Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Some Sites That Blue Coat Blocks Under "Pornography"

timothy posted about 6 months ago | from the say-what's-under-that-blue-coat? dept.

Censorship 119

Bennett Haselton writes this week with a dissection of the effects of one well-known, long-known problem with so-called Internet filters. "The New Braunfels Republican Women, the Weston Community Children's Association, and the Rotary Club of Midland, Ontario are among the sites categorized as 'pornography' by Blue Coat, a California-based Internet blocking software company. While the product may not be much worse than other Internet filtering programs in that regard, it reinforces the point that miscategorization of sites as 'pornographic' is a routine occurrence in the industry, and not just limited to a handful of broken products." Read on below for the rest.

On Monday I released a blog post through the Citizen Lab at the University of Toronto, listing some of the sites that we had found to be blocked by Blue Coat's Internet filtering program. Previously we had released a similar report on sites that were miscategorized as "pornography" by Smartfilter. We ran some of the same URL lists through both programs, and found that some unfortunate sites were even blocked as "pornography" by both products, including Barenboim-Said (a youth orchestra featuring musicians from Israel, Palestine, and different Arab nations), and the aforementioned New Braunfels Republican Women.

The full list of sites we said were "miscategorized" is at the end of the Citizen Lab blog post. As far as I know we didn't miss any porn hidden on any of the sites that were in the list. The closest we came was a photo on performancespace.org/ showing what appears to be a model taking one for the team by lying on the floor of a grungy art exhibit. There was also the other borderline case of http://safe-sex.org/, which does include articles on topics like "Safe Sex with Expensive London Escorts." But Blue Coat's own working definition of 'pornography' defines it as "Sites that contain sexually explicit material for the purpose of arousing a sexual or prurient interest," and the articles on Safe-Sex.org do not appear intended to arouse ("The heartwarming fact about having safe sex with expensive London escorts is that they usually present a clean bill of health to clients."), so it gets counted as a miscategorization. The overwhelming majority of miscategorized sites were completely G-rated fare like the Kiddie Kollege Nursery School (which, by the way, would probably have grounds for a lawsuit against Blue Coat, if parents trying to access their website were greeted with a message that it had been blocked for containing "pornography").

Anyone can play the parlor game of examining blocked websites looking for signs of what caused them to be blocked. Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title? (Tempting to thing so, but unlikely, since there are so many other sites with "women" in the name which were not blocked by either product.) One of the blocked websites, http://www.foundations4betterliving.org/, until recently contained statistics such as "A growing variety of sexual behaviour is being practiced by teens 15- to 19-year-old... 53% admit to masturbating; 49% have participated in oral sex; 11% have had anal sex," all of which you could read on their front page while Bette Midler's 'From A Distance' auto-played in the background. (I was hoping to introduce you to that sublime experience, but unfortunately the domain apparently expired right after the report was published. When you list 150 domain names in a report, that's bound to happen with some of them.) And there's neobit.org/, the homepage of a manufacturer of emulators for dongles. While many Americans probably heard the term for the first time when Amy Poehler asked the Best Buy salesman "Can I use a dongle with this? Does it make you uncomfortable when I use the word 'dongle'?", the eggheads at Blue Coat should know what a dongle actually is. 'Dongle' has never been generally accepted anatomical slang, one rogue entry at the Urban Dictionary notwithstanding.

On the other hand, most websites in the report are not only not pornographic, they don't even seem to contain any content that could have triggered an accidental block. So it's quite possible that Blue Coat simply blocks a certain number of sites as a result of some pseudo-random process, and just by chance, some of those sites happen to contain content which looks like it might have caused the block, but the content actually had nothing to do with it.

Still, that leaves open the question of why so many sites turned up blocked by both Blue Coat and Smartfilter. Out of about 150 sites miscategorized by Smartfilter and about 150 sites miscategorized by Blue Coat, 8 sites showed up on both lists, or about 6%. (That group of 8 is listed in the middle of the blog post, beginning with balticsail.org.) Now if either Smartfilter or Blue Coat were blocking non-pornographic sites completely at random, then the percentage of overlap should be about the same as the percentage of non-pornographic sites that the product blocks generally. (For example: Suppose Blue Coat blocked 1% of non-pornographic sites completely at random. Out of 150 non-pornographic sites blocked by Smartfilter, we would therefore expect 1% of them -- about 1 or 2 sites -- to also be blocked by Blue Coat.) But despite the huge number of errors made by both products, neither of them comes close to blocking 6% of all non-pornographic websites as "pornography"; the percentage of overlap is much higher than we would expect if the blocking were random.

