How is any kind of antivirus or threat detection software supposed to operate on this standard?
Libel suits can be financially catastrophic, so even a tiny false positive rate could present risk that disincentivizes producing such software at all.
And a threat detection mechanism that has a 0.0% false positive rate is conservative to the point of being nearly useless.
I think that is the idea. They shouldn't exist without a prompt mitigation path.
In other words, if you can't deal with the false positives in a timely manner. You SHOULD be liable for the damages.
I can't build a budget car put together in an unsafe manner. Then complain I can't compete due to all the peoples cars crashing and blowing up and suing me.
You document your claims with concrete evidence of fraud. That will be your libel defense. No evidence means you bear the full responsibility of a fuckup.
At internet scale, this would roughly be equivalent to not doing any warning or detection at all.
Scalable systems need to use heuristics to catch threats. Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.
There is a policy argument as to the right balance of concerns here. But there is a clear trade-off to make.
You're welcome to cite case law if you want to insist. Otherwise, unsafe (in the context of infosec) has a definition of likely or able to cause harm or malfunction. Something that is provable or falsifiable with evidence.
Whether that's true or not is irrelevant if it's defined by law differently. Even without case law and precedent you'd still have to test it in court, which for libel can be prohibitively expensive.
For clarity I'm not agreeing or disagreeing, but what means sense to the layperson (including experts in a particular field) is sometimes at odds with what the law says.
I'm curious as to how you would prove that it would be impossible for any resource accessible under a given DNS domain to ever cause harm to anyone else.
Isn't "oops we made a mistake" actually a valid defense to libel in most US states? I thought you had to prove it was intentional to some extent? Or reckless/negligent IANAL
Google is stating in a position of authority. It's therefore being stated as at least a professional opinion with the equivalent weight of fact, or representing facts.
If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
Not to mention that the whole point of the list is for blocking in e.g. web browsers. Claiming it is just an opinion would be like a mobster claiming they didn't actually order a hit.
> If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
I agree with this! The registrar should not have triggered a suspension because of this. They're not obligated to, and the two processes should be decoupled.
“unsafe” is a term that is both broader and more vague, so I would consider it opinion unless backed up by appropriate facts (like “contains CSAM”, “contains malware”, and so forth).
Depends on jurisdiction. In the UK it's not an absolute defence, you still have to prove it's an opinion a "reasonable person" could come to based on facts.
As someone who has also been bit by this, and with the only possible resolution being that I sign up for google services and register my site with them in the google search dashboard...
Fuck Google.
This is absolutely libel. They put a big fucking red banner on top of my site, telling the world that it's unsafe, using all the authority they have as one of the largest tech companies in the world.
In my case - it was a jellyfin instance I'd stood up to host family videos of my kids for my parents.
It was not compromised, and showed only a login page. I reported it as a false flag repeatedly, for weeks, with Google doing jack fucking shit.
Only after signing up in their search console and registering the site did the warning disappear.
They are abusively forcing people into their products. Fuck Google.
In case it wasn't entirely clear - Google can get fucked. Fuck Google.
There’s nothing wrong with your dislike of Google. No matter how much you dislike them, though, the word “libel” has a meaning that should be respected. To opine that a site is unsafe is simply not libelous.
That sounds like a spurious distinction. Pretty sure you can’t say “Person X is a murderer” and then say “well I’m only expressing my opinion, and in my opinion if you do something that annoys me that qualifies as murder.”
Nope, not in the US. It is perfectly legal to say, for example, "Kyle Rittenhouse is a murderer" despite him being acquitted. You're entirely free to disagree with the result, that is an opinion. Any opinion based on public knowledge is ok. It doesn't even have to be reasonable or rational.
What you can't do is imply non-public knowledge, aka "I heard from my cousin who works in law enforcement that Kyle murdered a hobo when he was 12 but the records were sealed", or state specific facts that can be proven true or false: "Kyle murdered a hobo on September 11, 2018 out back of the 7-11 in Gainesville, FL"
The standard for libel/slander is much, much higher than people think. It's extremely difficult to meet them, and for public figures, it's almost impossible.
In my opinion, a .online domain is unsafe. 99% of people only visit ".com"s unless they clicked a scam link. Completely blocking the site is overkill, but the browser should warn you about it like it does with non-SSL sites.
They should be held legally culpable for libellous claims they make.
I dont care if their pre-LLM ai says "thingy bad". They are responsible for the scripts or black boxes they control. I dont care if they dont give a reason.
Claiming bad/malicious/etc site is 100% libel. And doubly so, anybody who has been forced to agree to a ToS with binding arbitration should have it removed for libel.
The words in your link do not support the words in your comment. Don't be snarky unless you are certain you're correct.
> a plaintiff must show four things: 1) a false statement purporting to be fact; 2) publication or communication of that statement to a third person; 3) fault amounting to at least negligence; and 4) damages, or some harm caused to the reputation of the person or entity who is the subject of the statement.
They falsely marked the site unsafe[1] on a published list[2], the results weren't checked and couldn't be appealed[3] and OPs site was taken down[4].
How is any kind of antivirus or threat detection software supposed to operate on this standard?
Libel suits can be financially catastrophic, so even a tiny false positive rate could present risk that disincentivizes producing such software at all.
And a threat detection mechanism that has a 0.0% false positive rate is conservative to the point of being nearly useless.
I think that is the idea. They shouldn't exist without a prompt mitigation path.
In other words, if you can't deal with the false positives in a timely manner. You SHOULD be liable for the damages.
I can't build a budget car put together in an unsafe manner. Then complain I can't compete due to all the peoples cars crashing and blowing up and suing me.
You document your claims with concrete evidence of fraud. That will be your libel defense. No evidence means you bear the full responsibility of a fuckup.
