[zmimon]

Nice read, but this is a bit shameless:

>In many cases, most notably our search and ads products, opening up the code would not contribute to these goals and would actually hurt users. The search and advertising markets are already highly competitive with very low switching costs, so users and advertisers already have plenty of choice and are not locked in.

Convenient, huh? Open just happens to win except for the part that strategically keeping closed makes Google gazillions of dollars. And claiming search is highly competitive? Google has more than 4 x the market share of their nearest competitor.

[seldo]

His claim that opening their algorithm would expose them to gaming of the system is hard to rebut, however. Search spam is bad enough already.

[alain94040]

s/search spam/windows viruses/

Would you make the argument that Windows is more secure because its code is not open?

[donaq]

They're not really analogous. You can get a copy of Windows and poke at it until you figure out exactly how it works. You could even theoretically disassemble the machine code. You can't, however, get your hands on a Google box (or cluster).

[bad_user]

Oh, but you can get your hands on a Google GSA box. Not to mention that security by obscurity is most effectively breached through trial and error ... there's nothing stopping you from gaming Google's algorithm right now (and many spammers are doing just that).

I don't know why the parent got downvoted, but the situations are similar. If you can't secure your code while being open about your methods, obscurity won't help in the long term.

[donaq]

It doesn't seem likely that Google GSA uses the same algo as their web search.

Not to mention that security by obscurity is most effectively breached through trial and error

Really? I'm not a security expert, but isn't brute force impractical except in the smallest of search spaces?

there's nothing stopping you from gaming Google's algorithm right now (and many spammers are doing just that)

True, but the situation would probably be even worse if the algorithm were open, wouldn't you say?

If you can't secure your code while being open about your methods, obscurity won't help in the long term.

Also true, but as other people have already commented, this is more like a matter of policy than security. And besides, some methods can be open because they're intrinsically hard to get around, (e.g. crypto algorithms: cos it's math, baby) and others because they're expensive (e.g. I don't know, hardware requiring expensive/rare materials?). However, web search algorithms are horses of another color, aren't they? I hesitate to say for certain, but it's possible that there is no search algorithm that cannot be gamed if it is known. If that is the case, then security by obscurity, while not being an ideal solution, may in fact be the only option.

[rbranson]

There are no algorithms in Windows that can be easily gamed if the source was available. This is not about security either. Nice straw man though.

[albertsun]

The primary issue here is not security, it's closer to a policy problem like the one the Federal Reserve faces in trying to fight inflation and promote economic growth at the same time.