So this suggests that some factor is at work that caused the 8 sites in that list to be more likely than average to be blocked, such that they ended up blocked by both products. Did any of the domain names used to be registered to a porn site? It seems hard to imagine that balticsail.org or barenboimsaidusa.org/ could have ever been in demand as domain names used to advertise porn. moriah.org/ sounds like it possibly could have been (many domain names consisting solely of female first names are registered to porn sites), but according to the Wayback Machine, the a previous owner was a Christian band, before the domain expired and was bought by its present-day owner, a Jewish boarding school. Perhaps the IP addresses of these sites used to be held by porn companies, but then why would the products block the sites by their domain name as well? So I really don't know.

The good news is that, unlike Smartfilter, at least Blue Coat's blacklist doesn't appear to be used by any countries for nationwide Internet censorship. Citizen Lab had previously discovered installations of Blue Coat Internet blocking software in 19 "countries of interest" with poor human rights records, but none of them appeared to be set up to filter Internet traffic in and out of the country. In the one country where the product was being used for statewide Internet filtering, the United Arab Emirates, the Blue Coat software was being used in conjunction with Smartfilter's blacklist, so the sites that are mis-blocked by Blue Coat are not blocked in that country (unless of course they also happen to be mis-blocked by Smartfilter).

For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.

What a bunch of dongles.

cancel ×

119 comments

Sorry! There are no comments related to the filter you selected.

Hentai Futanari Furry (1, Funny)

Anonymous Coward | about 6 months ago | (#46544673)

Dildo Double Penetration Anal Blowjob Breasts Anus Penis Ass Tits

And yes, that IS on-topic!

Re:Hentai Futanari Furry (2)

noh8rz10 (2716597) | about 6 months ago | (#46544787)

TFS:

Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title?

Braunfels sounds like brothels?

Re:Hentai Futanari Furry (2)

QRDeNameland (873957) | about 6 months ago | (#46545373)

Maybe they added picture scanning technology and the New Braunfels Republican Women are simply hawt.

Re:Hentai Futanari Furry (2)

boristdog (133725) | about 6 months ago | (#46545531)

Well...
New Braunfels IS a popular destination for Comal and Guadalupe river riders, many of whom are college-age females wearig skimpy bathing suits.
New Braunfels is also home of Schlitterbahn, usually voted the worlds best water park and therefore also often full of nubile women in skimpy bathing suits.

So during the warm months there are many hot women in New Braunfels. However, I would wager that few if any of these hot women are registered republicans.

But if you want to look at hot women in skimpy bathing suits, New Braunfels is a pretty good place to go. Maybe that's it.

Re:Hentai Futanari Furry (2)

CMYKjunkie (1594319) | about 6 months ago | (#46545595)

No no no. The filter got it right! Those New Braunfels Republican Women are SKANKS!!!

Re:Hentai Futanari Furry (2, Funny)

Anonymous Coward | about 6 months ago | (#46546593)

No, because it has 'Republican'. That's as close to porn as it can be.

Re: Hentai Futanari Furry (0, Offtopic)

Anonymous Coward | about 6 months ago | (#46545247)

This article is blocked by my company. Though that may have more to do with the language in the above comment

Exploited sites? (4, Insightful)

Kaenneth (82978) | about 6 months ago | (#46544703)

Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge.

I know of at least one federal agency that had a poorly secured FTP server loaded with child porn back in to 90's

Re:Exploited sites? (1, Flamebait)

east coast (590680) | about 6 months ago | (#46544813)

You sure the FTP site was hijacked? That sounds like business as usual coming from the government.

Re:Exploited sites? (0)

Anonymous Coward | about 6 months ago | (#46546087)

You sure the FTP site was hijacked? That sounds like business as usual coming from the government.

