Comment by dmoreno
4 months ago
Happened to me last week. One morning we wake up and the whole company website does not work.
Not advice with some time to fix any possible problem, just blocked.
We gave very bad image to our clients and users, and had to give explanations of a false positive from google detection.
The culprit, according to google search console, was a double redirect on our web email domain (/ -> inbox -> login).
After just moving the webmail to another domain, removing one of the redirections just in case, and asking politely 4 times to be unblocked.. took about 12 hours. And no real recourse, feedback or anything about when its gonna be solved. And no responsibility.
The worse is the feeling of not in control of your own business, and depending on a third party which is not related at all with us, which made a huge mistake, to let out clients use our platform.
File a small claim for damages up to 10,000 to 20,000 USD depending on your local statues.
It’s actually pretty quick and easy. They cannot defend themselves with lawyers, so a director usually has to show up.
It would be glorious if everybody unjustly screwed by Google did that. Barring antitrust enforcement, this may be the only way to force them to behave.
it wouldn't work. they'd hire some minimum wage person to go to all of them and just read the terms and conditions you agreed to that include language about arbitration or whatever
5 replies →
In all US states corporations may be represented by lawyers in small claims cases. The actual difference is that in higher courts corporations usually must be represented by lawyers whereas many states allow normal employees to represent corporations when defending small claims cases, but none require it.
This is not accurate. I filed a claim against Bungalow in Oregon. They petitioned the judge to allow their in house attorney I was dealing with to represent them. The judge denied the request citing the Oregon statute that attorneys may not participate in small claims proceedings. Bungalow flew out their director of some division who was ill prepared.
Slam dunk. took all of 6-8 hours of my time end to end. The claim was a single page document. Got the max award allowable. Would have got more had it been California.
55.090 Appearance by parties and attorneys; witnesses. (1) Except as may otherwise be provided by ORS 55.040, no attorney at law nor any person other than the plaintiff and defendant shall become involved in or in any manner interfere with the prosecution or defense of the litigation in the department without the consent of the justice of the justice court, nor shall it be necessary to summon witnesses.
2 replies →
This is just so inaccurate, at least for California.
Not to mention that they have general council, who are lawyers but also just employees.
I've been thinking for a while that a coordinated and massive action against a specific company by people all claiming damages in small claims court would be a very effective way of bringing that company to heel.
I wonder how that will work with mandatory arbitration clauses. Guess you don't know until you try.
4 replies →
And now your Gmail account has been deleted as well as any other accounts you had with Google
That's okay, you have backup of your data, and you don't really depend on your Gmail account for anything important.
2 replies →
So what? Why would you want to continue to use the services of a company you had to sue? That’s kind of a “burning the bridges” moment.
1 reply →
Do small claims apply to things like this where damages are indirect?
I believe so. For me it was helpful to visualize getting up and convincing the judge of the damages.
I’d run a PnL, get average daily income from visitors, then claim that loss as damages. In court I’d bring a simple spreadsheet showing the hole in income as evidence of damages.
If there were contractors to help get the site back up I’d claim their payments as damages and include their invoices as evidence.
> The culprit, according to google search console, was a double redirect on our web email domain (/ -> inbox -> login).
I find it hard to believe that the double redirect itself tripped it: multiple redirects in a row is completely normal—discouraged in general because it hurts performance, but you encounter them all the time. For example, http://foo.example → https://foo.example → https://www.foo.example (http → https, then add or remove www subdomain) is the recommended pattern. And site root to app path to login page is also pretty common. This then leads me to the conclusion that they’re not disclosing what actually tripped it. Maybe multiple redirects contributed to it, a bad learned behaviour in an inscrutable machine learning model perhaps, but it alone is utterly innocuous. There’s something else to it.
Want to see how often Microsoft accounts redirect you? I'd love to see Google block all of Microsoft, but of course that will never happen, because these tech giants are effectively a cartel looking out for each other. At least in comparison to users and smaller businesses.
