←back to thread

Google flags Immich sites as dangerous

(immich.app)
1281 points janpio | 2 comments | 22 Oct 25 20:53 UTC | HN request time: 1.141s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(16): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #>>45679802 #
BartjeD ◴[23 Oct 25 06:55 UTC] No.45678975[source]
There is no law appointing that organization as a world wide authority on tainted/non tainted sites.

The fact it's used by one or more browsers in that way is a lawsuit waiting to happen.

Because they, the browsers, are pointing a finger to someone else and accusing them of criminal behavior. That is what a normal user understands this warning as.

Turns out they are wrong. And in being wrong they may well have harmed the party they pointed at, in reputation and / or sales.

It's remarkable how short sighted this is, given that the web is so international. Its not a defense to say some third party has a list, and you're not on it so you're dangerous

Incredible

replies(1): >>45679010 #
jtwaleson ◴[23 Oct 25 07:00 UTC] No.45679010[source]
As far as I know there is currently no international alternative authority for this. So definitely not ideal, but better than not having the warnings.
replies(1): >>45679045 #
BartjeD ◴[23 Oct 25 07:05 UTC] No.45679045[source]
Yes but that's not a legal argument.

You're honor, we hurt the plaintiff because it's better than nothing!

replies(1): >>45679178 #
jtwaleson ◴[23 Oct 25 07:28 UTC] No.45679178[source]
True, and agreed that lawsuits are likely. Disagree that it's short-sighted. The legal system hasn't caught up with internet technology and global platforms. Until it does, I think browsers are right to implement this despite legal issues they might face.
replies(1): >>45679425 #
1. BartjeD ◴[23 Oct 25 08:10 UTC] No.45679425[source]
In what country hasn't the legal system caught up?

The point I raise is that the internet is international. There are N legal systems that are going to deal with this. And in 99% of them this isn't going to end well for Google if plaintiff can show there are damages to a reasonable degree.

It's bonkers in terms of risk management.

If you want to make this a workable system you have to make it very clear this isn't necessarily dangerous at all, or criminal. And that a third party list was used, in part, to flag it. And even then you're impeding visitors to a website with warnings without any evidence that there is in fact something wrong.

If this happens to a political party hosting blogs, it's hunting season.

replies(1): >>45682047 #
2. jtwaleson ◴[23 Oct 25 14:14 UTC] No.45682047[source]
I meant that there is no global authority for saying which websites are OK and which ones are not. So not really that the legal system in specific countries have not caught up.

Lacking a global authority, Google is right to implement a filter themselves. Most people are really really dumb online and if not as clearly "DO NOT ENTER" as now, I don't think the warnings will work. I agree that from a legal standpoint it's super dangerous. Content moderation (which is basically what this is) is an insanely difficult problem for any platform.