Hey, while we're at it! I know why New Braunfels Republican Women is blocked. They obviously talk about who they're going to F#$% next in their meetings. /S

Re:Exploited sites? (2)

Mashiki (184564) | about 6 months ago | (#46546857)

Very possible. Back when I was interested in the scene(aka warez in the mid 90's), and was following a lot of the underground news there was always some government ftp server somewhere that wasn't compromised but "opened" to allow access by someone. My theory on it was, it wasn't a honey pot but someone on the inside serving to select people, and serving to friends on the inside. Whether it still holds true today, I have no idea.

Re:Exploited sites? (2)

jythie (914043) | about 6 months ago | (#46544927)

More likely they have some type of bayesian filter style process that categorizes sites based off reasons it does not have the capability of explaining. It could be something as simple as some headline or piece a site linked to had just the wrong words in it.

Re:Exploited sites? (4, Funny)

K. S. Kyosuke (729550) | about 6 months ago | (#46545065)

Nah, Blue Coat announced a tender for the filter data. It's just that Rule34 Technologies, Inc. won the bid by delivering a two-byte filter definition (".*") under budget and on schedule.

Re:Exploited sites? (1)

Jane Q. Public (1010737) | about 6 months ago | (#46545251)

"Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge."

Possibly, but most likely not.

When you automate filters, they make mistakes. Period.

When you put filters in the hands of government, they also make "mistakes", but how many of those mistakes are intentional is anybody's guess... though some of the sites blocked by UK filters have been rather telling.

Re:Exploited sites? (2)

PRMan (959735) | about 6 months ago | (#46545295)

Blue Coat makes the free K9 software which I used to use when my kids were younger. They allowed the end-users to flag any site as a violation of any category. I'm not sure how much checking they did, but I would imagine if 10-12 people called the same site the same thing they would probably block it.

Also, any user can request that a certain site should NOT be blocked as a certain category, as it is unlikely to apply. Again, hard to tell how long or how many users until it took effect.

Re:Exploited sites? (1)

SuricouRaven (1897204) | about 6 months ago | (#46545457)

One of the example sites is a political site. The other represents people from a politically contested region. Both subjects that might well attract some activists trying to manipulate classifications to smear the reputation of their political opposites. It's a good theory, but it can't explain all of the misblocks. It's likely there are actually several different causes going on at once.

Re:Exploited sites? (0)

Anonymous Coward | about 6 months ago | (#46546097)

Sites that spread pictures or stories of beastiality, incest and murder are things that many people (rightly or not) find offensive and want censored. Most of the "yay censorship" crowd leans (R). It's a double standard to try to ban 1984, Animal Farm and Harry Potter when one advocates a book that depicts far more violent memes - the Bible. Censorship is wrong. Selective censorship is worse.

http://onecrazybible.com/2011/11/30/virgins-incest-and-old-school-pimpin/

Re:Exploited sites? (2)

tattood (855883) | about 6 months ago | (#46546453)

This is true. Their website is https://sitereview.bluecoat.co... [bluecoat.com] .

Sometimes automated systems make mistakes, and when they do, they are corrected. Get over it and stop whining.

And by the way, all of the sites mentioned have been fixed.

The New Braunfels Republican Women (www.nbrw.com) > Political/Social Advocacy
Weston Community Children's Association (www.wccakids.org) > Charitable Organizations
Rotary Club of Midland, Ontario (www.clubrunner.ca) > Charitable Organizations

Re:Exploited sites? (1)

sputnikid (191152) | about 6 months ago | (#46545747)

I knew of this happening on a number of occasions for sites when I was working with Blue Coat hardware.

Often the main page was hacked and filled with hidden porn links and meta data to feed search engines.

Re:Exploited sites? (1)

Karl Cocknozzle (514413) | about 6 months ago | (#46546173)

Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge.

I know of at least one federal agency that had a poorly secured FTP server loaded with child porn back in to 90's

Perhaps, but most of these devices have a separate category for that (so you can run a report and quantify just how much "more secure" you are than if you'd stayed with your old product.)

Reinforcement (1, Funny)

michaelmalak (91262) | about 6 months ago | (#46544717)

It reinforces that it's a slow news day at Slashdot.

Blocking sites by accidents isn't the issue. (0)

Anonymous Coward | about 6 months ago | (#46544721)

There is a specific white list where bluecoat isn't supposed to log say your username and password, or information based on a BANKsite list or Financial institution, legal lawyer interaction site. You get this wrong then all the usernames/credentials/information/account numbers can flow into the logs where anyone can scrape them.

