Comment by oji0hub
5 years ago
They have the option of not wielding the hammer. I for one never appointed them the guardian of the walled internet.
5 years ago
They have the option of not wielding the hammer. I for one never appointed them the guardian of the walled internet.
So browsers should just let users go to obvious phishing sites?
It's easy to take this position when you're very tech savvy. Imagine how many billions of less tech savvy people these kinds of blocklists are protecting.
It's very easy to imagine a different kind of article being written: "How Google and Mozilla let their users get scammed".
I mean, it was barely a decade ago when my parents computers regularly got filled with malware and popups and scams. They regularly fell for bullshit online. Maybe they have gotten more savvy, but I feel like this has overall greatly decreased, in a world where there's actually increasingly more bad actors.
Even if you're tech savvy. I've been phished. I was only saved by 2 factor and luck.
https://blog.greggman.com/blog/getting-phished/
> I for one never appointed them the guardian of the walled internet.
On the other hand, lots of chrome users most likely do trust google to protect them from phishing sites. For those ~3 billion users a false positive on some SaaS they've never heard of is a small price to pay.
It's a tricky moral question as to what level of harm to businesses is an acceptable trade off for the security of those users.
The trade-off isn't between increased phishing vs. increased false positives. It's being able to get a human on the phone vs Google's profit margins. Break them up already.
I actually don't think this is that hard to fix though.
I'm a fan of google doing their best to protect people from scammers. The real issue here is no way to submit an escalated help request when they accidentally mess up. eg they could build a service where -- and I doubt scammers would play -- $100 (or even $1k) would escalate a help request with a 15 minute SLA. I run a business; we would have no problem paying an escalation fee.
I can already see the headlines on HN:
"How Google Runs a Pay-to-Play Protection Racket"
1 reply →
This was the old Microsoft support model: opening a case cost $99(IIRC), but if the case was actually a MS bug/issue they’d waive the fee.
1 reply →
This. Why is there an implicit agreement that okay Google is the gatekeeper. It shouldn't be. The internet did not appoint Google as the gatekeeper.
>The internet did not appoint Google as the gatekeeper.
Uh, it kind of did, when internet-savvy early adopters (and developers) convinced all their friends, then family, then acquaintances, to switch to Chrome a decade ago.
I know there's probably a very large number of FOSS-only types on this site who would disagree with that assessment, and claim that they've always been in the Firefox camp, but the sheer market share of chrome clearly shows that they are the minority.
Everyone switched to chrome because they were tired of IE having too much power and not conforming to standards. Nowadays web devs often build chrome-first, using chromium-only features, and the shoe has almost migrated to the other foot.
> Why is there an implicit agreement that okay Google is the gatekeeper.
Because they run a popular browser and don't want their users getting scammed?
For each tech savvy person mad about this, there's 10 non-tech-savvy people completely oblivious that could get scammed by phishing sites we'd consider obvious.
Sure, they should do a better job, but that blacklist is probably millions of websites big at this point. It's the kind of thing where a perfect job is essentially impossible, and the scale means that even doing a decent job is going to be extremely difficult.