What baffles to me is the people who think that "gifts" should never be criticized.
I mean, suppose Adobe decides to gift "$1200" value in Adobe products/subscriptions to all subscribers of the gimp-users mailing list. Can I criticize that?
I’m sure you can; grumpy people can criticize anything.
I just think it’s a waste of emotional energy to get worked up about what’s very obviously a net positive.
And I did not say gifts should never be criticized; “here have this free crack cocaine” would obviously be immoral. Don’t do the HN overgeneralization thing.
> The domain ... has been suspended due to its blacklisting on Google Safe Browsing
Et voilà ... ! this is precisely the slippery slope I warned about a decade ago. The indirect censorship becomes direct censorship, defeating all the arguments about the morality of such a list. And:
> Not adding the domain to Google Search Console immediately. I don't need their analytics and wasn't really planning on having any content on the domain, so I thought, why bother? Big, big mistake.
This is 100% on Radix, not on Google. Google and Microsoft can (and probably should) have a registry of known-abusive websites. False positives are inevitable, so these should be taken with a grain of salt, but in most cases they're correct. Their lists are a lot more reliable than those from the "traditional" antivirus/anti-scam vendors that will list anything remotely strange to pump up their numbers.
The external people treating these lists as absolute truths and automatically taking domains down are the ones at fault here. Google didn't grab power, Radix gave it to them without asking.
Exactly what we predicted would happen (someone would eventually put "too much faith" on this list) has literally happened, and your defense is still "well it's not Google's fault, it's a 3rd party's!". Obviously the point is not that Google was going to do it, but that others would , analogue to the process known as "self-censorship".
Self censorship requires a threat or risk of detriment if the party doesn't self censor, right? Where is that here?
What Radix does has no impact on Google, and I don't see how Google would be incentivized to pressure Radix. So I don't see how to make the leap blaming Google for Radix's incompetence. Yes, Google should recognize the risk of this happening, but they'd have to balance that against the rewards (or at least what they consider rewards)
Google is making false statements about the safety of a domain and it has significant collateral damage. Google is the cause. They should be liable for losses.
I had my main family domain put on Google's safe browsing block list and it has a massive impact. No one can visit the site. I think apps using system browser runtimes (ie: mobile) may stop working. I've seen reports that it can impact email deliver-ability. And, now, we see that it can get your domain put on serverHold so the problem becomes impossible to rectify.
Google should have to pay for the damage. In my case, it was about 4h of work to figure out what was going on and how to fix it, so not much, but I've seen small businesses that rely on their primary domain to drive most of their sales via web and email. In those cases, having your domain placed on server hold because of Google's false statements can have a serious, detrimental financial effect.
That's fair, if your domain is erroneously put on the block list, Google should be liable for the consequences.
But my point is that any knock on effects like domain suspension, email deliver-ability, etc. stem from 3rd parties misusing the safe browsing list outside the scope of safe browsing.
I don't see how Google can be blamed for other companies erroneously treating the safe browsing list as a source of truth for generally malicious domains
A lot of laws use the phrase "known, or should have known"
Google should not have known that someone would misuse their block list to block domains. But now that someone is misusing their block list to block domains, if someone brings it to their attention, the next time this happens, they will have known it.
I am not a lawyer, I am not your lawyer, and this is not legal advice.
> But my point is that any knock on effects like domain suspension, email deliver-ability, etc. stem from 3rd parties misusing the safe browsing list outside the scope of safe browsing.
That's fair and I agree. My opinion is that both should be liable in a case like this. If I had to attribute it, my starting point would be that Google is liable for the loss of website traffic and the registry is liable for the loss of email and all other lost services due to the domain suspension.
It spirals though because, like you pointed out, no one forced (ex:) Mozilla or Apple to adopt the blacklist. They did that voluntarily, so they should be responsible for their share. That's why nothing ever gets fixed. It's broken, but there's so much potential for finger pointing that no one gets pinned down and held responsible.
The answer is always the same IMO. Break up big tech companies into a million little pieces.
> My opinion is that both should be liable in a case like this.
I totally agree, but if I went after every company I felt to be incompetent to the point of criminal negligence I'd be up to my eyeballs in lawsuits just over password requirements.
> The answer is always the same IMO. Break up big tech companies into a million little pieces.
Generally I agree, but in this case I think there's an even simpler solution: 1) hold Google accountable for entries in their safe browsing lists (as an adjacent poster pointed out, the legal precedent may be there) and 2) make companies legally liable for misusing 3rd party data.
Really just the second part would suffice, and frankly it's purely good for society. The inevitable outcome is that no one exposes data they can't guarantee, and maliciously consuming 3p data would nearly disappear
I read your comment as agreeing with the article: "Never buy a .online domain".
And Google has the right to publish a list, there should be more lists not less. But Google was at fault for not correcting their blacklist. Until the article appeared on Hacker News, this was not 0% on Google. A small, correctable mistake, but they deserved a tiny bit of blame.
Not just .online, also any other domain Radix hosts. At least not for anything important.
What stands out to me:
> Earlier this year, Namecheap was running a promo that let you choose one free .online or .site per account.
I wouldn't be surprised if most of Namecheap's customers who used the "register a domain for free" discount were indeed malicious. Without seeing the results of whatever analysis Google did to flag this website, it's hard to say whether Google is at fault here.
