This "Google Safe Browsing" initiative seriously worries me. It's effectively some unknown, mysterious, un-contactable set of AI algorithms/people/who knows what controlling the internet because Google owns everyone's browser.
One of my websites got tagged as "Dangerous" and having "harmful programs" despite having nothing of the sort. My guess is a silly hiccup of their neural network algorithms. And I have absolutely nobody I can contact about the issue to get an explanation. They just effectively killed the site in one fell swoop.
According to the FAQ[0] of the safe browsing program, they attempt to contact you first, but there is a way to contact them.
What if you can’t get in touch with
the webmaster because they’re not
registered with Google Webmaster
Tools?
Every time we add an unsafe site to
the list, we make a reasonable
effort attempt to inform the
webmaster by sending a notification
to a standard set of email addresses
(e.g., webmaster@[sitename].com;
info@[sitename].com;
admin@[sitename].com).
If my website has been compromised
and is now unsafe, what can I do?
We offer advice for webmasters whose
sites have been hacked here. It’s
best to register your site at Google
Webmaster Tools in advance of any
problems so that we can notify you
promptly and provide more
information about the problems we
find.
If you don’t want to use Google
Webmaster Tools, you can file
appeals with StopBadware.org once
you have removed the infection from
your site. StopBadware.org also
offers great resources for
webmasters who want to learn more
about what they can do to make their
sites safer.
A while ago I submitted my site for review and provided a contact. I got no response. I also got no such e-mail. In addition it seems they only send you a "notification", i.e. an automatic "We've blocked you" and not a human attempt to resolve the issue. If a human had been viewing my site it would have been 100% clear that there is no malware issue. However, since I do make use of certain HTML5 features after prompting the user, I could see why it causes a trigger if they have some half-baked neural network algorithm trying to identify potential malware based on JavaScript source.
If anyone is wondering, the site is a location-based file sharing app. It makes use of geolocation and file uploading capabilities. Largely a quick experiment, throwing an idea out there just to see if there's any need for such an app. It was running fine for a few months before Google decided to block it.
De-indexed in search is a bit different from effectively blocked in the browser. If Chrome says your site is dangerous and actually your site is harmless, are they defaming your website? If Google choose not to include you in their search engine, that could still be an issue, but it's probably a lot more nuanced.
Probably not, but Google EU is in Ireland and their libel laws are likely to be a lot like those of England, which is to say super pro the person who feels wronged.
Yeah, I've experienced the same and it's really a pain in the ass. Apparently there's tons of orgs that can automatically add sites to that blacklist, I got abuse from some company saying there was a phishing page on my IP because it featured a login page and the text "Amazon" and suddenly chrome started showing alerts when I visited the IP.
As with most of similar systems (spamhaus etc) the people running them are just as bad as the people they're trying to stop.
If the claim that your site is dangerous is demonstrably false and there are demonstrable damages you can indeed be liable for damages or face injunction.
I'm not sure if you know what the "first amendment" is. I'll tell you what it isn't, it's not a magical trump card that lets you say whatever you want.
That's a VERY different situation. Google is claiming there that (essentially) they have the right to put sites in whatever order they want, and US courts are extremely sympathetic to that argument.
Here the issue is that Google is making direct, verbal claims about other sites. That's not to say Google couldn't come up with a strategy to win in court, but the strategy would have to differ markedly.
google is not a government agency. you can't claim first amendment when dealing with private parties. that's like me suing the NFL for not letting me post racist rants on their homepage because of the first amendment.
edit: i dun read gud. leaving comment as an homage to lack of literacy
Yes, there's good reason why I'm posting this from https://www.palemoon.org/ which is Firefox without the politics - Chrome is too intrusive and non-transparent about its intrusion to boot.
Saw this late: I believe they have a running policy of porting all security stuff from main rep FF and adding additional hardening on top (by disabling semi baked features and removing legacy stuff, like XP support, at a much quicker rate than regular FF releases). But how this is managed in terms of man-hours/pay/etc. - haven't got the faintest: organisational transparency is expensive but would be ever so great to get right for software vendors on the whole!
I always thought it was something like visiting the site with a somewhat unprotected (but virtualized) computer and seeing if anything bad (registry keys changed) happened.
One of my websites got tagged as "Dangerous" and having "harmful programs" despite having nothing of the sort. My guess is a silly hiccup of their neural network algorithms. And I have absolutely nobody I can contact about the issue to get an explanation. They just effectively killed the site in one fell swoop.