora of JavaScript libraries and frameworks, including jQuery, AngularJS, ReactJS, EmberJS, etc.

JavaScript libraries and frameworks:

What is AJAX?

AJAX, or Asynchronous JavaScript and XML, is a set of web development techniques combining JavaScript and XML that allows web applications to communicate with a server in the background without interfering with the current page. Asynchronous means that other functions or lines of code can run while the async script is running. XML used to be the primary language to pass data; however, the term AJAX is used for all types of data transfers (including JSON; I guess “AJAJ” doesn’t sound as clean as “AJAX” [pun intended]).

A common use of AJAX is to update the content or layout of a webpage without initiating a full page refresh. Normally, when a page loads, all the assets on the page must be requested and fetched from the server and then rendered on the page. However, with AJAX, only the assets that differ between pages need to be loaded, which improves the user experience as they do not have to refresh the entire page.

One can think of AJAX as mini server calls. A good example of AJAX in action is Google Maps. The page updates without a full page reload (i.e., mini server calls are being used to load content as the user navigates).

Related image

Image source

What is the Document Object Model (DOM)?

As an SEO professional, you need to understand what the DOM is, because it’s what Google is using to analyze and understand webpages.

The DOM is what you see when you “Inspect Element” in a browser. Simply put, you can think of the DOM as the steps the browser takes after receiving the HTML document to render the page.

The first thing the browser receives is the HTML document. After that, it will start parsing the content within this document and fetch additional resources, such as images, CSS, and JavaScript files.

The DOM is what forms from this parsing of information and resources. One can think of it as a structured, organized version of the webpage’s code.

Nowadays the DOM is often very different from the initial HTML document, due to what’s collectively called dynamic HTML. Dynamic HTML is the ability for a page to change its content depending on user input, environmental conditions (e.g. time of day), and other variables, leveraging HTML, CSS, and JavaScript.

Simple example with a <title> tag that is populated through JavaScript:

HTML source

DOM

What is headless browsing?

Headless browsing is simply the action of fetching webpages without the user interface. It is important to understand because Google, and now Baidu, leverage headless browsing to gain a better understanding of the user’s experience and the content of webpages.

PhantomJS and Zombie.js are scripted headless browsers, typically used for automating web interaction for testing purposes, and rendering static HTML snapshots for initial requests (pre-rendering).


Why can JavaScript be challenging for SEO? (and how to fix issues)

There are three (3) primary reasons to be concerned about JavaScript on your site:

  1. Crawlability: Bots’ ability to crawl your site.
  2. Obtainability: Bots’ ability to access information and parse your content.
  3. Perceived site latency: AKA the Critical Rendering Path.

Crawlability

Are bots able to find URLs and understand your site’s architecture? There are two important elements here:

  1. Blocking search engines from your JavaScript (even accidentally).
  2. Proper internal linking, not leveraging JavaScript events as a replacement for HTML tags.

Why is blocking JavaScript such a big deal?

If search engines are blocked from crawling JavaScript, they will not be receiving your site’s full experience. This means search engines are not seeing what the end user is seeing. This can reduce your site’s appeal to search engines and could eventually be considered cloaking (if the intent is indeed malicious).

Fetch as Google and TechnicalSEO.com’s robots.txt and Fetch and Render testing tools can help to identify resources that Googlebot is blocked from.

The easiest way to solve this problem is through providing search engines access to the resources they need to understand your user experience.

!!! Important note: Work with your development team to determine which files should and should not be accessible to search engines.

Internal linking

Internal linking should be implemented with regular anchor tags within the HTML or the DOM (using an HTML tag) versus leveraging JavaScript functions to allow the user to traverse the site.

Essentially: Don’t use JavaScript’s onclick events as a replacement for internal linking. While end URLs might be found and crawled (through strings in JavaScript code or XML sitemaps), they won’t be associated with the global navigation of the site.

Internal linking is a strong signal to search engines regarding the site’s architecture and importance of pages. In fact, internal links are so strong that they can (in certain situations) override “SEO hints” such as canonical tags.

URL structure

Historically, JavaScript-based websites (aka “AJAX sites”) were using fragment identifiers (#) within URLs.

