Przejdź do głównej zawartości
Edit: both main site and #Yunohost login page are unblocked. 🎉


Website of Reykjavík #Hackerspace, Hakkavélin, just got flagged by #Google Safe Browsing as "deceptive"; anyone who visits this site gets a scary red warning:
https://hakkavelin.is/

Thing is, I manage this site. It's literally a single static HTML file.

This is what we get for allowing shitty journalists to farm clicks by abusing the words "hacker" and "hack" to mean "cybercriminal" and "attack".

#FuckGoogle #Hackers #InfoSec
Full-page red scary warning about hakkavelin.is, in Icelandic.
#google #yunohost #infosec #hackers #fuckgoogle #hackerspace
Ten wpis został zedytowany (2 lata temu)

2 użytkowników udostępniło to dalej

Michał "rysiek" Woźniak · 🇺🇦
Every time you use the word "hacker" when you mean "cybercriminal", "attacker", "malicious actor", you *personally* support this kind of bullshit.

Every time you use the word "hack" to mean "compromise", "break-in", "leak", you *personally* make it harder for a small community of creative people to focus on their projects, because now they have to go prove to Google they are not, in fact, attacking anyone.

#FuckGoogle #Hackers #InfoSec
#infosec #hackers #fuckgoogle

Agnieszka R. Turczyńskaudostępnił to.

Michał "rysiek" Woźniak · 🇺🇦
And guess what, when Google Sites are used in phishing attacks — and anyone who does any #InfoSec work knows they do, a lot! — somehow the whole sites.google.com domain does not get flagged like that.

When Google Amp is used in phishing attacks — again, not a rare occurrence! — somehow Google Amp domains do not get flagged this way. :thaenkin:

Flagging our site stopped exactly zero attacks. But now we have to send in reports and beg Google to maybe please unblock us.

#FuckGoogle #Hackers
#infosec #hackers #fuckgoogle

Agnieszka R. Turczyńskaudostępnił to.

Empathic Qubit (Old)
I feel like there should be people at Google who are aware that hack ≠ bad and are able to write exceptions for this kind of thing. I guess human beings aren't involved in too many of their decisions anymore. It must be fucked up in the same way YouTube is.
Michał "rysiek" Woźniak · 🇺🇦
And why is that?

Because over-blocking a website of small hackerspace is *cheap*. "No downside".

Because "hacker" and "hack" have been appropriated by those too lazy to be specific in their use of language when talking about "computer stuff." Also, it drives clicks!

Result? Some algorithm somewhere sees "hacker" and goes bananas: "danger, Will Robinson!"

So forgive me when in the future I react *badly* to some random toot mislabeling cybercriminals as "hackers".

#FuckGoogle #InfoSec
#infosec #fuckgoogle

Agnieszka R. Turczyńskaudostępnił to.

Michał "rysiek" Woźniak · 🇺🇦
In the meantime, if you want to help our small #hackerspace get our website un-blocked, go here and "report a detection error":
https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=http%3A%2F%2Fhakkavelin.is%2F

And long-term, consider not abusing the h-word when you want to talk about cybersecurity. Even if it's a tiny bit more difficult at first because due to force of habit:
https://rys.io/en/155.html

I am so damn tired of having to prove, after a decade-and-a-half in #InfoSec, that I am not a one-man APT myself, ffs!

#Hackers #FuckGoogle

How (not) to talk about hackers in media

Polish version of this entry has originally been published by Oko Press. Excessive use by the media of words “hacker”, “hacking”, “hack”, and the like, whenever a story concerns information security,
Songs on the Security of Networks
#infosec #hackers #fuckgoogle #hackerspace
Ten wpis został zedytowany (2 lata temu)

Agnieszka R. Turczyńskaudostępnił to.

Comfortably Numb
Submitted appeal. And yeah when I say "I hacked something" I mean I made some code or a library work in an unusual way with interesting results. Not that I broke into the Pentagon.
Michał "rysiek" Woźniak · 🇺🇦
@ygalanter :blobcatheart: :flan_hacker:

Hack the planet!

(meaning: driven by curiosity and spirit of creative tinkering make the world around us incrementally better)
@Comfortably Numb
Witek Kowalik
Oh, how I liked cereal killer in my highschool days ;)
I like this one, it's feisty. Let's keep the site and waste the corpo!
@ygalanter
@Comfortably Numb
jacqueline 🌟
@ygalanter i thought that movie was about something else
@Comfortably Numb
Michał "rysiek" Woźniak · 🇺🇦
@jacqueline @ygalanter look, we live in post-modernism and I can interpret stuff any way I want! :flan_tongue:
@jacqueline 🌟 @Comfortably Numb
Michał "rysiek" Woźniak · 🇺🇦
And if you happen to ever be in Reykjavík on a Thursday evening, come have a beverage with us.

