I’ve rarely hit the Google SafeBrowsing (malware) warning page, but last week it flagged a few sites that caught my attention. One was example.com (a reserved domain, which amusingly caused our test suite to fail :). The others were real web sites, both for popular Firefox extensions — joehewitt.com and downthemall.net.
Blocking the user when they’re familiar with the site (and expect it to be safe) is rather annoying. Doubly so because there’s no obvious way to bypass it (other than disabling the feature entirely in the preferences). There’s some discussion on this point in bug 400731, and I think there’s a strong argument to be made for *not* having an easy bypass.
But what I find really frustrating is that there’s no specific, useful feedback on *why* the site is being blocked. That is, it does a good job of explaining what “attack sites” are, but not why this specific site is one of them. I think this could lead to distrust of the feature, especially when “legitimate” sites get flagged. For example, here’s the page I currently get:
The “request a review” link goes to a rather unhelpful page on stopbadware.org, intended for the site owner (who is almost assuredly not the person sitting in front of the browser). If you search around on the Stop Badware site, you can get a vague report which says:
“This site is currently (as of 02/17/2008) being reported to StopBadware by the following partners: Google: reported bad.” … “joehewitt.com/ contains or links to badware or otherwise violates Google’s software guidelines.”
So, uhh, completely not helpful. As a user, I’m now inclined to believe that it’s just some kind of screwup, and now I’m grumpy at Firefox and Google.
Of course, I may be completely wrong. The other warning I saw, for downthemall.net, turns out to have been real. A notice on their site now says: “After a complete check up of the site structure, we’ve found that an attacker had exploited a WordPress vulnerability to inoculate unauthorized code into our theme. This code contained links to a site which tried to install malicious code on visitor’s computer.” So, score one for Firefox / Google, and chalk this up an example of the difficulties security prompts face when you’re blocking the user from doing something they want to do. [edit: well, then again, http://www.downthemall.net/howto/ is still being blocked, so I'm left wondering if there's a new problem, or if the SafeBrowsing database isn't up to date.]
But I think it’s important to give the user a specific indication of why they’ve been blocked, and that’s not being done here. I’d like to see the browser warning page link to the actual site report, and the report should have specific information that can help me trust its claim. For example:
- Why exactly is the site “bad”? What guideline(s) does it violate?
- What’s going to happen if I visit it anyway?
- Is the whole site bad, or just part of it?
- Does it have a history of problems? Might it just be a recent hack?
- If I was there last week, should I worry that it did something bad before the block started?
- Has the report been verified/confirmed, perhaps by a Real Human? When was it last checked?