Wym mean external people aren't these lists integrated to the browsers? I'm sure if you try to open a website from this list your browser won't let you and I'll put a big warning sign
"See details"> "ignore the risk" works for me. Even Chrome lets you ignore the warning if you click the details button. That's not the problem, though; the problem is that the registrar decided that the browser warning ("something might be wrong") as proof of malice (took down the domain entirely).
Google doesn't sell their list to you. They give it to you for free. Using their list costs them money. Pumping up numbers gains them nothing but the headache of PR issues when they get a false positive.
Spyware filters used to boast about how many domains they filter out because they wanted you to buy their filters instead of someone else's. By the time they hit a false positive, they've already sold a year's subscription to that customer.
Step 1: Get everyone to use your free internet filter
Step 2: Alter filters to mark newly-registered domains and low-traffic websites as "potentially harmful".
Step 3: Charge a lot of money for "business verification" - which gives them a fancy badge somewhere and incidentally makes their website trustworthy in the eyes of your filter.
Step 4: Profit!
The Big Tech cartel has been doing this pretty successfully with email (see the weekly "Don't self-host your email" posts), why should we assume they are doing anything different with browser-based website blocking?
> Step 2: Alter filters to mark newly-registered domains and low-traffic websites as "potentially harmful".
Yeah, sounds like a great cartel idea, if they actually did that. None of my domains ever got marked as potentially harmful, even the one that I bought as a joke because it would be so easy to turn it into a phishing site.
Not everything is a big conspiracy to oppress the population. We hear about the cases where it goes wrong because the HN front page is the fastest way to reach the single part-time support person Google seems to employ.
Indeed. I was going to register an account somewhere the other day, and the signup form had a list of acceptable email domains. Gmail, Protonmail, Outlook, Yahoo, Icloud... a few others. It's not the first time that's happened to me. Sad.
EDIT: Didn't even include Fastmail, who's pretty big after all. They host MX for my domain, so I could have "circumvented" it that way with their disposable address feature, but nope.
I've found that, whenever considering Google's actions and incentives, you need to remember two things:
- They make almost all their money on advertising
- They have deep ties to the US intelligence agencies (To the point that a Google employee managed the appointment calendar for our Secretary of State a few years ago!)
So, how would these incentives apply to their Internet blacklist?
- If you are parking lots of Google ad spam, they are taking a cut of your revenue, so they have an incentive to take you off the list (evidence and testimony from the antitrust trial documented ongoing fraud in every layer of Google's vertical ad monopoly)
- If you are hosting something the intelligence agencies dislike / are neutral to / like, that'll impact your presence on the list.
Google wants you to use it. If it blacklists excess domains that hold legitimate sites, their product gets worse. If they blacklist illegitimate sites, their product gets better.
Cute. That is the commenter’s whole point about monopolies. Google is on record making their product worse to squeeze revenue. We’ve been living in the enshitification economy.
Sure, until their "smart filters" start considering GCP-hosted websites as pre-verified and small self-hosted websites as malicious. You know, like they have been doing with email?
Chrome is big enough that a website owner can't afford a false positive on their malware list, just like they can't afford to have all their email end up in spam for all Gmail users.
Due to their near-monopoly Google also has no incentive to avoid adding false positives to their blocklist - provided they don't accidentally block high-profile targets. And if a CxO is screaming over your shoulder that your website has been blocked, arguments about "false positives" aren't very compelling: they'll just demand you move off the "shitty basement provider" and switch to "proper hosting, like the Google Cloud"...
> We’ve been living in the enshitification economy.
that whiny bullshit about somebody elses website? you dont have to rely on a website or app. either you need their monopoly because you cant do it yourself, or you have options.... in both cases the whining is not needed
Nobody sees Google's numbers except Google... in other words, the numbers are not a sales tool for Google like they are for anti-virus/blocking companies. So, there's no reason for Google to pump up their numbers, it would just be extra work to make their product worse which wouldn't make sense.
Nothing, but they haven't done it so far, and they don't really have any incentive to do so.
It doesn't really matter that it's Google. It could have been Microsoft, or PAN, or McAfee or some fly-by-night vendor. The problem was Radix taking the list as iron-clad truth and disabling the domain without any notification or way to resolve the issue.
Google’s allowed to have an opinion. But that doesn’t mean that the registrar should be suspending the domain immediately in response. These two mechanisms should be decoupled.
How is any kind of antivirus or threat detection software supposed to operate on this standard?
Libel suits can be financially catastrophic, so even a tiny false positive rate could present risk that disincentivizes producing such software at all.
And a threat detection mechanism that has a 0.0% false positive rate is conservative to the point of being nearly useless.
I think that is the idea. They shouldn't exist without a prompt mitigation path.
In other words, if you can't deal with the false positives in a timely manner. You SHOULD be liable for the damages.
I can't build a budget car put together in an unsafe manner. Then complain I can't compete due to all the peoples cars crashing and blowing up and suing me.
You document your claims with concrete evidence of fraud. That will be your libel defense. No evidence means you bear the full responsibility of a fuckup.
At internet scale, this would roughly be equivalent to not doing any warning or detection at all.
Scalable systems need to use heuristics to catch threats. Needing concrete evidence in every case means that an enormously higher amount of malicious resources will not be flagged.
There is a policy argument as to the right balance of concerns here. But there is a clear trade-off to make.
