Добавить новость

Актер Борис Щербаков успешно прооперирован в Москве

ЕС обсудит введение новых санкций против России за «гибридные угрозы»

Кадыров рассказал о сигнале Путина Западу

В Норвегии призвали США перестать поучать Россию



News in English


Новости сегодня

Новости от TheMoneytizer

Attacker Has Techdirt Reclassified As Phishing Site, Proving Masnick’s Impossibility Law Once Again

Here on Techdirt, we write a lot about content moderation and even did a whole big series of content moderation case studies. However, here’s an interesting one that involves Techdirt itself from a couple weeks ago. It’s also a perfect example of Masnick’s Impossibility Theorem in action and a reminder of how the never-ending flood of spam and scams provides cover for bad actors to sneak through abusive reports.

This case should also be a giant red flag to policymakers working on content moderation laws. If your policy assumes everyone reporting content has pure motives, it’s not just naive, it’s negligent. Bad actors will exploit any system that gives them power to take down content, full stop.

Here’s what happened:

We were off on the Friday after Thanksgiving, and I went for a nice hike away from the internet. After getting home that evening, I saw an email saying that when the sender had tried to visit Techdirt, they received a warning from Cloudflare that the site had been designated a “phishing” site.

I logged into our Cloudflare account and found that we had been blocked for phishing.

I did have the ability to request a review:

But, this all seemed pretty damn silly. Then I remembered that a couple days earlier, I had received a very odd email from another security provider, Palo Alto Networks, telling me that it had rejected my request to reclassify Techdirt as a phishing site. Somewhat hilariously, it said that the “previous” category was “computer and internet info” and that I had requested it be reclassified as phishing (I had not…) and instead they had “reclassified” it back to computer-and-internet info.

It seemed fairly obvious that some jackass was going around to security companies trying to get Techdirt reclassified as a phishing site. It didn’t work with Palo Alto Networks, but somehow it did with Cloudflare. It’s unclear if it was tried anywhere else, and how well it worked if it was tried elsewhere.

Thankfully, Cloudflare was quick to respond and to fix the issue. On top of that, the company was completely open and apologetic about how this happened. There was no hiding the ball at all. In fact, Cloudflare’s CEO Matthew Prince noted to me that this kind of thing might be worth writing about, given that it was a different kind of attack (though one he admitted the company never should have fallen for).

So how did this happen? According to Cloudflare, their trust & safety team were trying to go through a backlog of phishing reports and bulk processed them without realizing there was a bogus one (for Techdirt!) in the middle.

I understand that some people in my shoes would be pretty mad about this. However, I’ve spent enough time with trust & safety folks to know that this kind of shit happens all the time. And it kind of has to. The vast, vast majority of trust & safety work is processing just obvious bad stuff: spam and scams. If you’re dealing with hundreds or thousands of those at once, it’s totally possible for a legitimate one to slip through the cracks. If a company actually hand-reviewed every single possible report, then the backlog would grow larger and larger, leaving actual spam and scam sites online.

This is the impossible bind that trust & safety teams find themselves in. Trust & safety teams obviously feel compelled to remove actual spam and scams relatively quickly to protect users. But going too quickly sometimes means making some mistakes.

We were just caught in the crossfire on this one. That’s not to say that this kind of nonsense would work for anyone else. Cloudflare tries to review such reports, but sometimes mistakes happen. I mean, we get the same thing (on a smaller scale) with our spam filter here at Techdirt. If we get 2000 spam comments a day (which happens most days) and one false positive gets caught, we might not spot it. We actually have a separate system that tries to catch those mistakes and shunt them to a separate queue, so I think we still find the vast majority of falsely flagged comments, but I’m sure we miss some.

This is always going to be a challenge for trust & safety teams, and not something that some new regulation can realistically help with. If the law mandated a human review, you’d get problematic results with that too. Backlogs would grow. And even with a human, there’s no guarantee they’d have spotted this bogus request, since they’d probably be rapidly reading through hundreds of other similar reports, without the time or the capacity to go check each site carefully.

Cloudflare told me that the message they received was obvious bullshit. Someone sent them a report about Techdirt, saying “There is malware that they spread to their visitors.” The problem was just that, in this case, no human read it. We just got bulk processed with a bunch of other reports, most of whom I’m sure were really pushing malware or phishing.

Yes, it may be mildly annoying that visitors were warned away from Techdirt for a few hours. But to me, it’s even more fascinating to see someone trying this attack vector and having it work, if only briefly.