Man in the middle is always a bad idea, as its a single point where everything in the company can be compromised and we have decrypted it for you in advance.

Re:Blocking sites by accidents isn't the issue. (0)

Anonymous Coward | about 6 months ago | (#46544935)

There is a specific white list where bluecoat isn't supposed to log say your username and password, or information based on a BANKsite list or Financial institution, legal lawyer interaction site. You get this wrong then all the usernames/credentials/information/account numbers can flow into the logs where anyone can scrape them.

Man in the middle is always a bad idea, as its a single point where everything in the company can be compromised and we have decrypted it for you in advance.

Your bank doesn't use SSL? There is always something in the middle in a corporate/uni network that can log, not at least including the firewall all have.

Re:Blocking sites by accidents isn't the issue. (1)

compro01 (777531) | about 6 months ago | (#46545079)

Bluecoat "features" SSL MITM bullshit.

How about a list of websites? (-1, Redundant)

ArcadeMan (2766669) | about 6 months ago | (#46544727)

Here's a list of all the pornographic websites in the world:
google.com
yahoo.com
bing.com

This is WHY hosts filtering's great (0, Troll)

Anonymous Coward | about 6 months ago | (#46544737)

YOU control it, completely: How? This - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

APK

P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

** "Less is more" = GOOD engineering!

*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

Re:This is WHY hosts filtering's great (0)

noh8rz10 (2716597) | about 6 months ago | (#46544803)

+1 ontopic!

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46544869)

Why the -1 minus mod on his post then? Makes no sense!

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46546175)

Since he floods crap so often in unrelated stories, it is best to downmod everything he posts in the hopes that with enough of them, his IP will be blocked.

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46546281)

Joke's on you. He just posted it again when you ran out of mod points for down modding him troll.

Who're you *trying* to fool, idiot? (0)

Anonymous Coward | about 6 months ago | (#46546389)

I never post on hosts when they don't apply. You lose. IP blocking? LMAO - good luck (I am IMPOSSIBLE to 'ban out' douchebag, & THAT? Is truly that... get used to it!)

* You make me laugh - especially since I can just RUN YOU DRY of your modpoints, & keep on posting in UNLIMITED fashion (unlike other ac posters here).

APK

P.S.=> Of course, a no balls troll by ac post dimwit like YOU believes your own crap, which makes me realize you're a "10 below plantlife IQ" type... apk

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46544901)

Who down moderated apk's post? It's on topic and it's correct.

Re:This is WHY hosts filtering's great (1)

arth1 (260657) | about 6 months ago | (#46544989)

True, although by now I think it is +1 redundant, as we surely have read it before.

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46545149)

I see his posts when they're minus modded anyhow. Most here do. He's dead on right on this one.

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46546647)

Because he has about 4 billion negative karma from his usual spam overflowing to here.

Re:This is WHY hosts filtering's great (0)

Anonymous Coward | about 6 months ago | (#46546753)

You're really stupid aren't you? ac posters like apk have no karma points to worry about.

Re:This is WHY hosts filtering's great (1)

TangoMargarine (1617195) | about 6 months ago | (#46546271)

I was starting to wonder whether you were still around here, man. :)

I never left... apk (0)

Anonymous Coward | about 6 months ago | (#46546855)

I've always been around/never left - perhaps we just post in diff. parts of /.'s all...

* In any event? There ya are...

APK

P.S.=> "Onwards & UPWARDS"...

... apk

I prefer BlueCoat's SSL MITM functionality... (0)

Anonymous Coward | about 6 months ago | (#46544747)

I prefer using BlueCoat because it can MITM all SSL connections (no accepting its cert, no communication allowed on any port.) Sarbanes-Oxley requires this by law, same with FERPA and PCI-DSS.

Re:I prefer BlueCoat's SSL MITM functionality... (0)

Anonymous Coward | about 6 months ago | (#46545175)

Can you point me to where Sarbanes-Oxley states a requirement to MiTM SSL connections? Didn't think so. Thanks for playing.

Re:I prefer BlueCoat's SSL MITM functionality... (3, Informative)

wiredlogic (135348) | about 6 months ago | (#46546409)

Sarbx requires record keeping for financial auditing, not logging every single action by employees. If you think it requires monitoring all internet traffic then you are afflicted with a clueless PHB who would rather enforce draconian measures that treat all employees as a liability.