Then that heuristic is your evidence in court. If it's a good heuristic, you win the case. If it's a bad heuristic, you lose the case.
"Your Honor, we banned this person's website because his web page contained the word 'bitcoin' more than 5 times" will not hold up.
"Your Honor, we banned this person's website because it contains a bitcoin miner script. See, here is the script, and it matches the hash value found in these other attacks" hopefully holds up.
You're welcome to cite case law if you want to insist. Otherwise, unsafe (in the context of infosec) has a definition of likely or able to cause harm or malfunction. Something that is provable or falsifiable with evidence.
Whether that's true or not is irrelevant if it's defined by law differently. Even without case law and precedent you'd still have to test it in court, which for libel can be prohibitively expensive.
For clarity I'm not agreeing or disagreeing, but what means sense to the layperson (including experts in a particular field) is sometimes at odds with what the law says.
Isn't "oops we made a mistake" actually a valid defense to libel in most US states? I thought you had to prove it was intentional to some extent? Or reckless/negligent IANAL
Google takes no action to review the reports that their warnings are false until you sign up for Google products (namely - registering the site in their search console).
I reported a falsely flagged site repeatedly for weeks with absolutely no action from them.
Mozilla and Microsoft both did actually remove the warnings after the reports (Edge and Firefox stopped displaying the warning). Google did not. Google strong armed me into registering for google products, like a fucking bastard of a company.
This was the moment I went from "I don't love google anymore" to "Google can get fucked".
I wish them bankruptcy and every damn legal consequence that is possible to enforce.
"I believed it to be true" is a defense. But negligence isn't. In fact, that is usually what you want to prove, that they acted on things that a reasonable person (or a person that is supposed to be skilled in that field) can see is not true.
I'm curious as to how you would prove that it would be impossible for any resource accessible under a given DNS domain to ever cause harm to anyone else.
I'm afraid that's not how it works in modern law in the U.S.:
"In addition to establishing that the defendant was aware of his
statement's defamatory meaning, the plaintiff also must show that
the defamatory statement is false. The falsity requirement has
evolved gradually through a two-step process. Initially, the courts
recognized that truth was a defense in a defamation suit. With
time, however, the burden of proof on the issue of the statement's
truth or falsity shifted to the plaintiff, so that now a statement is
not actionable unless it can be proven false."
You'd enumerate the resources the server sends, for a typical page load/request and demonstrate they're all valid js/css/html etc.
If a typical page can be shown to be prima facie safe to well formed parsers, without obvious shell code. It would require a response if there was additional evidence google was using in their determination.
Google is stating in a position of authority. It's therefore being stated as at least a professional opinion with the equivalent weight of fact, or representing facts.
If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
Not to mention that the whole point of the list is for blocking in e.g. web browsers. Claiming it is just an opinion would be like a mobster claiming they didn't actually order a hit.
> If the opinion is meant to be just another opinion, then it shouldn't cause any blacklisting of any sorts anywhere.
I agree with this! The registrar should not have triggered a suspension because of this. They're not obligated to, and the two processes should be decoupled.
The registrar should ignore reports of abuse, especially if coming from an authoritative source with vast resources that's been collecting reports on its own?
No.
The source should be more careful. It's the equivalent of a renowned newspaper printing warning a restaurant being unsafe to visit. Should the customers' willingness to visit be magically decoupled from this opinion?
It's like a renowned newspaper saying the restaurant is unsafe, and then also the restaurant's landlord taking it at face value and locking the doors without further investigation. Both can be wrong.
> The registrar should ignore reports of abuse, especially if coming from an authoritative source with vast resources that's been collecting reports on its own?
I'm not saying they should "ignore" reports of abuse but treat them as they are -- reports. They can then perform their own independent investigation.
That may well have happened here. I suspect the author isn't telling us something.
Depends on jurisdiction. In the UK it's not an absolute defence, you still have to prove it's an opinion a "reasonable person" could come to based on facts.
“unsafe” is a term that is both broader and more vague, so I would consider it opinion unless backed up by appropriate facts (like “contains CSAM”, “contains malware”, and so forth).
As someone who has also been bit by this, and with the only possible resolution being that I sign up for google services and register my site with them in the google search dashboard...
Fuck Google.
This is absolutely libel. They put a big fucking red banner on top of my site, telling the world that it's unsafe, using all the authority they have as one of the largest tech companies in the world.
In my case - it was a jellyfin instance I'd stood up to host family videos of my kids for my parents.
It was not compromised, and showed only a login page. I reported it as a false flag repeatedly, for weeks, with Google doing jack fucking shit.
Only after signing up in their search console and registering the site did the warning disappear.
They are abusively forcing people into their products. Fuck Google.
In case it wasn't entirely clear - Google can get fucked. Fuck Google.
There’s nothing wrong with your dislike of Google. No matter how much you dislike them, though, the word “libel” has a meaning that should be respected. To opine that a site is unsafe is simply not libelous.
Sure it is - it's factually incorrect, misleading, and has an impact to my reputation.
> Libel is the publication of writing, pictures, cartoons, or any other medium that expose a person to public hatred, shame, disgrace, or ridicule, or induce an ill opinion of a person, and are not true
They literally show a giant red banner to every user of their browser that tries to access my site, calling me unsafe. Which is factually incorrect, and absolutely induces a negative opinion.
