| ▲ | jeroenhd 7 hours ago |
| This is 100% on Radix, not on Google. Google and Microsoft can (and probably should) have a registry of known-abusive websites. False positives are inevitable, so these should be taken with a grain of salt, but in most cases they're correct. Their lists are a lot more reliable than those from the "traditional" antivirus/anti-scam vendors that will list anything remotely strange to pump up their numbers. The external people treating these lists as absolute truths and automatically taking domains down are the ones at fault here. Google didn't grab power, Radix gave it to them without asking. |
|
| ▲ | AshamedCaptain 5 hours ago | parent | next [-] |
| Exactly what we predicted would happen (someone would eventually put "too much faith" on this list) has literally happened, and your defense is still "well it's not Google's fault, it's a 3rd party's!". Obviously the point is not that Google was going to do it, but that others would , analogue to the process known as "self-censorship". |
| |
| ▲ | flaminHotSpeedo 4 hours ago | parent [-] | | Self censorship requires a threat or risk of detriment if the party doesn't self censor, right? Where is that here? What Radix does has no impact on Google, and I don't see how Google would be incentivized to pressure Radix. So I don't see how to make the leap blaming Google for Radix's incompetence. Yes, Google should recognize the risk of this happening, but they'd have to balance that against the rewards (or at least what they consider rewards) | | |
| ▲ | donmcronald an hour ago | parent [-] | | Google is making false statements about the safety of a domain and it has significant collateral damage. Google is the cause. They should be liable for losses. I had my main family domain put on Google's safe browsing block list and it has a massive impact. No one can visit the site. I think apps using system browser runtimes (ie: mobile) may stop working. I've seen reports that it can impact email deliver-ability. And, now, we see that it can get your domain put on serverHold so the problem becomes impossible to rectify. Google should have to pay for the damage. In my case, it was about 4h of work to figure out what was going on and how to fix it, so not much, but I've seen small businesses that rely on their primary domain to drive most of their sales via web and email. In those cases, having your domain placed on server hold because of Google's false statements can have a serious, detrimental financial effect. | | |
| ▲ | flaminHotSpeedo 18 minutes ago | parent [-] | | That's fair, if your domain is erroneously put on the block list, Google should be liable for the consequences. But my point is that any knock on effects like domain suspension, email deliver-ability, etc. stem from 3rd parties misusing the safe browsing list outside the scope of safe browsing. I don't see how Google can be blamed for other companies erroneously treating the safe browsing list as a source of truth for generally malicious domains |
|
|
|
|
| ▲ | axus 4 hours ago | parent | prev | next [-] |
| I read your comment as agreeing with the article: "Never buy a .online domain". And Google has the right to publish a list, there should be more lists not less. But Google was at fault for not correcting their blacklist. Until the article appeared on Hacker News, this was not 0% on Google. A small, correctable mistake, but they deserved a tiny bit of blame. |
| |
| ▲ | overfeed 4 hours ago | parent [-] | | > But Google was at fault for not correcting their blacklist. If all it takes to be taken from the blacklist was to temporarily delete the NS record - the list would be useless against malware. |
|
|
| ▲ | kelvinjps10 5 hours ago | parent | prev | next [-] |
| Wym mean external people aren't these lists integrated to the browsers? I'm sure if you try to open a website from this list your browser won't let you and I'll put a big warning sign |
|
| ▲ | lazide 6 hours ago | parent | prev [-] |
| What is to stop Google et. al. from also adding a lot of excess domains to pump up there numbers? What is to stop everyone from doing this blacklisting? |
| |
| ▲ | jeroenhd 6 hours ago | parent | next [-] | | Google doesn't sell their list to you. They give it to you for free. Using their list costs them money. Pumping up numbers gains them nothing but the headache of PR issues when they get a false positive. Spyware filters used to boast about how many domains they filter out because they wanted you to buy their filters instead of someone else's. By the time they hit a false positive, they've already sold a year's subscription to that customer. The incentives are different. | | |
| ▲ | crote 6 hours ago | parent | next [-] | | Step 1: Get everyone to use your free internet filter Step 2: Alter filters to mark newly-registered domains and low-traffic websites as "potentially harmful". Step 3: Charge a lot of money for "business verification" - which gives them a fancy badge somewhere and incidentally makes their website trustworthy in the eyes of your filter. Step 4: Profit! The Big Tech cartel has been doing this pretty successfully with email (see the weekly "Don't self-host your email" posts), why should we assume they are doing anything different with browser-based website blocking? | | |
