Happened to me last week. One morning we wake up and the whole company website does not work.
Not advice with some time to fix any possible problem, just blocked.
We gave very bad image to our clients and users, and had to give explanations of a false positive from google detection.
The culprit, according to google search console, was a double redirect on our web email domain (/ -> inbox -> login).
After just moving the webmail to another domain, removing one of the redirections just in case, and asking politely 4 times to be unblocked.. took about 12 hours. And no real recourse, feedback or anything about when its gonna be solved. And no responsibility.
The worse is the feeling of not in control of your own business, and depending on a third party which is not related at all with us, which made a huge mistake, to let out clients use our platform.
File a small claim for damages up to 10,000 to 20,000 USD depending on your local statues.
It’s actually pretty quick and easy. They cannot defend themselves with lawyers, so a director usually has to show up.
It would be glorious if everybody unjustly screwed by Google did that. Barring antitrust enforcement, this may be the only way to force them to behave.
it wouldn't work. they'd hire some minimum wage person to go to all of them and just read the terms and conditions you agreed to that include language about arbitration or whatever
Terms of service, written by a corporation, do not overrule the law, of a country.
Especially not when the plaintiff isn't even a user of the service.
How did they agree to those terms?
Probably includes something insane like "By allowing your website to be crawled by google spiders, you agree to the following terms...."
Ok, by not objecting withing 5 seconds you hereby agree to let me shoot you in the head.
In all US states corporations may be represented by lawyers in small claims cases. The actual difference is that in higher courts corporations usually must be represented by lawyers whereas many states allow normal employees to represent corporations when defending small claims cases, but none require it.
This is not accurate. I filed a claim against Bungalow in Oregon. They petitioned the judge to allow their in house attorney I was dealing with to represent them. The judge denied the request citing the Oregon statute that attorneys may not participate in small claims proceedings. Bungalow flew out their director of some division who was ill prepared.
Slam dunk. took all of 6-8 hours of my time end to end. The claim was a single page document. Got the max award allowable. Would have got more had it been California.
55.090 Appearance by parties and attorneys; witnesses. (1) Except as may otherwise be provided by ORS 55.040, no attorney at law nor any person other than the plaintiff and defendant shall become involved in or in any manner interfere with the prosecution or defense of the litigation in the department without the consent of the justice of the justice court, nor shall it be necessary to summon witnesses.
I’m guessing you got luck and most justices consent?
Why would you guess that? Most justices concern themselves with statute.
This is just so inaccurate, at least for California.
Not to mention that they have general council, who are lawyers but also just employees.
I've been thinking for a while that a coordinated and massive action against a specific company by people all claiming damages in small claims court would be a very effective way of bringing that company to heel.
I wonder how that will work with mandatory arbitration clauses. Guess you don't know until you try.
Valve tried this. But there's no class action arbitration. Meaning that instead of a single class action suit, they had thousands of individual arbitration cases and they were actually begging people to sue them instead. So we could just do that. If they want mandatory arbitration they can have mandatory arbitration. From half of us, just in case it doesn't work.
Swimmingly. It apparently works swimmingly.[0]
Another idea that's worth investigating are coordinated payment strikes on leveraged companies that offer monthly services like telco companies. A bunch of their customers going "Oops, guess I can't afford to pay this month, gonna have to eat that 2% late fee next month, or maybe the month after that, or maybe the month after that" on a service that won't be disconnected in the first month could absolutely crush a company that requires that monthly income to pay their debt.
[0] https://jacobin.com/2022/05/mass-arbitration-mandatory-agree...
I was under the impression that the Supreme Court had ruled that mandatory arbitration clauses were indeed mandatory. Meaning, if you are subject to a mandatory arbitration clause in some contract, it removes ALL ability for a plaintiff to sue a company.
But, good news, it seems like they are walking back on that. They recently ruled that lower courts must "pause" a suit and the suit can resume if an agreement is not made through arbitration.
https://www.bressler.com/news-supreme-court-clarifies-mandat...
