Please, Do Not Publicise Your Email Address

We've seen a few reports, recently, about stolen blogs, in Blogger Help Forum: Something Is Broken.

Why is my blog not on my dashboard - and why is somebody else publishing, and using my name?

There are so many reports from people who are not using Google "One Account" login properly, that the significance of this problem report was initially overlooked.

More than a few such reports started with the blog owner email address being openly disclosed - generally on the blog, or in comments. Too many blog owners want to be contacted - and they innocently provide their email addresses as a contact point.

We've known, for years, about disclosed email addresses, and brute force password guessing. That is not the only way your email address can be used, to gain access to your Blogger account, however.

Google recently had to deal with a very carefully executed hacking project, where Blogger and Google account owners received some well phrased advice, in their email.

Google treats policy violations and invalid activity very seriously in order to protect the users, publishers, and advertisers who make up our advertising ecosystem. While we usually notify publishers and take action for policy and invalid activity at the site level, there may be times when we will need to suspend or disable accounts due to policy violations or invalid activity.

Our hope is that you will be able to resolve your policy issues during the suspension period using This Link

I'm betting that the above message was written, very carefully, by hackers who studied the phrasing and wording of the many abuse / spam / TOS violation notices, sent out by Blogger Support constantly.

Many of the recipients of the email are the same crowd that I encountered, several years ago, when we saw similar numbers of reports about the same type of stolen blogs. The owners typically

• Post their email address, or provide it for contact, visibly.
• Participate in comment based networking, on their blog, and openly state their email address.
• Participate in comment based networking, on similar blogs, and openly state their email address.

Each of these activities can be used, by the bad guys, to build lists of email addresses, of people who can be easily persuaded by an email message, to resolve their policy issues using the link provided. And this led to a number of reports, in the forums, about stolen blogs - and mentioning email, offering to sell the stolen blogs back, to the rightful owners.

If you want contact from your readers, there are more safe ways to allow this.

• The Blogger "Contact Me" form.
• Blogger based comments, with email address concealed (and not stated openly).
• Google+ based comments / networking, with email address never involved (and not stated openly).

All of the above contact options give you a possibility of hearing from and / or networking with, your readers - and none of these options require you to disclose your email address, to the world at large.

Just don't disclose your email address, to the world at large. Your email address is one half of the security measure, as designed by Google - that prevents unknown individuals, from taking control of your Blogger account and your blogs.

Finally, if you are not yet using Google 2-Step Verification, this is the time. If you were one of the victims of the recent attack, you know the despair. If not, you truly don't want to be. In either case, you should really want to protect your account, and your blogs.

Complaint Volume Affects Speed Of Abuse Resolution

We see various complaints, in Blogger Help Forum: Something Is Broken, about perceived poor response, in removing offensive blogs.

I've reported this blog, repeatedly, for impersonating me - and it's still online!

or

That other blog was removed from service after only a couple of days! Why is this blog still online??

These bloggers do not understand that complaint volume, against different blogs, can affect how promptly Blogger Policy / Google Legal can take action, and remove problem blogs.

Various details affect how many complaints are placed, against any blog.

• Offensiveness. A blatantly offensive blog will offend more people - and will be reported by more people, than a mildly offensive blog.
• Traffic. An offensive blog that gets hundreds of hits daily will be seen by more people, than a blog that gets a few hits daily - and will be reported by more people.
• Victims. An offensive blog that attacks hundreds of people will get reported more than a blog that is only personally offensive, to a few people.

Each of these minor details will cause some blogs to attract more complaints - and to be examined sooner, by Blogger and by Google staff.

Blogger Policy Review and Google Legal prioritise blog investigation, based on complaint report volume.

Blogs which get hundreds of complaints will receive attention sooner than blogs which only get a few complaints. In some cases, the complaint volume may even be used as a major factor, in the final decision to terminate the blog. This is simple business practice, and one more principle of Risk Management.

Knowing that complaint volume affects resolution speed, do not make unnecessary multiple complaints - maybe under multiple accounts or names. Google Security uses sophisticated traffic analysis techniques in dealing with denial of service attacks - such as referer spam, and brute force password guessing. They can apply similar techniques to determine that multiple abuse complaints, against specific blogs, are coming from one person.

Don't subject your computer, or Google account, to placement in a "Denial Of Service" complaint offender database, from detected multiple attempts to have a mildly offensive (or personally offensive) blog deleted, for odd reasons - such as you need to delete your blog, but forgot the password.