Hopefully the site gets unblocked soon, we try to keep it up to date with the details of where we meet each week.

#FuckGoogle #Hackers #InfoSec
#infosec #hackers #fuckgoogle
Michał "rysiek" Woźniak · 🇺🇦
Oh by the way, this is what the site looks like (and yes, we will soon move away from the gmail address, because — you guessed it — #FuckGoogle).
Screenshot of the hakkavelin.is website. Text: Hakkavélin Ðe only vintage hakkerspace in Reykjavík City. Established in the past. Looking to the future. Hoping for presents. Please let us know at hakkavelin@gmail.com if you'd like to stay in touch or get involved. Is it meeting day yet?
#fuckgoogle
⌬ Codified ⌬
Wrt email, I use protonmail with my own domain, I say #FuckGoogle at least once a day, life outside the #Matrix is so much better 😎
#matrix #fuckgoogle
David A. Pirata Informático :verified:
I was just talking about trip to Iceland maybe summer of 2024.
Bluszcz
oko.press to dziennikarze rzucający się na wszystko. z artykułu który zlinkowałeś:
Michał "rysiek" Woźniak · 🇺🇦
@bluszcz tak, wiem, dlatego im napisałem ten tekst. Po tym tekście trochę się w Oku poprawiło z używaniem "słów na h".

Technicznie rzecz biorąc sam jestem dziennikarzem piszącym dla Oko Press, więc ostrożnie z generalizacjami. :flan_wink:
@Bluszcz
Bluszcz
haha ok, no bad feelings :P
Cyber Yuki
So basically nothing has changed in 30 years? Hackers are still demonized by the software industry and governments.
Michał "rysiek" Woźniak · 🇺🇦
@yuki2501 doesn't mean we have to take it lying down.
@Cyber Yuki
noodlejetski :verified_gay:
done. I took a second to rejoice merrily, as Papa Google ordered me to, as well.
ploum
: one solution would be to simply don’t care.

If enough false positives don’t care, the whole "Google Safe Browsing" will become useless. Google Chrome will be perceived as annoying.

Because the goal of the website is not to get clicks and visitors.
Michał "rysiek" Woźniak · 🇺🇦
@ploum Firefox also uses this. In fact, the screenshot of the warning is from Firefox.
@ploum
ploum
: no problem for me on your website.

The real problem being that Mozilla is more or less a Google subsidiary.

No easy fix to this 😕
toxtethogrady
#Google has its own problems with deception. And association with Jeffrey Epstein...
#google
Frank Aerror
No warning for me ;)

stux⚡
Google keeps doing this also with Yunohost based servers..

it's soooo annoying
Michał "rysiek" Woźniak · 🇺🇦
@stux interesting. There is a Yunohost instance on that server, in fact, and some services on subdomains are managed by it.
@stux⚡
stux⚡
I keeo having the same issue with some of my clients servers :sadlinux:
Michał "rysiek" Woźniak · 🇺🇦
@stux seriously, time to start *invoicing* Google for time wasted on dealing with their fucked up ideas on what is and what is not "dangerous".

If they have no actual proof of malicious activity on the domain, they need to be forced to pay up.

Maybe then they will figure out how to tell a phishing site from a static HTML file inviting people to a meetup every Thursday.
@stux⚡
Rairii
@stux I think the issue is for some self-hosted server software: all the login pages look the same, and google automates "login page looks the same as something possibly well known? this is probably a phishing page"

people had their mastodon instances flagged this way too
@stux⚡
Michał "rysiek" Woźniak · 🇺🇦
@Rairii @stux I really think it's way simpler. At least in our case:

1. It's a *hacker*space website.
2. I deployed a "forum" subdomain today.

…ergo…

3. obviously it's a "hacking forum", right? 🤦‍♀️
@stux⚡ @Rairii
stux⚡
@Rairii No, it's something with the SSO of Yuno if im correct 😉

Got this multiple times and now on a website that cannot be set as malicous
@Rairii
Rairii
@stux i mean, *hackforums* isn't marked as unsafe by google lol
@stux⚡
Michał "rysiek" Woźniak · 🇺🇦
@tokyo_0 @stux yeah I've been making that point for a while now:
https://vsquare.org/will-we-learn-from-twitters-collapse/

Will We Learn from Twitter’s Collapse?

