Immich is a popular self-hosted photo and video management solution. It is one of the best Google Photos alternatives around that has a straightforward user interface and a feature set that has impressed many.
Unfortunately, the Immich team has found itself in a bit of a pickle with Google.
Open Source is Malicious According to Google
Earlier this month, Immich's .immich.cloud websites were suddenly marked as dangerous by Google Safe Browsing. Users trying to access these sites were greeted with the fear-inducing "red screen of death."
If you didn't know, Safe Browsing is Google's service that looks to protect users by warning them when they try to access malicious websites or download suspicious files. The service is integrated into major browsers like Chrome and Firefox.
A single flag from this can make a website unavailable to most internet users because not everyone will click on the "Advanced" button and check the obscure button hidden-away at the bottom.
Due to this, the Immich team found themselves locked out of their own internal tools and preview environments. They now have to click through tedious warnings just to do their daily work.
The situation got weirder when the team investigated what exactly was flagged. Google Search Console showed that the affected URLs were primarily their preview environments.
These are test sites automatically generated for pull requests on Immich's GitHub. Google's system claimed these pages were "attempting to trick users into doing something dangerous, such as installing unwanted software or revealing personal information."
They submitted a review request explaining that Immich is a self-hosted application. The team owns and operates the immich.cloud domain and all its subdomains. The flagged sites were their own deployments of their own products. They weren't impersonating anything or anyone.
A day or two later, good news arrived, but it was short-lived, as their entire immich.cloud domain got flagged as dangerous again.
To minimize damage, Immich is now moving their preview environments to a dedicated domain: immich.build. By isolating these test environments, they hope to prevent flags from taking down their main domain.
And, before you ask, this isn't just an Immich-only problem. It has affected other open source projects in the past like Jellyfin, YunoHost, Nextcloud and many others.
No Accountability Whatsoever
I had to see how ridiculous this actually was, so I tried accessing one of Immich's blocked URLs: main.preview.internal.immich.cloud (an HTTPS URL btw), and lo and behold, my daily driver web browser, Vivaldi (a Chromium-based browser), blocked me from getting through.
Google and the other big names keep rolling out these automated systems that can't tell what's actually malicious from what's legit. In the end, it's regular people and honest developers who get caught in this mess, while the actual bad actors? They either tweak their approach or just move on to the next thing, same as always.
Suggested Read 📖
Sourav Rudra
- Even the biggest players in the Linux world don't care about desktop Linux users. We do.
- We don't put informational content behind paywall. Your support keeps it open for everyone. Think of it like 'pay it forward'.
- Don't like ads? With the Plus membership, you get an ad-free reading experience.
- When millions of AI-generated content is being published daily, you read and learn from real human Linux users.
- It costs just $2 a month, less than the cost of your favorite burger.
Become a Plus Member today and join over 300 people in supporting our work.