  • Not recommended:
    • The Lone Hash (#) – The lone pound symbol is not crawlable. It is used to identify anchor link (aka jump links). These are the links that allow one to jump to a piece of content on a page. Anything after the lone hash portion of the URL is never sent to the server and will cause the page to automatically scroll to the first element with a matching ID (or the first <a> element with a name of the following information). Google recommends avoiding the use of “#” in URLs.
    • Hashbang (#!) (and escaped_fragments URLs) – Hashbang URLs were a hack to support crawlers (Google wants to avoid now and only Bing supports). Many a moon ago, Google and Bing developed a complicated AJAX solution, whereby a pretty (#!) URL with the UX co-existed with an equivalent escaped_fragment HTML-based experience for bots. Google has since backtracked on this recommendation, preferring to receive the exact user experience. In escaped fragments, there are two experiences here:
      • Original Experience (aka Pretty URL): This URL must either have a #! (hashbang) within the URL to indicate that there is an escaped fragment or a meta element indicating that an escaped fragment exists (<meta name=”fragment” content=”!”>).
      • Escaped Fragment (aka Ugly URL, HTML snapshot): This URL replace the hashbang (#!) with “_escaped_fragment_” and serves the HTML snapshot. It is called the ugly URL because it’s long and looks like (and for all intents and purposes is) a hack.

Image result

Image source

  • Recommended:
    • pushState History API – PushState is navigation-based and part of the History API (think: your web browsing history). Essentially, pushState updates the URL in the address bar and only what needs to change on the page is updated. It allows JS sites to leverage “clean” URLs. PushState is currently supported by Google, when supporting browser navigation for client-side or hybrid rendering.
      • A good use of pushState is for infinite scroll (i.e., as the user hits new parts of the page the URL will update). Ideally, if the user refreshes the page, the experience will land them in the exact same spot. However, they do not need to refresh the page, as the content updates as they scroll down, while the URL is updated in the address bar.
      • Example: A good example of a search engine-friendly infinite scroll implementation, created by Google’s John Mueller (go figure), can be found here. He technically leverages the replaceState(), which doesn’t include the same back button functionality as pushState.
      • Read more: Mozilla PushState History API Documents

Obtainability

Search engines have been shown to employ headless browsing to render the DOM to gain a better understanding of the user’s experience and the content on page. That is to say, Google can process some JavaScript and uses the DOM (instead of the HTML document).

At the same time, there are situations where search engines struggle to comprehend JavaScript. Nobody wants a Hulu situation to happen to their site or a client’s site. It is crucial to understand how bots are interacting with your onsite content. When you aren’t sure, test.

Assuming we’re talking about a search engine bot that executes JavaScript, there are a few important elements for search engines to be able to obtain content:

  • If the user must interact for something to fire, search engines probably aren’t seeing it.
    • Google is a lazy user. It doesn’t click, it doesn’t scroll, and it doesn’t log in. If the full UX demands action from the user, special precautions should be taken to ensure that bots are receiving an equivalent experience.
  • If the JavaScript occurs after the JavaScript load event fires plus ~5-seconds*, search engines may not be seeing it.
    • *John Mueller mentioned that there is no specific timeout value; however, sites should aim to load within five seconds.
    • *Screaming Frog tests show a correlation to five seconds to render content.
    • *The load event plus five seconds is what Google’s PageSpeed Insights, Mobile Friendliness Tool, and Fetch as Google use; check out Max Prin’s test timer.
  • If there are errors within the JavaScript, both browsers and search engines won’t be able to go through and potentially miss sections of pages if the entire code is not executed.

How to make sure Google and other search engines can get your content

1. TEST

The most popular solution to resolving JavaScript is probably not resolving anything (grab a coffee and let Google work its algorithmic brilliance). Providing Google with the same experience as searchers is Google’s preferred scenario.

Google first announced being able to “better understand the web (i.e., JavaScript)” in May 2014. Industry experts suggested that Google could crawl JavaScript way before this announcement. The iPullRank team offered two great pieces on this in 2011: Googlebot is Chrome and How smart are Googlebots? (thank you, Josh and Mike). Adam Audette’s Google can crawl JavaScript and leverages the DOM in 2015 confirmed. Therefore, if you can see your content in the DOM, chances are your content is being parsed by Google.

adamaudette - I don't always JavaScript, but when I do, I know google can crawl the dom and dynamically generated HTML

Recently, Barry Goralewicz performed a cool experiment testing a combination of various JavaScript libraries and frameworks to determine how Google interacts with the pages (e.g., are they indexing URL/content? How does GSC interact? Etc.). It ultimately showed that Google is able to interact with many forms of JavaScript and highlighted certain frameworks as perhaps more challenging. John Mueller even started a JavaScript search group (from what I’ve read, it’s fairly therapeutic).

