Deleted post
Your statement is trivial. It is true for all places in the internet where you can upload stuff. Welcome to the internet.
Itch does good in not telling what exactly is in place, so bad actors do not come up with methods of circumventing it.
The bad actor I saw that weekend is disapper now, but yeah, "itch have no tool to prevent or find bad actors"..... ;-)
Any game page can be quarantined. There are automatic protections, including server-side malware scans, and other methods to catch people who try to use itch.io as an attack vector. And a game page can be reported even if it's restricted, if the recipient of a link deems it suspicious. This is probably more than many other websites do to catch malicious uploads.
No you were not. Or actually, what you talked about is included in what I wrote. Itch is searchable by internet should you not know. There is no such thing as "restricted" page. If you can share a direct link without key or password necessary, google will find it. Or is there an additional button to not make game page visible for 3d party search engine?
And even if it wereso. how isthat any diffrent from a bad agent sharing a link to googledrive? The ydo not even scan big archieves.
You could construct scearious where you need akey to download it, so like make the pay very big so no one who accindentaly finds page buys it, and share link and key with your victims. But again, how is taht diffrent from sharing googledrive password protected archive.
I say again, your observation is trivial.
And on a side note from expericence with scam mails over the years i got, often the payload link is on small forum software or uploadabe usercontent there. But I have never seen payload on even remotely similar pages like itch. Why? Because itch does do remove bad agents i suspect.