Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Marks Clean Sites As Harmful, Breaks Links

Posted by Soulskill on from the 140-characters-of-rage dept.

starglider29a writes "Yesterday, a website I maintain that has a Twitter presence encountered an 'unsafe' warning when clicking on the tweets. 'This link has been flagged as potentially harmful.' After scanning the site and its database, then checking with Google and third-party site scanners, I found no evidence of harm. At noon, The Atlantic posted an article which describes the same issue with the Philadelphia City Paper. 'Perhaps most frustrating of all is that Twitter has not been particularly responsive to the paper's plight.' If the warnings are incorrect, how does Twitter justify this libel?"

24 of 103 comments (clear)

  1. Are they really safe? by keltor · · Score: 2

    People talk about so and so site being safe when Google marks them unsafe, but time and time again it's shown that those sites WERE in fact infected - usually from a third-party ad network.

    1. Re:Are they really safe? by i+kan+reed · · Score: 2

      It's worse than that, I've seen people assume a site was safe because it was a blog that validated their personal biases.

    2. Re:Are they really safe? by Savage-Rabbit · · Score: 4, Informative

      People talk about so and so site being safe when Google marks them unsafe, but time and time again it's shown that those sites WERE in fact infected - usually from a third-party ad network.

      There are two sides to that coin. A friend of mine operates a small aviation website that was flagged as infected by Google for over a year and they steadfastly refused to fix the situation even though he got his site certified clean and uninfected by multiple security companies. Google finally relented when he blogged about his experience and it started topping the search results on their own search engine. I suppose they figured that a headline starting with the words "Why I hate Google..." wasn't doing their image any good. His site did not carry ads, it's a pretty basic HTML based site.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
    3. Re:Are they really safe? by Anonymous Coward · · Score: 2, Insightful

      because they have no control over what loads on the site that loads ads from the 3rd party ad network, but can warn people before browsing the site that loads the ads from the 3rd party ad network that jack built.

    4. Re:Are they really safe? by GIL_Dude · · Score: 2

      Sure, but it wouldn't be so hard to just block the content from the ad network until it was verified as cleaned up. An added benefit is that - the first time this happened - the ad networks would start to take security more seriously.

    5. Re:Are they really safe? by Skapare · · Score: 2, Informative

      But that is NOT what Twitter is saying. Twitter needs to come clean on this and explain what they found. These kinds of problems will NOT be solved by Twitter's coy attitude of not providing appropriate details (a link from the alert to a page that explains what their system found).

      --
      now we need to go OSS in diesel cars
    6. Re:Are they really safe? by DaveV1.0 · · Score: 2

      What exactly do they know? Do you know what they found? They are not alerting the website. They are warning the users of Twitter. That is all they need to do. It is the responsibility of the site to investigate, not Twitter.

      --
      There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
    7. Re:Are they really safe? by sjames · · Score: 2

      Because it adds complexity to determine the exact reason the bad thing ended up loading.

  2. News item: Piece of software flawed by i+kan+reed · · Score: 3, Insightful

    If we report it every time any website doesn't work right, like Obamacare or Twitter, we'll be here all day constantly reading about bug on random website X.

    Software breaks, it's only really newsworthy if it breaks in novel or spectacular ways.

  3. Probably the content by Anonymous Coward · · Score: 5, Interesting

    Over the years I've noticed a trend with sites and services that offer "safe" lists. Websense, for example, filter software that many companies and governments use, has a tendancy to flag or block sites, not because they are unsafe, but instead, based on people reporting the site, for their own reasons.

    A site talking about the situation in Gaza, for example, was flagged through websense and blocked. When I checked from home, the site was safe, no scripts, no tracking, and of course, violated no rules. But, because it wasn't as critical of Gaza (read racist) a group using "megaphone" (google it) had flagged the site with repeated complaints and websense blocked it. I contacted them and had it unblocked.

    I've seen various sites flagged through google as "unsafe" that are infact completely safe. It's just a matter of a group of people, with too much time, not agreeing with the content of the site. Usually opinion pieces.

    It wouldn't surprise me at all if this was the case here as well. Youtube is horrible for it, I had songs I wrote and recorded flagged various times, because some people from some sites saw that I had a youtube channel and decided to go after me, every video.

