Surely you'd agree that breaking a government service for 3 entire days is unacceptable!?
Ideally they'd have an SLA measured in hours, the lower the better. Like 1. Because the consequences of their bot flagging a domain are so severe, both in terms of availability and in reputational damage.
If you're about to submit commercially sensitive information to a company providing a service on behalf of your government and instead you see a massive red screen that screams of dire consequences of using that site, how likely would you go back and try again later? They need to be damned sure they're right, and to provide a quick way to resolve false flags.
Instead the only answer I got from Google was "lol, no".
1 picosecond is the acceptable time frame for google to block my connections to someone's server. I don't need their permission to visit. It is why I turned off the feature the first time I got a red screen in 2010 or thereabouts.
Yet there are many more users that actually get protected from actual phishing thanks to Safe Browsing. A microscopic false positive rate does not a bad tool make.
yet there are nonetheless many people harmed by the service, an issue unresolved by any amount of unrelated goodness
>A [low] false positive rate does not a bad tool make.
It does, if your tool fails to address the issue of false positives to the satisfaction of the people you harm with them, and especially if it fails to provide a quick, easy, direct line to humans, to deal with false positives
obviously it's not acceptable to screw people over and justify it by saying "we're not screwing over everybody, and look, we're doing good stuff, too!”
if you can't resolve the negative externalities of your service to the satisfaction of the people you're harming with them, don't roll out the service
> obviously it's not acceptable to screw people over and justify it by saying "we're not screwing over everybody, and look, we're doing good stuff, too!”
That's the thing, the benefits immensely outweigh the small negatives. Small inconvenience from even tens of thousands of false positives out of tens of billions site visits is such a small cost.
You do understand that the alternative would be most phishing sites remaining active for days, if not months, if this service didn't exist? That means a significantly higher amount of people getting significantly more inconvenienced than some false positives cause.
> if you can't resolve the negative externalities of your service to the satisfaction of the people you're harming with them, don't roll out the service
Case study of letting the perfect become the enemy of the good.
> That's the thing, the benefits immensely outweigh the small negatives
that's the thing: they don't. both co-exist, and you must address the negative externalities individually, vs. saying "well we think we do more good so suck it, too bad" to the people you harm.
> You do understand that the alternative would be most phishing sites remaining active for days, if not months, if this service didn't exist?
the alternative could be a meteor hitting the planet, that doesn't justify your creating new negative externalities and unleashing them on the world with no reasonable recourse for the people you harm
indeed, your stated excuse for wrongdoing is a case study in letting the ends justify the means
you also neglect the many other alternatives, one of which is properly staffing and funding enough humans to deal with the harm you're inflicting on other people, and providing easy access to them from the people you've harmed, and scaling your service up only so long as you can support that proper level of staffing
> the alternative could be a meteor hitting the planet, that doesn't justify your creating new negative externalities and unleashing them on the world with no reasonable recourse for the people you harm
Either you have no clue how much phish there really is or you know exactly. In both cases it sucks to be you.
> you also neglect the many other alternatives, one of which is properly staffing and funding enough humans to deal with the harm you're inflicting on other people, and providing easy access to them from the people you've harmed, and scaling your service up only so long as you can support that proper level of staffing
Sure, you're free to pay for an antivirus product that does the same and you can contact them.
It's thankfully not up to you to decide if people want to be inconvenienced or protected by what Google offers for free.
If a weapons manufacturer made a gun that 1 in every billion times shot you in the head instead of your target, we wouldn't say, "well, sometimes accidents happen" and brush it off.
There would be a full investigation as to how and why this happened and someone somewhere would be held accountable.
Google in its current form is immune to the consequences of the decisions of its robots, and that is not acceptable.
> If a weapons manufacturer made a gun that 1 in every billion times shot you in the head instead of your target, we wouldn't say, "well, sometimes accidents happen" and brush it off.
A more apt comparison would be with seatbelts or airbags.
> Google in its current form is immune to the consequences of the decisions of its robots, and that is not acceptable.
The market forces are sufficient. If the FP rate climbs too high more people will disable the feature, easy.
It's beside the point, but is it just me that finds this reply really quite rude? You wouldn't jump in to someone's conversation with such a demand, especially in response to them recounting an experience that was stressful to them and had consequences for the fledgeling company they'd founded at great personal expense?
Ideally they'd have an SLA measured in hours, the lower the better. Like 1. Because the consequences of their bot flagging a domain are so severe, both in terms of availability and in reputational damage.
If you're about to submit commercially sensitive information to a company providing a service on behalf of your government and instead you see a massive red screen that screams of dire consequences of using that site, how likely would you go back and try again later? They need to be damned sure they're right, and to provide a quick way to resolve false flags.
Instead the only answer I got from Google was "lol, no".