It’s a reminder that bad actors will try basically anything to try to find weaknesses in a system. So many of the laws around content moderation around the globe, such as the DSA, often seem to assume that basically everyone is an honest broker and well-meaning when it comes to moderation decisions. But, as we see here, that assumption can help allow bad actors to wreak havoc.

Policymakers need to start from the premise that some people will abuse any system that lets them take down content as they consider new content moderation laws. Laws that assume good faith are doomed. There are inherent tradeoffs in any approach, and even with the best system, mistakes are inevitable. The DMCA teaches us that any system that enables content removal will be abused. Policymakers must factor that in from the start, and yet they almost never acknowledge this.

Anyway, I appreciate Cloudflare’s quick response, apology, and willingness to be quite open about how this happened. And thanks for giving us another interesting content moderation case study at the same time.

Читайте на 123ru.net


Новости 24/7 DirectAdvert - доход для вашего сайта



Частные объявления в Вашем городе, в Вашем регионе и в России



Smi24.net — ежеминутные новости с ежедневным архивом. Только у нас — все главные новости дня без политической цензуры. "123 Новости" — абсолютно все точки зрения, трезвая аналитика, цивилизованные споры и обсуждения без взаимных обвинений и оскорблений. Помните, что не у всех точка зрения совпадает с Вашей. Уважайте мнение других, даже если Вы отстаиваете свой взгляд и свою позицию. Smi24.net — облегчённая версия старейшего обозревателя новостей 123ru.net. Мы не навязываем Вам своё видение, мы даём Вам срез событий дня без цензуры и без купюр. Новости, какие они есть —онлайн с поминутным архивом по всем городам и регионам России, Украины, Белоруссии и Абхазии. Smi24.net — живые новости в живом эфире! Быстрый поиск от Smi24.net — это не только возможность первым узнать, но и преимущество сообщить срочные новости мгновенно на любом языке мира и быть услышанным тут же. В любую минуту Вы можете добавить свою новость - здесь.




Новости от наших партнёров в Вашем городе

Ria.city

«Медной горы хозяйка» и «Лаборатория Тарковского»: куда сходить в Москве на выходных

Для эффективной коммуникации: новые беспроводные наушники A4Tech Fstyler BH235

Тренер Бышовец считает равными шансы "Зенита" и "Краснодара" на победу в РПЛ

Президент Чехии Петр Павел поднял пенсионный возраст до 67 лет

Музыкальные новости

Кабинет Артиста в Яндекс. Кабинет Артиста в Яндекс Музыке. 

Показ балета «Щелкунчик» в Новогодние каникулы пройдет в «Колизей - арене»

ОМОН «ОРИОН» ПРЕДОТВРАТИЛ ТЕРАКТ В КАЛУГЕ: ВИНОВНЫЙ ПОЛУЧИЛ 16 ЛЕТ СТРОГОГО РЕЖИМА

РУВИКИ и Яндекс стали победителями премии РОЦИТ «Герои Рунета - 2024»

Новости России

Президент Чехии Петр Павел поднял пенсионный возраст до 67 лет

ФАР: в 92 года умер восьмикратный чемпион СССР по альпинизму Валентин Божуков

В Москве завершился федеральный проект «Классика: история и современность»

Тренер Бышовец считает равными шансы "Зенита" и "Краснодара" на победу в РПЛ

Экология в России и мире

Балаган года

Международный конкурс искусства «Сокровища нации» 2024

Коллекции брендов Josephine Cashpar и Charmstore на M2 X Sokol Fashion Week FW-2024/25 (осень-зима 2024/25)

Termit представил амбассадоров бренда

Спорт в России и мире

"Снова "Оземпик". В сети обсуждают похудевшую Серену Уильямс

Новак Джокович заявился на турнир ATP-500 в Дохе

Соболенко выиграла награду WTA за продвижение женского тенниса

Блинкова разгромно проиграла Лепченко на турнире в Лиможе

Moscow.media

Город Гофмана

Котельная в Малоархангельском районе появилась пока только на бумаге

BelkaCar и МТС Premium увеличили кэшбэк на поездки в приложении каршеринга

Россияне осваивают внутренний туризм: турпотоки в некоторые регионы выросли на 57%











Топ новостей на этот час

Rss.plus






В Москве завершился федеральный проект «Классика: история и современность»

«Зима обещает быть жесткой»: какие магнитные бури обрушатся на Землю в 2025 году

Тренер Бышовец считает равными шансы "Зенита" и "Краснодара" на победу в РПЛ

Соловьев: Певец Лепс вступил в ЛДПР