  4. Stupid bastards, serves them right. by fuzzyfuzzyfungus · · Score: 4, Insightful

    Anybody who uses a link-shortening service especially for the purposes of complying with a totally arbitrary character limit, deserves what they get.

    Seriously. What is a 'link shortening service' except a way to add another layer of quasi-DNS (except under the control of, probable analytics surveillance of, and subject to any uptime failures, retention limits, etc. of, a single entity) to the process of accessing something on the internet? Even better, since it isn't real DNS, it lacks all of the relatively mature, implementation-agnostic, tools for dealing with DNS and its issues, its behavior can vary nontrivially between providers (so if you aren't handling the shortened link exclusively with a common web browser, it may not work as expected, unlike DNS resolution), and it's a fantastic way to hide phishing and malware from the casual.

    You can't really do without one layer of DNS; because remembering IPs is a pain (and tricks like round-robin load balancing are crazy useful); but what kind of sick masochist voluntarily adds additional layers of crippled-semi-DNS?

    1. Re:Stupid bastards, serves them right. by Ksevio · · Score: 3, Insightful

      People with only 140 characters to post their message and link?

    2. Re:Stupid bastards, serves them right. by squiggleslash · · Score: 5, Informative

      So, I guess you haven't used Twitter.

      People "use" Link shortening services on Twitter for two reasons:

      1. (The original) Because they only have 140 characters to use, and "Reply to fuzzyfuzzyfungus's ridiculous comment about shortening URLs here: https://tech.slashdot.org/comments.pl?sid=4403123&op=Reply&threshold=2&commentsort=0&mode=thread&pid=45299555" does not actually fit in 140 characters.

      2. (The current) Because Twitter doesn't let you post direct links any more. If you type a URL into a Tweet, it'll shorten it for you. Which, annoyingly, often leaves you with chains of redirects if a tweet whose URL you're clicking on was posted using a legacy Twitter feed manager that shortens URLs before adding them.

      There is no way to post links without Twitter changing them to t.co/ links underneath at this stage. It's not a matter of people hiding behind link shortening services. It's a forced "feature".

      --
      You are not alone. This is not normal. None of this is normal.
    3. Re:Stupid bastards, serves them right. by heypete · · Score: 2

      Twitter's article about their shortener lists 3 reasons for why they do it:

      1. Shortened links allow you to share long URLs in a Tweet while maintaining the maximum number of characters for your message.

      That's reasonable. Still, if that was the only reason why it existed then one should have the ability not to use it or use a different one.

      2. Our link service measures information such as how many times a link has been clicked, which is an important quality signal in determining how relevant and interesting each Tweet is when compared to similar Tweets.

      That information is valuable, I get that. Still, not really enough to justify requiring all links go through their shortener.

      3. Having a link shortener protects users from malicious sites that engage in spreading malware, phishing attacks, and other harmful activity. A link converted by Twitter’s link service is checked against a list of potentially dangerous sites. Users are warned with the error message below when clicking on potentially harmful URLs.

      In my view, this is what makes the mandatory use of t.co worthwhile -- malicious links can spread really quickly on Twitter and having a mechanism to help minimize the damage of malicious links is a good thing. Not all third-party shorteners have such checking, so it makes sense for Twitter to enforce the use of their shortener that does the checks.

  5. Re:time to sue by Scutter · · Score: 3, Insightful

    Really? You jump immediately to "sue them!"? Even the submitter calls it "libel" right out of the gate. What the hell is wrong with people anymore? Twitter is under no obligation to link you to anything at all. When sites like Twitter start getting sued every time there's a broken link (or a warning that a link may be to an infected site), they'll just stop parsing links altogether to avoid liability. Enjoy your cut-n-paste web browsing experience from then on.

    --

    "Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
  6. Hash Collision? by stewsters · · Score: 3, Interesting

    I believe these things use lists of hashes of the domains to increase the speed of lookup. It's possible that you have a hash collision with a malware site. They are super rare, but possible. Not sure what you can do about that. It's also possible that there is something that reads as an infected file hosted on your site. A pdf or something that looks like a virus.

  7. Libel? by 93+Escort+Wagon · · Score: 5, Interesting

    It's not enough to claim the statements are wrong - by claiming libel, the submitter is stating that Twitter knows the statements are wrong and is deliberately making them anyway. That seems a rather high bar to clear.