There's nothing on my site except a login page, it wasn't compromised, and it wasn't available for public access or registration. They can't "opine" on safety - it's just factually incorrect.
Convenient for them that the only way to resolve the issue is to sign up for Google products, though. Wonder how that works...
---
Next you'll try telling me that calling someone a cheat is also just an opinion, but it's standard legal libel.
It's libelous in Germany unless you can prove it's true. In fact people regularly get punished in Germany for things like calling politicians idiots, because they can't prove they are idiots. https://www.ft.com/content/27626fa8-3379-4b69-891d-379401675...
Securing physical evidence subject to a warrant is not punishment under the law. But I take your point that this seems like a pretty heavy-handed reaction.
That sounds like a spurious distinction. Pretty sure you can’t say “Person X is a murderer” and then say “well I’m only expressing my opinion, and in my opinion if you do something that annoys me that qualifies as murder.”
Nope, not in the US. It is perfectly legal to say, for example, "Kyle Rittenhouse is a murderer" despite him being acquitted. You're entirely free to disagree with the result, that is an opinion. Any opinion based on public knowledge is ok. It doesn't even have to be reasonable or rational.
What you can't do is imply non-public knowledge, aka "I heard from my cousin who works in law enforcement that Kyle murdered a hobo when he was 12 but the records were sealed", or state specific facts that can be proven true or false: "Kyle murdered a hobo on September 11, 2018 out back of the 7-11 in Gainesville, FL"
The standard for libel/slander is much, much higher than people think. It's extremely difficult to meet them, and for public figures, it's almost impossible.
Is “opinion versus fact” relevant to that example? My impression is that Kyle Rittenhouse wouldn’t have a strong defamation case against a random person tweeting that he’s a murderer, but the reason isn’t that “it’s a statement of opinion.” The reason is that it’s a high profile and controversial homicide case, and it would be very difficult for Rittenhouse to show that that the random Twitter user had “actual malice.”
Sure it is, that's how the 1A works. Saying he was convicted of murder is not true, but calling him a murderer is an opinion. Your opinion doesn't even have to be reasonable. It just has to be based on facts that both you and I have.
1A rights are construed really broadly. The courts don't do the 'he wasn't legally convicted therefore it's illegal to call him one' thing.
If that were true, news organizations wouldn't be as careful as they are to preface the word "alleged" before the behavior -- before or after a trial. I don't think you'll find any reputable commercial newsgathering organization that makes a plain statement that Kyle Rittenhouse is a murderer.
The First Amendment doesn't protect the speaker against all forms of defamation (though it does put some barriers up that make it harder to win in some circumstances). If it did, defamation as a cause of action wouldn't exist at all.
As a practical matter, though, this is largely theoretical. Once you've been through the rigamarole of arrest, prosecution, and trial, even if you're found not guilty of the crimes committed, the reputational damage is just too widespread. You're not going to go after the defamers: there are just too many, and if you tried, there would be a fair question as to whether you have any positive reputation left to injure. Your life is pretty much ruined. It's a pretty terrible situation for the wrongly accused.
Nope. News companies don't do it because of different reasons.
For one, it's an opinion, and traditional journalism likes to pretend it doesn't have those.
The bigger reason is anyone can sue for anything in the US. Litigation can be ruinously expensive, and cost hundreds of thousands of dollars just to get it thrown out. Hundreds of lawsuits gets expensive, even if you win or hand out $25K "get lost" settlements.
(That's why SLAPP laws are so important -- a strong SLAPP law like CA kills this behavior)
Whether or not something is prudent behavior has nothing to do with legality.
In my opinion, a .online domain is unsafe. 99% of people only visit ".com"s unless they clicked a scam link. Completely blocking the site is overkill, but the browser should warn you about it like it does with non-SSL sites.
They should be held legally culpable for libellous claims they make.
I dont care if their pre-LLM ai says "thingy bad". They are responsible for the scripts or black boxes they control. I dont care if they dont give a reason.
Claiming bad/malicious/etc site is 100% libel. And doubly so, anybody who has been forced to agree to a ToS with binding arbitration should have it removed for libel.
The words in your link do not support the words in your comment. Don't be snarky unless you are certain you're correct.
> a plaintiff must show four things: 1) a false statement purporting to be fact; 2) publication or communication of that statement to a third person; 3) fault amounting to at least negligence; and 4) damages, or some harm caused to the reputation of the person or entity who is the subject of the statement.
They falsely marked the site unsafe[1] on a published list[2], the results weren't checked and couldn't be appealed[3] and OPs site was taken down[4].
"When Google marks a site as "unsafe" or "dangerous" in Chrome or search results, it is a factual finding based on automated detection of specific, technical security threats, rather than a subjective opinion. These warnings are triggered by Google’s Safe Browsing technology, which scans billions of URLs daily to protect users from malicious content"
Opinions and facts in a legal context usually comes down to who is saying what. Someone personally says "this soup is bad" on a review site = opinion. A news site plastering it on their front page = fact.
A person saying something as an individual is usually considered an opinion. A company doesn't have that same protection.
> "When Google marks a site as "unsafe" or "dangerous" in Chrome or search results, it is a factual finding based on automated detection of specific, technical security threats, rather than a subjective opinion. These warnings are triggered by Google’s Safe Browsing technology, which scans billions of URLs daily to protect users from malicious content"
Nope. Not correct. Companies have the same 1A rights, too.
