I always wonder what the settlement and damages would be if google marked Amazon as a phishing site for even a few minutes.
The problem is that these gatekeepers of the internet respond to false statements of facts/opinions by so called professionals.
I had cloudflare mark a worker as phishing because a AI "security company" thought my 301 redirect to their clients website was somehow malicious. (url redirects are normal affiliate things)
If the professionals don't understand the difference and cloudflare and google blindly block things, this is scary.
There is a potentially different cause of action, tortious interference with business relationships. It does require that the defendant intended to interfere in a way that would cause harm to the plaintiff, though. Proving Google intended such harm would be difficult and expensive.
Google intends harm to everyone on that list. That's the point of the list. Google is unlikely to have intended this specific harm, but they don't have to.
Marking a website as "unsafe" in Chrome is equal to standing in front of the door of a small restaurant and blocking 71% of people going inside. Everyone first has to agree that they will enter the restaurant at their own risk.
That is more than an opinion. Chrome has a monopoly and should act accordingly. Blocking entry to a website should be a last resort, not just because someone didn't add their website to the whitelist.
Yeah. Everyone uses their list and being blocked by all web browsers is like having someone cover the doorway with a massive DANGER sign. It's insane that people are roaming around here arguing that it's ok because the damage caused is a necessity for "internet scale".
Right now, any damages are completely speculative at this point. I would suspect in this case, the damages are minimal, and taken in the broader context, the good outweighs the harm. Do you have evidence to the contrary?
The good outweighs the harm until it happens to you. The problem is that even if the failure rate is low, the failure can be catastrophic for the people suffering from it.
I use Ubiquiti as an example for an update they pushed to their UniFi systems a long time ago (5+ years). Some people were configuring their devices to use an https URL to connect to a management console when it was supposed to be http. Before the update, the console accepted http on the https port. After it didn't. That caused devices to disconnect from the management portal and remain offline.
When people complained, Ubiquiti said they realized it would happen, but it "would only affect a tiny percentage of customers." However, most customers that were affected had a 100% rate of failure. One person had something like 600-700 devices that got disconnected and required manual reconfiguration.
A 1% failure rate might be ok for the company, but it shouldn't be if the 1% of people affected suffer 100% failure. The distribution of the failures needs to be considered.
I had my primary domain that my entire family has used for 25 years put on that blacklist. If I hadn't been able to get it removed it would have had a massive negative impact on my life. Had it been suspended by the registry the way the OP of this article describes, I'm not sure how it would have worked out.
So it may be a false positive of .0000000001%, but would have ruined my life. I have 900 entries in my password manager and probably half of them are tied to that domain. Is my entire digital life acceptable collateral damage? Is yours?
“Ruined your life” sounds a little overdramatic when there are people being falsely accused and convicted of crimes and being thrown in jail for life (or worse).
I don’t mean to say your experience isn’t real and that you didn’t suffer some inconveniences. But come on, have some perspective.
And what did you do to get put on that blacklist, anyway?
(IANAL) It's not about how it's stated, but whether it can be objectively proven to be true or false. "unsafe" refers to the likelihood of something bad happening in the future. You can't prove that something bad will happen in the future, so it's opinion.
Also not a lawyer, but that makes intuitive sense. If I say "that food tastes bad", it's phrased as a fact, but a "reasonable person" (which is in fact a legal test used for some things, although I admit I'm not sure about libel) knows that there's an implicit "...to me" qualifier because the concept of taste itself is inherently subjective. My instinct is that while there are some things everyone would agree on as unsafe, it pretty quickly turns into a judgment call, and it probably makes sense to allow even ill-informed opinions that are made in good faith rather than malice or negligence. The question then becomes whether there's sufficient evidence to conclude something like that, and while the bar is lower for a libel claim than something criminal, it's still not obvious this would be provable here.
