Google flags Immich sites as dangerous

(immich.app)

1045 points janpio | 2 comments | 22 Oct 25 20:53 UTC | HN request time: 0s | source

Show context

jdsully ◴[23 Oct 25 01:39 UTC] No.45677260[source]▶

The one thing I never understood about these warnings is how they don't run afoul of libel laws. They are directly calling you a scammer and "attacker". The same for Microsoft with their unknown executables.

They used to be more generic saying "We don't know if its safe" but now they are quite assertive at stating you are indeed an attacker.

replies(4): >>45677490 #>>45677615 #>>45678221 #>>45678896 #

1. acoustics ◴[23 Oct 25 04:41 UTC] No.45678221[source]▶

>>45677260 #

This is tricky to get right.

If the false positive rate is consistently 0.0%, that is a surefire sign that the detector is not effective enough to be useful.

If a false positive is libel, then any useful malware detector would occasionally do libel. Since libel carries enormous financial consequences, nobody would make a useful malware detector.

I am skeptical that changing the wording in the warning resolves the fundamental tension here. Suppose we tone it down: "This executable has traits similar to known malware." "This website might be operated by attackers."

Would companies affected by these labels be satisfied by this verbiage? How do we balance this against users' likelihood of ignoring the warning in the face of real malware?

replies(1): >>45678892 #

2. donmcronald ◴[23 Oct 25 06:43 UTC] No.45678892[source]▶

>>45678221 (TP) #

The problem is that it's so one sided. They do what they want with no effort to avoid collateral damage and there's nothing we can do about it.

They could at least send a warning email to the RFC2142 abuse@ or hostmaster@ address with a warning and some instructions on a process for having the mistake reviewed.

↑