In the US, it really doesn't matter who says it, the only thing that matters is who it's being said about.
If you are a "public figure" -- which is a much broader category in 1A law than you think -- then in order to prove defamation, you have to prove the thing was false _and_ that the person saying it knew it was false at the time. Not that they were mistaken, not that they were careless, not that they knew later, they deliberately lied and knew they lied as they said it.
If your next question is "how do you prove what someone was thinking", then yes. That is the reason it's nearly impossible.
Not talking about 1A rights or public figures. We are talking about
Opinions (Protected) vs Facts (Not Protected)
Defamation cases where individuals say something are usually considered opinions and companies are usually considered facts in the eyes of the courts. I say "Usually"
Defamation also DOES NOT require intent, but it requires a minimum level of fault (negligence)
Google saying something is unsafe in the web search or browser would not be considered an opinion because of their position of authority. It would not even be a debate since Google has already said they make decisions based on facts and data presented to them.
The only question is are they negligent in their assessment or response to a false report. And what would be the damages. In the case of a phishing report that is false courts would already consider it defamation per se (damages presumed)
We are absolutely talking about the 1A lol. Defamation is 1A law. It is one of the few recognized exceptions to the 1A.
And we are also 100% talking about public figures. "Public figures" include companies and it's a critical part of 1A since Times v Sullivan.
Google is a US company and has 1A rights. That's how it works. The rest of what you said is nonsense and is your idea of how it should work, but has nothing to do with how it actually works.
To be more accurate, defamation is civil tort law, circumscribed by the First Amendment. (Defamation as a cause of action is quite old, reaching back to our English common law roots, and goes back further in history, I believe.)
That's more general, not more accurate. Civil tort law is a broad class of things. It's like saying "to be more accurate, a supermarket is a type of store". Well, yes.
If a newspaper publishes a false story about a business and someone takes it upon themselves to attack the business, it's partially the newspaper's fault.
If a newspaper publishes a story about a business and someone takes it upon themselves to attack the business, the attacker is at fault, regardless of the veracity of the newspapers claims.
I am in Canada, but I think it is the same in the US? A newspaper can be responsible here. For example, if they say "people should riot" and a riot happens, the newspaper could be responsible for all actions that resulted the same as if they were the ones doing the crime.
Same with if they become aware of defamation and fail to retract and make a statement. But newspapers will generally also thoroughly investigate themselves to make sure what they are publishing is true.
It is not the same in the U.S. (And, to be honest, I'm quite doubtful this is true in Canada, though I could be persuaded through legal citations that it is.)
"Under the Criminal Code of Canada (Section 21), you can be charged as a "party" to an offence if you were involved in planning, "encouraging", or aiding in its commission" Criminal Code (R.S.C., 1985, c. C-46)
"21(1) Parties to Offence: Anyone who actually commits the offense, aids in committing it, or abets (encourages) someone in committing it is a party to the offense."
I work in a law firm but NAL. I could probably find some cases if I had time. Most of the responses from people saying defamation is not very successful and "good luck" in the us because of 1A seem strange to me also.
Whom are you quoting here? Looks a lot like LLM slop.
I’m not sure you got the law right. “Abetting” does not mean encouragement. And the code itself does not have “(encourages)” in parentheses in it. The text of the code is right here: https://www.statutes.ca/r-s-c-1985-c-c-46/21
Since you work in a law firm, maybe you should ask your colleagues.
1
: to actively second and encourage (something, such as an activity or plan)
abet the commission of a crime
2
: to assist or support (someone) in the achievement of a purpose
The singer was abetted by a skillful accompanist.
especially : to assist, encourage, instigate, or support with criminal intent in attempting or carrying out a crime —often used in the phrase aid and abet
accused of aiding and abetting a criminal
Who Is Considered a Party to an Offence?
Under s. 21(1) of the Criminal Code, you may be considered a party to an offence if you:
Section 21(1)(a) Committed the crime yourself (the principal);
Section 21(1)(b) Assisted someone else in committing it (aided);
Section 21(1)(c) Encouraged or promoted its commission (abetted).
> I added the quotes, it clearly was not taken directly word for word and it was written in plain English for clarity.
You mean you had an LLM write it. This is the second time you’ve done that in this conversation. Please stop. It’s giving you incorrect or misleading information. Bona fide lawyers are finding themselves subject to disciplinary action for relying on LLMs, which have been found to falsify law and cases: https://www.reuters.com/legal/government/us-appeals-court-or...
Please, I beg you, go talk to
your colleagues instead of armchair lawyering here. The law does not always adhere to dictionary definitions. It has been interpreted over the centuries and courts follow those interpretations. Besides, “Encourages” is a different word than “abets,” and merely offering support in the verbal or spiritual sense is very unlikely to lead to prosecution and conviction. If you can find a single case in Canada where this has happened, show us the proof.
I’m not “trolling,” I am a lawyer myself with 3 years of formal training, a Bar license, and decades of continuing education.
If you give me the number of your law firm, I will gladly call them myself.
I always wonder what the settlement and damages would be if google marked Amazon as a phishing site for even a few minutes.
The problem is that these gatekeepers of the internet respond to false statements of facts/opinions by so called professionals.
