divestos.org website classified "dangerous / scam" by trend micro + lost security cert from macafee (edit: sites secure but the owner seemingly isnt)

Search This thread

applyscience

Senior Member
Nov 25, 2016
136
40
OnePlus 9
Edit:
The site owner has request a reclassification from trend micro and as of November 30th 2022, it is now classified as safe via https://global.sitesafety.trendmicro.com and the lost certification is related to being poor and too proud to just admit so. (ok, thats a low blow. 1k a month (per owner) on a cert that use to be free is BS on McAfees part but the road to get to this conclusion was just stupid)


I noticed this when accessing aurora store with that repo enabled (offered by default) they offer privacy focused alternative apps and as well as a android ROM. I am a tech privacy /android / ROM whore and never seen something in this realm of content genuinely concern me.


via https://global.sitesafety.trendmicro.com/result.php
1638105717829.png

Dangerous: The latest tests indicate that this URL contains malicious software or phishing.
and their detailed classification is...
Scam: Sites that attempt to defraud a person or group after first gaining their confidence, used in the classical sense of trust. They often play confidence tricks to exploit typical human characteristics such as greed, dishonesty, vanity, opportunism, lust, compassion, credulity, irresponsibility, desperation, and naivety.


I wanted to initially assume false-positive or even more tin-hat, like a security company abusing their trust to assist google sustain analytics but this is too unique / unpopular and yet a specific.block

Doesnt help that it also lost (not never had) its Trusted rating with McAfee Secure with requests the owrner contact them.

1638105565211.png


there is not too much chatter about it on reddit or here beyond old(ish) roms and current updates (nothing reassuring, sadly)

looked into the websites github and code but ithere is so little discussion/feedback about the consistent changes and im not specialized in web cert/security classification guru. All I do know is i go to a lot of privacy focused apps, install all the privacy/ foss f-droid repos and never seen this before.
 
Last edited:
  • Like
Reactions: GOOGLE_USER

SkewedZeppelin

Senior Member
Mar 19, 2021
201
218
divested.dev
This is my project and dates back to 2014:

I've numerous contributions in many other open source projects you are likely to already be using. See:

You can also see all of my many FOSS projects available at https://divested.dev

These two forum threads have over 1000+ comments combined:

There also used to be a list of sites where people talked about it:

DivestOS is also listed on PrivacyGuides (previously PrivacyTools) here https://privacyguides.org/operating-systems/#mobile_os

You are welcome to verify what you see, but please kindly don't spread FUD about a project I've spent many thousands of hours on these past years.
 
Last edited:

applyscience

Senior Member
Nov 25, 2016
136
40
OnePlus 9
You are welcome to verify what you see, but please kindly don't spread FUD

Poor choice to use FUD ("Fear, uncertainty, and doubt (often shortened to FUD) is a propaganda tactic used in sales, marketing, public relations, politics, polling and cults. FUD is generally a strategy to influence perception by disseminating negative and dubious or false information and a manifestation of the appeal to fear." - the wikipedia definition to defend your project, especially on things that bring up serious concern about it. That, paired with the info dump you gave that addressed none of the issues I brought up.

I am not qualified to "validate" anything you show me, which is why I brought it up here in hope professionals would be able to weigh in. I saw your name but didn't tag you because I was certain you would just get defensive and take it as an attack, which it is not. it is a concern. I also didnt do it because You really dont ask the one being labeled a scammer if they are one..

The fact you still took it as one and did nothing to address the the 2 major security companies showing valid concern over the website.
I've numerous contributions in many other open source projects you are likely to already be using

weird way to humble brag and again, nothing about them relate to the post I made. you not addressing anything i put forward just makes me even more concerned. Again, there are many similar projects (some much more popular in use) and none of them have the issue your website seems to have.

Why not address the claim by Trend Micro?
How could they confuse your link as a scam when that is not a false positive they do much, if ever?

