The red screen of death: Google’s automated hit on a rival it couldn’t acquire

• Google’s Safe Browsing service erroneously flagged the entire immich.cloud domain, home to the self-hosted photo platform Immich, as “dangerous.”
• The automated block displayed severe red warning screens, effectively locking out users and developers from accessing their own services.
• The flagged URLs were internal test and preview environments for the Immich project, not malicious sites designed for phishing or scams.
• Despite a successful appeal, the block was reinstated automatically, forcing the Immich team to migrate their systems to a new domain to avoid further disruption.
• This incident highlights the significant power a single corporation holds over web accessibility and raises concerns about systemic bias against independent, privacy-focused software.

In a move that underscores the perils of centralized control over the internet, Google’s automated security systems recently misidentified Immich, a prominent self-hosted alternative to Google Photos, as a dangerous entity. The incident, which began in October 2025, saw Google’s Safe Browsing service block access to the entire immich.cloud domain with severe warning screens, effectively strangling a service designed to offer users an escape from corporate data harvesting. For privacy advocates and a growing number of users disillusioned with Big Tech, the erroneous flagging of a legitimate open-source project serves as a stark reminder of the power a single company wields to dictate what is safe and accessible on the open web.

An automated gatekeeper goes awry

Google’s Safe Browsing service is integrated into major web browsers, including Chrome and Firefox, where it acts as an automated sentinel against malicious websites. Its purpose is to protect users from phishing scams and malware. However, in this instance, the system targeted Immich, a platform that allows individuals to host and manage their photo libraries on their own servers, keeping personal data out of corporate hands. The system labeled Immich’s internal preview and testing sites as deceptive, claiming they “attempt to trick users into doing something dangerous.” The result was a “red-screen-of-death” warning that deterred most users from proceeding, crippling access for both the development team and the public. The only recourse was for the Immich team to submit to Google’s appeal process via the Google Search Console, a requirement that itself forces independent developers to rely on the very ecosystem they are trying to circumvent.

A systemic pattern of bias

The plight of Immich is not an isolated event. It fits a documented pattern where open-source and self-hosted platforms face disproportionate scrutiny from automated filters controlled by major tech firms. Other notable projects like Jellyfin, Nextcloud and YunoHost have reported similar unjustified blocks. This recurring issue suggests a fundamental flaw in how these automated systems are trained and operated; they appear ill-equipped to accurately assess the legitimacy of software that exists outside the mainstream, commercial app ecosystem. The consequences are severe: a single algorithmic decision can render an entire project inaccessible, undermining user choice and stifling innovation in the privacy tech space. This dynamic creates an unlevel playing field where alternatives to Big Tech services are artificially handicapped by the gatekeeping power of their competitors.

The historical context of data control

The struggle over who controls user data is not new, but it has intensified with the consolidation of internet infrastructure in the hands of a few corporations. For years, companies like Google have built immense financial empires on the back of user data, offering “free” services in exchange for detailed profiles of individual behavior, interests and movements. This business model has fueled widespread surveillance capitalism, where the user is the product. The rise of self-hosted software represents a direct challenge to this paradigm, advocating for a future where individuals own their digital lives. Incidents like the Immich blockage demonstrate that the established powers possess not only the data but also the infrastructural control to potentially suppress competing models that prioritize user sovereignty.

• The Immich team was forced to migrate its preview systems to a new domain, immich.build.
• The original immich.cloud domain was repeatedly flagged, even after successful appeals.
• This highlights the reactive and often ineffective recourse available to developers caught in automated filters.

A call for decentralized resilience

The resolution, for now, has been a tactical retreat by the Immich developers, who migrated their preview environments to a new domain to avoid Google’s automated triggers. However, this does not solve the systemic problem. The episode serves as a powerful argument for the continued development and adoption of decentralized technologies and open-source protocols that are not subject to the whims of a corporate boardroom. As more individuals seek to reclaim their digital autonomy, the resilience of the entire movement depends on building infrastructure that is as independent from centralized gatekeepers as possible. The goal is a web where user safety is not synonymous with corporate control, and where privacy is not mislabeled as a threat.

Reclaiming the digital commons

The mislabeling of Immich is more than a temporary technical glitch; it is a symptom of a much larger conflict over the future of the internet. It reveals the inherent risk of vesting a single entity with the authority to define safety for the entire web. For a society increasingly aware of the value of data privacy and the dangers of monopolistic control, this incident is a clarion call. The path forward lies in supporting and investing in a diverse ecosystem of tools that empower users, foster genuine competition and ensure that the digital public square remains open and accessible to all, not just those who conform to the norms of the largest tech platforms.

Sources for this article include:

ReclaimTheNet.org

Immich.app

X.com