Don't misuse the abuse reporting system. Remember that the other blog owners have rights.

Report an offensive blog once - then, be patient. And let Google Legal objectively evaluate the content of the blog in question.

Custom Domains Do Not Always Need Ownership Verification

We're seeing a new source of confusion, in Blogger Help Forum: How Do I?, with blog owners trying to publish to a custom domain URL.

How do I get my second "CNAME"?

The Publishing wizard does not, always, provide instructions for ownership verification - and some owners don't understand that ownership verification is only necessary when it's demanded.

When ownership verification was first introduced, whenever a blog owner would use the Publishing wizard, to publish or re publish to any non BlogSpot URL, every use of the wizard would involve creating a new ownership verification "CNAME".

The ownership verification "certificate" is unique to both the URL being published, and the time the publishing takes place. If the owner waited too long between publishing attempts, a new "CNAME" would be again demanded. If multiple hosts were published in a domain, multiple "CNAME"s were required.

In some cases, each domain address being added would require at least 2 "CNAME"s - the DNS address for the published host ("ghs.google.com"), and the ownership verification (the long, random text). Domains with multiple hosts would end up with multiple, redundant, and useless ownership verification "CNAME"s.

Later, Blogger changed the requirement, so only one verification was required, for the domain.

Each domain now has an ownership verification indicator, invisible to us. If ownership is verified once, that is generally enough. When you publish to a domain URL, either a verification "CNAME" Is required, or it is not required.

In some cases, trying to Publish to a domain URL, with bogus base DNS addresses, will generate another infamous "bX" code - or the blog will seem to publish, but may be offline when accessed. Upon correction of the problem, with righteous DNS addresses setup, the Publishing wizard will simply publish, and the domain will be operational.

In either case, no second "CNAME" will be required. When the domain is operational, you wait for domain propagation (formerly called "Transition") to complete. While waiting, you continue the migration.

When the migration process is complete, you get on with publishing the blog.

If it should be necessary to re publish to the same host, or publish to a different host, in the domain - and ownership verification is required, instructions for adding a new "CNAME" will be provided. When the new "CNAME" Is needed, the new verification address (again, sensitive to domain address and to time of request) will be displayed in the Publishing wizard.

If ownership verification is not required, and the domain becomes operational when the Publishing wizard is used, you are done.

Some owners will use Google Webmaster Tools, and manually generate an ownership verification. This will give you specifications for a "CNAME" / "TXT" that is unnecessary now - and later, will be out of date. And, if your domain zone edit file is limited in size, this will unnecessarily limit the number of hosts you can add.

Helpful instructions by Blogger not withstanding, you need to add righteous DNS addresses, and get the domain working.

If ownership verification is required, add the required "CNAME". If ownership verification is not required, finish the domain migration, then get on with publishing the blog.

>> Top

Why Are Some Custom Domain Published Blogs Inconsistently Online?

I've been using affinity analysis, and differential analysis, as tools for diagnosing intermittent problems with custom domain published blogs, for several years.

Some people may be using a browser which is more forgiving of DNS problems than others - and people who use the right browser, when accessing a domain with righteous DNS addresses, should expect to generally get more consistent service. But that's only a small part of the story.

DNS is the basis for custom domain publishing - and DNS is used in a number of ways. This creates a number of bases for inconsistencies.

• Inconsistencies From The Browser
• Inconsistencies From Individual DNS servers
• Inconsistencies From Large ISP DNS Servers
• Inconsistencies From The Google Name Servers
• Inconsistencies From WorldWide DNS Services
• Inconsistencies From The WorldWide Internet Infrastructure

The Browser
Some browsers, if they have a problem getting an IP address for the domain root (using the 4 x "A" servers) may automatically use the "www" alias.

If your domain provides only 1 x "A" address, it may be more susceptible to problems, when this aliasing of the domain root and "www" host are in use - since an outage which involves 1 "A" server may be more common than an outage which might involve all 4 x "A" servers simultaneously.

If your domain is not setup with both the domain root and "www" host properly addressed - or if the domain root to "www" host redirect is not enabled, the domain may not perform consistently.

