Claims that 'small businesses can easily die if they rely too much on Google'

Google offers a number of useful services such as Gmail, Google Cloud, and Google Ads, and various small businesses, including

SaaS startups, rely on Google's services. However, as a result of being overly dependent on Google's services, 'it has been excluded from Google's search results', 'Android apps have been removed from the Google Play store, and the services are no longer reaching users' 'API The price has changed significantly, or it has simply been abolished and disappeared. ' Gonzalo Saints, founder and IT adviser of Invgate , a company that operates and supports IT services for companies in cases where companies that depend on Google services are in danger of survival due to a sudden change in policy Mr. Trepaga explains.

A fresh new avenue for Google to kill your SaaS startup | Gonzalo Sainz-Trápaga | Medium

If the domain of the site or service is blacklisted by Google Safe Browsing , access will be blocked from Google Chrome with a browser market share of 63% or more at the time of article creation, and it will also be excluded from Google search results. It will be done and the traffic will be drastically reduced. In addition, if you try to access it by entering the URL directly, you will see warning messages such as 'This site is suspected of being a fraudulent site' and 'The site may be loaded with malware' with a red background.

Invgate, a company that operates and supports IT services for companies operated by Mr.

Trepaga, also said that there was a case where the site of the company in charge was warned by Google Safe Browsing. As a result of the investigation, it was found that the URL of Amazon CloudFront , which was used as a content delivery network (CDN) to provide static assets such as CSS and JavaScript, was blacklisted.

However, even after investigating why it was blacklisted for Google Safe Browsing in the first place, Google's report on the site said, 'This page tricks users into installing unnecessary software and leaking personal information. I'm trying to take a risk. 'The specific cause is unknown.

The Invgate response team requested a review of the site with the message 'The problem has been resolved, please provide more information.'

And, about an hour after the review request, while setting a new CDN on the customer's site and moving to a new domain, the customer's site was deleted from the Google Safe Browsing blacklist. Two hours later, I received an auto-sent email telling me that the site was successfully reviewed, but it remained unclear what caused the CDN URL to be blacklisted.

From these cases, Trepaga says he learned four lessons:

◆ 1: Set up a subdomain for each service to spread the risk
According to Trepaga, Google Safe Browsing will flag the entire domain or subdomain. So, for example, for websites, for applications, for European customers, for customers on the east coast of the United States, etc. The impact is mitigated by distributing it across multiple domains.

◆ 2: Do not host the data brought in by the customer in the main domain. Or do not let it upload to the server without permission
As a result of an investigation by Invgate, it seems that many of the cases blacklisted in Google Safe Browsing were caused by 'a customer unknowingly uploaded a malicious file to a server'. Although the malicious file itself does not affect the system, its presence can also blacklist the entire domain.

◆ 3: Confirm the ownership of the site with Google Search Console and actively claim it
It's not possible to prevent the site from being blacklisted, but it will ensure that you receive an email when a problem occurs and you will be able to respond quickly to the problem.

◆ 4: Prepare an alternative domain and prepare to switch immediately
Design your system so that you can easily change the referenced service domain name and keep it waiting for available alternative domains. For example, define as the CNAME of so that you can use the tool to update your app's configuration to load assets from an alternate domain in the event of an emergency.

In addition, Mr. Trepaga said that if a SaaS application or website is registered by Google Safe Browsing, 'quickly switch the application to another domain name', 'check the report of Google Search Console', ' If your site is hacked, we'll fix it and then request a security review. ”“ The review can take weeks, so we'll just start migrating to a new domain. ”

'Google, a giant company that automates its services, inadvertently crushes a small company like an ant when sitting in a huge chair and fine-tuning the position of its butt,' Trepaga said. Small companies desperately try to let Google know that they're being crushed, but they can only reach Google's automated support desk. '

Of course, when the CEO of a small company is a Google executive and a classmate of a university, or when an article posted by the CTO (Chief Technology Officer) on Medium becomes a hot topic on the net, Google notices the complaint of the small company. We may also try to resolve it. However, Trepaga argued that 'as much as possible we should not build businesses that are overly dependent on Google's services,' and 'make our services and sites independent of the walled garden of Google.' If you manage it, you'll probably be able to survive even a small company. '

in Web Service, Posted by log1i_yk