Pretty sure it'll be because of the semi-shady ad networks that service torrent sites and various other filehosts. The networks themselves aren't shady, per se, but they don't have the resources of Google to adequately police all of the ads that run through their networks. As a result, they end up serving malicious ads that link to dodgy installers or even straight up 0-day browser exploits.
Absolutely, but those ads aren't usually pointing at outright malicious software, just shitty adware like download accelerators or whatever. Google's algorithms and manual approval processes have been pretty good at filtering out anything explicitly malicious, at least in my experience.
Even malware makes it into adsense , and if i remember correctly it took a few hours after reporting the ad for it to be removed. It's been a while since i ve had these reports though.
I think it's more of a game-theoretic "principal-agent-problem avoiding" solution. If system X.Y.Z is having a problem, the way to allow the most degrees of freedom in the way it gets fixed (and therefore, usually, the way to get it fixed most efficiently) is to put pressure on component X. X will put pressure on X.Y, who will in turn put pressure on X.Y.Z. But if the system can also be fixed by, say, getting X to find a new X.Y, that's good too!
An example of this: auto insurance. When you get in an accident and want money, you don't sue the other guy; you sue your own insurance company, who sues the other guy's insurance company, who in turn sues them. If, somewhere during that propagation, an alternative is found (e.g. the two insurance companies agree that it was a no-fault collision under arbitration and settle for some amount), then you end up achieving the same effect while putting less stress on the system as a whole.
The interstitial for blocked content is implemented on a per-page level. You can test this yourself by creating a test page with an iframe to http://ianfette.org.
Suppose that Chrome just tried to replace the malicious embedded content. What happens when that embedded content is styled with CSS properties to make it hidden from the user?
At this point, the only think keeping me on Chrome/Chromium is their dev tools. After the 'Ok Google' binary blob and now this shit, I've just about had it. At the very least, there should be an option to unblock sites permanently to fix this. There is absolutely no reason why I should have to turn off all Phishing & malware alerts just because Google suddenly got a paycheck from the MPAA/RIAA. Whatever their reason is, it doesn't matter, as it leads to unsafe browsing regardless. Way to go Google!
Do a Google search on "Jim Hood vs Google", see who he colluded with, and then come read your own post here again. In short: The MPAA/RIAA hates Google. To top it off, you name Chrome/Chromium as if it's the same product, and then go off on a tangent about a binary blob (voice recognition) that was included. Other comments would have gotten away with that, was it not that the whole issue here _is_ the distinction between Chrome and Chromium, the latter being an FOSS project, which has no place for closed source binary blobs. (And that was the underlying issue, not its functionality.) Some people need to be protected against themselves, for some this protection is a site block, for others it's reading more before writing drivel in the HN comment section.
The block was put in place because of malware being served by those domains, blocking them is by far the easiest response and _also_ the most motivating for its hosts to undertake action. Occam's Razor seems to agree that this was a bad advertising being blocked rather than "ebil guggle conspirucy".
Could you elaborate on what upset you about the OK Google blob? Assuming you're using Chrome rather than Chromium, the whole thing was a literal non-event (nothing new had happened, nothing changed).
It bothered me because I can't use Chromium to get away from such a stupid feature and the huge security hole / risk that is its implementation despite the fact that that is the whole point of Chromium's existence and OSS status. It also bothered me because while the stated purpose of the blob was atrocious, there's no way to know that it didn't do any other malicious tasks.
Opt-in hotword detection is "atrocious"? I'm confused by your use of that word. Also it has been removed from Chromium now, so in fact you can use Chromium to get away from the feature...
I work on the devtools so happy to hear you like those, at least. :) A few items I can offer, none of it inside knowledge, though.
As a few others have mentioned, MPAA/RIAA's enemy #1 is Google based on the news/leaks, so it doesn't appear that Google is trying to appease them.
The updates at the bottom of the TF post indicate two of the torrent sites have already addressed whatever the malware warning was for, and the blocking has been lifted. AFAIK, Firefox, Chrome and IE (in some capacities) use Google's Safe Browsing data to inform blacklists like this: https://developers.google.com/safe-browsing/developers_guide... It sometimes fucks up, but usually gets resolved quickly.
You sound like one of those people that latch on to those shoot from the hip blog posts without doing any analysis of the issue yourself or visiting a site that does it for you. That binary blob was inactive and had to be proactively turned on in the settings screen. So was it really an issue? No, but the vocal minority of anti-Google people made sure to spoon feed the run of the mill and non tech savvy media outlets about it.
As for turning off all phishing and malware alerts - why would you? Google gave you a warning about a site. If you would like to ignore it then click the link below and continue onto the site. If you would like to use a browser that doesn't care then go ahead and switch.
> That binary blob was inactive and had to be proactively turned on in the settings screen. So was it really an issue? No, but ...
Just to be clear about a thing, there was an issue. The automatic download of the extension occurred in Chromium, the FLOSS software around which Chrome is built. Chromium is shipped in a multitude of linux distributions, including Debian. Debian takes their FLOSS standards very seriously. The automatic downloading of a binary blob by Chromium was a FLOSS ethics issue.
Google went on to address the issue by not just removing the automatic download, but ensuring that the remaining hooks to enable the audio search feature were removed.
That's the entirety of the actual, real controversy. The rest is made up assumptions by people that fail to understand Hanlon's Razor: never attribute to malice that which is adequately explained by stupidity.