All of these studies are amazing and help SEOs understand when to be concerned and take a proactive role. However, before you determine that sitting back is the right solution for your site, I recommend being actively cautious by experimenting with small section Think: Jim Collin’s “bullets, then cannonballs” philosophy from his book Great by Choice:

“A bullet is an empirical test aimed at learning what works and meets three criteria: a bullet must be low-cost, low-risk, and low-distraction… 10Xers use bullets to empirically validate what will actually work. Based on that empirical validation, they then concentrate their resources to fire a cannonball, enabling large returns from concentrated bets.”

Consider testing and reviewing through the following:

  1. Confirm that your content is appearing within the DOM.
  2. Test a subset of pages to see if Google can index content.
  • Manually check quotes from your content.
  • Fetch with Google and see if content appears.
  • Fetch with Google supposedly occurs around the load event or before timeout. It’s a great test to check to see if Google will be able to see your content and whether or not you’re blocking JavaScript in your robots.txt. Although Fetch with Google is not foolproof, it’s a good starting point.
  • Note: If you aren’t verified in GSC, try Technicalseo.com’s Fetch and Render As Any Bot Tool.

After you’ve tested all this, what if something’s not working and search engines and bots are struggling to index and obtain your content? Perhaps you’re concerned about alternative search engines (DuckDuckGo, Facebook, LinkedIn, etc.), or maybe you’re leveraging meta information that needs to be parsed by other bots, such as Twitter summary cards or Facebook Open Graph tags. If any of this is identified in testing or presents itself as a concern, an HTML snapshot may be the only decision.

2. HTML SNAPSHOTS
What are HTmL snapshots?

HTML snapshots are a fully rendered page (as one might see in the DOM) that can be returned to search engine bots (think: a static HTML version of the DOM).

Google introduced HTML snapshots 2009, deprecated (but still supported) them in 2015, and awkwardly mentioned them as an element to “avoid” in late 2016. HTML snapshots are a contentious topic with Google. However, they’re important to understand, because in certain situations they’re necessary.

If search engines (or sites like Facebook) cannot grasp your JavaScript, it’s better to return an HTML snapshot than not to have your content indexed and understood at all. Ideally, your site would leverage some form of user-agent detection on the server side and return the HTML snapshot to the bot.

At the same time, one must recognize that Google wants the same experience as the user (i.e., only provide Google with an HTML snapshot if the tests are dire and the JavaScript search group cannot provide support for your situation).

Considerations

When considering HTML snapshots, you must consider that Google has deprecated this AJAX recommendation. Although Google technically still supports it, Google recommends avoiding it. Yes, Google changed its mind and now want to receive the same experience as the user. This direction makes sense, as it allows the bot to receive an experience more true to the user experience.

A second consideration factor relates to the risk of cloaking. If the HTML snapshots are found to not represent the experience on the page, it’s considered a cloaking risk. Straight from the source:

“The HTML snapshot must contain the same content as the end user would see in a browser. If this is not the case, it may be considered cloaking.”
Google Developer AJAX Crawling FAQs

Benefits

Despite the considerations, HTML snapshots have powerful advantages:

  1. Knowledge that search engines and crawlers will be able to understand the experience.
    • Certain types of JavaScript may be harder for Google to grasp (cough… Angular (also colloquially referred to as AngularJS 2) …cough).
  2. Other search engines and crawlers (think: Bing, Facebook) will be able to understand the experience.
    • Bing, among other search engines, has not stated that it can crawl and index JavaScript. HTML snapshots may be the only solution for a JavaScript-heavy site. As always, test to make sure that this is the case before diving in.

"It's not just Google understanding your JavaScript. It's also about the speed." -DOM - "It's not just about Google understanding your Javascript. it's also about your perceived latency." -DOM

Site latency

When browsers receive an HTML document and create the DOM (although there is some level of pre-scanning), most resources are loaded as they appear within the HTML document. This means that if you have a huge file toward the top of your HTML document, a browser will load that immense file first.

The concept of Google’s critical rendering path is to load what the user needs as soon as possible, which can be translated to → “get everything above-the-fold in front of the user, ASAP.”

Critical Rendering Path – Optimized Rendering Loads Progressively ASAP:

progressive page rendering

Image source

However, if you have unnecessary resources or JavaScript files clogging up the page’s ability to load, you get “render-blocking JavaScript.” Meaning: your JavaScript is blocking the page’s potential to appear as if it’s loading faster (also called: perceived latency).

Render-blocking JavaScript – Solutions

If you analyze your page speed results (through tools like Page Speed Insights Tool, WebPageTest.org, CatchPoint, etc.) and determine that there is a render-blocking JavaScript issue, here are three potential solutions:

  1. Inline: Add the JavaScript in the HTML document.
  2. Async: Make JavaScript asynchronous (i.e., add “async” attribute to HTML tag).
  3. Defer: By placing JavaScript lower within the HTML.

