Unsafe At Any Speed

2023-02-02 6:10 PM CDT

Well, it looks like the first thing I get to chronicle in my lab notebook is safe browsing, Chrome warnings and Google/Blogger's lack of trust in both their users and themselves. Or something. I'm still trying to figure out what exactly is wrong, so you can consider this "liveblogging the investigation/solution" if you'd like. Or something.

So keep in mind that I started his journal about a week after my lay-off, but I didn't decide to publish it publicly until just recently. Yesterday's post was mostly written as a prelude to updating my resume, although I added a bit here and there and improved the wording and readability a few times since then. Yesterday was 2023-02-01, and I started setting up the blog when I realized that I was practically rewriting my bio filling in the "About Me" section on GitHub. In my head, I've just been calling this my "lab notebook," but unsurprisingly "labnotebook.blogspot.com" is taken (I wonder if Dr. Siva even remembers he set up a blog with one post in July 2004 😂), so after I floated a couple other passing ideas that were also in use I landed on "Mad Scientist Lab Notebook". Honestly, it seemed safe enough... I mean, if I was developing a deathray or something I could probably afford a custom domain, right?

Anyway, just before I shut down the laptop to get some sleep last night, I published my intro post/semiprofessional bio... and immediately received a message from Blogger saying that my website had been suspended for suspicious content. I wish I'd taken a screenshot, but I was tired and I thought it was probably a fluke error... there was a link requesting a review for the site content, so I clicked that and entered my email address, assuming I'd have an answer by morning.

Of course, by morning I'd forgotten, and oddly there was nothing in my email to remind me... but when I tried to pull up the link to send to my wife (so I can fee like I have at least one reader) I was shocked to see this familiar-yet-unwelcome message: Deceptive content? Now look, I may have fudged a few details here and there, left out the interpersonal conflicts and tried to keep it upbeat, but "deceptive" seems like a pretty cruel judgement. If Fox News¹ doesn't get a big red nastygram, I'm pretty damned sure that I shouldn't.

"So just what do they find deceptive?" one might ask... or at least, one might ask that as long as one does not follow Chrome's advise and turn on Advanced Protection so that they can "Return To Safety" in Google's carefully curated internet¹. Fortunately, I've never been one to heed warnings unless I set the log level personally.

Wait a minute, "Detected Phishing"? Look, I'll admit I spent a while following Phish around the county once upon a time, but seriously I only ever saw five shows in a row and I showered twice within that period so I'm pretty sure it does't count³. My wife Erin has a closet-full of fishing poles in the back room and a near-constant sense of regret that she doesn't get to fish here as much as she did in New Jersey, but first of all she's complaining about the lack of fishing and secondly it's not even spelled right.

So what's the problem? At this point I just don't know... I have two theories and three pages of Google's explanation to read. I told you I was liveblogging this, right? So just chill for a minute... I'll let you know as soon as I do.

2023-02-02 6:39 PM

Well, try not to all gasp at once, but the Google pages were not as helpful as one might hope. Obviously, the first page explains Chrome's "Safe Browsing Settings". For the record, I have no problem with that. In fact, I insist that my mother turns on all the protections that she can, and even most of my friends who don't work in the tech sector (and probably a few that do 😂) should understand these settings and have them enabled under most circumstances. The other page was slightly more helpful, directing me to another page that would give me a Security Incident Report. That sounded promising, but of course I would first need to claim ownership of the URL using Google Search Console. That's also kinda helpful, because I wasn't aware that was even an option, and in this particular case it was easy because I'm using a subdomain of Blogger which is owned by Google. Obviously, Your Mileage May Vary if you registered and host your own domain... let me know if you find out.

Unforunately, after dangling the barest of hopes in front of me for a few minutes, I went to the Search Console page for my new blog and immediately saw the (nigh-unmissable) Security Issues banner. "Aha!" I exclaimed silently. "Now we're getting somewhere."

"Not so fast, missy!" I could almost hear Google saying. The only place I was getting was right back where I started. Apparently, even if you're the site owner they won't tell you what they find suspicious. I'm gonna take a wild-ass guess here and say that they probably don't even know. Given the rapid response last night, I'm quite certain that it's being scanned by an Expert System (that's "AI" to those of you who are either non-technical or don't share the importance I place on the difference) long before a human looks at anything. That's only to be expected, though... When I requested a review last night, the site was back up in the morning, and the eight new pages views which had occurred overnight made me think that somebody had reviewed it. Still, I don't just want to put it back up for review without any idea what caused it to flag in the first place; for one thing, I'm all too likely to do it again if I don't know the cause, and for another, there may actually be a problem which I'm more equipped to handle than their reviewers, and I really don't want to frustration of having it rejected after review and still not knowing the reason.