"Unsafe" is just a terribly vague word, too. As a layman, I wouldn't even know what that means with respect to a web site. What's "unsafe" about it? Is it going to shoot my dog? Is it going to drain my bank account? Is it going to give my computer a virus? Saying a web site is "unsafe" really isn't providing any interesting information, and it shouldn't be acted upon by pretty much anyone.
This seems like a distinction without difference, given everyone in the ecosystem takes that "opinion" as true fact, including the market-leading browser produced by the "opinion"-haver.
I get that's mostly what corporate lawyers argue about, but it's functionally dishonest in this case.
How is any kind of antivirus or threat detection software supposed to operate on this standard?
Libel suits can be financially catastrophic, so even a tiny false positive rate could present risk that disincentivizes producing such software at all.
And a threat detection mechanism that has a 0.0% false positive rate is conservative to the point of being nearly useless.
I think that is the idea. They shouldn't exist without a prompt mitigation path.
In other words, if you can't deal with the false positives in a timely manner. You SHOULD be liable for the damages.
I can't build a budget car put together in an unsafe manner. Then complain I can't compete due to all the peoples cars crashing and blowing up and suing me.
You document your claims with concrete evidence of fraud. That will be your libel defense. No evidence means you bear the full responsibility of a fuckup.
At internet scale, this would roughly be equivalent to not doing any warning or detection at all.
Scalable systems need to use heuristics to catch threats. Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.
There is a policy argument as to the right balance of concerns here. But there is a clear trade-off to make.
Then that heuristic is your evidence in court. If it's a good heuristic, you win the case. If it's a bad heuristic, you lose the case.
"Your Honor, we banned this person's website because his web page contained the word 'bitcoin' more than 5 times" will not hold up.
"Your Honor, we banned this person's website because it contains a bitcoin miner script. See, here is the script, and it matches the hash value found in these other attacks" hopefully holds up.
You're welcome to cite case law if you want to insist. Otherwise, unsafe (in the context of infosec) has a definition of likely or able to cause harm or malfunction. Something that is provable or falsifiable with evidence.
Whether that's true or not is irrelevant if it's defined by law differently. Even without case law and precedent you'd still have to test it in court, which for libel can be prohibitively expensive.
For clarity I'm not agreeing or disagreeing, but what means sense to the layperson (including experts in a particular field) is sometimes at odds with what the law says.
Isn't "oops we made a mistake" actually a valid defense to libel in most US states? I thought you had to prove it was intentional to some extent? Or reckless/negligent IANAL
Google takes no action to review the reports that their warnings are false until you sign up for Google products (namely - registering the site in their search console).
I reported a falsely flagged site repeatedly for weeks with absolutely no action from them.
Mozilla and Microsoft both did actually remove the warnings after the reports (Edge and Firefox stopped displaying the warning). Google did not. Google strong armed me into registering for google products, like a fucking bastard of a company.
This was the moment I went from "I don't love google anymore" to "Google can get fucked".
I wish them bankruptcy and every damn legal consequence that is possible to enforce.
"I believed it to be true" is a defense. But negligence isn't. In fact, that is usually what you want to prove, that they acted on things that a reasonable person (or a person that is supposed to be skilled in that field) can see is not true.
I'm curious as to how you would prove that it would be impossible for any resource accessible under a given DNS domain to ever cause harm to anyone else.
I'm afraid that's not how it works in modern law in the U.S.:
"In addition to establishing that the defendant was aware of his
statement's defamatory meaning, the plaintiff also must show that
the defamatory statement is false. The falsity requirement has
evolved gradually through a two-step process. Initially, the courts
recognized that truth was a defense in a defamation suit. With
time, however, the burden of proof on the issue of the statement's
truth or falsity shifted to the plaintiff, so that now a statement is
not actionable unless it can be proven false."
Google is stating in a position of authority. It's therefore being stated as at least a professional opinion with the equivalent weight of fact, or representing facts.
