My guess is kiwifarms, which famously went offline after Cloudflare said that they "had to act" because of an "imminent threat to life" (not actual quotes, but not my own words either, in a nutshell that's what they claimed)
This discussion and thread was about Google. The original comment was "Just baselessly accuse the website of hosting death threats. That will get it taken down."
A user asked for an example, then another user provided one but for Cloudflare. Which isn't an example of Google taking down a site
Obviously kwififarms defenders such as yourself try to muddle the facts: Google isn't taking down any websites or being asked to take them down, just delisting them from their own indexes. GP didn't claim this either, just said they werent hosting death threats. This is an easily verifiable claim, which would take someone at Google seconds to check, while it would take the court system many weeks and a lot of money to convict of a crime.
Meanwhile the other day I did a Google takeout of my Photos and when I clicked the download link, Google warned me about malware on their own *.googleapis.com domain
In the future, Google will have only one employee, who will be issued a dog. The employee's job will be to reboot the ML black box when it crashes. The dog's job will be to bite the employee when he or she tries to do anything else besides that.
Google Safe Browsing is going off the rails with silently Man in the Middling Chrome users. You will see traffic coming from logged in users via a Google IPv4 address, the user is unaware their traffic is being proxied for analysis.
Flagging and locking the accounts for potentially malicious activity or dropping Googles ASN has been an effective fix. Another plus is much cleaner logs, as we were getting hundreds of attempted injection attacks from Google's ASN before dropping all traffic from them, and unlike Amazon they did not respond to abuse reports.
What am I missing here? Why is google involved with this? Normally, you contact the abuse contact in the domain's whois or the IPs abuse contact. If they are on a bullet proof host, your only avenue for a take down is government agencies. (Edit: you can also ask the RIR to reclaim the subnet but I've never heard of that actually being done for reasons I am not fully sure about)
What does google have to do with content take down? Even for delisting them from results you have other search engines people use and threat actors can and do use redirectors when that becomes an issue. It is whack-a-mole, best they can do is beat the TA's SEO unless they have a lot of time and resources.
Google has by far the majority of searches (in this category, not counting eBay/marketplace/insta searches). Delisting or even pushing to the second page would drastically reduce the effectiveness of such malware campaigns.
There are a number of super important software tools that big platform vendors have been obstinate or hostile to supporting or securing. VLC and putty spring to mind.
I repond to incidents where SEO is being used to selectively target users and compromise their network (typical ransomware gangs these days). VLC maybe special to certain types of users but I assure you there are many SEO optimizes malware delivery campaigns. Google is not a people company, they won't devote human resources for this nor would they implicitly accept responsibility for the content of search results by actively taking things down. This isn't how the internet works. Search engines search stuff, name servers host domains, etc... everyone has their role. Keep in mind, they won't give up and go home because google delisted something, they will just move on to a different domain. Google will not commit resources for vlc alone like that.
Another thing I forgot to mention earlier is VLC can literally take over the domain themselves after a court filing based on US cybersquatting law (.com is US jurisdiction).
You're viewing this a binary outcome of "will delisting block all malware results". Of course it won't, and it doesn't have to. This fight is never ending, and we need small victories.
Google doesn't need to be a customer service company to do this. In fact, the opposite, they need to be a search engine company. Some domain names, IPs and site content have associations with software products, but at present Google only extends the protection of being an authoritative source to some products.
Google also own Virus Total, they know which files are malware. So they can know which sites are full of malware, they just don't alter the search rankings to reflect that.
As to legalities, VLC playing whack a mole in the US courts is expensive and pointless, the time scale is so long they would easily switch to the backup domain. But that doesn't work with crawling -- to appear in a result you need to be indexed.
You have good points but you are missing mine: Google doesn't owe anyone the service of removing malicious results. If it is in their own best interest to do so, that is their business. You can't demand they remove this content, the only people who can are their actual customers of google search: advertisers!
The people responsible for the malware removal have abuse contacts and if they don't you kinda have to follow SOP with legal and law enforcement avenues. Just how it works. Even the FBI let's you report internet crime, you can scream at google but law enforcement and webhosts/ISPs(transit providers) are more likely to respond and do something. Vlc doesn't have a fat wallet so your point about the cours is true, but if a lawyer will do pro-bono for them, it's an easy open-and-shut case.
Yes, google owns VT but you won't even see long standing malicious site verdicts in VT make it to safebrowsing, if they won't even do that, do you think people screaming on twitter is something they listen to? I hope so, but unlikely and a waste of time other than for rage scrollers.
I think google is suffering big company problems. I think a lot of googlers want to penalise malicious sites but it's a second tier goal for the search team, who are getting hammered constantly by other players trying to alter rankings.
Obviously a few open source projects complaining won't move the needle much, but law enforcement and cyber agencies do have big requirements for improving resilience to these attacks (and supply chain especially). Improving the consumer supply chain security is a big government goal in many countries.
In this case, there's a very obvious standard of objectivity. There is one true VLC homepage and there are a multitude of malware clones of the website. I feel as though Google should be able to differentiate between them.
Google is involved because they are being paid to link to these websites as advertisements. Since these are ads, and ads appear above regular search results on Google, they will appear above videolan.org, no matter how good VideoLAN's SEO is.
