Thanks for posting this! I just want to clarify who does the actual flagging of compromised websites. That is in fact Google, specifically their safer searching / anti-malware team, and not StopBadware.org or the Berkman Center. Google's warnings are entirely based on their own internal systems for identification of malware distribution; StopBadware comes in simply to help site owners who want to remove the warnings in learning about badware and getting the warnings removed.
StopBadware sees our role in the process as an external fail-safe. Our public reviews process is an assurance that Google search users and webmasters alike can request an independent review of any flagged site from a nonprofit organization. We do our best to make the reviews process as transparent as possible. For example, anyone interested in the progress of the PFF review can follow its status here: http://www.stopbadware.org/reports/container?re...
Anyone with questions or concerns about the process is invited to contact me directly, at egeorge AT cyber.law.harvard.edu.
Thanks for the clarification, Erica, I've updated the post.
Brett Glass
· 1 year ago
I was one of the people who observed the problem and was the one who reported it to Richard. SQL injection is certainly a vulnerability of great concern in database-driven Web sites. However, in this case Google was blocking direct links to PDF documents. There was no opportunity for a reader to be infected by fetching those documents. Thus, there were only two possible explanations for Google's behavior: overzealous blocking when another part of the Web site had a link to malware, or deliberate censorship. It's a great relief to hear that the problem was the former, not the latter, since -- after all -- Google has such a monopoly on search that when you’re off Google, you’re essentially off the Net.
Brett Glass
· 1 year ago
Response to Richard's "UPDATE 2": Yes, it does seem more likely that Google is merely guilty of being irresponsible rather than of deliberate censorship.
But that irresponsibility deserves some attention. It's MUCH easier to tell which documents on a site contain malware than it is to determine whether a P2P stream is illegal or not! So, if Google et al are criticizing Comcast for using too heavy a hand in mitigating P2P, they should look in the mirror and ask earnestly if they are not even more guilty of the same sin of which they are accusing Comcast, Bell Canada, and other ISPs who are merely trying to manage their networks.
All Comments
Thanks for posting this! I just want to clarify who does the actual flagging of compromised websites. That is in fact Google, specifically their safer searching / anti-malware team, and not StopBadware.org or the Berkman Center. Google's warnings are entirely based on their own internal systems for identification of malware distribution; StopBadware comes in simply to help site owners who want to remove the warnings in learning about badware and getting the warnings removed.
StopBadware sees our role in the process as an external fail-safe. Our public reviews process is an assurance that Google search users and webmasters alike can request an independent review of any flagged site from a nonprofit organization. We do our best to make the reviews process as transparent as possible. For example, anyone interested in the progress of the PFF review can follow its status here:
http://www.stopbadware.org/reports/container?re...
Anyone with questions or concerns about the process is invited to contact me directly, at egeorge AT cyber.law.harvard.edu.
Thanks!
Erica
StopBadware.org staff
But that irresponsibility deserves some attention. It's MUCH easier to tell which documents on a site contain malware than it is to determine whether a P2P stream is illegal or not! So, if Google et al are criticizing Comcast for using too heavy a hand in mitigating P2P, they should look in the mirror and ask earnestly if they are not even more guilty of the same sin of which they are accusing Comcast, Bell Canada, and other ISPs who are merely trying to manage their networks.