←back to thread

Google flags Immich sites as dangerous

(immich.app)
706 points janpio | 6 comments | 22 Oct 25 20:53 UTC | HN request time: 0.882s | source | bottom
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(15): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #
CaptainOfCoit ◴[23 Oct 25 01:08 UTC] No.45677080[source]
I think it's somewhat tribal webdev knowledge that if you host user generated content you need to be on the PSL otherwise you'll eventually end up where Immich is now.

I'm not sure how people not already having hit this very issue before is supposed to know about it beforehand though, one of those things that you don't really come across until you're hit by it.

replies(3): >>45677097 #>>45677221 #>>45677257 #
1. tonyhart7 ◴[23 Oct 25 01:39 UTC] No.45677257[source]
so its skill issue ??? or just google being bad????
replies(1): >>45677435 #
2. yndoendo ◴[23 Oct 25 02:15 UTC] No.45677435[source]
I will go with Google being bad / evil for 500.

Google 90s to 2010 is nothings like Google 2025. There is a reason they removed "Don't be evil" ... being evil and authoritarian makes more money.

Looking at you Manifest V2 ... pour one out for your homies.

replies(3): >>45677808 #>>45677823 #>>45678538 #
3. shadowgovt ◴[23 Oct 25 03:15 UTC] No.45677808[source]
Sympathy for the devil, people keep using Google's browser because the safe search guards catch more bad actors than they false positive good actors.
replies(1): >>45678312 #
4. tonyhart7 ◴[23 Oct 25 03:18 UTC] No.45677823[source]
downvoted for saying truth

many google employee is in here, so I dont expect them to be agree with you

5. hulitu ◴[23 Oct 25 05:05 UTC] No.45678312{3}[source]
> people keep using Google's browser because the safe search guards catch more bad actors than they false positive good actors.

This is the first thing i disable in Chrome, Firefox and Edge. The only safe thing they do is safely sending all my browsing history to Google or Microsoft.

6. lucideer ◴[23 Oct 25 05:45 UTC] No.45678538[source]
Don't get me wrong, Google is bad/evil in many ways, but the public suffix list exists to solve a real risk to users. Google is flagging this for a legit reason in this particular case.