A few weeks ago, on Wednesday, May 21, 8:56 AM I got this email:

Hi Joe Crawford,

It looks like an external link you included in CSSBattle for DECEMBER 5 (2024) Logo-i-zer & ArtLung Lab didn’t follow Community Guidelines. To help keep our community safe, we removed your content from YouTube.

External link: https://apps.artlung.com/logo-i-zer/create.php

REVIEW AND TAKE ACTION

Warning

What we found

We think your content didn’t follow our harmful and dangerous policy.

External links that go to sites that contain spam, scams, or other deceptive practices aren’t allowed on YouTube. Read policy

How this impacts you

This is just a warning. Because this is your first time, you can still upload, post, and live stream. However, we removed your content from YouTube.

What to do next

Review your content and the policy. After your review, you can appeal if you think we got it wrong, and you can take an optional training to remove the warning. Learn about your resolution options.

How we find violations

We use a combination of automated systems and human reviews to detect violations of our Community Guidelines.

Thanks,
The YouTube Team

It had the subject “📣 YouTube removed your content”

I was quite surprised by this email. This was indeed for my video entitled CSSBattle for DECEMBER 5 (2024) Logo-i-zer & ArtLung Lab. This video:

I also had another email in my inbox. This one had the title “Social engineering content detected on https://artlung[.]com/” with a timestamp of May 21, 2025, 10:34 AM.

Social engineering content detected on https://artlung.com/

Google’s Safe Browsing systems have detected that some pages on your site might be hacked or might include third party resources such as ads that are designed to trick users into installing malicious software or giving up sensitive information. To protect your site’s visitors, affected pages have been demoted in Google’s search results, and browsers such as Google Chrome now display a warning when users visit your site. You can see which pages might be affected in the Security Issues report.

Act now to fix this problem and remove the warning:

1. Identify compromised pages
   Check the example URLs in the “Security Issues” page in Search Console. Note that this page displays a list of samples and not an exhaustive list of problematic URLs.
   View examples
2. Remove the deceptive content
   If you’re having trouble identifying and removing all the problematic content on your site, consider restoring an older version of your site. If you have ads on your site, ensure that they are not designed to trick or deceive visitors.
3. Secure your site from any future attacks
   Identify and fix any vulnerabilities that caused your site to be compromised. Change passwords for administrative accounts. Consider contacting your hosting service to assist with the issue.
4. Request a security review
   Only do this once you’re sure your site is free of problematic content. Include any details or documentation that can help understand the changes made to your site.Request a review
5. Here is a sample of URLs from your site where we detected social engineering content:http://apps.artlung[.]com/
http://artlung[.]com/logo-i-zer/

Need more help?

• Learn more about Phishing and Social Engineering.
• Read our help guide for hacked sites.
• Learn how to request a review in our help center.
• Ask questions in our forum for more help – mention message type [WNC-806900].

This alarmed me MUCH MORE. One video taken down is bad. But a whole domain of mine – not my main domain, but my “apps” subdomain marked as dangerous was troubling.

Firefox and Chrome and Safari all had flagged that domain with that BIG RED BLOCKING PAGE blocking entry unless you are really really sure.

My friend gRegor shared that he saw this in Chrome blog tools:

Chrome is blocking ads on this site because this site tends to show ads that interrupt, distract, mislead, or prevent user control. You should fix the issues as soon as possible and submit your site for another review. Learn more at https://www.chromestatus.com/feature/5738264052891648

What on earth is going on?

I had no idea what was going. I thought it was possible that my site had been infected with malware. Or maybe some other chunk of content on my site had been altered by a malicious actor.

I downloaded a fresh copy of all the files for whole domain apps.artlung.com. I inspected it all locally.

I keep a copy of everything there in a source code repository (git) and there were a few changes. Some temp files I had shared with friends. Minor updates. But nothing malicious. Nothing suspicious.

I reran the rsync to doublecheck I hadn’t missed anything that might be hiding and again came up empty.

I mentioned this in the IndieWeb Homebrew Website Club meeting that day. Mark recommended a PHP malware scanner. I used that to do some scans, locally. Nothing bad. And on the hosting server, nothing I could find.

I re-read the emails from Google and YouTube. I looked inside Google Search Console.

I originally authenticated with Google Search Console tool using a DNS record a few years ago. It covers everything on the artlung.com domain. If you’ve been making web pages you might remember adding a file like google123123123.html to your site to verify it. It’s like that. In theory it lets you see what the search engine sees about a website.

