X
Tap here to go to the mobile version of the site.

Support Forum

What guarantees of accountability and transparency exist in Mozilla's phishing and malware protections to prevent false positives?

Posted

A site of mine has been blocked "because it may trick you into doing something dangerous" etc. The phrasing suggests that you aren't even sure if there is a real problem, but you're blocking it just in case. Nowhere is the cause specified. There are no details of what behaviour or code on the site caused it to be listed, or who listed it, or why. Just a big message saying that this is a Deceptive Site. There's no one I can talk to about this, no way to find out any information whatsoever - there's not even any notification that the site has been blocked. All of which makes it just about impossible to actually FIX whatever is causing this issue (assuming that there is one, and I haven't just been reported randomly by some troll).

So, to sum up: there's no useful information, no transparency and no accountability anywhere in this process. Just Google throwing their weight around and you letting them.

I'm not saying that there is no problem - there may be a legitimate issue that needs addressing. What I'm saying is that the way the Mozilla Foundation has dealt with the problem makes it more or less impossible to actually do that addressing. Who exactly does that help? How does this make anyone's internet experience better?

A site of mine has been blocked "because it may trick you into doing something dangerous" etc. The phrasing suggests that you aren't even sure if there is a real problem, but you're blocking it just in case. Nowhere is the cause specified. There are no details of what behaviour or code on the site caused it to be listed, or who listed it, or why. Just a big message saying that this is a Deceptive Site. There's no one I can talk to about this, no way to find out any information whatsoever - there's not even any notification that the site has been blocked. All of which makes it just about impossible to actually FIX whatever is causing this issue (assuming that there is one, and I haven't just been reported randomly by some troll). So, to sum up: there's no useful information, no transparency and no accountability anywhere in this process. Just Google throwing their weight around and you letting them. I'm not saying that there is no problem - there may be a legitimate issue that needs addressing. What I'm saying is that the way the Mozilla Foundation has dealt with the problem makes it more or less impossible to actually do that addressing. Who exactly does that help? How does this make anyone's internet experience better?

Additional System Details

Installed Plug-ins

  • Shockwave Flash 27.0 r0

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0

More Information

Shadow110 1072 solutions 14836 answers

Hi, if this is a red screen it is Google alerting you. Please contact Google phishing/malware to discuss this being removed. Firefox is not responsible for the alerts that Google put. out. Thank you for understanding this and hope you get this resolved as soon as possible. Regards, Firefox Volunteer Support.

Hi, if this is a red screen it is Google alerting you. Please contact Google phishing/malware to discuss this being removed. Firefox is not responsible for the alerts that Google put. out. Thank you for understanding this and hope you get this resolved as soon as possible. Regards, Firefox Volunteer Support.
the-edmeister
  • Top 25 Contributor
  • Moderator
5411 solutions 40309 answers

Please see this Firefox support article: https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_iaove-confirmed-that-my-site-is-safe-how-do-i-get-it-removed-from-the-lists

If you posted a URL to the website that is purported to be "dangerous" someone here might have an explanation of what is going on to raise that "flag".

Please see this Firefox support article: https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_iaove-confirmed-that-my-site-is-safe-how-do-i-get-it-removed-from-the-lists If you posted a URL to the website that is purported to be "dangerous" someone here might have an explanation of what is going on to raise that "flag".
jscher2000
  • Top 10 Contributor
8797 solutions 71955 answers

This tool might provide information about why your site ended up on the list:

https://transparencyreport.google.com/safe-browsing/search

I don't know if that one is available from the red warning page.

This tool might provide information about why your site ended up on the list: https://transparencyreport.google.com/safe-browsing/search I don't know if that one is available from the red warning page.

Question owner

Pkshadow said

Hi, if this is a red screen it is Google alerting you. Please contact Google phishing/malware to discuss this being removed. Firefox is not responsible for the alerts that Google put. out. Thank you for understanding this and hope you get this resolved as soon as possible. Regards, Firefox Volunteer Support.

Respectfully, Mozilla IS responsible. The text on the red screen reads as follows: Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.

Advisory provided by Google Safe Browsing.

Firefox blocked this page, based on an advisory from Google. Since Mozilla is not a subsidiary of Google's, it can choose to do more - like, for example, demanding greater transparency from Google before blocking anyone's site. So yes, Mozilla is not responsible for the alerts Google puts out, but it is responsible for how it chooses to repond to them. And blind compliance isn't good enough.

''Pkshadow [[#answer-1150851|said]]'' <blockquote> Hi, if this is a red screen it is Google alerting you. Please contact Google phishing/malware to discuss this being removed. Firefox is not responsible for the alerts that Google put. out. Thank you for understanding this and hope you get this resolved as soon as possible. Regards, Firefox Volunteer Support. </blockquote> Respectfully, Mozilla '''IS''' responsible. The text on the red screen reads as follows: ''Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards. Advisory provided by Google Safe Browsing.'' Firefox blocked this page, based on an advisory from Google. Since Mozilla is not a subsidiary of Google's, it can choose to do more - like, for example, demanding greater transparency from Google before blocking anyone's site. So yes, Mozilla is not responsible for the alerts Google puts out, but it is responsible for how it chooses to repond to them. And blind compliance isn't good enough.

Question owner

jscher2000 said

This tool might provide information about why your site ended up on the list: https://transparencyreport.google.com/safe-browsing/search I don't know if that one is available from the red warning page.

Sadly, this site basically just says the same things as the original message with the words moved around - it states that the site may do things, but provides no information as which parts of the site it has a problem with.

''jscher2000 [[#answer-1150863|said]]'' <blockquote> This tool might provide information about why your site ended up on the list: https://transparencyreport.google.com/safe-browsing/search I don't know if that one is available from the red warning page. </blockquote> Sadly, this site basically just says the same things as the original message with the words moved around - it states that the site ''may'' do things, but provides no information as which parts of the site it has a problem with.
Shadow110 1072 solutions 14836 answers
You never supplied the URL so why not see what these have to say : *https://www.virustotal.com/#/home/url *https://validator.w3.org/ *https://jigsaw.w3.org/css-validator/ *https://safeweb.norton.com/