And now your Gmail account has been deleted as well as any other accounts you had with Google
That's okay, you have backup of your data, and you don't really depend on your Gmail account for anything important.
I’ve probably got about a thousand accounts that use a Gmail account as the associated email / username. I doubt this is uncommon compared to the number of people with custom domains.
The problem here wouldn't be the data but all the people whose only (or at least primary) way to reach you is the Gmail address.
So what? Why would you want to continue to use the services of a company you had to sue? That’s kind of a “burning the bridges” moment.
The whole problem is vendor lock in. Changing your email address if you’ve had it long is not straightforward or easy.
Do small claims apply to things like this where damages are indirect?
I believe so. For me it was helpful to visualize getting up and convincing the judge of the damages.
I’d run a PnL, get average daily income from visitors, then claim that loss as damages. In court I’d bring a simple spreadsheet showing the hole in income as evidence of damages.
If there were contractors to help get the site back up I’d claim their payments as damages and include their invoices as evidence.
> The culprit, according to google search console, was a double redirect on our web email domain (/ -> inbox -> login).
I find it hard to believe that the double redirect itself tripped it: multiple redirects in a row is completely normal—discouraged in general because it hurts performance, but you encounter them all the time. For example, http://foo.example → https://foo.example → https://www.foo.example (http → https, then add or remove www subdomain) is the recommended pattern. And site root to app path to login page is also pretty common. This then leads me to the conclusion that they’re not disclosing what actually tripped it. Maybe multiple redirects contributed to it, a bad learned behaviour in an inscrutable machine learning model perhaps, but it alone is utterly innocuous. There’s something else to it.
Want to see how often Microsoft accounts redirect you? I'd love to see Google block all of Microsoft, but of course that will never happen, because these tech giants are effectively a cartel looking out for each other. At least in comparison to users and smaller businesses.
The reason Google doesn’t block Microsoft isn’t that they’re “looking out for Microsoft.” They’re looking out for themselves by being aware that blocking something that millions of people use would be bad for business.
So why isn't blocking something that is starred 82k times on GitHub bad for business.
I forget. How much do users pay per star again?
That's peanuts compared to Microsoft's userbase
Same difference.
I suspect you're right... The problem is, and i've experienced this with many big tech companies, you never really get any explanation. You report an issue, and then, magically, it's "fixed," with no further communication.
This looks like the same suicide inducing type of crap by google that previously only android devs on playstore were subject to.
I'm permanently banned from the Play Store because 10+ years ago I made a third-party Omegle client, called it Yo-megle (neither Omegle nor Yo-megle still exist now), got a bunch of downloads and good ratings, then about 2 years later got a message from Google saying I was banned for violating trademark law. No actual legal action, just a message from Google. I suppose I'm lucky they didn't delete my entire Google account.
I'm beginning to seriously think we need a new internet, another protocol, other browsers just to break up the insane monopolies that has been formed, because the way things are going soon all discourse will be censored, and competitors will be blocked soon.
We need something that's good for small and medium businesses again, local news and get an actual marketplace going - you know what the internet actually promised.
Anyone working on something like this?
We have a “new internet”. We have the indie web, VPNs, websites not behind Cloudflare, other browsers. You won’t have a large audience, but a new protocol won't fix that.
Also, plenty of small and medium businesses are doing fine on the internet. You only hear about ones with problems like this. And if these problems become more frequent and public, Google will put more effort into fixing them.
I think the most practical thing we can do is support people and companies who fall through the cracks, by giving them information to understand their situation and recover, and by promoting them.
"Google will put more effort into fixing them"
Why would they do that? Do they lose money from these people? Why would they care? they're a monopoly they don't need to care
Perhaps we need a different "type" of internet. I don't have the expertise to even explain what this would look like, but I know that if politics, religion, junk science and a hundred other influences have anything to do with it, it will eventually become too stupid to use.
Making a "smart person only" Internet is a social problem, not a technology problem.
We had a "smart person only internet". Then it became financially prudent to make it an "everyone internet", then we had the dot com boom, Apple, Google, etc bloom from that.
