Firefox Feature Bad for Business

I don't know what your site is (you've never mentioned it), but have you checked it against McAfee's http://www.siteadvisor.com/ too? Can you post what your site is so others can investigate, or is it a secret?

First, I am not speaking on behalf of Mozilla in any way shape or form. While I have a label here, it is only because I help provide support for products here. The following statements are mine alone, and I'm not making them on behalf of anyone, nor should I be taken as speaking for anyone.

First, you're completely misinterpreting what's going on here. These are all voluntary programs that you have the complete ability to opt out of. No one is forcing you do to anything.

Second, even if there was no way to opt out of this feature in Firefox, that is any corporations' right, to dictate how their product will work, and it's your right to "vote with your feet" and choose another product. If a browser vendor blocks all sites that contain the letter F in the domain name, you have no legal recourse other than to chose another product. In no way, shape, or form is there anything illegal going on here.

Mozilla, Opera, Apple, Microsoft, and others have every right to state how their products will be used, and you are free to use other products. Right now Apple refuses to allow many applications on their iPhones and iPods based upon completely arbitrary reason of their own creation, and frequently refuse apps placement retroactively, removing them from the store after approval. There is no breach of law here in any manner.

Thirdly, no one is acting as a police officer or any other form of law enforcement. No authorization is needed for one citizen or incorporated entity to state "this is a shady place you should avoid." Your statements seem to indicate you believe we live in a police state wherein all actions must be sanctioned by the government. This is not true, and further, neither Google, nor Firefox or other browser vendor (all of whom have malware protection in their browsers now) are acting in any improper manner.

Precedent has even been set showing your statement of illegality is completely off the mark. Antivirus applications do the exact same thing for programs, and there have been threats of lawsuits made about marking some apps as malware when their providers disagree. The only recourse those companies had were civil suits. If the badware list really causes some site financial harm, then they can take it up in civil court.

Fourthly, no one is making law. That is an absurd statement on it's face. Based on good evidence, many sites have been marked as dangerous after having been witnessed as distributing malware, phishing for user data, etc. Once these sites are fixed, they're taken off the badware list. And of course you can opt out of the program altogether. You can't op out of abiding the law.

Lastly, I think you're looking solely to stir up trouble and scare people with puffery. If you don't like the idea of a browser that tries to help you stay safe, turn off the feature, or use IE.

First, site owners CAN choose what browser they make their site available to. It happened in the early web with MS bribing many sites to go IE only. Today many poorly coded sites work only in IE. However, I don't think they should, and if they do, whatever problems befall them they deserve. Sorry, that's not a hole in my argument. I never postulated that site owners ever had the RIGHT to determine what browser users choose.

Second, Google owns their index, and can choose what sites to make available in their index. If you don't like it, go use another search engine.

Third, Google DOESN'T choose what sites to make available on the web. They use their index to help them create a list of sites that are hazardous to users, and makes that list available to browser makers. Don't like that? Turn it off.

If I CHOOSE a browser that will help protect me from bad sites, don't blame be because you don't take the time to secure your site from attackers. Do your job, don't blame Google or Firefox or Apple or anyone else because you can't handle the responsibility of running a site.

Lastly, yes, in the short term, you're at the mercy of Google and the browser vendors and users who choose to proactively protect themselves. When Creative shipped Zen mp3 players with a virus on it, they didn't whine that AV programs rightfully caught the virus.

Don't whine because we choose to be safe. Fix your site, appeal the label, and learn that if your business is taking THAT big a hit from being blacklisted for a while, maybe you should pay for a better host. You DID do something wrong, YOU picked a flawed host,

You left your business not in the hands of Google, you left it in the hands of your webhost. You got labeled as malware because your webhost was hacked, not because Google is the new Internet Gestapo and Firefox is the loyal sycophant. I see no reason why Google, Mozilla, nor anyone else should apologize for protecting users.

Syd: Actually, I WOULD say this to you in person. I'm a very up front person in real life and online.

Second, I was replying primarily to marc, not you, so I apologize for getting the two of you confused as the same person.

Third, no, I am NOT speaking on behalf of Mozilla right now, I'm speaking for myself. I was speaking as someone tired of people constantly yelling about lawyers and conspiracies about Google. Even people who work or volunteer for organizations still have independent thoughts.

Lastly, I can understand how bad it could look to customers, and I am sorry it happened to you. However, some of my statements still stand. If your business is that valuable, you should find a better host, probably dedicated servers which are inexpensive these days. That's just a good business decision, so that you're not affected by other people's mistakes as much.

Mozilla is well aware of the role it's playing, and sites don't go on the list willy nilly, without evidence. The protection of hundreds of millions of users trumps the business effect on sites hit and infiltrated by attackers. You need to look at this as the price of lax security, not the fault of Mozilla. I CAN tell you that the appeal process is usually faster than it seems, and sites are rescanned and remove automatically. I'm sorry you were hit at all. It's never fun being attacked.

I'm not sure what you want Firefox or Google to do here. The only reasonable thing is for their process of reviewing your site to be faster. I had my wordpress blog hacked a few times, and it was always *very* quick getting it off the list.

Why does google control the list? I would imagine with their army of crawlers it's much faster for them to rescan a site for malicious content. They have the resources to do this well, better than anyone else, really.

Why do all these browsers use google's list? Because no one else makes one/makes a good one.

The feature does allow a user to pass through to the site anyway.

IMO your webhost should be throwing its weight around to push for a quick clearing of its customers' sites. Your site was compromised and unfortunately there are consequences. As online businesses both your webhost and google should be sympathetic to your predicament.

However, I don't understand why you're recommending Firefox not use this feature. Imagine how much worse it would have been for business if all those people had been compromised rather than seeing the malicious site warning.