I had cloudflare mark a worker as phishing because a AI "security company" thought my 301 redirect to their clients website was somehow malicious. (url redirects are normal affiliate things)
If the professionals don't understand the difference and cloudflare and google blindly block things, this is scary.
There is a potentially different cause of action, tortious interference with business relationships. It does require that the defendant intended to interfere in a way that would cause harm to the plaintiff, though. Proving Google intended such harm would be difficult and expensive.
Google intends harm to everyone on that list. That's the point of the list. Google is unlikely to have intended this specific harm, but they don't have to.
Marking a website as "unsafe" in Chrome is equal to standing in front of the door of a small restaurant and blocking 71% of people going inside. Everyone first has to agree that they will enter the restaurant at their own risk.
That is more than an opinion. Chrome has a monopoly and should act accordingly. Blocking entry to a website should be a last resort, not just because someone didn't add their website to the whitelist.
Yeah. Everyone uses their list and being blocked by all web browsers is like having someone cover the doorway with a massive DANGER sign. It's insane that people are roaming around here arguing that it's ok because the damage caused is a necessity for "internet scale".
Right now, any damages are completely speculative at this point. I would suspect in this case, the damages are minimal, and taken in the broader context, the good outweighs the harm. Do you have evidence to the contrary?
The good outweighs the harm until it happens to you. The problem is that even if the failure rate is low, the failure can be catastrophic for the people suffering from it.
I use Ubiquiti as an example for an update they pushed to their UniFi systems a long time ago (5+ years). Some people were configuring their devices to use an https URL to connect to a management console when it was supposed to be http. Before the update, the console accepted http on the https port. After it didn't. That caused devices to disconnect from the management portal and remain offline.
When people complained, Ubiquiti said they realized it would happen, but it "would only affect a tiny percentage of customers." However, most customers that were affected had a 100% rate of failure. One person had something like 600-700 devices that got disconnected and required manual reconfiguration.
A 1% failure rate might be ok for the company, but it shouldn't be if the 1% of people affected suffer 100% failure. The distribution of the failures needs to be considered.
I had my primary domain that my entire family has used for 25 years put on that blacklist. If I hadn't been able to get it removed it would have had a massive negative impact on my life. Had it been suspended by the registry the way the OP of this article describes, I'm not sure how it would have worked out.
So it may be a false positive of .0000000001%, but would have ruined my life. I have 900 entries in my password manager and probably half of them are tied to that domain. Is my entire digital life acceptable collateral damage? Is yours?
“Ruined your life” sounds a little overdramatic when there are people being falsely accused and convicted of crimes and being thrown in jail for life (or worse).
I don’t mean to say your experience isn’t real and that you didn’t suffer some inconveniences. But come on, have some perspective.
And what did you do to get put on that blacklist, anyway?
(IANAL) It's not about how it's stated, but whether it can be objectively proven to be true or false. "unsafe" refers to the likelihood of something bad happening in the future. You can't prove that something bad will happen in the future, so it's opinion.
Also not a lawyer, but that makes intuitive sense. If I say "that food tastes bad", it's phrased as a fact, but a "reasonable person" (which is in fact a legal test used for some things, although I admit I'm not sure about libel) knows that there's an implicit "...to me" qualifier because the concept of taste itself is inherently subjective. My instinct is that while there are some things everyone would agree on as unsafe, it pretty quickly turns into a judgment call, and it probably makes sense to allow even ill-informed opinions that are made in good faith rather than malice or negligence. The question then becomes whether there's sufficient evidence to conclude something like that, and while the bar is lower for a libel claim than something criminal, it's still not obvious this would be provable here.
"Unsafe" is just a terribly vague word, too. As a layman, I wouldn't even know what that means with respect to a web site. What's "unsafe" about it? Is it going to shoot my dog? Is it going to drain my bank account? Is it going to give my computer a virus? Saying a web site is "unsafe" really isn't providing any interesting information, and it shouldn't be acted upon by pretty much anyone.
This seems like a distinction without difference, given everyone in the ecosystem takes that "opinion" as true fact, including the market-leading browser produced by the "opinion"-haver.
I get that's mostly what corporate lawyers argue about, but it's functionally dishonest in this case.
That is the bit that jumped at me immediately too. Why would a registrar take it upon itself to suspend a domain that another entity entirely blacklisted as part of their own completely opaque process? Who is Google? God?
On the flip side of the coin I cannot get a site removed that is a blatant rip off of one of our websites being actively used for invoice redirection fraud.
It's like being unable to get a passport because Microsoft has you on The List, and Microsoft needs to see your passport to check why you're on the list.
Considering that getting a domain is a normal part of business these days, this kind of thing should be illegal. Not to mention, why does Google have any say in this?
I am suspecting something like this too but what is the mechanism by which Google would have influence on the registrar? As far as they are concerned the domain is gone from their index.
It doesn't sound reasonable to me at all. Why would we think that the reasons google blacklists a domain would align perfectly with reasons a domain name would be suspended? In the end they don't seem to agree already since the domain was unsuspended. Who knows why it was blacklisted by google? Even the decision to unsuspend it looks arbitrary.
You're one of those that's going to laugh at the idea of "verifiable cloud" that Apple and others are pushing? How dare you stand in the way of AI everywhere!
