Why People You Trust Sometimes Tweet Unsafe Links

At least once a week or so, we get a tweet from someone saying we have shared a site that their browser is warning them about.

But when Google has even reported Google.com for being unsafe, you know things are in pretty bad shape. And recently, the Wall Street Journal reported the problem is getting worse. (For example, on 2-1-2012 Google was reporting it had hosted hosted malicious software & infected 115 domains in the past 90 days.)

We try very hard to avoid sharing links that could be potentially bad, but it still happens. And the #1 reason this is a problem? Big companies are doing a very bad job protecting their users.

Google and Yahoo! are distributing malware.

Website owners have a terrible problem nowadays: Google, Yahoo! and other big companies (like Fox) distribute malware through their ad networks. And ads often rotate from visit to visit.

What rotating ads means is that--click–I visit the site and it’s safe, but–click–you try to visit and get a warning.

What we’re doing to protect you

We now check many of our links multiple times, in multiple browsers, visiting the site two or more times before we share the link. If we get a warning any of those times we don’t share it. If ads on the site even look suspicious, we may not share it either. We never intentionally share links that could harm your computer. We  also try to avoid sharing sites that people have warned us about again.

Yet when we do share a link, it gets clicked by as many as tens of thousands of people (our most popular link in 2011 got over 66,000 clicks). And sometimes sites actually make changes for the worse since we last visited them. So even when a site really was “good” when we checked it out, it can still generate a warning when you try to visit

Fortunately, it’s still not that common to get something truly harmful from a website, because most of the time too many things have to go wrong (see below). What HAS become very common is you are losing more and more of your privacy.

Top websites invade your privacy as much as they can

Fortunately, many “bad” ads don’t distribute the kind of malware that tries to steal your credit cards or passwords–they just invade your privacy a little bit in exchange for offering you something you want.

And while that’s bad, virtually every large website already tracks as much about you as they can, in some cases installing over 100 “trackers” of personal information about you every time you visit them.

It’s usually hard to get infected from a website

In most cases, to get infected six things have to go wrong before you are infected as a result of visiting a website. You have to:

1. Visit a site, and fail to be warned…or ignore the warning
2. Click on a regular or popup ad.
3. Accept the suggestion from the site or pop-up box the ad took you to, to download something onto your computer.
4. Have whatever it is being downloaded be something you really don’t want. Many ads simply lead to programs that people DO want, and that are NOT harmful in the sense of being malware.
5. Have your anti-virus program not notice that what you’re downloading is or contains malware.
6. Even at this point, in MOST cases you are NOT really infected. The final step is what your anti-virus progam is best at: To stop the thing you downloaded from running on your computer. Just downloading malware isn’t usually enough–it still has to not be detected by your anti-virus software when it tries to run.

Many more people have been infected from email attachments than from unwittingly accepting malware from websites. The problem is that once your computer is infected, it tends to stay infected, even picking up more malware along the way.

Websites are becoming more dangerous

Worse, specially crafted attacks that do NOT require you knowingly download something unfamiliar are on the rise. While many of these attacks will not reach you by visiting infected websites or clicking on “bad” ads or links, there is always the chance that it could happen.

That’s why all modern browsers subscribe to services warning you (when they can) that you may be about to visit a site that looks suspicious.

What should you do when you get a warning?

We’re always interested in hearing if a link we shared generated any kind of warning or problem.

So, do let people know if they’ve shared a link that has gone bad, but don’t assume they are intentionally sharing harmful links. All too often there was no warning to the person that visited the site before they shared the link with you.

We generally suggest blocking popups. Search Google for the name of your browser and “block pop up windows setting.”

Share what you know

There is a lot more that can be said about this. Share your knowledge by adding a comment below.