!!! Important note: It’s important to understand that scripts must be arranged in order of precedence. Scripts that are used to load the above-the-fold content must be prioritized and should not be deferred. Also, any script that references another file can only be used after the referenced file has loaded. Make sure to work closely with your development team to confirm that there are no interruptions to the user’s experience.

Read more: Google Developer’s Speed Documentation


TL;DR – Moral of the story

Crawlers and search engines will do their best to crawl, execute, and interpret your JavaScript, but it is not guaranteed. Make sure your content is crawlable, obtainable, and isn’t developing site latency obstructions. The key = every situation demands testing. Based on the results, evaluate potential solutions.

Thanks: Thank you Max Prin (@maxxeight) for reviewing this content piece and sharing your knowledge, insight, and wisdom. It wouldn’t be the same without you.

Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!


Moz Blog

Posted in IM NewsComments Off

Google Expands User Search With ‘Personal’ Tab

Google has rolled out a new feature in their search engine portal, allowing users to track their own online footprints.

Dubbed “Personal,” the new feature will expand the user’s search to include the whole Google portfolio. So if you have an account with Gmail, Google+, or saved a photo or video on the cloud, chances are you can find them by filtering your search further.

Accessing Google Personal is quite straightforward. You just have to type your query in the search box like you ordinarily would. After the results are shown, you can scroll to the top right to find “More,” and click on the drop-down list where you can find “Personal.” You can then access your own online history.

If you search for “Kentucky” for instance, any photos, clips, or references you have made using that word will turn up in the search results page. Even your email messages that contain that particular keyword are extracted and laid out for you.

Of course, you need to be logged in to your account to do this. The message, “Only you can see these results,” is right there for you to read after accessing this feature.

Google has not really formally announced the launch of this feature. But it seems like it’s going to a be a staple in the search box. However, it’s not available for Android or iOS, although analysts think that it’s only a matter of time before you can use the feature on mobile platforms. It also doesn’t support Google Drive for now.

Google Personal is another way for the search engine company to data mine your personal information, which makes it easier for targeted ads to find you. This seems to be in line with the announcement of the company during the I/O conference for the Google Lens.

The lens converts information search from text to visual. By training the camera on an object, the user will be able to find the species of an unknown insect, for instance. They can also read up on the reviews or menu of a restaurant when they focus their camera on the establishment before going in. It’s supposed to be equipped with machine-learning that allows you to translate menus written in a foreign language.

In the same vein, Google Personal will allow users to relinquish more information about their search patterns, preferences, and biases. Again, privacy issues are being called to question, although the company seems to be simply testing the waters at this point.

The post Google Expands User Search With ‘Personal’ Tab appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

Google Lists Top Websites In Carousel User Interface

Last week we reported on a new user interface rollout by Google showing a top carousel filter to help you expand or diversify your search query.

Well…


Search Engine Roundtable

Posted in IM NewsComments Off

Facebook to Enable Mid-Roll Ads in User Posted Videos

Facebook is finally bringing monetization to videos that are posted by its users, letting video makers include mid-roll ads, according to Recode. “Industry sources say the social network is going to start testing a new “mid-roll” ad format, which will give video publishers the chance to insert ads into their clips after people have watched them for at least 20 seconds.”

Facebook is careful to match the same ad payout to publishers (55%) as YouTube, which we suspect is to avoid an ad payment war with its video platform rival. Facebook will differentiate its videos by serving a mid-roll ad instead of the dreaded pre-roll that most videos include. However, on YouTube the pre-roll ads can be discontinued by clicking “skip ad” after 5 seconds. It will be interesting to see if Facebook offers a similar way to end the ad interruption.

Facebook has been focused on video for the last few years, and at one point a Facebook executive said that “Facebook will be all video within 5 years.”

“Over the past six months we have been particularly focused on Live video. Live represents a new way to share what’s happening in more immediate and creative ways,” Zuckerberg said earlier this year. “This quarter Candace Payne’s Chewbacca mask video was viewed almost 160 million times.”

Not everybody is happy about Facebook’s video advertising plans:

The post Facebook to Enable Mid-Roll Ads in User Posted Videos appeared first on WebProNews.


WebProNews

Posted in IM NewsComments Off

Google begins rolling out a new desktop search user interface

Check out the new desktop search interface rolling out to a Google near you.

The post Google begins rolling out a new desktop search user interface appeared first on Search Engine Land.



Please visit Search Engine Land for the full article.


Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

Advert