Hacker News new | ask | show | jobs
by Avamander 1046 days ago
> obviously it's not acceptable to screw people over and justify it by saying "we're not screwing over everybody, and look, we're doing good stuff, too!”

That's the thing, the benefits immensely outweigh the small negatives. Small inconvenience from even tens of thousands of false positives out of tens of billions site visits is such a small cost.

You do understand that the alternative would be most phishing sites remaining active for days, if not months, if this service didn't exist? That means a significantly higher amount of people getting significantly more inconvenienced than some false positives cause.

> if you can't resolve the negative externalities of your service to the satisfaction of the people you're harming with them, don't roll out the service

Case study of letting the perfect become the enemy of the good.
2 comments
ImPostingOnHN 1046 days ago
> That's the thing, the benefits immensely outweigh the small negatives

that's the thing: they don't. both co-exist, and you must address the negative externalities individually, vs. saying "well we think we do more good so suck it, too bad" to the people you harm.

> You do understand that the alternative would be most phishing sites remaining active for days, if not months, if this service didn't exist?

the alternative could be a meteor hitting the planet, that doesn't justify your creating new negative externalities and unleashing them on the world with no reasonable recourse for the people you harm

indeed, your stated excuse for wrongdoing is a case study in letting the ends justify the means

you also neglect the many other alternatives, one of which is properly staffing and funding enough humans to deal with the harm you're inflicting on other people, and providing easy access to them from the people you've harmed, and scaling your service up only so long as you can support that proper level of staffing

link
Avamander 1046 days ago
> the alternative could be a meteor hitting the planet, that doesn't justify your creating new negative externalities and unleashing them on the world with no reasonable recourse for the people you harm

Either you have no clue how much phish there really is or you know exactly. In both cases it sucks to be you.

> you also neglect the many other alternatives, one of which is properly staffing and funding enough humans to deal with the harm you're inflicting on other people, and providing easy access to them from the people you've harmed, and scaling your service up only so long as you can support that proper level of staffing

Sure, you're free to pay for an antivirus product that does the same and you can contact them.

It's thankfully not up to you to decide if people want to be inconvenienced or protected by what Google offers for free.

link
ImPostingOnHN 1046 days ago
> Sure, you're free to pay for an antivirus product that does the same and you can contact them.

this is disingenuous: sure, you could, but no amount of antivirus can stop google from blocking customers or potential customers from seeing you without either of your informed, affirmative consent

in any case, thankfully your opinions that the ends justify the means (and also justify easily avoidable negative externalities), and that the lack of recourse available to the people you harm is somehow justified (unspecified how), seems to be the exception among people, rather than the norm

one wishes google actually cared what people thought, rather than professing to know better than them what's best, and directing them through the service without their informed, affirmative consent

link
Avamander 1046 days ago
> this is disingenuous: sure, you could, but no amount of antivirus can stop google from blocking customers or potential customers from seeing you without either of your informed, affirmative consent

No amount of Google will stop an antivirus from doing the same without your consent. What's your point? Anti-phish solutions must have the site owners' consent? Don't be ridiculous.

link
ImPostingOnHN 1046 days ago
based on your non-response to them, it sounds like you're conceding the following points:

- google could harm people less by providing recourse to the people they harm, but instead chooses not to;

- your suggestion that those harmed by google "just use another antivirus software" is irrelevant and doesn't apply here;

- market forces would not, in fact, be involved here;

- disabling Google's opt-out-only service is more than trivial for the average user; and

- google exploits this non-triviality by making the service opt-out, vs opt-in with informed consent.

> No amount of Google will stop an antivirus from doing the same without your consent.

I wish this didn't need to be explicitly specified, but "someone else could harm people" isn't a defense for google actively harming people

if that happened, and the antivirus company was in google's place, and they also failed to provide recourse to the people they were harming with their negative externalities, that would also be bad, just like it is now bad that google is actually doing it

so, what exactly is your point here in trying to justify google harming people via negative externalities while at the same time totally failing to offer proper recourse to them, when google has the option of harming people less, and chooses to avoid that option?

link
Avamander 1046 days ago
> I wish this didn't need to be explicitly specified, but "someone else could harm people" isn't a defense for you actively harming people

A statistical inevitability is a defense for something. The world doesn't have perfect things.

Stop trying to frame something bad just because it isn't perfect. If you manage to stop that, then it would be possible to have a constructive discussion.

link
BizarroLand 1046 days ago
If a weapons manufacturer made a gun that 1 in every billion times shot you in the head instead of your target, we wouldn't say, "well, sometimes accidents happen" and brush it off.

There would be a full investigation as to how and why this happened and someone somewhere would be held accountable.

Google in its current form is immune to the consequences of the decisions of its robots, and that is not acceptable.

link
Avamander 1046 days ago
> If a weapons manufacturer made a gun that 1 in every billion times shot you in the head instead of your target, we wouldn't say, "well, sometimes accidents happen" and brush it off.

A more apt comparison would be with seatbelts or airbags.

> Google in its current form is immune to the consequences of the decisions of its robots, and that is not acceptable.

The market forces are sufficient. If the FP rate climbs too high more people will disable the feature, easy.

link
ImPostingOnHN 1046 days ago
> The market forces are sufficient. If the FP rate climbs too high more people will disable the feature, easy

do you have any evidence this is true? it seems like a hypothesis that you totally made up just now

it's hard to even imagine the feedback loop that would convince the average user to enter their browser settings and change one of them just to view a website for a product they're interested in but google wrongly blocked them from seeing

indeed, if it were so easy to convince a user to do so, google could make the feature opt-in, with informed consent that the feature might wrongly block them from seeing sites they want to see, letting the user decide for themselves if they want to enable it

no, it seems common sense that they'd just move onto another website/product, and market forces would never actually come into play

link
BizarroLand 1046 days ago
>The market forces are sufficient

Try explaining that to people who lost tens of thousands of dollars or more in missed transactions due to Google's fuckups. I'm sure they will be consoled that one day if the right fairy farts in the right direction google will stop screwing people over in this particular way.

link
Avamander 1046 days ago
That's a business risk alright. Some other AV vendor or RBL might list you as well.

Inevitably anti-phish solutions end up with false positives, but it's utterly out of the question and silly to ask everyone to stand down defenceless.

link
BizarroLand 1046 days ago
I get that you're deadset on defending googoo no matter what, but surely you have to agree that the fact that they made browsers block access to your site AND that you have no ability to do anything about it short of filing a lawsuit or waiting for them to get around to fixing it if they ever do is unconscionable, right?

I get that it's a service.

I don't get how not having human intervention available to fix it when it goes wrong is defendable business practices.

link
Avamander 1046 days ago
> that they made browsers block access to your site AND that you have no ability to do anything about it short of filing a lawsuit or waiting for them to get around to fixing it if they ever do is unconscionable, right?

So do AV vendors. What specifically makes it not okay for Google? Have you tried delisting a website from other vendors' products? Microsoft SafeScreen?

If you want to hate on Google doing (or not doing) something, do it based on criteria that can actually be fulfilled.

link
blharr 1046 days ago
I mean, most weapons probably have a 1 in a billion chance (or much higher) to misfire
link
BizarroLand 1046 days ago
In this case, a bullet would be fired hundreds of thousands of times a second every second always though, and the gun would never heat up or suffer mechanical damage, and the supply of bullets would never run out.
link