    Maybe Twitter thinks the sites are dead. After all, you can't libel the dead...

    --
    #DeleteChrome
    1. Re:Libel? by squiggleslash · · Score: 3, Informative

      Maybe the submitter is British. The legal definition in Britain doesn't involve malice, simply that the statement damages the reputation of the plaintiff. In some cases, the statement's truth doesn't even come into it (though often in unexpected ways, I recall one libel case being dismissed because a former politician who'd been accused, unjustly, of rape, was so infamous for being corrupt the judge felt the accusation didn't actually cause any more damage their reputation...)

      --
      You are not alone. This is not normal. None of this is normal.
  8. Re:libel.. by Desler · · Score: 2

    Just saying potentially doesn't have anything to do with whether it's libel not. What determines if it's libel is if it's malicious defamation which this clearly isn't.

  9. Censorship? by s.petry · · Score: 4, Insightful

    Before you go on a tangent and claim it's only big brother tinfoil hat censorship, let me give a list of reasons to consider it possible. Without answers from Twitter and other sites that block, claiming "whoops" is no more and nor less valid than the subject (censorship). Even with answers, it's not beyond many of these companies to outright lie, so we should be scrutinizing their answers.

    1. Money. Google/Twitter may not have pay links on the site and see no revenue from click ads. While this may not be the only cause of a block, it sure could impact how fast they respond to fixing a site blocked.

    2. Group Pressure. We have seen this with numerous groups, they have a couple people flooding complaints against a site, broadcast, or print article that they don't like. We have also seen this from groups that are not Religious, so don't just blame those idiots from Westboro Baptist Church.

    3. Appeasing Big Brother. The NYT, CNN, and others have had numerous whistle blowers telling you that these companies censor works that the Government does not find favorable. It would be safe to assume that they also censor on their own prior to receiving a stop order from the administration.

    4. Big Brother. This comes in so many forms today with our massive and intrusive Government that it can not be discounted. Many of these people share resources, so it's not going to be hard to use this network to block content people don't want out. Yes there big ole maps that shows how all of these massive companies and governments are tied together. Since there are bunches of these covering various categories I'll let you search and look at them all.

    Disclaimer: I'm not saying that all 4 of these things happened here, or that even 1 of them happened. I'm claiming that to not consider it possible is rather idiotic given everything know. Anyone that blindly trusts one of these large technical companies or a Government agency today is a fool. The only way to start breaking up the corruption is to question everything, scrutinize everything, and of course report when bad things happen on every available channel in order to avoid some of the blocking.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  10. Re:time to sue by slashmydots · · Score: 4, Insightful

    They can link or not link all day but guess what, it's illegal for me to stand outside a restaurant and tell people that they're doing something illegal and harmful inside and that they shouldn't go inside when that isn't actually true. It's the same on the internet.

  11. Grain of truth by jdavidb · · Score: 3, Interesting

    If the warnings are incorrect, how does Twitter justify this libel?

    Probably the same way you justify your hyperbole: with the basic fact that people are entitled to their own opinions, even if others disagree. Using big dramatic legal sounding words to try to bludgeon others over their opinions is actually harmful to society, in my opinion.

    --
    Secession is the right of all sentient beings.
    1. Re:Grain of truth by Man+On+Pink+Corner · · Score: 2

      If that's not libel, then the law has a bug, and needs to be fixed.

      Regardless of the obscure legal technicalities, the facts are as follows: (1) Twitter is drawing a distinction between "safe" and "dangerous" sites; (2) Twitter is suggesting that the site in question is "dangerous," and (3) Twitter is causing the victim to suffer demonstrable losses as a direct result.

      Twitter's act of drawing a distinction between "safe" and "dangerous" links should be what incurs the liability. They should not be able to wiggle out of it by using qualifiers like "potentially."

      Everyone who has released software and had it marked by IE's SmartScreen filter with a lurid "Untrusted" warning dialog will understand this. Companies should not be allowed to do this without accountability.

  12. News item #2 by Lendrick · · Score: 4, Insightful

    When a large, unresponsive company leaves an annoying bug in place without any response or explanation and it's impossible to reach their technical support about getting it fixed, often times the best way to get someone at the company to acknowledge it is to report it on tech news.