Google is involved because they operate the world's largest scam website checker, Safe Browsing, and their filter is baked into, and enabled by default in all of the modern mainstream browsers. Search results are one thing, going on this list would mean that the browser wouldn't open the page.
Not just. It is for Chrome, Firefox, Safari, Edge users, and I suspect that other browsers use it too. Google doesn't react to the reports. OOP talks about this here: https://news.ycombinator.com/item?id=33728767
Also the websites are reported on Google Search, and the malicious ads too.
- On Google Search, Google refuses to unlist websites that are clearly promoting adware, spyware and violating the brands of Open Source projects (VLC is not the only one impacted).
In addition, the ads reported are never deleted.
- On Google Chrome, the safe browsing team refuses to flag some websites, even after long explanations about what the binaries are doing. One of the reason is that "the binaries are too big" (sic.). The other reason, is that they scan only the installer, and of course, the installer downloads other things.
This has been going on for years, at least 10.
One of the most egregious one is VLC.de which inundates the German web.
The thing is that it's not that they steal traffic (why would we care), it is that they install spyware, adware or other rootkits, all the time.
This is why I say that Google Safe Browsing is a total joke, and that Google does not care about its users security.
I'm not surprised. Google has knowingly hosted (and profited by) ads promoting software driver and tech support scams which target the most vulnerable customers of virtually every major hardware and software company out there, and has done so for the better part of the last two decades. This, despite the years-long protests of many of these companies.
Until there is a class action lawsuit with unprecedented punitive damages, or until regulators do their job and regulate it, nothing will change.
I found a job for Darl McBride that would finally make him useful for the society at large. He should found a company whose sole aim would be suing Google for refusing to deal with DMCA requests filed by Videolan (and possibly other open source projects facing the same problem) on time. Easy money.
55 comments
[ 6.2 ms ] story [ 136 ms ] threadEDIT: not that Google isn't in the wrong here, this just feels like you're trying to push some other political agenda.
This discussion and thread was about Google. The original comment was "Just baselessly accuse the website of hosting death threats. That will get it taken down."
A user asked for an example, then another user provided one but for Cloudflare. Which isn't an example of Google taking down a site
I think an ML black box is getting out of control
Flagging and locking the accounts for potentially malicious activity or dropping Googles ASN has been an effective fix. Another plus is much cleaner logs, as we were getting hundreds of attempted injection attacks from Google's ASN before dropping all traffic from them, and unlike Amazon they did not respond to abuse reports.
What does google have to do with content take down? Even for delisting them from results you have other search engines people use and threat actors can and do use redirectors when that becomes an issue. It is whack-a-mole, best they can do is beat the TA's SEO unless they have a lot of time and resources.
There are a number of super important software tools that big platform vendors have been obstinate or hostile to supporting or securing. VLC and putty spring to mind.
Another thing I forgot to mention earlier is VLC can literally take over the domain themselves after a court filing based on US cybersquatting law (.com is US jurisdiction).
Google doesn't need to be a customer service company to do this. In fact, the opposite, they need to be a search engine company. Some domain names, IPs and site content have associations with software products, but at present Google only extends the protection of being an authoritative source to some products.
Google also own Virus Total, they know which files are malware. So they can know which sites are full of malware, they just don't alter the search rankings to reflect that.
As to legalities, VLC playing whack a mole in the US courts is expensive and pointless, the time scale is so long they would easily switch to the backup domain. But that doesn't work with crawling -- to appear in a result you need to be indexed.
The people responsible for the malware removal have abuse contacts and if they don't you kinda have to follow SOP with legal and law enforcement avenues. Just how it works. Even the FBI let's you report internet crime, you can scream at google but law enforcement and webhosts/ISPs(transit providers) are more likely to respond and do something. Vlc doesn't have a fat wallet so your point about the cours is true, but if a lawyer will do pro-bono for them, it's an easy open-and-shut case.
Yes, google owns VT but you won't even see long standing malicious site verdicts in VT make it to safebrowsing, if they won't even do that, do you think people screaming on twitter is something they listen to? I hope so, but unlikely and a waste of time other than for rage scrollers.
Obviously a few open source projects complaining won't move the needle much, but law enforcement and cyber agencies do have big requirements for improving resilience to these attacks (and supply chain especially). Improving the consumer supply chain security is a big government goal in many countries.
https://safebrowsing.google.com/
Also the websites are reported on Google Search, and the malicious ads too.
The issue is two-fold here:
- On Google Search, Google refuses to unlist websites that are clearly promoting adware, spyware and violating the brands of Open Source projects (VLC is not the only one impacted).
In addition, the ads reported are never deleted.
- On Google Chrome, the safe browsing team refuses to flag some websites, even after long explanations about what the binaries are doing. One of the reason is that "the binaries are too big" (sic.). The other reason, is that they scan only the installer, and of course, the installer downloads other things.
This has been going on for years, at least 10.
One of the most egregious one is VLC.de which inundates the German web.
The thing is that it's not that they steal traffic (why would we care), it is that they install spyware, adware or other rootkits, all the time.
This is why I say that Google Safe Browsing is a total joke, and that Google does not care about its users security.
Until there is a class action lawsuit with unprecedented punitive damages, or until regulators do their job and regulate it, nothing will change.
Anyone want to lay odds?