This is why censorship doesn't work (0)

Anonymous Coward | about 6 months ago | (#46544785)

Even if you could identify all the sites in the world you don't want someone else to see for whatever reason you'd care to invent: you can still get it wrong.

Ugh, free speech again? (4, Interesting)

Anonymous Coward | about 6 months ago | (#46544789)

For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.

It's against the law for the United States to censor its citizens. It's not against the law for citizens to self-censor, or to censor others in a private capacity. From my perspective, helping Saudia Arabia censor its citizens is not tantamount to the United States violating free speech of its own citizens. Stop trying to turn the first amendment into some kind of mandate that the U.S. do anything other that limit is own power so it never infringes upon its own citizens right to free speech

Re:Ugh, free speech again? (4, Insightful)

LordLimecat (1103839) | about 6 months ago | (#46545017)

This is a distinction lost on Bennett, who ironically screams bloody murder about private companies "violating" the first amendment while recommending that we gut the 5th.

Somehow one gets the impression that Bennett doesnt actually get WHY we have the bill of rights and what the threat model is.

Bennett, if it seems like I have a bit of a grudge against you in most of the posts you drop, its because you seem to utterly lack perspective in these things and miss the bigger picture. Companies need to monitor and filter THEIR networks for legal and HR reasons. The government is a whole different animal, and we have protections in place to keep them from becoming tyrants. Thats the disconnect that you seem to keep missing.

Maybe when BlueCoat is required by a piece of legislation Ill hop aboard the "tar and feather BlueCoat Labs" bandwagon, but until then I see the service they provide as valuable.

Re:Ugh, free speech again? (0)

Anonymous Coward | about 6 months ago | (#46546497)

So, you're willing to tar Blue coat is the government mandates it, but not willing to tar them if they just do a shitty job of providing the service they propose to sell to their customers?

That makes no sense...

Re:Ugh, free speech again? (1)

LordLimecat (1103839) | about 6 months ago | (#46547125)

Because its none of my concern if some random company provides a crappy IT product. I as a consultant just tell my employer to pass when it comes up as an option.

Re:Ugh, free speech again? (1)

interkin3tic (1469267) | about 6 months ago | (#46546509)

I'd argue that the government is a "whole different animal" about as much as mules are a whole different animal from horses. The same arguments against government censorship hold true for corporate censorship. An idea should survive or die based on it's merits, not because someone with power dislikes it and wants it to die. That's true no matter if the power is in the form of an army, the police, another branch of the government, or if it's in the form of corporate lawsuits, products, lobbying, bribery, etc. If you're preventing me from saying a particular thing in something as broad as the internet, you're a tyrrant in at least one important way, whether you're a politician or a corporation.

Obviously the first amendment doesn't protect foreign citizens, nor does it apply to private corporations, sure. Which might be why Bennet doesn't appear to have mentioned it?

Re:Ugh, free speech again? (0)

Anonymous Coward | about 6 months ago | (#46546921)

The fuck are you going on about?

There are legit reasons for a company to filter web traffic. A corporate network is not your fucking soapbox. That'd be like saying that you should have unlimited access to a company's printer system to distribute your EFF manifestos. It's a business network, made for the sole purpose of facilitating business.

*Accessing malware websites
*Transferring trade secrets outside the company
*Consuming limited network resources
*Wasting time

are all reasons to block web traffic on a corp. network. A business network is not your personal LAN: It's constantly targeted by organized criminals trying to get access to databases and admin rights.

Re:Ugh, free speech again? (4, Insightful)

LordLimecat (1103839) | about 6 months ago | (#46547113)

I'd argue that the government is a "whole different animal" about as much as mules are a whole different animal from horses. The same arguments against government censorship hold true for corporate censorship

No, they dont, for the following reasons:

  • 1) Its NOT YOUR PROPERTY. The company is providing you with bandwith, keyboards, mice, chairs, office space, and computers, and it is THEIR prerogative to decide how and under what circumstances they may be used. If you dont like it or feel oppressed, exercise your rights at home: noone can stop you from doing so.
  • 2) They are sometimes LEGALLY REQUIRED to do so. If they host data protected by HIPAA or SOXley or protected by export restrictions, they can be raked over the coals for failing to police their network. If someone prints porn out on the network printer and some woman gets offended, she could potentially sue the company for sexual harassment if they cannot show that theyre taking due diligence to prevent such things.
  • 3) They are often TECHNICALLY required to do so. Dont monitor your outbound email, and one day youll find yourself on DNSRBL or SpamHaus. Have fun dealing with that and getting delisted without implementing "censorship" of some kind. Also have fun preventing virus outbreaks on the network without both filtering and monitoring what goes on there.
  • 4) You can leave your company, your company can dissolve, and it has no jurisdiction over what you do at home. You cannot "opt out" of the US Government, it doesnt go away, and it has the power to enforce laws regardless of where you go. Thus, it makes a lot more sense to worry about what the Government decides are "the rules" than what your company does in its own little corner of the playground.
  • 5) You almost always explicitly agree to such "censorship" in a voluntary contract with your employer. Dont like it, dont agree to the acceptable use policy and find a different employer.

The two look alike only at the most shallow and irrelevant levels.

Re:Ugh, free speech again? (0)

Anonymous Coward | about 6 months ago | (#46547215)

LordLimecat posts are a lot more tolerable if you imagine them read in Fuzzy Lumpkin's voice.

Re:Ugh, free speech again? (1)

fustakrakich (1673220) | about 6 months ago | (#46547469)

You cannot "opt out" of the US Government, it doesnt go away, and it has the power to enforce laws regardless of where you go.

But we have, should we ever decide to use it, the power of the vote. We can't opt out, but we can change it.

The thing you don't understand is that we let big money stuff the ballot box, so we elect servants to the companies, who make regulations so obnoxious as to keep out any upstart competition. We actually have more control over the government than we do over private business. The top 20% of income earners are 80% of the economy. The rest of us don't have a chance aside from avoiding media spoon fed candidates.

Re:Ugh, free speech again? (0)

Anonymous Coward | about 6 months ago | (#46545081)

I don't see "first amendment" in the sentence you quoted. Freedom of speech and the first amendment are *not* the same thing. It is possible for corporations to violate people's free speech, but it may be permissible (but not necessarily moral) for them to do so.

Re:Ugh, free speech again? (0)

Anonymous Coward | about 6 months ago | (#46546691)

Stop trying to turn the first amendment into some kind of mandate that the U.S. do anything other that limit is own power so it never infringes upon its own citizens right to free speech

If constitutional rights are the inaliable, fundamental rights of mankind, then surely there *is* a deep moral problem with taking those rights from others, even if those others aren't American.

Re: Ugh, free speech again? (0)

Anonymous Coward | about 6 months ago | (#46547945)

But as an interesting side note, the United States generally won't extradite its citizens for any crime that would be protected under the Constitution (even if what s/he did is illegal wherever s/he's being charged).

Security Theatre (2)

redelm (54142) | about 6 months ago | (#46544807)

Look, in any filtering system there are going to be false positives and false negatives. Perhaps more with active systems because the true negatives have an incentive to get by, and so will adjust. (A certain actress and warm cereal is a /. example) The filterers will then have to clamp down, increasing false positives.

The whole thing has a whiff of Bruce Schneier's "security Theatre". Everyone serious knows it does not work, but it gives political cover of be able to claim an effort. Saving face at a price paid by other people. I try to avoid such predators.

Re:Security Theatre (0)

Anonymous Coward | about 6 months ago | (#46545231)

Actually, this isn't security theater. As someone whose job it is to defend an enterprise network, Bluecoat does a pretty good job at blocking malicious websites and drive-by downloads. It's shocking how many sites get popped, and how many people click stupid things. There is a lot of theater in the physical AND digial security world, but well-managed URL filter policies aren't one of them.

This is NOT an endorsement for any kind of government mandated filter program. The practical, legal and philosophical differences between a private company and a government utilizing such software are staggering and clear, and anyone suggesting otherwise is a fool.

Re:Security Theatre (1)

PRMan (959735) | about 6 months ago | (#46545313)

Actually, K9 (the free version of Blue Coat) worked REMARKABLY well in my experience. In my 5 years of using it at home when my kids were younger, I only ran into a handful of unblocked sites and only 2 false positives.

Re:Security Theatre (2)

redelm (54142) | about 6 months ago | (#46545495)

... that you know of!

