Serious take: the solution to Safe Browsing false positives like the Immich one is passkeys.
Phishing regularly upends people's lives. The Safe Browsing cat-and-mouse with all its opaque false positives will be necessary until we roll out phishing-resistant auth.
Sure, but... Allowing people to log in with a pass key without them having first set up a backup of thier passkeys that they understand and control..
Taken to its logical conclusion, it just means that instead of phishing being possible, keeping any account for longer than the average duration between mistakes will become impossible, You will see accounts die permanently on a regular basis and people will have to recreate their entire digital lives constantly. The same thing happened with 2FA before the introduction of backup codes.
If you want to have safe browsing, I don't think that you get to just punt and push all the hard work onto everyone else. People are just going to turn safe browsing off and stop trusting you when you start gaslighting them, telling them that their very own thing that they created must be a scam.
@filippo but that doesn't work under this assumption that everything is using passkeys -- how to reset via email when you lose the passkey to log into your email ?
Because otherwise, can't the email still be phished ?
People need to be able to _back up_ thier creds in a system they control, like a paper notebook or a password manager that they can access independently of their device.
Not everyone has two devices -- some people dont even have their own device at all!
This is not a theoretical thing, it has real consequences for people... My mother can't log into her apple account or social security account anymore because her device hardware failed. The helpful folks at the apple store just had her create a new account....
She did NOT lose access to the accounts whose cress she wrote down on paper.
@forestjohnson what? No, people will just reset their passkey via email like they reset their passwords via email, which data suggests normal people do ALL THE TIME.
It's only us nerds that think losing a password or a passkey must be avoided at all costs.