| ▲ | encom 5 hours ago | parent [-] | | >pretty successfully with email Indeed. I was going to register an account somewhere the other day, and the signup form had a list of acceptable email domains. Gmail, Protonmail, Outlook, Yahoo, Icloud... a few others. It's not the first time that's happened to me. Sad. EDIT: Didn't even include Fastmail, who's pretty big after all. They host MX for my domain, so I could have "circumvented" it that way with their disposable address feature, but nope. |
| |
| ▲ | hedora 5 hours ago | parent | prev | next [-] | | I've found that, whenever considering Google's actions and incentives, you need to remember two things: - They make almost all their money on advertising - They have deep ties to the US intelligence agencies (To the point that a Google employee managed the appointment calendar for our Secretary of State a few years ago!) So, how would these incentives apply to their Internet blacklist? - If you are parking lots of Google ad spam, they are taking a cut of your revenue, so they have an incentive to take you off the list (evidence and testimony from the antitrust trial documented ongoing fraud in every layer of Google's vertical ad monopoly) - If you are hosting something the intelligence agencies dislike / are neutral to / like, that'll impact your presence on the list. | |
| ▲ | Macha 6 hours ago | parent | prev | next [-] | | Not true. Commercial or large scale use requires you to use their Web Risk API instead which is a paid service | |
| ▲ | cortesoft 6 hours ago | parent | prev [-] | | > Pumping up numbers gains them nothing but the headache of PR issues when they get a false positive There is also the headache of PR issues when they get a false NEGATIVE. “Google didn’t protect grandma from this scam website!” |
| |
| ▲ | phoric 6 hours ago | parent | prev | next [-] | | Google wants you to use it. If it blacklists excess domains that hold legitimate sites, their product gets worse. If they blacklist illegitimate sites, their product gets better. | | |
| ▲ | cwnyth 6 hours ago | parent | next [-] | | This argument would hold more weight if Google didn't have a history of making their own products worse and then getting rid of them. | |
| ▲ | zenapollo 6 hours ago | parent | prev | next [-] | | Cute. That is the commenter’s whole point about monopolies. Google is on record making their product worse to squeeze revenue. We’ve been living in the enshitification economy. | | |
| ▲ | simsla 6 hours ago | parent | next [-] | | There is a financial incentive to make the search results worse. (More searches, more ads, more money.) There is no incentive for adding false positives to lists of malicious websites. | | |
| ▲ | crote 5 hours ago | parent [-] | | Sure, until their "smart filters" start considering GCP-hosted websites as pre-verified and small self-hosted websites as malicious. You know, like they have been doing with email? Chrome is big enough that a website owner can't afford a false positive on their malware list, just like they can't afford to have all their email end up in spam for all Gmail users. Due to their near-monopoly Google also has no incentive to avoid adding false positives to their blocklist - provided they don't accidentally block high-profile targets. And if a CxO is screaming over your shoulder that your website has been blocked, arguments about "false positives" aren't very compelling: they'll just demand you move off the "shitty basement provider" and switch to "proper hosting, like the Google Cloud"... |
| |
| ▲ | squeefers 6 hours ago | parent | prev [-] | | > We’ve been living in the enshitification economy. that whiny bullshit about somebody elses website? you dont have to rely on a website or app. either you need their monopoly because you cant do it yourself, or you have options.... in both cases the whining is not needed |
| |
| ▲ | lazide 6 hours ago | parent | prev [-] | | Same as for those antiviruses. |
| |
| ▲ | bonestamp2 5 hours ago | parent | prev | next [-] | | Nobody sees Google's numbers except Google... in other words, the numbers are not a sales tool for Google like they are for anti-virus/blocking companies. So, there's no reason for Google to pump up their numbers, it would just be extra work to make their product worse which wouldn't make sense. | |
| ▲ | thesuitonym 6 hours ago | parent | prev [-] | | Nothing, but they haven't done it so far, and they don't really have any incentive to do so. It doesn't really matter that it's Google. It could have been Microsoft, or PAN, or McAfee or some fly-by-night vendor. The problem was Radix taking the list as iron-clad truth and disabling the domain without any notification or way to resolve the issue. |
|