Individual DNS servers
No people (you, or your readers) access the domain registrar's servers directly, to get the address of your domain. You use "local" DNS servers - the DNS severs provided by your ISP (or maybe a custom third party service like like GoogleDNS or OpenDNS). The "local" DNS servers that you use retrieve DNS addresses from the "authoritative" DNS servers provided by the registrar. The registrar servers reference the 4 x "A" / "CNAME" servers, provided by Google, using "referral", to get the address of your blog.

The servers that you use only access the registrars servers periodically, thanks to DNS cache. That's the mysterious TTL, which your domain's authoritative DNS servers specify. If the address for your domain is in cache, on any local DNS server, and cache is not expired (the address was retrieved any time in the previous TTL period) the local DNS server that you use simply issues what it already has.

Since almost every different reader of your blog uses a different "local" DNS server, you're going to see inconsistency in problem reports, from your readers.

Large ISP DNS Servers
If your domain is popular, people accessing your domain from a large ISP - or an ISP that is close to you geographically (if your readers are geographically concentrated) - is more likely to have the DNS addresses, for your domain, in cache. In this case, no retrieval from the registrar's servers will be necessary. The higher the TTL, the greater the chance this will be the case.

The Google Name Servers
If your readers are accessing your domain using the "www" alias, they are using the "ghs.google.com" name server for accessing your blog. The design of "ghs.google.com" means that everybody on the Internet, accessing any Blogger blog published to a custom domain, uses the same DNS addresses, cached locally. This too means that large ISPs - who are more likely to have somebody (if not you) accessing some Blogger blog published to a custom domain - are more likely to have the address for your blog in cache.

Your blog, and your domain, are addressed separately, and require separate DNS servers. This is why a righteously addressed domain uses "CNAME" referral, when mapping your domain to your blog. And this is why you have to purchase (or setup) DNS hosting, when you register your domain.

WorldWide DNS Services
Some of the 4 x "A" and "CNAME" servers, provided by Google, are not completely unique. Many large DNS infrastructures - like those provided by eNom, GoDaddy, and Google - have "unique" IP addresses replicated worldwide, using "Anycast DNS". This feature can sometimes create regionally concentrated outages, with some domains - as we have seen periodically, with eNom.

The WorldWide Internet Infrastructure
The combinations of browser used, domain popularity, ISP size (customer population), and regional outages, will always cause discrepancies between domains, and people in different locations and using different ISPs. What you (one person) see, where you are, may be completely different from what one of your readers (or my readers) sees, when using a different ISP, in another country, and a different browser.

Thanks to the transient nature of IP networking, you may "test" or observe problems over minutes or hours - but many DNS problems can appear and disappear in seconds. That''s in spite of what you would expect from cache / TTL latency.

All of these seemingly insignificant details, when fully understood, may help to explain why I continually insist on using righteous DNS addresses, whenever a custom domain publishing problem is encountered. Righteous addresses won't necessarily solve all of the above problems - but it may eliminate some of the inconsistencies, and make it possible that we could, eventually, diagnose the problem.

>> Top

Confusion From Email Spam Detection, And Non GMail Email

We're seeing a few reports in Blogger Help Forum: Something Is Broken about problems with email, sent by Blogger, when the destination is a non GMail email system.

Some email systems verify the sending email address, against IP address. With these systems, email which originates from a Blogger account that's based on a non GMail email address, and comes from a Blogger / Google IP address, is going to present a problem, to the account owners.

If your Blogger account is based on a non GMail email address - and your blog provides any of various "notification" / "subscription" services.

• "BlogSend" (aka "Email posts to") based subscriptions.
• Comment moderation or notification email.
• Your readers like to comment authenticated, and select the "Email follow-up comments ..." option.
• The Blogger supplied "Contact Me" accessory gadget.

You're going to have email "bounced" by some (non GMail) email clients. This will be a similar problem, if a reader sends you email - or Blogger relays you email based on your reader request, as in comment notification or contact form entries.

Note that "bounced" email may not be treated as spam. Some "bounced" email never gets as far as a spam filter - it may simply be rejected. You will look, in vain, in "Bulk", "Inbox", and "Spam" folders.

Blogger originated email, to certain email clients, will be bounced, because Blogger sends the notification / subscription email with your Blogger account (your readers account) mentioned, as the sender.

With Blogger comment moderation / notification email coming from a non GMail based Blogger account, and sent from a Google IP address, an email client such as AOL, HotMail, or Yahoo, which verifies email address against IP address, is going to reject the incoming email message. This is because "Sender Policy Framework", which AOL, HotMail, Yahoo, and other email systems use, detects the originating address as "spoofed".

