Comment by ehsankia
5 years ago
Are you implying that the list no longer has a good intention? I wouldn't be surprised if there are multiple orders of magnitude more phishing and hacked websites in 2021 than there was in 2004. Even with human checking, I doubt you'll even have 0% failure rate. Is the solution to just give up on blocking phishing sites?
The failure rate doesn't need to be 0%. If the solution is good, at least it'll be close to 0% which means that it'd be possible for the vendor to provide better support for the small number of mistakes so that they can be clearly explained to the affected party and rectified more quickly. If the failure rate is too high to make better support infeasible, then the current solution is not really a good one and we need to consider a revision.
> Are you implying that the list no longer has a good intention?
Most of the time I run into blocked sites they seem to be blocked because of copyright infringement, not phishing. The only phishing sites I've seen in the last year or so are custom tailored. For example, I had to deal with a compromised MS365 account last year where the bad actor spun up a custom phishing site using the logo, signature, etc. of the victim.
So IMHO the intentions are no longer pure plus the effect is diminished and being worked around.
The solution is for the legitimate sites that are driven out of business by Google AI to sue Google for tortuous interference and libel.
This helps one group and hurts another. If Google is liable for blocking potential malware and phishing pages, they'll either stop blocking it, or adjust their algorithm to strongly err on the side of allowing phishing sites.
Businesses become safer, but more regular people will get phished.
>or adjust their algorithm to strongly err on the side of allowing phishing sites.
It'a not the role of Google to disallow phishing sites (as a browser) just like it's not the role of the ISP.
Make it hookable so people can chose their own phising protection service.
7 replies →
The problem isn't the company that blocked it. The problem is the company that reported that there was a problem when there wasn't. In this case it sounds like Google is both companies.
>Is the solution to just give up on blocking phishing sites?
IMHO yes. It's too much power for one company to wield. And especially a company with such questionable morals as Google. This cure is worse than the disease.
I thought you said, the curse is worse than the disease... which also would've made sense.
" Is the solution to just give up on blocking phishing sites?"
But maybe not do it by default on browser-level.
But if you do, then there really needs to be ways to combat wrong decisions in a timely manner.