At internet scale, this would roughly be equivalent to not doing any warning or detection at all.
Scalable systems need to use heuristics to catch threats. Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.
There is a policy argument as to the right balance of concerns here. But there is a clear trade-off to make.
2 replies →
(IAAL but this is not legal advice.)
It’s not libel. Defamation requires a false statement of fact. Marking a website as “unsafe” is an opinion.
> Marking a website as “unsafe” is an opinion.
No, it's not.
You're welcome to cite case law if you want to insist. Otherwise, unsafe (in the context of infosec) has a definition of likely or able to cause harm or malfunction. Something that is provable or falsifiable with evidence.
Whether that's true or not is irrelevant if it's defined by law differently. Even without case law and precedent you'd still have to test it in court, which for libel can be prohibitively expensive.
For clarity I'm not agreeing or disagreeing, but what means sense to the layperson (including experts in a particular field) is sometimes at odds with what the law says.
I'm curious as to how you would prove that it would be impossible for any resource accessible under a given DNS domain to ever cause harm to anyone else.
1 reply →
Isn't "oops we made a mistake" actually a valid defense to libel in most US states? I thought you had to prove it was intentional to some extent? Or reckless/negligent IANAL
4 replies →
Google is stating in a position of authority. It's therefore being stated as at least a professional opinion with the equivalent weight of fact, or representing facts.
If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
Not to mention that the whole point of the list is for blocking in e.g. web browsers. Claiming it is just an opinion would be like a mobster claiming they didn't actually order a hit.
> If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
I agree with this! The registrar should not have triggered a suspension because of this. They're not obligated to, and the two processes should be decoupled.
4 replies →
How is it any more of an opinion to "mark" a website as "unsafe" than say, "contains CSAM"?
“contains CSAM” is likely an unarguable fact.
“unsafe” is a term that is both broader and more vague, so I would consider it opinion unless backed up by appropriate facts (like “contains CSAM”, “contains malware”, and so forth).
1 reply →
One is disprovable, the other is not.
Maybe libel is the wrong term, but erroneously marking a website as unsafe can lead to damages.
Only if it’s intentional (or maybe grossly negligent).
1 reply →
Depends on jurisdiction. In the UK it's not an absolute defence, you still have to prove it's an opinion a "reasonable person" could come to based on facts.
As someone who has also been bit by this, and with the only possible resolution being that I sign up for google services and register my site with them in the google search dashboard...
Fuck Google.
This is absolutely libel. They put a big fucking red banner on top of my site, telling the world that it's unsafe, using all the authority they have as one of the largest tech companies in the world.
In my case - it was a jellyfin instance I'd stood up to host family videos of my kids for my parents.
It was not compromised, and showed only a login page. I reported it as a false flag repeatedly, for weeks, with Google doing jack fucking shit.
Only after signing up in their search console and registering the site did the warning disappear.
They are abusively forcing people into their products. Fuck Google.
In case it wasn't entirely clear - Google can get fucked. Fuck Google.
There’s nothing wrong with your dislike of Google. No matter how much you dislike them, though, the word “libel” has a meaning that should be respected. To opine that a site is unsafe is simply not libelous.
1 reply →
That depends on jurisdiction. E.g. in South Korea true statements can constitute defamation too
That sounds like a spurious distinction. Pretty sure you can’t say “Person X is a murderer” and then say “well I’m only expressing my opinion, and in my opinion if you do something that annoys me that qualifies as murder.”
Nope, not in the US. It is perfectly legal to say, for example, "Kyle Rittenhouse is a murderer" despite him being acquitted. You're entirely free to disagree with the result, that is an opinion. Any opinion based on public knowledge is ok. It doesn't even have to be reasonable or rational.
What you can't do is imply non-public knowledge, aka "I heard from my cousin who works in law enforcement that Kyle murdered a hobo when he was 12 but the records were sealed", or state specific facts that can be proven true or false: "Kyle murdered a hobo on September 11, 2018 out back of the 7-11 in Gainesville, FL"
The standard for libel/slander is much, much higher than people think. It's extremely difficult to meet them, and for public figures, it's almost impossible.
5 replies →
In my opinion, a .online domain is unsafe. 99% of people only visit ".com"s unless they clicked a scam link. Completely blocking the site is overkill, but the browser should warn you about it like it does with non-SSL sites.
thanks for the laugh. Even if you only meant people from the US this is likely not true. What about government websites at .gov? 99% never visit them?
In other countries local TLDs are of course normal (e.g. .it for Italy, .za for South Africa, .cn for China...) and not only used for scam links.
What? I find myself on .net-s and .org-s all the time. For example... Wikipedia is .org. Do 99% of people not visit Wikipedia?
1 reply →
They should be held legally culpable for libellous claims they make.
I dont care if their pre-LLM ai says "thingy bad". They are responsible for the scripts or black boxes they control. I dont care if they dont give a reason.
Claiming bad/malicious/etc site is 100% libel. And doubly so, anybody who has been forced to agree to a ToS with binding arbitration should have it removed for libel.
> Claiming bad/malicious/etc site is 100% libel.
No it isn't. https://www.law.cornell.edu/wex/defamation
Please, use words correctly.
The words in your link do not support the words in your comment. Don't be snarky unless you are certain you're correct.
> a plaintiff must show four things: 1) a false statement purporting to be fact; 2) publication or communication of that statement to a third person; 3) fault amounting to at least negligence; and 4) damages, or some harm caused to the reputation of the person or entity who is the subject of the statement.
They falsely marked the site unsafe[1] on a published list[2], the results weren't checked and couldn't be appealed[3] and OPs site was taken down[4].
9 replies →