The implicit problem is you have to know the download is sketchy in order to report abuse. For your average consumer, that will be after they downloaded it.
Having a consumer download a sketchy file from what should be a trusted service (it's firefox! they're the good guys!) is not good for your company image, either.
And unfortunately, charging for a service is no guarantee that these issues will go away. I have seen fraud links from many b2b services presumably caused by credential misuse. If you operate a file sharing service, please be sure that there is a way to report a file either on the download page or on the contact us page. I'm the guy with too much time on his hands and actually follows up on reported phish emails and I've seen many services with no reporting mechanisms. Also, give your customers their own subdomain so I can selectively allow them in the palo alto.
> Having a consumer download a sketchy file from what should be a trusted service (it's firefox! they're the good guys!) is not good for your company image, either.
I just don't understand this kind of logic. I can send mail bombs with the trusted postal service and people will open them. Does anyone blame the postal service?
Ok, fine, they scan for bombs. So people shift to mailing sealed anthrax envelopes (which has happened). A public service is also going to be used by criminals, yet we do not expect the service to be shut down.
Ok, I googled a bit. According to this[0] they're running PCR tests on samples from the air around the mail processing. I.e. outside the mail. In a sufficiently sealed package/enveloped that wouldn't be detected.
Well, and with encryption the files going through mozilla are always properly sealed and they can only rely on external indicators such as reports or IP blacklists. So they're doing no worse than USPS.
We absolutely expect public utilities be shut down temporarily when danger exists. This happens with gas, fire, electric. In 2001, when USPS first encountered the 'sealed anthrax envelopes' problem, they shut down lots of post offices for quite some time.
Your framing suggests that Firefox Send was a 'public utility', held to the same standard as a power company or a gas company, required to provide service to all who seek it. Firefox Send was not a 'public utility', though, and so it need not be temporary to shut it down in the face of attackers. Apparently the Firefox group decided to make it permanent.
What if Gmail was shutdown without notice tomorrow? Would any lawsuit have standing if refunds were issued that same day? Would free users have any recourse whatsoever? It isn't a public utility, right?
Why not add a Report button and start charging for the service?