This was not going to come from Samsung, one of the most over-zealous companies out there when it comes from preventing rolling out purely software features from today's phones to yesterday's. E.g. "Now Bar" a literal online feature is blocked on older phones. (Don't get me wrong, it's a useless feature, just shows their thinking)
Or when they announced that "Linux on Dex", for which they had been doing public beta testing on Note 9 phones, would only support the just-released Note 10. (And then they dropped the entire thing anyway).
These are phones for which the only difference between generations may be a couple mAh in the battery. Yet they still use software to gate features.
> These are the kinds of articles that give science a bad name, and that make people anti-science.
No, it is attitude like yours that brings humanity a bad name.
"Blue light effects" have always had highly questionable evidence behind it, what has been sold and marketed under the guise of it has had _zero_ evidence behind it. But now that you are reminded that it is actually bullshit, you react with skepticism.
"Feels good to me" is hardly evidence to begin with. It's something that is even more flimsy than sociology. I have my doubts it should even be called medicine.
You have to remember that a shitton of people day after day "show" "evidence" that homeopathy works. Even though it has no plausible mechanism of action. So clear mechanism of action is about as important as the evidence itself. (see Science-based medicine)
I could understand (not justify) skepticism in many cases (such as "common wisdom" from 1000 years ago) but this particular topic should have raised your skepticism 20 years ago back when the craze/marketing stunt was starting, and not now.
> "Feels good to me" is hardly evidence to begin with
Where did I say anything like that? Please don't mischaracterize my comment, that's not helpful. It's not that it "feels good", it's that it helps at least some people fall asleep more easily, and I know this from personal experience. And many, many other people have written that it does the same for them.
> "Blue light effects" have always had highly questionable evidence behind it... But now that you are reminded that it is actually bullshit
You're right that the evidence for it is questionable. But you know what else there's no conclusive evidence for? That hot herbal tea helps you fall asleep. Or soothing music. Or bedtime stories. Because the funding usually isn't there to perform the kind of large-scale studies required to establish these things, because it's just not a priority or even a good use of our dollars. And lack of evidence for, is not the same as evidence against.
My point is, nothing in this article does establish that it is "actually bullshit". That's a gross misreading of the science, and that's what I'm criticizing the article over.
People experiment with things and discover what works and what doesn't. Again, nobody's going around complaining that there's no scientific evidence lullabyes don't help put you to sleep. And neither lullabyes, nor turning your lights down to amber, have anything to do with homeopathy. You can't possibly suggest they're doing harm. People aren't using amber lighting at night instead of getting their cancer treated.
But for some reason, low amber lighting to help with sleep makes you and the article author upset? Why? Why does that make you upset, but not hot tea or lullabyes? Or do those make you upset too?
"feels good to me" and "helps me sleep more easily" are about the same thing: flimsy and almost non-quantifiable personal experiences. About the same level with "I dream of nicer things".
> And many, many other people have written that it does the same for them.
So people write for homeopathy. Homepathy actually is the precursor for using this type of "evidence" for development and study of new "drugs" (hint: this evidence ends up going nowhere useful, quickly).
> Or soothing music. Or bedtime stories. Because the funding usually isn't there to perform the kind of large-scale studies required to establish these things, because it's just not a priority or even a good use of our dollars.
Oh, there is. There are way more studies about this than you can possibly think of. There are medical journals reporting clinical experiences about this daily. You are saying this on an article about study about one of these, ironically enough.
> And lack of evidence for, is not the same as evidence against.
> My point is, nothing in this article does establish that it is "actually bullshit".
Why not?
> But for some reason, low amber lighting to help with sleep makes you and the article author upset? Why? Why does that make you upset, but not hot tea or lullabyes? Or do those make you upset too?
You are the one who suddenly claims this makes people "anti-science", when this particular bullshit is not even 20 years old, and it was already known to be suspect 20 years ago. It is just ridiculous that it is now suddenly such a core belief of your persona that even being reminded that it is most likely bullshit is going to drive you to reject science outright.
As I said, I could at least _understand_ (but not justify) much older claims, such as ancient chinese practices or whatever. This makes they make me upset indeed (this is pseudoscience, after all), but what makes me even more upset is the creation of new pseudo-scientific or even anti-scientific "popular wisdom" _in this age_.
I think you have not actually understood what I wrote, because of this part:
>> My point is, nothing in this article does establish that it is "actually bullshit".
> Why not?
I've already said it multiple times. Allow me to repeat myself:
> make the elemental mistake that showing one biological mechanism doesn't have an effect, means no other mechanisms can either.
You've written a lot, but you haven't understood that this is the core mistake of the article, and the core mistake of what you're trying to argue.
You reply with a reference to Russell's teapot, and that would be fine if you were merely trying to make the point that the effect of amber light on sleep has not been sufficiently proven. But you're the one literally calling it "bullshit", i.e. disproven. That's wrong. There's no high-quality study conclusively demonstrating it doesn't have an effect.
Certainly you can claim that because not all mechanisms have been disproven yet, then there could still be an effect. That is why I quote Russell's teapot. Your claims are technically not disproven, and may not even be possible to disprove, but that doesn't mean that the existence of the teapot is (most definitely) bullshit. This is what the example of Russell's teapot is trying to show.
I also keep continuously putting the example of homeopathy because it is exactly the same. Homeopathy has plenty of (weak) evidence, but no known mechanism of action. All the proposed religious, memory of water, etc. have been disproved.
