Web censorship comes in many forms, and Google has historically been a prime target due to its dominance of web searches. A recently exposed case highlights the extent to which reputation management companies are ruthless and Google's vulnerability to sophisticated censorship tactics.

Someone successfully censored two disturbing articles that were previously accessible through Google searches. The unidentified hacker cleverly exploited a vulnerability in Google's own search platform and successfully wiped these URLs from Google's web index.

The review targets Jack Poulson, an independent journalist who covers technology and national security, 404 Media reported. Poulsen accidentally discovered that two of his articles no longer appeared in Google search results, even if he searched for the exact title with quotes, the results were nowhere to be found.

The missing articles focused on Premise Data CEO Delwin Maurice Blackman, who was arrested in 2021 and charged with domestic violence. Poulson reported the matter to the Freedom of the Press Foundation, a nonprofit organization that advocates for journalists’ rights. Ahmed Zidan, associate director of audience at the Freedom of the Press Foundation, took on the case and ultimately discovered a previously unknown vulnerability in Google's "Refresh Expired Content" tool.

When a search result is said to be expired or links to a page that no longer exists, users can utilize Google's "Refresh Expired Content" tool to request updated search results. Earlier this year, the Freedom of the Press Foundation discovered multiple requests submitted through the tool targeting Jack Poulsen's articles on the Blackman case.

Each request referenced a slightly malformed version of the article's URL, with different capitalization. After the first request expired, the same party submitted additional requests, each time changing the letter case differently. When Google tried to re-index the malformed URL, it encountered an HTTP 404 error, meaning the page appeared to be missing.

    Rather than treating the error as a simple dead link, Google's crawlers mistakenly removed the correct article from its search index entirely. Google later confirmed the vulnerability's existence but did not disclose how many fraudulent requests attempted to exploit it, 404 Media reported.

    "We very much hope that Google and other social platforms will be more transparent with advocacy and press freedom organizations," Zidan said.

    It's likely that reputation management companies, or even veteran programmers representing stakeholders such as Delwin Morris Blackman, have been trying to exploit Google's "refresh" tool for some time. The vulnerability discovered by Poulson and the FPF is an extremely tempting one for censoring legitimate news in the name of technical maintenance.