We had a similar incident with Google's Safe Browsing list at work several weeks ago. It's the most infuriating thing to one day wake up and have all our (legitimate) sites effectively taken off the Internet for the public because some AI at Google decided our site was unsafe (in our case, presumably, because a self hosted Atlassian login page on a subdomain looked too similar to other sites).<p>To make matters worse getting hold of anyone at Google is next to impossible and in our case it took 48 hours before the review we requested in their console had any effect. On top of that though it didn't only affect Google Chrome, it was all major browsers _and_ services such as NextDNS, or DNS services provided by ISPs(!) which took far longer than 48h to eventually drop off.
Nice to see thorough incident reports from gov.uk and I think actually this shows the google safe browsing system working well. The domain <i>assets-origin.production.govuk.digital</i> "looks" very much like a phishing url, even if it's internal.
I am so impressed by the transparent and accessible writing style of
uk.gov. As each paragraph raised questions in my mind, they were
precisely answered in the next.<p>For once I can't blame Google. Production should have known better
than to roll out some random .digital domain. I would definitely not
trust this if I had spotted it manually.
90s, Microsoft IE, blah blah blah — you know the history.<p>For my part, I'm pushing as hard as I can to replace Chrome on everyone's machines with Firefox. It's not even the same game any more though.<p>In the 90s there was still a fighting chance — and we won! — because the technologies at play were not entrenched in every day life. Now it's more akin to replacing every car with an EV.
While doing SEO and content for my startup, I have realised Google has way too much power to make or break an organisation. When it works in your favour you can build billion dollar businesses when it works against you it can kill billion dollar businesses.
I had this too. Google decided to block my company's domain for no good reason. I also couldn't reach anyone in Google to sort it out - I eventually had a response that "it's an automated system, there is noone who looks after it or can do anything about it".<p>My company's email is hosted on GMail, and that also silently swallowed any in- or out-bound emails that as much as mentioned my domain. Including the email to our support inbox from our customer telling us they were having problems.<p>Running anything in production at the whim of Google is too much of a risk, and I've been migrating everything I can off them ever since. They're a menace.
Google safe browser API returns safe for some URLs blocked in chrome so you don't even know what content is unsafe to fetch (like images) before your site gets this hideous red warning appear