Mitigating website cloning & backlink abuse

Which area of the website does this enhancement relate to?

Other (specify if possible)

Describe the enhancement

We’ve run into a few situations this year where scammers copy our website and put it on fake domains that impersonate other organizations. We only hear about it when trademark owners contact us with cease-and-desist emails, because the cloned sites look like processing.org and still include our contact email.

@ksen0 suggested adding a simple build check:

• Set an environment variable in GitHub secrets.
• At build time, verify it against a public key.
• If the check fails, display a small banner such as:

“This is not the official Processing website. If you ended up here by mistake or suspect misuse, you can report it below.”

I'd suggest including the following:

• A link to the Google Safe Browsing phishing report page
• A link to the WHOIS record for the domain, e.g. https://www.whois.com/whois/example.com

We can check for localhost and 127.0.0.1 to avoid showing the banner when working locally.

We could also not show our contact email on unverified builds.

Why is this enhancement important?

• Reduce confusion for trademark owners who mistakenly contact us
• Provide visitors with a quick way to report misuse
• Make cloned sites less convincing and less useful for scammers