We _still_ have a "smart person only internet" really, it's just now used mostly for drug and weapon sales ( Tor )
Smart people want to dominate the stupids.
For some group of smart people, there will be a group of smarter people who want to dominate the The people they designate "the stupids".
The internet was a technological solution to a social problem. It introduced other social problems, although arguably these to your point are old social problems in a new arena.
But there may be yet another technological solution to the old social problems of monopolism, despotic centralized control, and fraud.
.... I did say "may".
Everybody wants to dominate others using their strongest ability: smart, rich, strong, popular, fast, etc.
The community around NOSTR are basically building a kind of semantic web, where users identities are verified via their public key, data is routed through content agnostic relays, and trustworthiness is verified by peer recommendation.
They are currently experimenting with replicating many types of services which are currently websites as protocols with data types, with the goal being that all of these services can share available data with eachother openly.
It's definitely more of a "bazaar" model over a "catherdral" model, with many open questions and it's also tough to get a good overview of what is really going on there. But at least it's an attempt.
Stop trying to look for technological answers to political problems. We already have a way to avoid excessive accumulation of power by private entities, it's called "anti-trust laws" (heck, "laws" in general).
Any new protocol not only has to overcome the huge incumbent that is the web, it has to do so grassroots against the power of global capital (trillions of dollars of it). Of course, it also has to work in the first place and not be captured and centralised like another certain open and decentralised protocol has (i.e., the Web).
Is that easier than the states doing their jobs and writing a couple pages of text?
States are made of people both at decision and at street level. Many anti-trust laws were made when the decision people that were not very tied with the actual interests - nowadays this seem to change. At no point I think people at street level ever understood the actual implications.
A structural solution is to educate and lift the whole population to better understand the implications of their choices.
A tactic solution is to try to limit the collusion of decision people and private entities, but this does not seem to go extremely well.
An "evolutionary" solution (that just happens) used to be to have a war - that would push a lot of people to look for efficiency rather than for some interests. But this is made more complex by nukes.
I don't really see how anti-trust would address something like Google Chrome's safe browsing infrastructure.
The problem is that the divide of alignment of interests there is between new, small companies and users. New companies want to put up a website without tripping over one of the thousand unwritten rules of "How to not look like a phishing site or malware depot" (many of which are unwritten because protecting users and exploiting users is a cat-and-mouse game)... And users don't want to get owned.
Shard Chrome off from Google and it still has incentives to protect users at the cost of new companies' ease of joining the global network as a peer citizen. It may have less signal as a result of a curtailed visibility on the state of millions of pages, but the consequence of that is that it would offer worse safe browsing protection and more users would get owned as a result.
Perhaps the real issue is that (not unlike email) joining the web as a peer citizen has just plain gotten harder in the era of bad actors exploiting the infrastructure to cause harm to people.
Like... You know what never has these problems? My blog. It's a static-site-generated collection of plain HTML that updates once in a blue moon via scp. I'm not worried about Google's safe browsing infrastructure, because I never look like a malware site. And if I did trip over one of the unwritten rules (or if attackers figured out how to weaponize something personal-blog-shaped)? The needs of the many justify Chrome warning people before going to my now-shady site.
> The problem is that the divide of alignment of interests there is between new, small companies and users. New companies want to put up a website without tripping over one of the thousand unwritten rules of "How to not look like a phishing site or malware depot" (many of which are unwritten because protecting users and exploiting users is a cat-and-mouse game)... And users don't want to get owned
Some candidate language:
- Monopolistic companies may not actively impose restrictions which harm others (includes businesses)
or
- Some restrictions are allowed, but the company must respond to an appeal of restrictions within X minutes; Appeals to the company can themselves be appealed to a governmental independent board which binds the company with no further review permitted; All delays and unreasonable responses incur punitive penalties as judged by the board; All penalties must be paid immediately
or
- If an action taken unilaterally by a company 1) harms someone AND 2) is automated: Then, that automation must be immediately, totally, and unconditionally reversed upon the unilateral request of the victim. The company may reinstate the action upon the sworn statement of an employee that they have made the decision as a human, and agree to be accountable for the decision. The decision must then follow the above appeals process.