Are you planing on contacting McAfee to get your sites cert back?
Why did you lose it in the first place?
They definitely seem interested in you contacting them, why not do so?

If you reply again, please address anything about the specific and valid issues brought up in the post and not just try to defend yourself by listing off your work history.
 
  • Like
Reactions: GOOGLE_USER

SkewedZeppelin

Senior Member
Mar 19, 2021
201
218
divested.dev
I honestly do not care at all what Trend Micro or McAfee's automated blackbox systems have classified my websites as.
Nor am I going to install Windows and install their anti-virus programs just to refute their claims.

McAfee literally charges minimum $1000 a month for that nonsensical "certification" https://www.trustedsite.com/certification/start if your site has "more than 500 visits a month". divestos.org is averaging between 20k and 35k page hits a month.

which is why I brought it up here in hope professionals would be able to weigh in
I'd gladly welcome a free audit of my work.
 
Last edited:

applyscience

Senior Member
Nov 25, 2016
136
40
OnePlus 9
"I don't care" isn't an answer to any of the questions. listen, I don't care. I don't use your stuff nor like or dislike anything related to you, your project. The only reason I even posted it is the fact this is the only website I've come across in my 25+ years of FOSS obsession to have 2 major security companies suggesting something is wrong.

the fact you still didn't answer the questions nor care doesn't bode well. you really should care

I'd gladly welcome a free audit of my work.
2 major security companies did and that's why this post was made. Hellloooo???!
 
  • Like
Reactions: GOOGLE_USER

SkewedZeppelin

Senior Member
Mar 19, 2021
201
218
divested.dev
"I don't care" isn't an answer to any of the questions. listen, I don't care. I don't use your stuff nor like or dislike anything related to you, your project. The only reason I even posted it is the fact this is the only website I've come across in my 25+ years of FOSS obsession to have 2 major security companies suggesting something is wrong.

the fact you still didn't answer the questions nor care doesn't bode well. you really should care


2 major security companies did and that's why this post was made. Hellloooo???!
No, they did not audit what I offer.
That is not at all what an audit is.

The Trend Micro is a false positive, and I've already asked them to reclassify it.

The McAfee certification is a *PAID* service, that costs over $1,000 a month and is for websites to have a silly badge on their website. Never have I paid for it or asked for it or can even afford it. Why would I in my right mind burn $1,000 a month for a badge.

Please stop wasting my time.
 

GOOGLE_USER

Senior Member
Jul 8, 2016
512
1,017
101
where I go, there I've been.
No, they did not audit what I offer.
That is not at all what an audit is.

The Trend Micro is a false positive, and I've already asked them to reclassify it.

The McAfee certification is a *PAID* service, that costs over $1,000 a month and is for websites to have a silly badge on their website. Never have I paid for it or asked for it or can even afford it. Why would I in my right mind burn $1,000 a month for a badge.

Please stop wasting my time.

Is it not you who is wasting your time?
Your input was neither requested nor required for the OP's stated purpose.
OP sought input from respondents -if any- and it would seem that it is your intent to waste his/her time.
Perhaps let this play out as it will. If you are confident in your truths then fear not the illuminations.
 

applyscience

Senior Member
Nov 25, 2016
136
40
OnePlus 9
The McAfee certification is a *PAID* service, that costs over $1,000 a month

that makes sense to stop using it, especially when it use to be free, but why did it take your 3rd response to the topic to get to there?

Trend Micro has since reclassified divestos.org as:

"Safe / Computers / Internet;Noteworthy"

1. thats great.


2. so you DO care and requested a reclassify request. Why was that so hard to just admit to? Why did everything you reply with say one thing yet your actions do another? you could have just said "thats not good but i assure you its wrong and will request them to change it" hell, i even said mcafee was

Please stop wasting my time.

************, YOU came to ME. I brought up a concern and specifically didn't tag you because I was looking for input form others as you dont ask people labeled scammers if they are one.