Even as we watch in disbelief as Twitter goes down in flames, we continue to put all our digital eggs in the baskets of Google Docs or Microsoft Office 365. We continue to host our services on Amazon AWS, behind CloudFlare.
VSquare
@stux⚡ @Tokyo Outsider (337ppm)
Polychrome :clockworkheart:
sent a "this is obviously not a deceptive website" report, for what's it worth.
Fripi
I just saw the website on chrome mobile. Might also be a thing coming from Japan? Not sure, works like a charm though
Odiseo
I can see it without any warning from México, using Chrome for Android.
Aral Balkan
Also what we get for allowing trillion-dollar Silicon Valley corporations to filter what is and isn’t acceptable for the entire world.
maswan
Our big mirror kept getting flagged (including the other names, like cdimage.debian.org), the only way to figure anything out was to sign up for some google service (search console or something) and there you could see exactly what it objected to.

In our case it was some windows binaries from the 90s in the historical section that was "malware" which we had to remove access to in order to be able to serve Debian isos to people...
gladiola
I tried this in five different browsers and never got any warning of any kind. If this was a prank, you got me. Chrome had "Safe Browsing Standard Protection" turned on. Good luck with your website.
Michał "rysiek" Woźniak · 🇺🇦
@kholah this is on Firefox. Check out literally the first word of the warning.
@Kh0lah
Michał "rysiek" Woźniak · 🇺🇦
@CauseOfBSOD @stux

> I like the sentiment, but content moderation is pretty hard, OK?

Google is one of the largest, wealthiest, most powerful corporations in the world. Surely they can get their shit together and not block a static website of a hackerspace, or a Yunohost login page. They don't get to play the "this is haaard" card, sorry.
@stux⚡ @CauseOfBSOD
bxl
the battle for correct usage of 'hacker' in the general public was lost a long time ago, sadly.
Michał "rysiek" Woźniak · 🇺🇦
@brianxlong no it wasn't. I've convinced ministries and media outlets to stop using the h-word when they want to talk about cybercriminals etc.

It's only lost when we give up. So this kind of defeatist bullshit is what *really* gets me going.

If you don't believe h-word can be reclaimed by the community the way other communities reclaimed other words, whatever. But what's the point, then, of even saying that?

Doesn't make you sound like a sage. Makes you sound like a quitter.
@bxl
bxl
hey if that's the windmill you wanna tilt at? knock yourself out.
Snafu :wiphala:
"Please let us know at hakkavelin@gmail.com if you'd like to stay in touch or get involved."
You made my day, exactly my humor using a gmail address then.
Michał "rysiek" Woźniak · 🇺🇦
@snafu yeah, as I mentioned below in the thread: we are moving away from that e-mail.

That's one reason why we deployed Yunohost, and started working on preparing our e-mail system for prime time (like, literally yesterday).
@Snafu :wiphala:
Michał "rysiek" Woźniak · 🇺🇦
@snafu you know what? Just removed that e-mail. Will publish a new contact e-mail in a couple of days.
@Snafu :wiphala:
Matthew Weier O'Phinney
Who are you using for DNS?

I ask, because this happened to me at one point. I was using FreeDNS, and it turned out they were enabling dynamic DNS on my domain, and somebody was using a subdomain to host malware. That's ultimately what caused Google to flag my own site. I switched DNS providers, and the problem went away.
Michał "rysiek" Woźniak · 🇺🇦
@mwop I am using 1984.is and I know for a fact they don't do this kind of stuff. They're solid.
@Matthew Weier O'Phinney
Matthew Weier O'Phinney
glad they're solid - but sucks that this means it's not a technical issue but a stupid systemic bias. 😑
Michał "rysiek" Woźniak · 🇺🇦
@mwop totally.

Then again, that's just a different kind of system that needs a fix.

*cracks knuckles*
@Matthew Weier O'Phinney
Michał "rysiek" Woźniak · 🇺🇦
@CauseOfBSOD @stux

> They also deal with trying to moderate the entire internet.

Nobody asked them to take this responsibility upon themselves, and I am not sure they should be the ones doing this in the first place.

Especially if they are doing it so badly.
@stux⚡ @CauseOfBSOD
Piggo :verified_horse:
site loads fine with vivaldi now fwiw
Piggo :verified_horse:
ah ok. it was still being boosted around
Michał "rysiek" Woźniak · 🇺🇦
@piggo updated the toot to be clear we're completely unblocked. Thanks for the poke.
@Piggo :verified_horse: