I was wondering how to report a false positive to Google Safe Browsing without having to create a Google account and feeding their insatiable hunger for more data?
I have not found such a way as of yet. Google pretty much seems intent on preventing any contact in this matter or others.
My domain – yep whole one, including subdomains – was reported as (two examples):
Firefox blocked this page because it might try to trick you into installing programs that harm your browsing experience (for example, by changing your homepage or showing extra ads on sites you visit).
This site is unsafe
The site https://***********.net/ contains harmful content, including pages that:
Install unwanted or malicious software on visitors’ computers
I won’t disclose my domain here, but given I have a list of digests for all the files located on my (private) website and the list is signed with my PGP key and I verified the hashes and the signature and all checked out, I am sufficiently certain that this is a false positive. None of these files have changed in the last four years, because my current software development activities are going on elsewhere.
Unfortunately there is no useful information to be had from the “details” provided by Google Safe Browsing. A full URL to the alleged malicious content would have been helpful; heck even a file name or something like MIME-type plus cryptographic hash …
I have two pieces of content on my website where one could debate whether they are PUA/PUP (as it’s called these days). Both are executables inside a ZIP file and alongside the respective source code which was used to create those executables. So in no way would any of that attempt to install anything on a visitors computer, unless we imagine a fictitious browser hellbent on putting its user at risk by requesting to run at highest privileges upon start and then unpacking every download and running found executables without user interaction. And even then one of the two pieces of software would fail and the other would be visible.
- One is a Proof of Concept for an exploit of Windows debug ports which has been patched for well over a decade and so will hardly be a danger to anyone.
- The other is a tutorial which includes a keylogger which – when run – is clearly visible to the user. So no shady dealings here either.
But since these two items came up in the past, I thought I should mention them.
Anyway, a cursory check on VirusTotal showed one out of seventy engines giving a “malicious” for my domain. Given Google bought VT some time ago, it stands to reason they use it for Google Safe Browsing.
The mysterious engine with the detection is listed as “CRDF” and I still have been unable to find out who or what that refers to. So obviously there is no way to appeal, request a review or whatever … seems Google is judge, jury and executioner in this one.
So how do I “appeal”?