←back to thread

Google flags Immich sites as dangerous

(immich.app)
1021 points janpio | 3 comments | 22 Oct 25 20:53 UTC | HN request time: 1.41s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(16): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #>>45679802 #
BartjeD ◴[23 Oct 25 06:55 UTC] No.45678975[source]
There is no law appointing that organization as a world wide authority on tainted/non tainted sites.

The fact it's used by one or more browsers in that way is a lawsuit waiting to happen.

Because they, the browsers, are pointing a finger to someone else and accusing them of criminal behavior. That is what a normal user understands this warning as.

Turns out they are wrong. And in being wrong they may well have harmed the party they pointed at, in reputation and / or sales.

It's remarkable how short sighted this is, given that the web is so international. Its not a defense to say some third party has a list, and you're not on it so you're dangerous

Incredible

replies(1): >>45679010 #
jtwaleson ◴[23 Oct 25 07:00 UTC] No.45679010[source]
As far as I know there is currently no international alternative authority for this. So definitely not ideal, but better than not having the warnings.
replies(1): >>45679045 #
1. BartjeD ◴[23 Oct 25 07:05 UTC] No.45679045[source]
Yes but that's not a legal argument.

You're honor, we hurt the plaintiff because it's better than nothing!

replies(1): >>45679178 #
2. jtwaleson ◴[23 Oct 25 07:28 UTC] No.45679178[source]
True, and agreed that lawsuits are likely. Disagree that it's short-sighted. The legal system hasn't caught up with internet technology and global platforms. Until it does, I think browsers are right to implement this despite legal issues they might face.
replies(1): >>45679425 #
3. BartjeD ◴[23 Oct 25 08:10 UTC] No.45679425[source]
In what country hasn't the legal system caught up?

The point I raise is that the internet is international. There are N legal systems that are going to deal with this. And in 99% of them this isn't going to end well for Google if plaintiff can show there are damages to a reasonable degree.

It's bonkers in terms of risk management.

If you want to make this a workable system you have to make it very clear this isn't necessarily dangerous at all, or criminal. And that a third party list was used, in part, to flag it. And even then you're impeding visitors to a website with warnings without any evidence that there is in fact something wrong.

If this happens to a political party hosting blogs, it's hunting season.