web.dev icon indicating copy to clipboard operation
web.dev copied to clipboard

Published 20 hours ago verified publisher icon GoogleChrome

Needs guidance on false positives

Open webmink opened this issue 2 years ago • 6 comments

Context

Users of the open source self-hosting package Yunohost have found that Google is falsely flagging the domain running the single-sign-on (SSO) provider within the package as malware. The site owner is presented with a list of URLs that are all sign-on requests from the hosted applications, which are frequently on different domains (but all hosted in the same server). I assume the behaviour is being mistaken for open redirects, or the misinterpretation of the (valid) 302 redirect to the SSO.The issue is fairly easily reproducible with a fresh installation of the software. I've opened a ticket for the issue.

Issue

When site owners reach this page for assistance, the information all assumes there is malware to remove from the site. However, these site owners have no malware to remove - the software is working well and as intended without any unwanted software. These site owners need advice on how to get the problem cleared, but the page only considers the case where there is in fact malware and a change can be made.

Resolution

The page needs either an additional section on dealing with false positives, or a link to a new page that does so. I have not been able to find a suitable page to link to.

webmink avatar May 24 '22 08:05 webmink

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To prevent this from happening, leave a comment.

stale[bot] avatar Sep 21 '22 01:09 stale[bot]

I believe this is a serious and neglected matter at Google and would like to see it addressed. I am disappointed there has been no response at all as there are many small web sites suffering from this issue as evidenced on the support forums.

webmink avatar Sep 21 '22 09:09 webmink

I have written a blog post about this problem - if extracts from this post would prove helpful for documentation please let me know.

webmink avatar Dec 12 '22 19:12 webmink

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To prevent this from happening, leave a comment.

stale[bot] avatar Mar 18 '23 08:03 stale[bot]

While the issue is not answered, neither is it stale - people are still receiving false positives and being given no assistance in how to resolve them.

webmink avatar Mar 18 '23 10:03 webmink

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. To prevent this from happening, leave a comment.

stale[bot] avatar Aug 12 '23 14:08 stale[bot]