The issues:
So, it will be bye-bye Plume next time it misbehaves, sorry. I will most likely put another (non ActivityPub) CMS on txt.webm.ink instead.
]]>Paris in the 18th and 19th centuries was the nexus of global changes that spread the idea of the rights of the individual around the globe. If you weren’t educated in France, it’s likely it all seems very binary historically - a medieval monarchy before the Revolution and a prototypical Republic after, with a mess in between.
It turns out that things were nowhere near as straightforward, and France actually experienced a century-long cycle of republic, dictatorship and monarchy, each of varying character and cycle time. I noticed a detail on a familiar memorial to one of those cycles on a visit to Paris. The July Column in the Place de la Bastille – itself dedicated to the celebration of liberty after the French Revolution and its destruction of the infamouse Bastille prison in 1789 – was erected in memory of the fallen of the later July Revolution of 1830.
The July Revolution comprised three days of fighting in Paris, primarily on free speech grounds against state censorship and authoritarianism. Charles X, France’s last hereditary monarch, had imposed the death penalty for blasphemy against Christianity. He also suspended the liberty of the press and dissolved the newly elected Chamber of Deputies. The population rose in protest and were brutally suppressed.
The Column stands for the freedom of the people from the tyranny of their rulers. But today, the column is used as a platform for surveillance cameras. It is a symbol of the way any revolution can be repurposed.
]]>Frankly I don’t know. I mean, it’s obviously part of Google’s necessary and welcome defences against the bad guys. I’m glad they do that. But the assumptions on which they appear to be working, their triggers for action and the asymmetry of the process all make me very concerned. Because of some undocumented trigger, Google unilaterally causes everyone’s web browser to treat my domain as if it is hosting malware and it prevents staff and clients accessing our production services. Even after clearing a block their bot will sometimes re-apply it the same day - see the screenshot above.
It is false and baseless and the way they misrepresent us to clients approaches defamation (see the warning below) but they do it anyway because we are self-hosting so for them the risk/reward ratio is skewed towards blocking rather than investigating.
Whatever the reasons, the really big practical problem is the asymmetry of their process for us and every other self-hoster. They are fast and devastating on the “shoot first” front, but slow, opaque and uncooperative when it comes to “asking questions later”. Once Google has red-listed one of my domains, a sequence of adverse consequence follow:
All this happens within a few minutes of the relevant bot deciding my Yunohost LDAP is a phishing site. It can then take several hours for me to be advised they have done this, via the search.google.com portal where I have registered all our domains. If I had not done this, I would get no notifications – in Google’s world, convicted phishers get no chances to prove they are innocent and there’s no deterministic appeals process.
Once they have red-listed my domain, what can I do to get it unblocked? It turns out Google don’t even admit to the possibility of a false positive. All their processes are heavy on gaslighting you into believing you are the problem. So you have to go along with their game and tell them what you did to remove the malware and beg for unblocking via the portal. There’s no ticket and no tracking. Even when they finally unblock my domains, they never explain anything - they just tell me to take more care not to let the malware be implanted next time.
So how do we remove these blocks? I have a well-trodden process that often gets the block delisted within a few hours (although it can take 3-5 days, and the confirmation via the search portal can take even longer).
I can’t help thinking Google is out of order here. Making my domains repeatedly unusable, effectively without notification or appeal, and falsely telling my clients and staff that I and my company are a bad actor on the Internet, seems an extreme consequence of their defence actions. It’s as if their worldview excludes the possibility that people might be self-hosting servers on the Internet. Or, worse, as if the extremity of their action has the useful side-effect of driving business their way. Personally I think it’s time some regulators took a look at things. How about you?
From an original Mastodon thread
]]>