And I looked again at the page in question and looked at the source code.

The code solicits user input. The code also stores user choices: two colors.

That’s it. And it makes a logo (my logo) from the colors.

But it does invite users to do something.

I develop a theory and a possible solution

Having a website marked as dangerous by a Google means that the whole domain might get big warning block screens added. Users can go by it? But they ought not to. It was in my interest to fix it.

I read closer what the problems were. I decided that I needed to add a few things:

• a description of precisely what the page is
• links to all related pages for the site
• a privacy policy (an assurance I am not gathering information)
• a terms of service (what guarantees I have to make about the site)

Implementing solutions

And in an hour or so I’d done that. It looked roughly like it does now:

This included a Privacy Policy:

LOGO-I-ZER does not collect any personal information of any kind and does not retain any information about your use of the tool. The only items retained are the images created based on the two image colors. The resulting image sets the “ARTLUNG” logo with the foreground and background colors selected.

No cookies or sessionStorage are used. localStorage is used to retain the last 2 colors you chose on the Create page.

And a very basic Terms of Service page:

Service is provided “as is” without warranty of any kind. Use at your own risk.

Asking for a review of my changes in Google

Inside Google Search Console I submitted a request to re-review the site. My supporting text was this:

I believe the issue may have been that my page was not clear about what it is and does. The page allows users to choose two colors to set my logo in, and uses localStorage to retain those choices for the user. I have added a privacy policy communicating that fact, and a terms of service page.

Asking for a review of my changes in YouTube

I did the same thing inside YouTube, to address the fact that in the console for my videos that video was marked as disabled.

I also was given the chance to take a short training course for how to behave properly inside YouTube. When creators you watch on YouTube mention demonetization, or takedowns, this all seems related. It asked me questions about how to represent the truth, not advocate for bad behavior, and a few other topics. It was very much like the kind of Human Resources most folks who have worked a job have had to do.

The training took me half an hour, and I passed.

Ban Removed, Video Restored

The next day, actually in the early morning of May 22nd, maybe 8 hours later, I got this email:

Review successful for https://artlung.com/

To: Owner of https://artlung.com/,

Google has received and processed your security review request. Google systems indicate that https://artlung.com/ no longer contains links to harmful sites or downloads. The warnings visible to users are being removed from your site. This may take a few hours to happen.

Here are ways to keep your site safe in the future:

1. Secure your site from any future attacks
   Identify and fix vulnerabilities that caused your site to be compromised. Change passwords for administrative accounts. Consider contacting your hosting service for assistance.
2. Always follow the Unwanted Software Policy
   Make sure all downloadable files from your site comply with the criteria listed in the policy. Files that violate these criteria will be identified as unwanted software.
   Read policy

---

Resources

Learn about preventing malware infection in our help center.
Ask questions in our forum (Mention message type [WNC-608000]).

And James pointed out in the IndieWeb chat that:

Your apps. subdomain is no longer being flagged by Google: https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fapps.artlung.com&hl=en_GB

Takeaways

These were all automated messages. None of them seemed to directly engage and point at a single “problem” with my sites that was triggering the flagging. But I’ll take a shot at some possible descriptive theories about how Google and YouTube work here in 2025:

• Any link added to the description in a YouTube video probably gets additional scrutiny. I say that because to even add a single https link to my videos I had to do some identify verification with YouTube. HTTP links have power.
• Any web page that has form inputs and is asking a user to do something and also saves data to localStorage probably ought to explain itself in plain language
• Including a privacy policy is probably table stakes for any site that takes user input, no matter how trivial
• Including a terms of service is not a bad idea
• Google has a ton of power: once my site was flagged, Firefox, Chrome, and Safari all had BIG RED BLOCKING SCREENS in place for any usage of my subdomain with big nasty ARE YOU SURE warnings for anyone wanting to click through.
• My case was specific, and none of the form emails I got seemed to really describe what was happening on the site. There’s such a panoply of ways a web page can be bad there’s no way to automate describing what’s suspicious about a website
• Google followed up quickly to my request for review. And as soon as I got the email back from Google, my YouTube video was restored.
• It’s helpful to have community to bounce ideas off. Huzzah my friends in the IndieWeb.
• I keep learning new stuff from vlogging CSS Battles. Here were the lessons when I was at 110 Hours. (I’m at 116 hours now).

To quote Courtney Barnett:

It’s a Monday / It’s so mundane / What exciting things’ll happen today?

Thanks for reading. I hope this will be helpful to someone in this scenario.