A Google 'Safe Browsing' report said Google.com was 'partially dangerous' for more than 24 hours. Yeah, yeah, hilarious fail, but there is a serious side to the story.
[Developing story: Updated 5:35 am PT with Google's advice, and 1:24 pm PT with some good news]
It took longer than a day to fix, but the warning is now gone. Obviously, it's caused countless ironic jokes at Google's expense. But in a sense, its report is actually correct -- there is a lot of risky stuff on Google's user-generated-content properties. Blogspot, Groups, Drive, Sites... even Google Plus (although that's a ghost town, natch). It's a hot mess.
And here's the thing: When users get used to spurious warnings popping up, they quickly ignore them. That's well documented. Nope, the sky isn't falling, so how can we best protect users from the nastier corners of the Web?
In IT Blogwatch, bloggers ponder paltry poultry. Not to mention: An exploding car battery could ruin your day…
Your humble blogwatcher curated these bloggy bits for your entertainment. Be careful out there, kids.
What’s the craic? Andrea Peterson explains Why Google is warning that ‘google.com’ is ‘partially dangerous’:
[Its] own Safe Browsing tool labels "google.com" as "partially dangerous." ... Google declined to comment.
Several other major sites...are also listed as "partially dangerous"...including tumblr.com and...github.com
Egg, meet face. Sean Michael Kerner squeezes the letters together: [You're fired -Ed.]
The reason for the...status? According to the report, "Some pages...contain deceptive content." [Google] scans Websites for potential risks to warn users before they visit.
It is a testament to Google's honesty. ... The simple truth is that the Web can be a dangerous place. ... What is very reassuring...is that Google holds itself to a high security standard.
Oh you're such a killjoy, Sean. What we need is more invective and snark. Clifton obliges us:
[Google is] telling the truth. ... Google Groups specifically is notorious for hosting malware, phishing, and spam, and Google won't do anything about [it] because:
1) cleaning up abuse is not a profit center,
2) they're Google - who would dare to block them?
I've seen several good, sincere people at Google, with impressive tech credentials, go into that mess to clean it up and eventually give up in frustration because nobody else at Google gives a **** about it. The Google blog services they bought - Blogspot, etc. - have similar issues, plus a tendency to make arbitrary, capricious, and downright crazy judgements against ordinary users.
But, hey, perhaps Google is merely speaking the truth when it warns its site might "trick you to download software or steal your information." So says bubuopapa:
Its not wrong, you know - this ****** company...still is pushing their google chrome spyware/browser through all its sub sites, like mail, maps, search. ... Chrome spyware...is sending info...without any breaks all the time.
Yeah, OK, so the sky isn't falling. But what happens if we continually warn users that it might be? With the Chicken-Little angle, it's Walkin_mn:
But it also loses sense. ... “This car is dangerous because it can take you to a dangerous street.” [When] putting warning tags [on] everything, you...lose the importance of the warning if everything has a warning.
Update 1: So what should you do if your site is flagged by Safe Browsing? Google's Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas and Elie Bursztein co-write a paper with UCB's Frank Li, Grant Ho and Vern Paxson-Remedying Web Hijacking:
Safe Browsing and Search Quality automatically detect when websites clean up by periodically [re-]scanning pages. ... Sites are eligible for re-scans 14 days after their previous scan.
This [is] a coarse window. [So] as an alternative [we] provide a tool via Search Console where webmasters can appeal warnings. ... Webmasters have an additional channel of appealing through StopBadware. ... The appeals process signals when webmasters believe their pages are cleaned.
Browser interstitials—while intended to alert visitors to potentially harmful content—correlate with faster remediation. ... 80% of operators successfully clean up symptoms on their first appeal.
Update 2: Sooner or later, Google will fix the issue. But then who will hack it? Robert Hackett will—Google Has Stopped Rating 'Google.com' as 'Partially Dangerous':
Well, that was awkward. ... Google’s Safe Browsing tool...stopped grading its flagship site as a hazard.
A Google spokesperson [said] the alert abated...and that the...service is always on the hunt for security issues. ... The warning specifically called out Google Groups. ... Google’s tool continues to indicate that...Tumblr.com and Github.com, are...“not safe to visit right now,”
Google’s Safe Browsing tool has called out google.com as partially dangerous before. ... Last fall...the warning mentioned...Blogger and Google Plus [and] Google Groups.
An exploding car battery could ruin your day
[possible mildly-NSFW choochins]
You have been reading IT Blogwatch by Richi Jennings, who curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or email@example.com.
Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.