Spoofing is a common technique used by spammers, in hiding their email identity. Most email based spam is spoofed - so email systems, which use DKIM or SPF filters to identify spam, will bounce any messages which do not verify properly - when IP address and originating email address are compared.

The problem may also involve comment subscription email. This may result in bounce messages being sent to the person attempting to publish a comment. This causes more confusion.

The solution, to the problem with moderation / notification email, is simple - but unlikely to satisfy many Blogger account owners. You will have to use a GMail email address, for comment moderation or notification. Until Blogger Engineering figure a better way to send the moderation / notification email, email clients such as AOL, HotMail, and Yahoo will have this problem.

If the blog owner changes ownership of a blog, from a non GMail based Blogger account to a GMail based account, and neglects to change the comment moderation / notification email address, the bounce messages will likely continue. What might happen with comment subscription email is yet to be determined.

This problem, as discussed above, affects the comment moderation process. While annoying to some blog owners (as noted, those using non GMail based Blogger accounts / email addresses), the problem is not all that severe. Affected blog owners can use the Blogger dashboard Comments wizard, to moderate comments. Also, blog owners, who moderate comments after they are published, may not even notice this problem.

This problem may also affect membership invitations to private / team blogs This will be a more severe issue, in that this problem will affect all blogs with owners using non GMail email addresses, and with prospective blog members on large non GMail email systems - because there will be no dashboard based wizard - and no possibility of moderation after publishing.

The involvement of Google Apps based (non "gmail.com" Google email) Blogger accounts, and Blogger originated email, is yet to be studied. Also please note that Blogger account email addresses, and comment moderation / notification email addresses, do not have to be the same - and this may cause still more confusion.

Your Right To Be Forgotten Does Not Supersede My Right To Retain Ownership Of My Blog

Thanks to a recent decision by the European Courts, many people are claiming the right to delete their blogs, and to have the search engines stop indexing their blogs.

Some people believe that this newly defined right entitles them to recover control of their blogs, published long ago, with access (account name and password) long forgotten. A few such people even have blogs owned by "legacy" Blogger accounts, never converted to Blogger / Google accounts.

Nobody has the right to unilaterally take control of a blog that may belong to somebody else. If you cannot prove yourself to be the owner of a given blog, Blogger Support should not provide to you control of that blog. Whether you want to delete a blog, or to change the content, you have to prove ownership of the blog.

So called "legacy" blogs are a concern, because even Blogger Support cannot authoritatively identify all "legacy" accounts. All that they can say is

If your blog was created before 2007, you may have a "legacy" Blogger account.

More properly, since some blogs were converted transparently (without realisation of the owner), they should say

If your blog was created before 2007, and never converted, you may have a "legacy" Blogger account.

The "legacy" account conversion took many years - and everybody was given many months of warning, to get their accounts converted. This was not an overnight process.

All that you can do is to try to convert your Blogger account, and see if you get control of your long forgotten blog. Even if converted, though, you have to be able to prove ownership of the account, once it's been converted - just as you have to prove ownership of any Blogger account.

Too many people try to steal ownership of someone else's blog, by claiming to own the blog - but conveniently forgot the account name or password.

Since there are more people working on their blogs (maybe not today, but sometime in the past), than are trying to recover control, people trying to recover control (or to steal someone else's blog), are going to get less support.

The term "actively working on their blog" implies no specific activity level. A blog, published once, 10 years ago, is just as valid as one published once daily for 10 years.

Blogger blog owners are entitled to the same courtesy and security - as long as each blog owner acts responsibly, and remembers the account name and password of an owning Blogger account. Similarly, blog owners are entitled to Blogger not providing clues, to blog thieves, that could assist in blog theft.

If Blogger / Google does not agree with your claim, and if you believe in the right to be forgotten, you hire a lawyer, and get a court order. Let the courts decide your special rights.

>> Top

Please, NEVER Share Your Blogger Account!

We see signs of naivete, in Blogger Help Forum: Something Is Broken. too often.

I gave my boyfriend (girlfriend, former spouse, Internet acquaintance, whatever) my account password - and now, I can't access my account.

This is a problem which Blogger cannot resolve, in any way.

Please, never ever share your Blogger account. Blogger accounts, like Blogger blogs, are free.