If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
Not to mention that the whole point of the list is for blocking in e.g. web browsers. Claiming it is just an opinion would be like a mobster claiming they didn't actually order a hit.
> If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
I agree with this! The registrar should not have triggered a suspension because of this. They're not obligated to, and the two processes should be decoupled.
The registrar should ignore reports of abuse, especially if coming from an authoritative source with vast resources that's been collecting reports on its own?
No.
The source should be more careful. It's the equivalent of a renowned newspaper printing warning a restaurant being unsafe to visit. Should the customers' willingness to visit be magically decoupled from this opinion?
It's like a renowned newspaper saying the restaurant is unsafe, and then also the restaurant's landlord taking it at face value and locking the doors without further investigation. Both can be wrong.
> The registrar should ignore reports of abuse, especially if coming from an authoritative source with vast resources that's been collecting reports on its own?
I'm not saying they should "ignore" reports of abuse but treat them as they are -- reports. They can then perform their own independent investigation.
That may well have happened here. I suspect the author isn't telling us something.
“unsafe” is a term that is both broader and more vague, so I would consider it opinion unless backed up by appropriate facts (like “contains CSAM”, “contains malware”, and so forth).
Depends on jurisdiction. In the UK it's not an absolute defence, you still have to prove it's an opinion a "reasonable person" could come to based on facts.
As someone who has also been bit by this, and with the only possible resolution being that I sign up for google services and register my site with them in the google search dashboard...
Fuck Google.
This is absolutely libel. They put a big fucking red banner on top of my site, telling the world that it's unsafe, using all the authority they have as one of the largest tech companies in the world.
In my case - it was a jellyfin instance I'd stood up to host family videos of my kids for my parents.
It was not compromised, and showed only a login page. I reported it as a false flag repeatedly, for weeks, with Google doing jack fucking shit.
Only after signing up in their search console and registering the site did the warning disappear.
They are abusively forcing people into their products. Fuck Google.
In case it wasn't entirely clear - Google can get fucked. Fuck Google.
There’s nothing wrong with your dislike of Google. No matter how much you dislike them, though, the word “libel” has a meaning that should be respected. To opine that a site is unsafe is simply not libelous.
It's libelous in Germany unless you can prove it's true. In fact people regularly get punished in Germany for things like calling politicians idiots, because they can't prove they are idiots. https://www.ft.com/content/27626fa8-3379-4b69-891d-379401675...
Securing physical evidence subject to a warrant is not punishment under the law. But I take your point that this seems like a pretty heavy-handed reaction.
That sounds like a spurious distinction. Pretty sure you can’t say “Person X is a murderer” and then say “well I’m only expressing my opinion, and in my opinion if you do something that annoys me that qualifies as murder.”
Nope, not in the US. It is perfectly legal to say, for example, "Kyle Rittenhouse is a murderer" despite him being acquitted. You're entirely free to disagree with the result, that is an opinion. Any opinion based on public knowledge is ok. It doesn't even have to be reasonable or rational.
What you can't do is imply non-public knowledge, aka "I heard from my cousin who works in law enforcement that Kyle murdered a hobo when he was 12 but the records were sealed", or state specific facts that can be proven true or false: "Kyle murdered a hobo on September 11, 2018 out back of the 7-11 in Gainesville, FL"
The standard for libel/slander is much, much higher than people think. It's extremely difficult to meet them, and for public figures, it's almost impossible.
Is “opinion versus fact” relevant to that example? My impression is that Kyle Rittenhouse wouldn’t have a strong defamation case against a random person tweeting that he’s a murderer, but the reason isn’t that “it’s a statement of opinion.” The reason is that it’s a high profile and controversial homicide case, and it would be very difficult for Rittenhouse to show that that the random Twitter user had “actual malice.”
Sure it is, that's how the 1A works. Saying he was convicted of murder is not true, but calling him a murderer is an opinion. Your opinion doesn't even have to be reasonable. It just has to be based on facts that both you and I have.