Right, of course having a mysterious unidentified binary blob in what's supposed to be free software isn't really an issue. What a load of shit. Enough said.
As for malware alerts, I expect them to be accurate, otherwise they're not useful at all. I do not expect them to be used for censorship purposes, as clearly is the case here. Now it's up to me to figure out which sites might be potentially negative. That makes Chrome a shitty browser and I think switching seems to be the only option at this time. There are other browsers that don't do this, so comparatively, they are superior, because they do not ask me to turn off all the malware alerts just to get to the sites I want without being censored.
This is some pretty hillarious bureaucracy we're seeing here. First, the world was noticed [0] that google would begin blocking "Unwanted Software", and included a link [1] to their "unwanted software policy". This means that they can claim they gave all the torrent sites good faith notice since february, and even though none of them realized that they would be considered unwanted software, the time ran out, and google quietly swept these sites under the rug. They don't seem to be retracting this, either, which means this is business as usual.
I consider this action to be further proof that "Don't Be Evil" died with Eric Schmidt coming on board. This is stuff I'd expect out of Microsoft, but it still surprises me when Google does it.
What evidence do you have that Google is trying to block torrent sites specifically? It would seem to me, given the way the safe browsing report is worded, that it isn't the torrent sites themselves that are considered malicious, it's the content being delivered via third parties (i.e., ad networks) that Google's flagging.
You're basically implying a conspiracy by Google to police the internet by limiting access to sites that enable piracy, but I don't understand why you think they'd choose this route rather than just de-indexing torrent sites completely, which they could easily and justifiably do.
Sure - but Google chose that mantra themselves. As you suggest, it may not be something we can reasonably expect, all things being equal. However, that's not the case here - in this case the commenter is comparing their actual behaviour to their stated policy, which is perfectly reasonable.
If people start skipping and ignoring warnings then what is the point of warning them, google should provide an explanations as to why exactly this has happened otherwise THEY are going to harm their users and this will reflect badly on their brand down the road.
I think that the average non-tech savvy user would freak out and immediately leave the website when encountering the warning, which serves the purpose.
If a user chooses to skip the warning, which isn't made intuitive, (i.e. no direct access to the "Skip" button) then they probably know what they're doing but Google should indeed offer explanation.
If it's only one or two warnings that are skipped then it's fine. I regularily skip inventati.org's warning when I'm on another machine because they give a good reason for the warning (and a way to stop them occuring without disabling it (the warning))
Then Google shouldn't be abusing the "security" excuse to stop other things themselves or their partners (MPAA) don't want to be used. I'm not saying that's what they did here, but it wouldn't be the first time either.
Given the average user's ability to figure out that blue download buttons are not in fact download buttons, just ad sites that offer you your download by name but in fact give you malware, this is the correct decision
Is this due to these sites having a lot of advertising (probably serving malware) or is this a deliberate attack from the media industry by trying to scare people?
I guess the latter... If you compare kat.cr results with sourceforge.net results, you would assume sourceforge is blocked as well, but it isn't (only individual sub-paths of some projects). kat.cr is even delisted @ google. Also while it's true that kat.cr is serving adware, it does not do so on the frontpage.
> Also while it's true that kat.cr is serving adware, it does not do so on the frontpage.
Unfortunately the warning has to appear on any page on the domain, since once you skip it you're essentially white listing the domain. That's why you don't get another warning on every page.
It's probably a single sketchy ad network if not a single sketchy ad. Most torrent sites use the same few networks; there aren't a lot of choices if you're a torrent site.
I don't understand the commotion - the warnings look typical, I'm glad google provides them, and they're easy enough to bypass (at your own peril esp. if you use Windows.)
I resent this story for forcing me to say something nice about google. There's a multitude of better reasons not to use Chrome.
I'm as cynical as the next person but this appears to over ads that have a malware payload when clicked (maybe when even not clicked, is this possible??) -- not copyright infringement.
Seems like they(3rd party) haven't found a way to stop piracy and started trying so hard to add malicious code, which may lead to blocking out these websites by all the major browser vendors and reduce piracy to some extent.
This sounds very conspiracy-theory-ish to me. The more likely explanation is that some ad network allowed malware ads to go through which triggered the block.
Especially when you consider that the ad networks those sites are using are rather sketchy. Many of the ads there try to trick you into believing they're the actual download link
>the ad networks those sites are using are rather sketchy. Many of the ads there try to trick you into believing they're the actual download link
If that's your definition of a sketchy ad network then there aren't many that aren't sketchy. Google serves ads that do that all the time. It only took me a few seconds to find this misleading fake download link ad being served by Google on one of the download pages of download.com: http://i.imgur.com/wYAfr7z.png
Would Google blacklist download.com for serving malicious google ads? Somehow I doubt it.
still, considering the mess of code they release every year with new Android versions, empty promises ('smooth as iPhone') where the solutions implemented are things like 'project butter' that cranks the CPU frequency to maximum when you touch the screen to overcome 1. ineffective governor design 2. bloated software; and generally poor design, it still doesn't seem outside the realm of reality that
Yup. Though if you keep the tinfoil hat on, nothing stop a malicious entity to use those network to funnel malware to those websites through targeting, the security of these ad networks is usually subpar, not too hard to imagine an entity determined enough to figure out an sure way to slip in malware.
