This is an edited version of an email sent to two different Googlers apparently associated with the Safe Browsing team. It’s gotten zero response, so I’m posting it publicly with the hopes of drawing the attention of other webmasters that have experienced these issues and to hopefully attract the attention of someone at Google that can make a positive difference.
To be fair, I have no idea if I sent the email to the right person, or even to someone who is still at Google. At the same time, Google is notoriously difficult to communicate with. There are no email addresses of team members. The web form on the Safe Browsing site allows only for reporting a URL, there is no feedback form or any way to communicate directly with the team. So, here’s the email…
I’m not sure if you’re on this team anymore, but hopefully you can help or direct me to the right person. The Safe Browsing team has done a great job helping prevent the spread of malware but for those of us trying to fight malware in the trenches by cleaning sites and putting them back into service, Google is more like a totalitarian regime than a system of fair governance. Let me explain why it feels that way.
- We are thrown in jail without warning (website suddenly displays red screen of death)
- We are held without any specific charges (Search Console simply says that the site has malware and may provide an example page where malware was found, but it doesn’t point to any actual JS files hosted by the site, or links within the site that load remote payloads)
- There is no indication of when you’ll receive a trial or get paroled (submitting a site for reconsideration comes with zero feedback about where you might be in a queue, when you are up for reconsideration or whether your reconsideration request was accepted or rejected and, if rejected, why. You are either let out of jail or kept in there with the exact same message you got to begin with)
Google wields a tremendous amount of power in these situations and as a web developer trying to make a living and help clients make a living online, it feels like that power is being abused. As a recent example, a client’s site was hacked. We use a number of tools and processes to prevent this, but the bad guys nevertheless got through. The client’s site was red-listed by Google on a Monday morning. By around 9am that same morning, we discovered the hack, cleaned it, and submitted the site for reconsideration via Search Console.
It took 4 days for Google to remove the red screen of pain and despair. This is an e-commerce customer who lost thousands of dollars in revenue during that time. There was no communication from Google during this time. We all had to just wait and hope. There is no one to contact, no one to appeal to.
I would understand if we were the bad guys in this scenario. In that case, having the pain of your site being essentially taken offline (does anyone EVER click the “visit site anyway” button when presented with the red screen of woe and damnation in their browser?) for 4 days is arguably a just punishment.
But we are not the bad guys, we are the victims. Yes we can and will work harder to prevent this type of thing, but we are fighting cunning enemies. We need Google’s help in this fight, not to be further punished.
Can you help me restore justice to the universe in the fight against malware or help me get connected with someone at Google who can?
PS – I have a ton of ideas on how to improve Safe Browsing and Search Console and would be happy to share them!