The reason Google doesn’t block Microsoft isn’t that they’re “looking out for Microsoft.” They’re looking out for themselves by being aware that blocking something that millions of people use would be bad for business.
4 replies →
I suspect you're right... The problem is, and i've experienced this with many big tech companies, you never really get any explanation. You report an issue, and then, magically, it's "fixed," with no further communication.
This looks like the same suicide inducing type of crap by google that previously only android devs on playstore were subject to.
I'm permanently banned from the Play Store because 10+ years ago I made a third-party Omegle client, called it Yo-megle (neither Omegle nor Yo-megle still exist now), got a bunch of downloads and good ratings, then about 2 years later got a message from Google saying I was banned for violating trademark law. No actual legal action, just a message from Google. I suppose I'm lucky they didn't delete my entire Google account.
I'm beginning to seriously think we need a new internet, another protocol, other browsers just to break up the insane monopolies that has been formed, because the way things are going soon all discourse will be censored, and competitors will be blocked soon.
We need something that's good for small and medium businesses again, local news and get an actual marketplace going - you know what the internet actually promised.
Anyone working on something like this?
The community around NOSTR are basically building a kind of semantic web, where users identities are verified via their public key, data is routed through content agnostic relays, and trustworthiness is verified by peer recommendation.
They are currently experimenting with replicating many types of services which are currently websites as protocols with data types, with the goal being that all of these services can share available data with eachother openly.
It's definitely more of a "bazaar" model over a "catherdral" model, with many open questions and it's also tough to get a good overview of what is really going on there. But at least it's an attempt.
We have a “new internet”. We have the indie web, VPNs, websites not behind Cloudflare, other browsers. You won’t have a large audience, but a new protocol won't fix that.
Also, plenty of small and medium businesses are doing fine on the internet. You only hear about ones with problems like this. And if these problems become more frequent and public, Google will put more effort into fixing them.
I think the most practical thing we can do is support people and companies who fall through the cracks, by giving them information to understand their situation and recover, and by promoting them.
"Google will put more effort into fixing them"
Why would they do that? Do they lose money from these people? Why would they care? they're a monopoly they don't need to care
5 replies →
Stop trying to look for technological answers to political problems. We already have a way to avoid excessive accumulation of power by private entities, it's called "anti-trust laws" (heck, "laws" in general).
Any new protocol not only has to overcome the huge incumbent that is the web, it has to do so grassroots against the power of global capital (trillions of dollars of it). Of course, it also has to work in the first place and not be captured and centralised like another certain open and decentralised protocol has (i.e., the Web).
Is that easier than the states doing their jobs and writing a couple pages of text?
States are made of people both at decision and at street level. Many anti-trust laws were made when the decision people that were not very tied with the actual interests - nowadays this seem to change. At no point I think people at street level ever understood the actual implications.
A structural solution is to educate and lift the whole population to better understand the implications of their choices.
A tactic solution is to try to limit the collusion of decision people and private entities, but this does not seem to go extremely well.
An "evolutionary" solution (that just happens) used to be to have a war - that would push a lot of people to look for efficiency rather than for some interests. But this is made more complex by nukes.
I don't really see how anti-trust would address something like Google Chrome's safe browsing infrastructure.
The problem is that the divide of alignment of interests there is between new, small companies and users. New companies want to put up a website without tripping over one of the thousand unwritten rules of "How to not look like a phishing site or malware depot" (many of which are unwritten because protecting users and exploiting users is a cat-and-mouse game)... And users don't want to get owned.
Shard Chrome off from Google and it still has incentives to protect users at the cost of new companies' ease of joining the global network as a peer citizen. It may have less signal as a result of a curtailed visibility on the state of millions of pages, but the consequence of that is that it would offer worse safe browsing protection and more users would get owned as a result.
Perhaps the real issue is that (not unlike email) joining the web as a peer citizen has just plain gotten harder in the era of bad actors exploiting the infrastructure to cause harm to people.