If someone who you know would like to read your private blog - or contribute to your team blog - add that person as a blog member, and let her / him use his / her own Blogger account (new, or existing).

There is absolutely no need for you to ever share your Blogger account.

Use private / team blog membership, when applicable.

Shared Blogger accounts carry all of the risks of team blog ownership - and more. Do not share your personal Blogger account to provide private blog membership, or team blog ownership.

Blogger does not provide an option to protect blog content, using a shared password. If you want to password protect blog content, make the blog private, and add readers. Let your readers use their own password (with their own Blogger account).

Split a blog into a security cluster, if necessary.

If you want to password protect a portion of a Blogger blog, break the blog into two portions - the public portion, and the private portion, and provide the private portion as a private blog.

Private blogs, with large reader communities, will require imaginative setup.

If you must have a private blog with more than 100 members, and you cannot use Google+ as an email based distribution medium, setup a read only account to access the blog - and let the members share that Blogger account.

If you setup a shared Blogger account as a blog member (read only), you'll need to maintain a separate mailing list of all shared members. Use BCC to email everybody (don't share everybody's email address with everybody else), giving them the shared account name and password. Save the mailing list, carefully.

With 100+ shared account members, chances are that one day, somebody will change the password on the account, and lock out everybody else. You'll have to then setup a new Blogger account, make that account a new read only blog member, cancel the old member, and email everybody with the new shared account name and password.

If you must have a community, of over 100 members, and let everybody share (not just read), use Google+ - or setup a wiki based website. Your needs are far beyond the ability of Blogger.

When another person works on the blog, they can use their own account.

If you need someone else to work on the blog, make them a blog member or administrator - with their own Blogger account. If their usefulness is temporary, when they are done, revoke their access to the blog - then verify that they did not leave any back door code behind.

Your account name and password is your personal identity.

In any case, keep your account and password (and the blog ownership) private, to you.

Use common sense. Do not share your Blogger account.

• Do not share your Blogger account with your boyfriend.
• Do not share your Blogger account with your girlfriend.
• Do not share your Blogger account with your husband.
• Do not share your Blogger account with your wife.
• Do not share your Blogger account with your boss.
• Do not share your Blogger account with your employee.
• Do not share your Blogger account with your collaborator.

I've warned everybody that team blogs are security risks - but they are way safer than team Blogger accounts.

• Do not wear other peoples underpants.
• Do not share your Blogger account.

Both are rules to live by.

Blogger Browser Support, And Layered Security

The official Blogger browser compatibility reference, Compatible browser and operating systems states Blogger requirements, very succinctly.

To use Blogger, your browser must allow cookies and have JavaScript turned on.

This is a very brief hint of Blogger browser support policy.

Use of Blogger includes various activities.

• Moderate Blogger hosted comments.
• Post comments, as a blog reader.
• Edit, preview, and publish posts.
• View Stats.
• Use the Template Designer.

Each of these activities, and more, require cookies and scripts - and each are vulnerable to improperly setup filters.

As Blogger implies, both cookies and scripts are vulnerable to being disabled (turned off) - although the term "turned on" suggests that there is one single setting, possibly affecting each individual cookie or script. Considering the effects of layered security, we know this won't always be true.

Layered security can include settings in multiple components.

1. Native browser settings.
2. Various browser add-ons, extensions, and plugins.
3. Security accessories, installed on the computer, outside the browser.
4. Network appliances, installed outside the computer.

Any of these accessories and components can have filters, which can block cookies and / or scripts.

Filters are serial in nature. If any one filter blocks a necessary cookie or script, that cookie or script becomes unavailable to the Blogger feature in question.

• You can't moderate Blogger hosted comments.
• You can't publish a comment.
• You can't publish a post (use Preview).
• You can't view Stats (or exclude your own pageviews).
• You can't use the Template Designer (or Live Preview).

Each JavaScript filter can affect a small portion of one Blogger feature. Sometimes, the feature will load, then terminate with another infamous "bX code", or a monolithic error message. Other times, the feature may not even load, and you get a blank screen.

As noted several times, just because it worked yesterday, that does not mean that it will work today. Every filter is subject to update, by its creator. And both BlogSpot published blogs, and non BlogSpot published blogs, are subject to different, and ever changing filters.

>> Top

The Followers Gadget, And The Vibrating Sidebar

We get occasional odd problem reports in Blogger Help Forum: Something Is Broken about mysterious display oddities.