2023-02-02 6:39 PM

As I said earlier, I had a couple of theories as to potential reasons the site might have gotten flagged; with a litle further investigation, I've expanded that to three theories. Sadly, I'm not really happy with any of them. As a basis for our reasoning, let's start with the assumption that there are essentially three places which might be linked to the problem: content, template and URL. Since I have the most control over issues with the content (and since the primary problem I can see there is extraordinarily stupid), let's start there. Google seems to think I'm phishing for personal information, but having just reread the post (and knowing my proclivities as I do) it appears that I had no problem whatsoever talking about myself for several paragraphs without mentioning others even once. I think I might have entered something in the comment settings encouraging others to identify themselves somehow when commenting, even though I've left anonymous commenting enabled. I searched through the page source and don't see that text anywhere, but I'm pretty sure I could find where the setting was. I have to admit, if that's actually the cause of the problem I'm going to be pretty mad at Blogger, but in the interest of starting with a zero-assumption environment I'll go see if I can find and (temporarily?) remove that setting.

2023-02-02 8:13 PM

No dice there. While I had no trouble finding the setting, there was nothing entered there at all. In fact, "Who can comment?" was still set to "Registered Google Users" (or whatever it said). So did I dream making that anymous and writing that text? Did it get removed by the mysterious Blogger Reviewers? Did I decide it was a bad idea and undo it, or accidentally change the setting on a different blog? I just don't know. None of those questions are answerable or even particuarly relevant, so let's move on to the second option.

The next most likely source of the issue would be in the template, I imagine. I mean, technically the post content, my settings and the template all combine to make the page source, which is obviously where Chrome believes the problem to be. Of course, I just picked my favorite theme after shopping the selections offered by Blogger; I admit that I tried on more than a few to see what fit best, but I settled on Soho Neon and I'm reasonably happy with it as a starting point; I'm particularly fond of the image by Matt Vince. Having just dropped into the theme editor in another tab to find the artists name, I may have to add a little weight to this possibility, as I got the warning just trying to edit the theme in Bloggers own editor. I have to admit, my CSS is a little rusty, but it doesn't look like there's anything weird in there. There are, however, three scripts included by the template and I have no idea what any of them are supposed to accomplish. I pulled the first down as text, but it failed the requirements of spacing and linefeeds so badly that not even the author could have been sure what it did.

So there's my plan for tonight, I suppose. Remove the possibly-offensive Javascript includes from the template and beg someone to review the site again. I can't imagine I'll get any response until tomorrow, but rest assurred I'll be updating here as soon as I learn something.

2023-02-02 8:48 PM

Surprise! I'm back! So get this... the script tags for the Javascript libraries aren't even in the template. It appears they are part of one of the widgets or something. Additionally, after doing a couple of quick searches for the scripts, they appear to be legit; "vanillamasonry" is a grid layout library, "imagesloaded" lets the user start interacting with the site before all the images have completed download, and "clipboard"... well, I dunno, it has something to do with the clipboard, and it's also used by Watchin' The Detectives, our blog about documentaries which has never gotten a red flag. There are a few other scripts included throughout, but they're also used in other blogs, so I think it's time to discard the Malicious Script Hypothesis. Honestly, it seemed really unlikely the Blogger would feature a template that would immediately flag their system, but it's best to cover all the bases. That's the whole point of zero-assumption troubleshooting.

Unfortunately, that leaves me with only one theory remaining: somehow, the URL is being incorrectly flagged as a Phishing site, either because of the name or because of actions or content by previous owners. It's getting late, so I'm going to go with the latter option. I'll have this posted, along with my introductory post, and I'll submit the site to Google's Incorrect Phishing Warning Report for review. Hopefully they will skim the posts, realize I'm not actually trying to scam anyone, and maybe be a little bit more communicative than the Blogger staff was (not to mention the Google Search Console).

2023-02-02 8:48 PM

Well, never let it be said that Google is slow in getting around to their site reviews... although I suspect the fact that this as already changed supports my supposition that they have Expert Systems doing their dirty work, but honestly I'm fine with that. I wouldn't wish the job of reviewing potentially suspicious websites on my worst enemy, particularly not for the minimal hourly rate they would doubtlessly pay (and probably for just short of the number of hours they'd have to work to get corporate-supported insurance too). No, what bothers me about Google's quick review and their Expert Systems is that they completely ignored my heart-felt pleas, in both my request and this post, begging for some indication of the initial cause of the problem. Oh well... at least if it happens again, I have now documented how to fix it, and that's supposed to be the point of keeping this notebook anyway

Alas, it's late, the site seems to be working, I'm tired and Chrome has crashed three times while writing this last paragraph, so I'm going to bed. Stay tuned tomorrow, when I'll let you know if I get any further information in my email box... otherwise, I'll start blogging about the next problem I find, or try to chronicle some of the steps I've taken to preserve the knowledge I gained at my last job. Or hey, maybe I'll put some effort into making our documentary blog look better. Remember, it's always an adventure when you visit the Mad Scientist's Lab 🤯