You're whole reply could have been
"**** Mcafee, they want money now but ill put a request into TM. Not a concern for myself but it only takes 10 seconds and dont want any potential users to be concerned"

jesus christ
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Edit:
    The site owner has request a reclassification from trend micro and as of November 30th 2022, it is now classified as safe via https://global.sitesafety.trendmicro.com and the lost certification is related to being poor and too proud to just admit so. (ok, thats a low blow. 1k a month (per owner) on a cert that use to be free is BS on McAfees part but the road to get to this conclusion was just stupid)


    I noticed this when accessing aurora store with that repo enabled (offered by default) they offer privacy focused alternative apps and as well as a android ROM. I am a tech privacy /android / ROM whore and never seen something in this realm of content genuinely concern me.


    via https://global.sitesafety.trendmicro.com/result.php
    1638105717829.png

    Dangerous: The latest tests indicate that this URL contains malicious software or phishing.
    and their detailed classification is...
    Scam: Sites that attempt to defraud a person or group after first gaining their confidence, used in the classical sense of trust. They often play confidence tricks to exploit typical human characteristics such as greed, dishonesty, vanity, opportunism, lust, compassion, credulity, irresponsibility, desperation, and naivety.


    I wanted to initially assume false-positive or even more tin-hat, like a security company abusing their trust to assist google sustain analytics but this is too unique / unpopular and yet a specific.block

    Doesnt help that it also lost (not never had) its Trusted rating with McAfee Secure with requests the owrner contact them.

    1638105565211.png


    there is not too much chatter about it on reddit or here beyond old(ish) roms and current updates (nothing reassuring, sadly)

    looked into the websites github and code but ithere is so little discussion/feedback about the consistent changes and im not specialized in web cert/security classification guru. All I do know is i go to a lot of privacy focused apps, install all the privacy/ foss f-droid repos and never seen this before.
    1
    You are welcome to verify what you see, but please kindly don't spread FUD

    Poor choice to use FUD ("Fear, uncertainty, and doubt (often shortened to FUD) is a propaganda tactic used in sales, marketing, public relations, politics, polling and cults. FUD is generally a strategy to influence perception by disseminating negative and dubious or false information and a manifestation of the appeal to fear." - the wikipedia definition to defend your project, especially on things that bring up serious concern about it. That, paired with the info dump you gave that addressed none of the issues I brought up.

    I am not qualified to "validate" anything you show me, which is why I brought it up here in hope professionals would be able to weigh in. I saw your name but didn't tag you because I was certain you would just get defensive and take it as an attack, which it is not. it is a concern. I also didnt do it because You really dont ask the one being labeled a scammer if they are one..

    The fact you still took it as one and did nothing to address the the 2 major security companies showing valid concern over the website.
    I've numerous contributions in many other open source projects you are likely to already be using

    weird way to humble brag and again, nothing about them relate to the post I made. you not addressing anything i put forward just makes me even more concerned. Again, there are many similar projects (some much more popular in use) and none of them have the issue your website seems to have.

    Why not address the claim by Trend Micro?
    How could they confuse your link as a scam when that is not a false positive they do much, if ever?

    Are you planing on contacting McAfee to get your sites cert back?
    Why did you lose it in the first place?
    They definitely seem interested in you contacting them, why not do so?

    If you reply again, please address anything about the specific and valid issues brought up in the post and not just try to defend yourself by listing off your work history.
    1
    "I don't care" isn't an answer to any of the questions. listen, I don't care. I don't use your stuff nor like or dislike anything related to you, your project. The only reason I even posted it is the fact this is the only website I've come across in my 25+ years of FOSS obsession to have 2 major security companies suggesting something is wrong.

    the fact you still didn't answer the questions nor care doesn't bode well. you really should care

    I'd gladly welcome a free audit of my work.
    2 major security companies did and that's why this post was made. Hellloooo???!
    1
    Trend Micro has since reclassified divestos.org as:
    "Safe / Computers / Internet;Noteworthy"