[mayanksinghal]

Or let everything go through until and unless we are 100% certain that it shouldn't. Like, if someone is pointing a gun at you, do not duck because there is a chance he/she will miss. Because you know, exaggeration is truly a great tactic to convince other stakeholders.

[markshepard]

Even though this looks like a troll attempt, lets try this.

The problem is 1. No clarity on what constitutes a problem. 2. No way to officially contact to clear up a problem

resulting in possible irreparable loss of business.

So, if you insist on interesting and orthogonal "analogies".. please carry on.

[mayanksinghal]

I was NOT trolling. I was pointing out that (A) Exaggeration is not a great debating tactic, in your case it was a clear slippery slope argument (B) It will not help in convincing the other stakeholders into being empathetic with your situation because you equated them to mindless psychopaths.

> So, if you insist on interesting and orthogonal "analogies".. please carry on. If it was not clear, I was trying to describe a possible issue with you "lets apply this everywhere" argument.

The two arguments you just put forward, are nowhere close to what you said in the comment I replied to. Yes, there are issues with the current implementation of it, which is very similar to how spam detection/prevention systems work at the moment. Yes, there can be improvements to it. There can be improvements to everything. Yes there is high chance of false negatives in the current system, but this is a problem where false positives can be just as disastrous. If we cannot agree with that, then do not think it is worth continuing this discussion.

Now if you check the top comment on the thread, I believe the communication channels have already been set. They did not work for you as promptly as you would want them to, that's a different issue. But there definitely exists an official contact to clear up the problem - your colleague seems to be aware of it. The lack of clarity of the reasons has been marked as intentional and has been discussed elsewhere on the thread.

It was poor of me to use snark instead of clearly stating my stance, but the stupidity of analogy that you are blaming me for, is not much different from what I was trying to mock.

[markshepard]

I agree (and have posted in this very thread) that having controls for detecting spam/fraud is good. Also, I have posted that the primary problem is, no way to either a) avoid this problem by adhering to some guidelines b) no way to directly contact the developer to figure out the problem to resolve it.

Every update to the browser can potentially change the model that affects a large number of the users and the only way to figure out the problem is using some sort of trial and error method.

This would have been fine if the product in question is a niche product or a exotic browser. But the fact of the matter is, with Chrome (being one of the dominant browser) and Google being the product owner, the reach of Google's opinion is far reaching and can easily destroy a product (akin to killing a person based on some assumption).

Also note that, the "communication channels" listed earlier were completely useless for this type of problem where the client side is throwing the error (Not related to a specific domain or even url included in the page).

Understand that, being a commercial product, ALL possible methods were tried (obviously) to resolve it by using those methods and could not resolve it. You can see that, this specific instance gets triggered by simply having a button with the name "Connexion" instead of "Login" (purely detected by backtracking the changes).

So the frustration is not meant to belittle Google's effort at combating spam/fraud but to point out the effect of such wide ranging blanket solutions.

While "Collateral damage" is a very nice way to de-sanitize and make things palatable for all parties involved except those getting to be the "Collateral damage".

At the end of the day, I am sure folks understand that Google being Google can do what they want and probably even bury the whole issue from getting any traction.

[mayanksinghal]

> even bury the whole issue from getting any traction.

Wasn't your site explicitly whitelisted?

[markshepard]

Yes. I believe it has been added to a temp whitelist. But it is not clear if is domain based or somekind of signature based. If it is domain based, then whitelisting is not useful (This is hosted on various domains as noted by others). If it is signature based, it will be more effective (though the signature will change as the server code changes and since there is no idea what gets into the signature, there is no way to avoid).

Also, dev1.codelathe.com was re-setup specifically to trigger the warning (It was determined that if the login button has the keyword "Connexion", it was pushing the phishing score past 0.5)

The main thing is, if there is a clear way to contact the team responsible for this to resolve such issues, that will be the best way for anyone with similar problem and at this point there is no such avenue.