or
- No monopolies allowed
> Monopolistic companies may not actively impose restrictions which harm others (includes businesses)
That's not generally how monopoly is interpreted in the US (although jurisprudence on this may be shifting). In general, the litmus test is consumer harm. A company is allowed to control 99% of the market if they do it by providing a better experience to consumers than other companies can; that's just "being successful." Microsoft ran afoul of antitrust because their browser sucked and embedding it in the OS made the OS suck too; if they hadn't tried to parlay one product into the other they would be unlikely to have run afoul of US antitrust law, and they haven't run afoul of it over the fact that 70-90% of x86 architecture PCs run Windows.
> Some restrictions are allowed, but the company must respond to an appeal of restrictions within X minutes; Appeals to the company can themselves be appealed to a governmental independent board which binds the company with no further review permitted; All delays and unreasonable responses incur punitive penalties as judged by the board; All penalties must be paid immediately
There may be meat on those bones (a general law restricting how browsers may operate in terms of rendering user content). Risky because it would codify into law a lot of ideas that are merely technical specifications (you can look to other industries to see the consequences of that, like how "five-over-ones" are cropping up in cities all over the US because they satisfy a pretty uniform fire and structural safety building code to the letter). But this could be done without invoking monopoly protection.
> If an action taken unilaterally by a company 1) harms someone AND 2) is automated: Then, that automation must be immediately, totally, and unconditionally reversed upon the unilateral request of the victim.
Too broad. It harms me when Google blocks my malware distribution service because I'm interested in getting malware on your machine; I really want your Bitcoin wallet passwords, you see. ;)
Most importantly: this whole topic is independent of monopolies. We could cut Chrome out of Google tomorrow and the exact same issues with safe browsing impeding new sites with malware-ish shapes would exist (with the only change probably being the false positive rate would go up, since a Chrome cut off from Google would have to build out its detection and reporting logic from scratch without relying on the search crawler DB). More importantly, a user can install another browser that doesn't have site protection today (or, if I understand correctly, switch it off). The reason this is an issue is that users like Chrome and are free to use it and tend to find site protection useful (or at least "not a burden to them") and that's not something Google imposed on the industry, it's a consequence of free user choice.
> Too broad. It harms me when Google blocks my malware distribution service because I'm interested in getting malware on your machine; I really want your Bitcoin wallet passwords, you see. ;)
That's okay, a random company failing to protect users from harm is still better than harming an innocent person by accident. They already fail in many cases, obviously we accept a failure rate above 0%. You also skipped over the rest of that paragraph.
> users like Chrome and are free to use it and tend to find site protection useful (or at least "not a burden to them")
That's okay, Google can abide by the proposal I set forth avoiding automated mistaken harms to people. If they want to build this system that can do great harms to people, they need to first and foremost build in safety nets to address those harms they cause, and only then focus on reducing false negatives.
I think there's an unevaluated tension in goals between keeping users safe from malware here and making it easy for new sites to reach people, regardless of whether those sites display patterns consistent with malware distributors.
I don't think we can easily discard the first in favor of the second. Not nearly as categorically as is done here. Those "false negatives" mean users lose things (bank accounts, privacy, access to their computer) through no fault of their own. We should pause and consider that before weeping and rending our garments that yet another hosting provider solution had a bad day.
You've stopped considering monopoly and correctly considered that the real issue is safe browsing, as a feature, is useful to users and disruptive to new business models. But that's independent of Google; that's the nature of sharing a network between actors that want to provide useful services to people and actors that want to cause harm. If I build a browser today, from scratch, that included safe browsing we'd be in the same place and there'd be no Google in the story.
It's very, very hard to overcome the gravitational forces which encourage centralization, and doing so requires rooting the different communities that you want to exist in their own different communities of people. It's a political governance problem, not a technical one.
This is the key idea.