1A rights are construed really broadly. The courts don't do the 'he wasn't legally convicted therefore it's illegal to call him one' thing.
If that were true, news organizations wouldn't be as careful as they are to preface the word "alleged" before the behavior -- before or after a trial. I don't think you'll find any reputable commercial newsgathering organization that makes a plain statement that Kyle Rittenhouse is a murderer.
The First Amendment doesn't protect the speaker against all forms of defamation (though it does put some barriers up that make it harder to win in some circumstances). If it did, defamation as a cause of action wouldn't exist at all.
As a practical matter, though, this is largely theoretical. Once you've been through the rigamarole of arrest, prosecution, and trial, even if you're found not guilty of the crimes committed, the reputational damage is just too widespread. You're not going to go after the defamers: there are just too many, and if you tried, there would be a fair question as to whether you have any positive reputation left to injure. Your life is pretty much ruined. It's a pretty terrible situation for the wrongly accused.
Nope. News companies don't do it because of different reasons.
For one, it's an opinion, and traditional journalism likes to pretend it doesn't have those.
The bigger reason is anyone can sue for anything in the US. Litigation can be ruinously expensive, and cost hundreds of thousands of dollars just to get it thrown out. Hundreds of lawsuits gets expensive, even if you win or hand out $25K "get lost" settlements.
(That's why SLAPP laws are so important -- a strong SLAPP law like CA kills this behavior)
Whether or not something is prudent behavior has nothing to do with legality.
In my opinion, a .online domain is unsafe. 99% of people only visit ".com"s unless they clicked a scam link. Completely blocking the site is overkill, but the browser should warn you about it like it does with non-SSL sites.
They should be held legally culpable for libellous claims they make.
I dont care if their pre-LLM ai says "thingy bad". They are responsible for the scripts or black boxes they control. I dont care if they dont give a reason.
Claiming bad/malicious/etc site is 100% libel. And doubly so, anybody who has been forced to agree to a ToS with binding arbitration should have it removed for libel.
The words in your link do not support the words in your comment. Don't be snarky unless you are certain you're correct.
> a plaintiff must show four things: 1) a false statement purporting to be fact; 2) publication or communication of that statement to a third person; 3) fault amounting to at least negligence; and 4) damages, or some harm caused to the reputation of the person or entity who is the subject of the statement.
They falsely marked the site unsafe[1] on a published list[2], the results weren't checked and couldn't be appealed[3] and OPs site was taken down[4].
"When Google marks a site as "unsafe" or "dangerous" in Chrome or search results, it is a factual finding based on automated detection of specific, technical security threats, rather than a subjective opinion. These warnings are triggered by Google’s Safe Browsing technology, which scans billions of URLs daily to protect users from malicious content"
Opinions and facts in a legal context usually comes down to who is saying what. Someone personally says "this soup is bad" on a review site = opinion. A news site plastering it on their front page = fact.
A person saying something as an individual is usually considered an opinion. A company doesn't have that same protection.
> "When Google marks a site as "unsafe" or "dangerous" in Chrome or search results, it is a factual finding based on automated detection of specific, technical security threats, rather than a subjective opinion. These warnings are triggered by Google’s Safe Browsing technology, which scans billions of URLs daily to protect users from malicious content"
Nope. Not correct. Companies have the same 1A rights, too.
In the US, it really doesn't matter who says it, the only thing that matters is who it's being said about.
If you are a "public figure" -- which is a much broader category in 1A law than you think -- then in order to prove defamation, you have to prove the thing was false _and_ that the person saying it knew it was false at the time. Not that they were mistaken, not that they were careless, not that they knew later, they deliberately lied and knew they lied as they said it.
If your next question is "how do you prove what someone was thinking", then yes. That is the reason it's nearly impossible.