Like... You know what never has these problems? My blog. It's a static-site-generated collection of plain HTML that updates once in a blue moon via scp. I'm not worried about Google's safe browsing infrastructure, because I never look like a malware site. And if I did trip over one of the unwritten rules (or if attackers figured out how to weaponize something personal-blog-shaped)? The needs of the many justify Chrome warning people before going to my now-shady site.
8 replies →
It's very, very hard to overcome the gravitational forces which encourage centralization, and doing so requires rooting the different communities that you want to exist in their own different communities of people. It's a political governance problem, not a technical one.
This is the key idea.
Companies have economy of scale (Google, for instance, is running dozens to hundreds of web apps off of one well-maintained fabric) and the ability to force consolidation of labor behind a few ideas by controlling salaries so that the technically hard, detailed, or boring problems actually get solved. Open source volunteer projects rarely have either of those benefits.
In theory, you could compete with Google via
- Well-defined protocols
- That a handful of projects implement (because if it's too many, you split the available talent pool and end up with e.g. seven mediocre photo storage apps that are thin wrappers around a folder instead of one Google Photos with AI image search capability).
- Which solve very technically hard, detailed, or boring technical problems (AI image search is an actual game-changer feature; the difference between "Where is that one photo I took of my dog? I think it was Christmas. Which Christmas, hell I don't know" and "Show me every photo of my dog, no not that dog, the other dog").
I'd even risk putting up bullet point four: "And be willing to provide solutions for problems other people don't want solved without those other people working to torpedo your volunteer project" (there are lots of folks who think AI image detection is de-facto evil and nobody should be working on it, and any open source photo app they can control the fate of will fall short of Google's offering for end-users).
You make it seem like the problem is of technical nature (instead of regulatory or other). Would you mind explaining why?
Technical alternatives already exist, see for example GNUnet.
Problem is that as soon as some technology takes traction, it catches the attention of businesses, and there is where the slow but steady enshittification process begins. Not that business necessarily equals enshittification, but in a world dominated by capitalism without borders soon or later someone will break some unwritten rules and others will have to follow to remain competitive, until that new technology will become a new web, and we'll be back to square one. To me the problem isn't technical, as isn't its solution.
1 reply →
How about the Invisible Internet Project, https://geti2p.net?
IPFS has been doing some great work around decentralization that actually scales (Netflix uses it internally to speed up container delivery), but a) it's only good for static content, b) things still need friendly URLs, and c) once it becomes the mainstream, bad actors will find a way to ruin it anyway.
These apply to a lot of other decentralized systems too.
In no way does IPFS "actually scale" while it takes two minutes (120 seconds) to find an object.
It won't get anywhere unless it addresses the issue of spam, scammers, phishing etc. The whole purpose of Google Safe Browsing is to make life harder for scammers.
How does the Internet addresses that?
True, but google already censors their search results to push certain imperial agendas so i'm not trusting them in the long run.
I'm not sure, but it's on my mind.
I own what I think are the key protocols for the future of browsers and the web, and nobody knows it yet. I'm not committed to forking the web by any means, but I do think I have a once-in-a-generation opportunity to remake the system if I were determined to and knew how to remake it into something better.
If you want to talk more, reach out!
Intriguing comment, but your username does not inspire confidence.
1 reply →
This is not a technical problem. You will not solve it with purely technical solutions.
I'm afraid this can't be built on the current net topology which is owned by the Stupid Money Govporation and inherently allows for roadblocks in the flow of information. Only a mesh could solve that.
But the Stupid Money Govporation must be dethroned first, and I honestly don't see how that could happen without the help of an ELE like a good asteroid impact.
It will take the same or less amount of time, to get where we are with current Web.
What we have is the best sim env to see how stuff shape up. So fixing it should be the aim, avoiding will get us on similar spirals. We'll just go on circles.
Having a decade of fresh air is also a good incentive regardless of how it ends
1 reply →
Have you talked to your lawyer? Making Google pay for their carelessness is the ONLY way to get them to care.