undefined | Better HN

0 pointsthayne5y ago0 comments

my problem isn't that it flagged some user-uploaded malware, my problem is that the entire site is blocked without warning.

I am genuinely curious how you would prevent your site from being blocked like this? Sure in this case it was a demo, but what if it was an actual image hosting service that required login? What's to stop a bad actor from creating an account and uploading malicious content. Maybe you even have some filter that does image recognition on the images and tries to detect if it is phishing. But unless your filter is able to catch the exact same content that google's malware detector uses, there's still a chance that you'll miss something that google finds, and starts blocking your site.

0 comments

newacct5835y ago

Strictly that's not correct. The whole experience here was a "warning", though it was given to users of the site and not the owners directly. Chrome will allow access through that warning page via an override, and of course they have the option of using other browsers.

But even interpreting you narrowly: How much warning do you think Google should be expected to give before flagging sites with known malicious content? Would you apply that same logic to the sites you visit as a user?

I just don't see how the principle you want is going to work in concert with a world with rampant malware. Most of us very much want the trigger happy filers, because it keeps the problem manageable at the cost of some inconvenience and increased vigilance on the part of the content providers, which is IMHO exactly where it should be.

j / k navigate · click thread line to collapse

0 pointsthayne5y ago0 comments

my problem isn't that it flagged some user-uploaded malware, my problem is that the entire site is blocked without warning.

0 comments

newacct5835y ago

j / k navigate · click thread line to collapse