Not talking about 1A rights or public figures. We are talking about
Opinions (Protected) vs Facts (Not Protected)
Defamation cases where individuals say something are usually considered opinions and companies are usually considered facts in the eyes of the courts. I say "Usually"
Defamation also DOES NOT require intent, but it requires a minimum level of fault (negligence)
Google saying something is unsafe in the web search or browser would not be considered an opinion because of their position of authority. It would not even be a debate since Google has already said they make decisions based on facts and data presented to them.
The only question is are they negligent in their assessment or response to a false report. And what would be the damages. In the case of a phishing report that is false courts would already consider it defamation per se (damages presumed)
We are absolutely talking about the 1A lol. Defamation is 1A law. It is one of the few recognized exceptions to the 1A.
And we are also 100% talking about public figures. "Public figures" include companies and it's a critical part of 1A since Times v Sullivan.
Google is a US company and has 1A rights. That's how it works. The rest of what you said is nonsense and is your idea of how it should work, but has nothing to do with how it actually works.
To be more accurate, defamation is civil tort law, circumscribed by the First Amendment. (Defamation as a cause of action is quite old, reaching back to our English common law roots, and goes back further in history, I believe.)
That's more general, not more accurate. Civil tort law is a broad class of things. It's like saying "to be more accurate, a supermarket is a type of store". Well, yes.
> Update: Within 40 minutes of posting this on HN, the site has been removed from Google's Safe Search blacklist. Thank you, unknown Google hero! I've emailed Radix to remove the darn serverHold.
I wouldn't party too soon - from my experience getting something removed from Google's libel machine doesn't mean the same process that put it there in the first place is fixed and it you will most likely go through the same thing again and again.
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
This is just another way how Google has inserted themselves as the gatekeeper of the web.
You can step up and be the maintainer of GTK2 (or anything else that would keep the 'deletionists' at bay) any time you want. Go on...I'm sure you have unlimited time and resources like all the other Debian maintainers.
Nonsense. You just need to make building the gtk2 unit optional, so that the distros can still build it. Almost no one needs gtk2, just Lazarus. Usually debian maintainers are happy to patch the build system to do that. They got a bad one.
The harder part is to upgrade Lazarus to qt6. Until that happens, Lazarus needs to be shipped as snap, flatpack or appimage with the gtk2 so's.
Exactly. "Let me explain how some else needs to do this thing, and how easy it is, and how that someone else needs to get right on that for my convenience". Because you're here to condescend, not to actually do anything.
I wish they would just sell those products unbranded - then they'd actually provide some meaningful value to those of us who don't want themselves and their house to be an advertising billboard.
That is the whole point of copyright/patent law. Society benefits by having interesting ideas brought to market, and society misses/looses out when people who bring ideas to market are punished by copycats, stopping new ideas/innovation.
You wouldn't have had an industrial revolution without copyright/patent laws.
In the modern world where we have done most of the low hanging fruit a new novel idea could be even more valuable for society to protect.
Your examples are ridiculous though.. The meaning of "[G]esundheitszeugnis" can be derived if you understand the 2 words.
Meanwhile, a Bahnhof would be a "Yard/square of lanes" if one didn't get taught that it's "train station". Although I suppose anyone learning German will quickly learn that "Bahn" is something to do with trains. Unless it's Autobahn. Or Schwimmbahn.
Why are they ridiculous? Words that get used, get used, the etymology is a curiosity to most. In English, we use "computer" even though it used to be a job title. Native English speakers freely use "rucksack" even though it was stolen from German and even though "backpack" is also available, without the space, as a compound English word for a pack worn on the back. English/German has "briefcase"/"Briefkasten" to describe a box that letters go in, it's just that the former is for transporting letters and the latter is for receiving them.
The point of poster a lower speed limit than what is applied is because both the sensors used by the police and in your card are inaccurate and it's unreasonable to constantly fine people who thought (and perhaps even were) within the limit.
And this applies to most other laws too - we can't expect everyone to know all the edge cases so some leniency for honest mistakes is needed.
reply