Google flags Immich sites as dangerous

(immich.app)

1021 points janpio | 2 comments | 22 Oct 25 20:53 UTC | HN request time: 0.474s | source

Show context

Animats ◴[22 Oct 25 23:29 UTC] No.45676471[source]▶

>>45675015 (OP) #

If you block those internal subdomains from search with robots.txt, does Google still whine?

replies(2): >>45676712 #>>45677686 #

david_van_loon ◴[23 Oct 25 02:51 UTC] No.45677686[source]▶

>>45676471 #

Yes, my family Immich instance is blocked from indexing both via headers and robots.txt, yet it's still flagged by Google as dangerous.

replies(1): >>45678854 #

1. jeroenhd ◴[23 Oct 25 06:37 UTC] No.45678854[source]▶

>>45677686 #

I'm kind of curious, do you have your own domain for immich or is this part of a malware-flagged subdomain issue? It's kind of wild to me that Google would flag all instances of a particular piece of self-hosted software as malicious.

replies(1): >>45679645 #

2. skatsubo ◴[23 Oct 25 08:41 UTC] No.45679645[source]▶

>>45678854 (TP) #

G would flag _some_ instances.

Possible scenario:

- A self-hosted project has a demo instance with a default login page (demo.immich.app, demo.jellyfin.org, demo1.nextcloud.com) that is classified as "primary" by google's algorithms

- Any self-hosted instance with the same login page (branding, title, logo, meta html) becomes a candidate for deceptive/phishing by their algorithm. And immich.cloud has a lot of preview envs falling in that category.

BUT in Immich case its _demo_ login page has its own big banner, so it is already quite different from others. Maybe there's no "original" at all. The algorithm/AI just got lost among thousands of identically looking login pages and now considers every other instance as deceptive...

↑