Companies have economy of scale (Google, for instance, is running dozens to hundreds of web apps off of one well-maintained fabric) and the ability to force consolidation of labor behind a few ideas by controlling salaries so that the technically hard, detailed, or boring problems actually get solved. Open source volunteer projects rarely have either of those benefits.
In theory, you could compete with Google via
- Well-defined protocols
- That a handful of projects implement (because if it's too many, you split the available talent pool and end up with e.g. seven mediocre photo storage apps that are thin wrappers around a folder instead of one Google Photos with AI image search capability).
- Which solve very technically hard, detailed, or boring technical problems (AI image search is an actual game-changer feature; the difference between "Where is that one photo I took of my dog? I think it was Christmas. Which Christmas, hell I don't know" and "Show me every photo of my dog, no not that dog, the other dog").
I'd even risk putting up bullet point four: "And be willing to provide solutions for problems other people don't want solved without those other people working to torpedo your volunteer project" (there are lots of folks who think AI image detection is de-facto evil and nobody should be working on it, and any open source photo app they can control the fate of will fall short of Google's offering for end-users).
You make it seem like the problem is of technical nature (instead of regulatory or other). Would you mind explaining why?
Technical alternatives already exist, see for example GNUnet.
Problem is that as soon as some technology takes traction, it catches the attention of businesses, and there is where the slow but steady enshittification process begins. Not that business necessarily equals enshittification, but in a world dominated by capitalism without borders soon or later someone will break some unwritten rules and others will have to follow to remain competitive, until that new technology will become a new web, and we'll be back to square one. To me the problem isn't technical, as isn't its solution.
I'm interested to see how this will work with something like Mastodon.
Since Mastodon is, fundamentally, a protocol and reference implementation, people can come up with their own enshittified nodes or clients... And then the rest of the ecosystem can respond by just ignoring that work.
Yes, technically Truth Social is a Mastodon node. My Mastodon node doesn't have to care.
How about the Invisible Internet Project, https://geti2p.net?
IPFS has been doing some great work around decentralization that actually scales (Netflix uses it internally to speed up container delivery), but a) it's only good for static content, b) things still need friendly URLs, and c) once it becomes the mainstream, bad actors will find a way to ruin it anyway.
These apply to a lot of other decentralized systems too.
In no way does IPFS "actually scale" while it takes two minutes (120 seconds) to find an object.
It won't get anywhere unless it addresses the issue of spam, scammers, phishing etc. The whole purpose of Google Safe Browsing is to make life harder for scammers.
How does the Internet addresses that?
True, but google already censors their search results to push certain imperial agendas so i'm not trusting them in the long run.
This is not a technical problem. You will not solve it with purely technical solutions.
I'm not sure, but it's on my mind.
I own what I think are the key protocols for the future of browsers and the web, and nobody knows it yet. I'm not committed to forking the web by any means, but I do think I have a once-in-a-generation opportunity to remake the system if I were determined to and knew how to remake it into something better.
If you want to talk more, reach out!
Intriguing comment, but your username does not inspire confidence.
Lol I get that from time to time, though I don't care much. I've always had the same username. I have the same username everywhere. I'm Conrad.
I do think I invite people to disrespect me a little though. It ensures that I have to work harder and succeed on the merit of my work.
I'm afraid this can't be built on the current net topology which is owned by the Stupid Money Govporation and inherently allows for roadblocks in the flow of information. Only a mesh could solve that.
But the Stupid Money Govporation must be dethroned first, and I honestly don't see how that could happen without the help of an ELE like a good asteroid impact.
It will take the same or less amount of time, to get where we are with current Web.
What we have is the best sim env to see how stuff shape up. So fixing it should be the aim, avoiding will get us on similar spirals. We'll just go on circles.
Having a decade of fresh air is also a good incentive regardless of how it ends
I don't know, it is a lot of effort for a decade fresh air. Then you will notice same policies implemented since they will take reference to how people solved it in the past.
Have you talked to your lawyer? Making Google pay for their carelessness is the ONLY way to get them to care.