Certainly you can argue that homeopathy could still be a thing because there could be some physical/biological mechanism that has not yet been disproved! But this is just nitpicking: homeopathy is still bullshit. In the same way that a teapot in space is bullshit.
Anything else is a (useless) nitpick.
In any case, even from day #1 it's been known that blue light could possibly have a mechanism, but there's always been a big stretch from there to claiming that blue light filters/night shift have an effect, and the evidence for the latter is substantially lacking. https://sciencebasedmedicine.org/blue-light/
I'm sorry, but using the idea of Russell's teapot to claim anything without rock-solid proof is "bullshit" is a deep misunderstanding of the idea. It's wrong, it's offensive, and it's not helpful to genuine understanding.
Amber light is not Russell's teapot. There's widespread anecdotal reporting that it helps with sleep. It's not something nonsensical like a teapot between Earth and Mars. And for you to suggest that they're the equivalent is, frankly, arguing in bad faith.
The world of knowledge is not divided, black-and-white, between things that are scientifically proven and "bullshit". Probably the vast majority of practical facts we rely on daily are not "proven" with empirical studies. That doesn't make them "bullshit". I hope you can understand that.
No, I do not understand why I cannot call homeopathy bullshit. There's plenty of widespread positive anecdote for it, too!
Why would you think calling one bullshit is "offensive" and not the other? You realize that this "gray" scale that you claim is as unscientific as it gets, right? After all, it worked for me! And I hear that it works for my friends! How can homeopathy/blue light filters/whatever-ritual-you-like-today not work? How can there not be a teapot on the sky?
If the problem is with the word "bullshit", call it pseudo-scientific, but it is almost the same thing.
Tomorrow there could be some evidence of an effect shown in the opposite direction (e.g. blue light filters _harming_ sleep quality*, or performance the day after, or whatever) and you would be as skeptical as with claims of no effect, if not more. See the recent article of white noise in HN and how it was met in the comments.
* Because of people (or worse, software) turning their screens' brightness up to compensate, which I already read an article about long time ago...
No, he said "this gives science a bad name"/"makes people anti-science" because some article published something that contradicts his anecdote of how well he thinks he sleeps. That gives humanity a bad name. And your direct insults do, too (which fortunately have been edited out).
> The fact that there are comments misunderstanding the article, that are talking about PCB Design rather than (Silicon) Chip Design, speaks to the problem facing the chip industry. Total lack of wider awareness and many misunderstandings.
No, there is no misunderstanding. Even the US companies mentioned _in the very article_ that have both software and "chip design" roles (however you call it) will pay more to their software engineers. I have almost never heard of anyone moving from software to the design side, but rather most people move from design side to software which seems like the more natural path.
You've taken two separate points I made and rolled them into one, resulting in you arguing against a point I didn't make.
The "misunderstandings and lack of awareness" I was referring to is in regards to many people outside the semiconductor industry. These aspects are hurting our industry, by putting people off joining it. I was not referring to people inside the industry, nor the SemiEngineering article.
As for salaries: See my other comments. In addition, I think it's worth acknowledging that neither hardware nor software salaries are a flat hierarchy. Senior people in different branches of software or hardware are paid vastly different amounts (e.g. foundational AI models versus programming language runtimes...). For someone looking at whether to go into software or hardware roles, I would advise them that there's plenty of money to be made in either, so pursue the one which is more interesting to them. If people are purely money-motivated, they should disappear off into the finance sector - they'll make far more money there.
As for movement from software into hardware: I've primarily seen this with people moving into hardware verification - successfully so, and in line with what the article says too. The transfer of skills is effective, and verification roles at the kind of processor companies I've been in or adjacent to, pay well and such engineers are in high-demand. I'm speaking from a UK perspective. Other territories, well, I hear EU countries and the US are in a similar situation but I don't have that data.
Do more hardware engineers transition into software than the other way around? Yeah, for sure, but that's not the point I think anyone is arguing over. It's not "do people do this transition" (some do, most don't), rather it's:
"We would like more people to be making this transition from SW into HW. How do we achieve that?"
And to that I say: Let's dispel a few myths, have a data-driven conversation about compensation, and figure out what's really going to motivate people to shift. If it only came down to salary, everyone would go into finance/fintech (and an awful lot of engineering grads do...) but clearly there's more to the decision than just salary, and more to it than just market demand.
Why would they? Pay is just much lower, despite the fact that there's way more responsability. I personally know more people who switch from hardware to software than viceversa.
I'd do anything short of murder to get out of software. If I could find a career that paid enough to live somewhere nice and didn't have the horrible working conditions that software does (stack rank, fake agile, unrealistic deadlines, stack rank, etc.) I'd do it in a heartbeat.
There is so much more to software than SaaS apps. I do compilers now for new chips. The work environment is so much better. Go for the hard problems always.
The "killer" feature is actually that it was rendering traditional websites NOT fine, but in a bunch of hacks that would force a specific viewport width where most websites would render with reasonable font sizes and double tap to zoom to paragraph would fix the remainder.
Specifically this "killer" feature would already break traditional HTML pages with just text (that were 100% responsive even before "responsive" was a thing).
The entire mobile HTML stacks is hack on top of hacks. Like everything else in computing, TBH...
I mean, suppose Adobe decides to gift "$1200" value in Adobe products/subscriptions to all subscribers of the gimp-users mailing list. Can I criticize that?
reply