Why is my sidebar vibrating?

Here I'll note that the problem about "vibrating" has been reported, using various synonyms - in different syntaxes.

This symptom has many possible phrasings, as mentioned in different forum problem reports.

• Dancing.
• Jiggling.
• Jumping.
• Leaping.
• Moving.
• Shaking.
• Shimmering.
• Trembling.
• Vibrating.
• Waving.
• Wiggling.

Identifying the words used, in the problem reports, is one challenge.

The problem appears to involve the Followers gadget (possibly, specific versions of Followers), being positioned at the top of the sidebar, above other accessories.

One can only wonder what terms are used, in non English speaking countries.

This problem is not easy to identify in quantity, because of the many different synonyms used - and with some synonyms used, in different syntaxes.

Why does my sidebar vibrate?

or

My sidebar vibrates!

instead of

Why is my sidebar vibrating?

for one example. This makes any forum text search, to look for similar reports, require multiple, exhaustive attempts.

The list of 11 words, above, is just a list of examples, alphabetised (as I do with most lists). I have seen all 11 words (33 possible syntax combinations), and more, from time to time, in various blog comments, blog posts, and forum questions.

Positioning of the Followers gadget can affect multiple template gadgets.

Some blog owners have positioned the Followers gadget above the posts column - or even beneath the blog title / description (and spread across the entire blog width). This will make the posts column - or even the posts / sidebars (the entire blog width) - subject to this effect.

The problem appears to involve the Chrome (possibly Safari too) browser - and is visible only at specific Zoom levels.

If you see this problem when viewing someone else's blog, try zooming in or out, and see if the problem persists. Chances are, it will stop. Also, try using a different browser.

If you see this problem when you are viewing your blog, try repositioning the Followers gadget lower in the sidebar. Observe what gadgets are positioned below the Followers gadget, as you move the gadget downward.

Third Party Email Collection / Login Gadgets Being Detected As Malware / Phishing

Recently, we've had several reports from naive blog owners, with blogs locked for malware or phishing, in Blogger Help Forum: Something Is Broken.

Some owners have found accessories, such as email address collection or even a convenient login gadget, offered by helpful third parties. Installing the new gadgets, they have later received the well known (automated detection) notice, from Blogger Support.

Both third party email collection, and convenient login gadgets, are righteously classified as malware.

• Email address collection, run through a third party database, can provide hackers a starting point for account and blog theft, using botnets - or the account holder may be added to email distribution lists for spammers.
• Third party login gadgets are blatant phishing tools - and can be used for immediate account and blog theft.

Neither accessories are good, for your readers.

Any such third party accessories are just hacking / phishing tools. When you install this on your blog, it becomes hacking / phishing enabled by you.

You can collect email addresses, if you wish - using a FeedBurner Email Distribution gadget, which allows your readers to subscribe to a feed from your blog. If you want to offer your readers a convenient Blogger / Google login, add an HTML gadget, targeting

http://www.blogger.com

and let them use the standard Google "One account" login screen.

Don't be a dupe for the hackers, phishers, and spammers - keep your blog clean, and keep your blog online. The future of your blog, and your readers well being, requires your wise decisions.

>> Top

Comments And Layered Security

One of the most common complaints, seen regularly in Blogger Help Forum: Something Is Broken, involves publication and visibility of comments.

Why can't I publish comments, on some blogs?

or

Why can't I see my comments, after I publish them?

or even

Why do my blog posts show no comments?

These are questions asked by blog readers and owners, alike. The answers all start with security filters and settings.

Security filters and settings affect the ability for you, and your readers, to use commenting, on your blog.

Comment Form Style

The majority of the problems, with commenting and filters, involve blogs which use the Post Page ("Embedded") comment form. Use of the embedded form requires third party cookies, on the reader computers.

The Full Page form is least vulnerable (though not totally so), of the 3 form styles. Embedded, Full Page, and Pop Up comment forms are all vulnerable, to differing extents, because of the different blogs, that attract different reader populations, each with differing abilities and needs to maintain security on their own computers.

The problems with comments involve the clients (ie, the blog readers), their computers, and their choices, reacting to the options chosen by the blog owners.

Security Accessories

Every different computer, accessing the Internet, has a different combination of security accessories. Every different security accessory will have its own filters - and be subject to updates, by the provider. And every different filter will be triggered, from time to time, by different components in the various Blogger (and Google+) comment scripts.

