By
Eric Selin – Founder, statichost.eu
For approximately six hours on 25.9.2025, the entire statichost.eu domain
was flagged as deceptive by Google Safe Search. This meant that anyone using
Google Safe Search was shown a very aggressive warning or outright blocked
when trying to access any site on thestatichost.eudomain. In some cases
even custom domains hosted on the statichost.eu platform were affected. This
post is part incident report and part privacy (and monopoly) rant.
Google has too much power over the Internet. Or in the most objective way
possible: Google controls and/or monitors a substantial part of every single
interaction on the Internet. You may think that this is fine, and that is your
right, although I very much disagree. Especially since Google blocked all of
statichost.eu for “over five billion” devices for several hours. Here is how
it went down:
I woke up to some pretty bad news on Monday a couple of weeks ago. A few users
had started reporting that statichost.eu is unavailable due to a security
warning. This is not great, I think to myself, and go into incident response
mode. Immediately, I check https://www.statichost.eu, and see that it’s working.
No TLS issues or other technical problems – maybe a browser issue or network
problem?
Ok, so I start investigating. The affected users all mention Google, so I
start there. I use Chromium for Google-specific things (only), so I open it up
and fire up a Google search. I actually cannot see statichost.eu on Google
now, which is weird – it should be the top-ranked result for my keywords (e.g.
“europen static hosting”). While I wait for Google Search Console to load, I
check www.statichost.eu again in Chromium, just in case.
And BOOM! There it is. Now I start panicing. Google is blocking me from
my own website! It apparently thinks I might be deceived – I guess into doing
something I shouldn’t do or something I’ll regret later?
Back in the Search Console, which has now loaded all its JavaScript and whatnot,
I see a giant error message: “Security issues detected”. There seems to be a
problem with phishing on the statichost.eu domain. All sites on statichost.eu
get a SITE-NAME.statichost.eu domain, and during the weekend there was an
influx of phishing sites. As a result of that, statichost.eu ended up on the
Google Safe Browsing list of “dangerous”
sites. Luckily, Google provided me with a helpful list of the offending sites,
which I could then promptly delete.
It is of course impossible to talk to anyone at Google in order to fix this,
but there is a “request review” button. After writing up an explanation and
requesting a review, all I could do was wait. I prepared for the worst, but
within a few hours, the block was lifted and an automatically generated response
of the same appeared as a notification in Search Console. Not even an email
was sent. Nonetheless: incident over.
Anyway, back to Google.
The stated goal of Google Safe Browsing
is “Making the world’s information safely accessible.”. Yikes! But what does
it mean? It is basically a giant blacklist of sites that Google has deemed
unworthy. This list is then used by major browsers and anyone who wants to “make
information safely accessible” or whatever. According to Google, this protects
“over five billion devices”. That of course means that you really don’t want to
end up on this list!
And do you know how Google builds this list? By doing what they
do best: by monitoring absolutely everything. One tool for this
is Google Chrome – a “free” browser created by Google for its
business purposes. It of course sends the URLs of pages you visit
back to Google –
I very much assume by default. And with “enhanced security
protection” turned on, it even sends some of the page content to
Google. That is a very
neat way to monitor the comings and goings of something like four billion
people.
To be fair, many or even most sites on the Google Safe Browsing blacklist are
probably unworthy. But I’m pretty sure this was not the first false positive.
And I’m not sure this is the best way to tackle phishing. E.g. what happens
on the countless phishing sites that are not on this list? Be that as it may,
do not rely on Google to tell you who to trust. Use your own judgement and
hard-earned Internet street smarts.
There are lots of problems on the Internet, but I for one don’t trust Google
to be our savior. There was a time when Google was different, but do not
mistake their friendly branding and legacy goodwill for something it is not.
In order to limit the impact of similar issues in the future, all
sites on statichost.eu are now created with astatichost.page
domain instead. This domain is pending addition to the Public Suffix
List in order to further increase resilience and
security.
About the Author
