Google flags Immich sites as dangerous

(immich.app)

706 points janpio | 1 comments | 22 Oct 25 20:53 UTC | HN request time: 0s | source

Show context

arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]▶

If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....

replies(15): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #

0xbadcafebee ◴[23 Oct 25 02:02 UTC] No.45677379[source]▶

>>45676475 #

  In the past, browsers used an algorithm which only denied setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this did not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites could set a cookie for .co.uk which would be passed onto every website registered under co.uk.

  Since there was and remains no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list. This is the aim of the Public Suffix List.
  
  (https://publicsuffix.org/learn/)

So, once they realized web browsers are all inherently flawed, their solution was to maintain a static list of websites.

God I hate the web. The engineering equivalent of a car made of duct tape.

replies(6): >>45677442 #>>45678161 #>>45678382 #>>45678520 #>>45678922 #>>45679006 #

lukan ◴[23 Oct 25 02:16 UTC] No.45677442[source]▶

>>45677379 #

"The engineering equivalent of a car made of duct tape"

Kind of. But do you have a better proposition?

replies(2): >>45677503 #>>45678251 #

gmueckl ◴[23 Oct 25 02:25 UTC] No.45677503[source]▶

>>45677442 #

A part of the issue is IMO that browsers have become ridiculously bloated everything-programs. You could take about 90% of that out and into dedicated tools and end up with something vastly saner and safer and not a lot less capable for all practical purposes. Instead, we collectively are OK with frosting this atrocious layer cake that is today's web with multiple flavors of security measures of sometimes questionable utility.

End of random rant.

replies(4): >>45677688 #>>45677734 #>>45677747 #>>45678076 #

lukan ◴[23 Oct 25 02:59 UTC] No.45677734[source]▶

>>45677503 #

"You could take about 90% of that out and into dedicated tools "

But then you would loose plattform independency, the main selling point of this atrocity.

Having all those APIs in a sandbox that mostly just work on billion devices is pretty powerful and a potential succesor to HTML would have to beat that, to be adopted.

The best thing to happen, that I can see, is that a sane subset crystalizes, that people start to use dominantly, with the rest becoming legacy, only maintained to have it still working.

But I do dream of a fresh rewrite of the web since university (and the web was way slimmer back then), but I got a bit more pragmatic and I think I understood now the massive problem of solving trusted human communication better. It ain't easy in the real world.

replies(3): >>45677833 #>>45677843 #>>45678003 #

1. ngold ◴[23 Oct 25 03:52 UTC] No.45678003{5}[source]▶

>>45677734 #

Not sure if it counts but I've been enjoying librewolf. I believe just a stripped down firefox.

↑