The commenting process - and accompanying security problems - involves many different details, besides comment form placement.

The blog URL, and the geographical location of the reader, will trigger filters. Both blogs subject to country code alias redirection, and those using custom domain publishing, will be affected by filters, in different ways. Both involve blogs not accessed as "blogspot.com".

Commenting Options

Authentication options, which are selectable by the blog owners, will vary.

• Anyone (no authentication required).
• Google / OpenID account.
• Google account only.
• Blog members only.

Within those 4 levels of authentication, the blog reader will have 1 to 3 choices. Each of those choices (by the blog readers), combined with each of those options (chosen by the blog owners), will involve different sections of code.

Besides the authentication choices and options, there are options (for the blog owner) to include CAPTCHA verification, and to include comment moderation and notification. Again, different sections of code will be involved.

The different sections of code involved will trigger different filters.

Comment Moderation

Besides the per blog choice to include comment moderation, the real time per comment choice of the blog owner, is to publish (or not to delete), or to not publish (or to delete) any given comment. This filter leads to the subject of community moderation, and training of the collaborative and heuristic filters, for Blogger hosted comments.

The community moderation filters provide automatic moderation of Blogger hosted comments - and the need for active moderation, by the blog owners.

Google+ Comments

The choice of Blogger hosted comments, vs Google+ hosted comments, provides one more option, to the blog owners.

Blogs which use Google+ hosted comments use community moderation, and free the blog owner to spend more time on blog content. Google+ hosted comments provide real time relation based filters, where the publisher of any comment can designate who will be allowed to view the comment, providing filters which are relevant to the comment publisher.

Cookies and Scripts

Each separate section of code can trigger different script filters - and may require different cookies, which may or may not be present and accessible to the Blogger scripts. Both cookies and scripts are essential parts of Blogger code, which are vulnerable to different security filters at different times.

The mysterious vanishing comments is just one consequence.

Use Of Supported Browsers And Computers

Some people prefer to ignore the crowd, and to use browsers and operating systems that nobody else knows about.

Individuality is good, in general - but in the world of web applications such as Blogger, use of unsupported browsers and computers may bring frustration. Blogger simply can't support all browsers and computers, with equal attention to the oddities presented by each one.

The End Result

The various filters involved cause comments to be published (or not), to remain published (or be deleted), and to be visible when published (or invisible). Many of these details are transparent, to the casual blog reader - until there is a problem.

These details may help to explain the apparent random nature of Blogger blogs and commenting - why comments, posted to some blogs, appear without problem - while comments, posted to other blogs, may never appear, or be invisible.

FaceBook Is Aggregating BlogSpot CC Aliases

We're seeing a few questions recently, in Blogger Help Forum: Something Is Broken, about FaceBook, and their treatment of Blogger URLs that are subject to country code aliasing.

When I share a post on FaceBook, the URL used for my blog ends with "blogspot.in" instead of "blogspot.com".

Some people in Europe observe a variation.

When I share a post on FaceBook, the URL used for my blog ends with "blogspot.nl" instead of "blogspot.com".

We've been observing, for many months, that FaceBook and other Internet services should start using the canonical tag, and aggregate BlogSpot URLs, that are subject to country code aliasing. With this done properly, all BlogSpot URLs would be listed as "blogspot.com" - and all Likes, and similar references to a given Blogger blog, would be later counted under the proper "blogspot.com" URL - regardless where a given blog reader gets Internet access.

Apparently, FaceBook is now aggregating BlogSpot URLs - but they are not using the canonical tag in the blog header. For some reason, FaceBook now uses "blogspot.in" - or maybe "blogspot.nl" - as the canonical URL for Blogger blogs.

When Blogger first started using country code aliasing, only Google services such as Google Search would reliably aggregate all country code redirected aliases, to "blogspot.com".

Many non Google services did not use canonical aggregation, immediately. Like every other newly developed Internet feature, it takes time for every web service to update their code.

With only Google using canonical aggregation, every Blogger URL subject to country code alias redirection would be shared using the country code alias, as seen by the person doing the sharing. People in France might share a Blogger URL as "blogspot.fr", people in India as "blogspot.in", and so on.

People in the USA, of course, would share a Blogger URL as "blogspot.com". The USA, and various other countries, is not subject to country code alias redirection.

