Just over 4 hours ago I published a post congratulating Google and Stopbadware on their efficiency in responding to malware, and eventually the speed with which they reinstate a “bad” domain after malware has been removed.
In contrast, whist everyone seems to enthuse about how real-time Twitter is, their system handling malware is such a delayed knee-jerk reaction that it should just be removed as a total failure.
You see an hour ago I received the following email
- That was sent approximately 10 hours after I noticed Google had given the all clear and removed warnings from their search results
- Google had informed Stopbadware.org which is used by browsers, and there were no longer warning messages in Firefox and Chrome (I didn’t check IE)
The notification suggests that links have been removed from the Twitter system and they have removed a link from my profile
Here is the link within the profile editor
Any attempt to edit the link results in a warning at the top of the page
I can understand that Twitter is a big site, and it might take a long time to process malware notifications, thus it might well have taken them 36 hours from when Google notified Stopbadware to get to the stage of realising that there might be a malware problem.
But knowing they were processing 36 hour old data, wouldn’t it be sensible, in fact downright prudent to double-check with a fresh import of data from Stopbadware, just in case during the interim 36 hours the situation had been rectified.
Instead they clobber my profile links, and possibly others as I haven’t tried posting a direct link to this domain yet from Twitter, but I wouldn’t put it past them preventing links that haven’t been pre-shortened from now being posted.
It is good that Twitter is doing something to protect their users, but this is like putting on a condom the morning after.
Update: 24 Hours Later
It is now 24 hours since Twitter notified me that they were removing links to http://andybeard.eu, and about 34 hours after I noticed my site had the all clear from Google and Stopbadware.
It is clear that someone from Twitter is aware of the problem, as there has been a manual fix to my profile link, but it still isn’t possible for someone to create a direct link to my site from Twitter without it being rejected as malware.
As an example, I just tried the following tweet “Twitter still thinks http://andybeard.eu has malware”
The result is a warning notice
I should point out that Google and Stopbadware were a lot less accusatory in their wording, suggesting possible causes. There is a difference between a site specifically hosting malware and a site that has been hacked and had iframes inserted.
Update: 98 Hours Later
It is now 98 hours since Twitter notified me that they were removing links to http://andybeard.eu, and about 108 hours after I noticed my site had the all clear from Google and Stopbadware.
Obviously I feel Twitter need to fix something that is incredibly broken