This article is reproduced from Qubit, author Haonan Jia
How much influence does the Internet giant's every move have on startups in the ecosystem?
Gonzalo Sainz Trápaga , a foreign Internet practitioner, revealed his own experience.
Recently, a security mechanism of Google's Chrome browser suddenly paralyzed his company's business.
Moreover, it is not Google's intention to block it. A change in the mechanism has brought destruction to small companies.
The business homepage has become a "phishing website"?
Gonzalo Sainz Trápaga's company is called InvGate , which provides IT asset management services to customers.
The company's SaaS platform runs on Amazon's AWS.
One day, the customer suddenly discovered that Google had blacklisted the platform URL and was unable to access it.
Moreover, Google's blacklist is completely controlled by the company, and users have no right to "whiten" a certain address.
In other words, this website was completely "punished to death" by Google.
The company immediately reported the situation to Google, but all it got was an automatic reply from AI.
In the end what happened? What is the blacklist mechanism of Google Chrome?
This blacklist function is actually the Safe Browsing (GSB) of Google Chrome.
The original purpose was to block phishing websites.
If a domain name happens to be marked in the safe browsing database, then all users who have GSB turned on cannot access this address.
Usually, Chrome’s safe browsing feature is turned on by default.
To this day, GSB has various reasons for blocking a domain name, including “deceptive websites” and “the front website contains malware” and so on.
After banning a domain name, Google will not provide the option of "continue to visit".
Gonzalo Sainz Trápaga subsequently discovered that an Amazon Cloudfront CDN (Content Delivery Network) domain name used by the company to serve static assets had been flagged, which prevented customers using that specific CDN from using the platform.
Google’s GSB explanation document provides an explanation for the website being marked as a violation.
The domain name owner must submit a report on the ownership of the website on the Google Search Console (GSC). In this report, a custom DNS (Domain Name System) record must be reset.
After the review is passed, the domain name can "see the day again".
What should companies do if they are "blocked"?
Previously, Google's methods to "kill" startups were endless, such as:
-
Do not display search results.
-
YouTube videos were suspended and creators lost their source of income.
-
The Android app was deleted from the Google Play store.
-
API prices have risen sharply, or cancelled altogether.
However, these methods are not considered to be "kill all", users always have a way out.
But blocking domain names and blocking all access, even for a few hours, is fatal for companies that provide Internet services.
Moreover, after the appeal, the entire review process may take several weeks.
In addition, Google's marking and review mechanism is opaque.
Many cases of being blacklisted are caused by SaaS customers uploading malicious files to the server without their knowledge.
No one can guarantee that their domain name will not be hacked.
So, in terms of domain names, don't put all your eggs in one basket.
GSB will mark the entire domain or subdomain. Therefore, the application should be distributed on multiple domains, for example: company.com for your website, app.company.net for your application, eucdn.company.net for European customers, useastcdn.company .net is used by customers on the East Coast of the United States, etc.
In addition, do not host any customer-generated data in your main domain. Some files are harmless to the system itself, but their existence will cause the entire domain to be blacklisted.
Once blocked by Google, the only remedy is to change the domain name. Then prepare for a long appeal and wait.
Should Google come back to this pot?
The Chrome browser has a market share of about 70%, while Firefox and Safari both use the GSB database to some extent.
Therefore, Google can make any website on the Internet inaccessible almost effortlessly.
If a company chooses to use Google's services, its survival may be completely dependent on these services.
The "behemoth" Google, even the most subtle business adjustments, may crush countless small companies.
Small businesses desperately wanted to notify Google that they were overwhelmed, but what they did might just trigger an automatic suggestion response mechanism.
Such scenes are performed every day.
So, the error is all in Google?
On HackerNews, netizen jederg, who personally participated in the creation of such a review mechanism, shared his views.
This mechanism was originally born to combat phishing websites.
Moreover, this is not the first development of Google. Other Internet companies formed a working group and created a domain name blacklist together. And asked the browser developer can add a blacklist mechanism.
At the beginning, the browser refused, but then, these companies promised that all domain names would be manually reviewed and were willing to take responsibility.
The built-in blacklist was born. Internet companies put a domain name on the blacklist, and all browsers block it.
However, judging from the experience of the whistleblower, it seems that the domain name has not been censored manually.
Google also did not give a reason for blocking.