FaceBook is now aggregating BlogSpot URLs - but they are not using the canonical tag, in the blog header. For some reason, they are aggregating to "blogspot.in" or "blogspot.nl", for some or all BlogSpot URLs, shared to their service.

Right now, if you share a BlogSpot URL to FaceBook, the URL will be modified, to "blogspot.in" or "blogspot.nl". Every Like, and similar activity against that URL, will then be counted under the "blogspot.in" or "blogspot.nl" alias. This is probably slightly better than having every different URL shared by country code alias - but only slightly better.

Blogger blogs published to custom domains are not subject to URL modification, because custom domain URLs are not subject to country code alias redirection.

When FaceBook corrects their code mistake, any newly shared Blogger URLs will be properly modified according to the canonical tag in the blog header, "blogspot.com" (or any custom domain URL). Quite likely however, any previously shared URLs will remain incorrectly aggregated to "blogspot.in" or "blogspot.nl" - and any new Likes will continue to be posted to those addresses.

Some Blogger blogs will continue to appear to have at 3 URLs - "blogspot.com", "blogspot.in", "blogspot.nl", and any others under which FaceBook was sharing, originally.

If any of this offends you, you may need to report this to FaceBook Support. Please, resist the temptation to install malicious code on your blog, that will later leave you asking for advice on having the blog unlocked, cleaned and reviewed.

Blogger Magic - "Configure Page List"

The "Configure Page List" wizard is an extremely useful - yet obscure - feature in the dashboard Layout page.

Not every blog owner sees the "Pages" gadget, in the "Layout" page and knows to click on "Edit", to access "Configure Page List". Nor do all owners know how many assorted functions, previously part of the "Pages" dashboard wizard, are now found, exclusively, under "Configure Page List".

"Configure Page List" is an essential component in the pages management suite, in the Blogger dashboard.

"Configure Page List" is accessible in two different ways.

• From the Layout dashboard menu - if the Pages gadget has been added to the blog.
• Using the appropriate "Quick Edit" icon - if "Quick Edit" is enabled, for the blog.

Add the Pages gadget, to the blog, if it's not present.

If the Pages gadget is not visible on the Layout display, you may need to add the gadget, to the blog.

To make the Pages gadget function as a horizontal link bar - the most popular layout - you add the gadget into the "crosscol" template section, in the dashboard Layout page. The "crosscol" section, on standard Blogger templates, contains CSS rules which make lists display horizontally.

Enable "Quick Edit", if necessary.

If you wish to use "Quick Edit" to access "Configure Page List", you may need to enable "Quick Edit".

"Configure Page List" has many functions.

Find the Pages gadget, in "Layout", and Edit.


On this blog, you find Pages in "Cross-Column". Some blogs might have it in "Cross-Column-Overflow", others maybe in a sidebar section.

When you Edit the Pages gadget, you get "Configure Page List".



Here, we see "Pages to show" (to select static pages), "Add external link" (to add dynamic pages), and "List Order" (to delete dynamic pages, using the "X").

"Configure Page List" has various functions, in managing both dynamic and static pages.

• Change the Title of the Pages gadget, in the Layout wizard display, using "Title".
• Hide / Show "Home" and various static pages, created by Page Editor, by using "Pages to show".
• Resequence the order of display of the various pages, by dragging and dropping using "List order".
• Add dynamic pages, previously called "Web address" entries, using "Add external link". Dynamic pages can include individual posts, archive retrievals, label searches, and other blogs or websites. Be very precise, when entering an "Add external link" entry for "Web address (URL)".
• Delete dynamic pages, by clicking on the "X", using "List order".
• Note that to rename a dynamic page, you must delete then re add the same "Web address (URL)", using the desired name.
• Let you remove the Pages gadget, using the "Remove" button.

To use "Configure Page List" effectively, you need to understand the differences between Pages and Posts.

The gadget will change form, depending upon location.

The "Pages" gadget may be present in various locations, in the blog - and may have different appearances, depending upon location.

In either appearance, if "Quick Edit" is enabled, you can access "Configure Page List" by clicking on the "Quick Edit" icon. Or, you can Edit the Pages gadget from the Layout menu in the dashboard.

History.

In 2014, Blogger reorganised the various pages maintenance utilities, and moved a wide assortment of functions into "Configure Page List". This change caused some confusion, with many blog owners.