Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A safe browsing service is not a terrible idea (which is why both Safari & Firefox use Google for this) & while I hate that Google has a monopoly here, I do think a safe browsing service should absolutely block your preview environments if those environments have potential dangers for visitors to them & are accessible to the public.


However, why does it work in such a way that it blocks the whole domain and not just the subdomains?

Is it far fetched that the people controlling a subdomain may not be the same that control the domain?


Which subdomains?

To be clear, the issue here is that some subdomains pose a risk to the overall domain - visiting any increases your risk from others. It's also related to a GitHub workflow that auto-generates new subdomains on demand, so there's no possibility to have a fixed list of known subdomains since new ones are constantly being created.


That’s what the Public Suffix List is for


It is a terrible idea when what is "safe" is determined arbitrarily by a private corporation that is perhaps the biggest source of malicious behavior on the web.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: