I once had a ___location-based file sharing service that also got blacklisted by Google with no recourse. I hate Google trying to police the internet with no timely appeals process.
I wonder though if you could simply just block the Google crawler and bypass it. Or use a JavaScript to auto-POST something before the file gets sent for download. The Google crawler doesn't issue POST requests as far as I know.
There wasn't any danger. Nothing more than Google Drive or Dropbox. And they didn't have any way to contact them and explain. Way to heavy-handedly shut down a potential business idea.
I'm surprised to hear that because their response in dealing with actual child porn is absolute atrocious. A sick and sad story:
Couple years ago got a DM from an ex-colleague and security researcher who discovered child porn that was publicly accessible. he contacted Dropbox several times over the course of 3 weeks. Weeks later the links were still up. I reached out to somebody I knew at Dropbox who said they were reluctant to do me this favor and deal with that matter and would prefer if I continue contacting their security. I continued trying on LinkedIn and contacted several people in Germany and the UK. No response other than "thank you for your email". The head of security in Germany even blocked me for saying "there is child porn on the site please help me get hold of somebody in charge". Getting really fed up by then, I contacted sales from my company email (a fortune 500 company) and asked them to give me a quote for what looked to them like a multi million $ client. Within 2 hours I got a call from the VP of sales to talk about my "storage needs". I told them about the child porn and that they are helping to actively distribute it now since several weeks. One of the videos was a girl not older than 7 getting raped and tortured. It took another 3 days to take down the material.
Yeah honestly if I saw something like that I would have saved an offline copy on a USB stick and handed it to police for investigation. The problem that it even happens is much greater than the problem of online distribution, and deleting it and pretending it didn't happen isn't a satisfactory response.
Automation; the bare minimum would be to scan for known child sexual abuse material hashes - if you're not doing that, then opening up anonymous uploads is very risky, as for CSAM (unlike most other things) you may be personally liable even if it's distributed there without your knowledge. Cloudfare's CSAM scanning tool is one option that may help, there are other options.
You can't rely on the good faith of users, if your service is easily usable for crime, it will be used for it.
"You can't rely on the good faith of users; if your service is easily usable for crime, it will be used for it." - should be on every developer's login screen
And every developer needs to explain this to clients.
I had a client wanting to defer identity validation on a two-sided market system. I had to explain how it would be used for money laundering. It had never occurred to the client.
> Google Drive scans a file for viruses before the file is downloaded or shared. If a virus is detected, users cannot convert the infected file to a Google Doc, Sheet, or Slide, and they'll receive a warning if they attempt these operations.
So at least some degree of automated moderation is going on. Frankly, I'd be astounded if some amount of scanning isn't being done for illegal content and/or phishing stuff.
I wonder though if you could simply just block the Google crawler and bypass it. Or use a JavaScript to auto-POST something before the file gets sent for download. The Google crawler doesn't issue POST requests as far as I know.