Although I didn't elaborate about the libel, I do believe there is a strong separation between a "malicious site" and a "site that has malicious content".
If someone encoded an image in an HN post encoded as base64, that could be definitely malicious content. But that would not make HN a malicious site. No reasonable person would argue that. I would argue that claiming it was a malicious site is the heart of this libel.
Now, as a converse, we've seen sites that are just textspam with links that are all .exe or .com or likewise. They have no legitimate purpose other than getting higher scores in search engines. And their content is full of malware of all sorts. This would be an example of a malicious site.
On top of that, nobody mentioned about my call to email the webmaster/abuse/admin contacts at a domain. Even an email and then 1h later would provide some sort of "whoops we didn't catch that" buffer. A legitimate site will respond quickly to warnings of malware or hacked site.
Of course, we all on HN know about the ills of contacting Google for issues like this. Unless you have a Social Media Escalation (aka: this type of post), you pretty much guaranteed will have no recourse. That is a whole another level of problem, especially if they control (they do!) the browsers of millions of people. Where are the checks and balances? There are none.
And we also come to the issue of secret charges, secret evidence, secret judges, secret punishments, and no appeals. The common saw here is "We dont want to tell bad people what they're doing bad". This doesn't fly with our government, and shouldn't fly with mega companies (read: monopolies or oligopolies). If I'm doing something wrong, I should be shown what I'm doing wrong, and a window of time to remediate. (And I'd argue that once something's detected, then enhanced scanning could be done.)
> If someone encoded an image in an HN post encoded as base64, that could be definitely malicious content. But that would not make HN a malicious site. No reasonable person would argue that.
I don't consider myself particularly unreasonable, but I would argue that.
I see what you're getting at in that you seem to be focusing on the intent of the site owner, but I don't think that's a hair worth splitting. If you have poor security on your site such that you allow upload, and more importantly hosting and distribution of malware, you are now the owner of a malicious site.
Although I didn't elaborate about the libel, I do believe there is a strong separation between a "malicious site" and a "site that has malicious content".
If someone encoded an image in an HN post encoded as base64, that could be definitely malicious content. But that would not make HN a malicious site. No reasonable person would argue that. I would argue that claiming it was a malicious site is the heart of this libel.
Now, as a converse, we've seen sites that are just textspam with links that are all .exe or .com or likewise. They have no legitimate purpose other than getting higher scores in search engines. And their content is full of malware of all sorts. This would be an example of a malicious site.
On top of that, nobody mentioned about my call to email the webmaster/abuse/admin contacts at a domain. Even an email and then 1h later would provide some sort of "whoops we didn't catch that" buffer. A legitimate site will respond quickly to warnings of malware or hacked site.
Of course, we all on HN know about the ills of contacting Google for issues like this. Unless you have a Social Media Escalation (aka: this type of post), you pretty much guaranteed will have no recourse. That is a whole another level of problem, especially if they control (they do!) the browsers of millions of people. Where are the checks and balances? There are none.
And we also come to the issue of secret charges, secret evidence, secret judges, secret punishments, and no appeals. The common saw here is "We dont want to tell bad people what they're doing bad". This doesn't fly with our government, and shouldn't fly with mega companies (read: monopolies or oligopolies). If I'm doing something wrong, I should be shown what I'm doing wrong, and a window of time to remediate. (And I'd argue that once something's detected, then enhanced scanning could be done.)