BlueCoat may be the best of a bad breed, but that just encourages complacency. Far better to choose less-insecure software (anything-but-IE) and instill some security consciousness into users. Filters might have a "training-wheels" place for learners, but reliance is dangerous.

Re:Security Theatre (1)

lgw (121541) | about 6 months ago | (#46546663)

There's really no difference in the security of browsers these days - it's all about the plug-ins.

And what does any of that have to do with wanting a porn-blocking filter for your kids?

Re:Security Theatre (0)

cbhacking (979169) | about 6 months ago | (#46547031)

Nothing much... but anybody who thinks kids need (or even will benefit from) porn blocking has their head shoved so far up their puritan ass they could offer a whole new camera angle for porn if they wore Google Glass. Most kids learn (a flawed version of) what sex is long before they're old enough for it themselves. Some of them develop weird ideas about it, but those ideas near-universally come down to "ew, gross!" and stay that way until they get old enough for hormones to kick in. At that point, a porn filter is worse than useless, unless your goal is to teach your kids how to flout parental authority. There are so incredibly many ways to get around such things, all you're doing (and I use "you" generally here, not directed to anybody in particular) is telling the kids that there's something interesting to see there.

Good parenting will have kids knowing what they need to know about sex before the lack of that knowledge can hurt them, and will produce kids who trust their parents to guide them well. Bad parenting will keep kids in the dark, forcing them to "learn" from other kids and go around their parents instead of going to them. You may think you're protecting them, but all you're doing is forcing them to learn from people (even) less trustworthy than yourselves.

Re:Security Theatre (1)

lgw (121541) | about 6 months ago | (#46547121)

Sure, that's one opinion. But that doesn't mean there's no place for such a product for people with a their own opinion about how to raise their kids.

Re:Security Theatre (0)

Anonymous Coward | about 6 months ago | (#46545331)

Don't open a business in Scunthorpe, your web site will be blocked for eternity!

Re:Security Theatre (0)

Anonymous Coward | about 6 months ago | (#46545659)

It's bothered me for a long time that games.slashdot.org is blocked at my job.

Re:Security Theatre (1)

Agent0013 (828350) | about 6 months ago | (#46546487)

It's bothered me for a long time that games.slashdot.org is blocked at my job.

I see that and the same with idle.slashdot.org. But the solution is to paste the article link into your browser and remove the games or idle part of the link. So instead of yro.slashdot.org/story/14/03/21/1453253/some-sites-that-blue-coat-blocks-under-pornography you can go to slashdot.org/story/14/03/21/1453253/some-sites-that-blue-coat-blocks-under-pornography and get the same article.

Re:Security Theatre (0)

Anonymous Coward | about 6 months ago | (#46546937)

Thanks. I feel a strange mingling of gratitude and embarrassment, since I didn't figure this out myself over years and years.

Re:Security Theatre (0)

Anonymous Coward | about 6 months ago | (#46548305)

This is not really a problem with Bluecoat's content filtering, but more of a lame attempt by your 'web gateway' administrators to deny pieces of Slashdot.

According to Bluecoat, both 'games.slashdot.org' and 'idle.slashdot.org' is categorized as (and only as) "Technology/Internet".
(Check it yourself at http://sitereview.bluecoat.com )

If your admins actually denied the category of "Technology/Internet", they would probably have a much bigger problem on their hands as many other technology sites would be blocked as well.

So, they explicitly blocked those specific urls, which is why it's so easy to get around it.

Re:Security Theatre (0)

Anonymous Coward | about 6 months ago | (#46546869)

True, but some are MUCH better than others, and they should strive to be better. Of about 40 that I just checked, only 3 came back blocked by my McAfee web gateway, which, so far (~6mos) has been the best filter I have implemented, killing Cisco, Websense, SurfControl, et al.

This is a lay down setup to the right of the chuck (0)

Anonymous Coward | about 6 months ago | (#46544829)

Wow, yet another example of how Saul Alinski techniques are not only unethical but, in this case, can be libelous and slanderous.

Shame on them.

Now let's not be too hasty in whitelisting (1)

edremy (36408) | about 6 months ago | (#46544891)

Have you fully checked out the New Braunfels Republican Women website? Republicans like porn too, and Republican porn....

Atleast it's optional (1)

xiando (770382) | about 6 months ago | (#46544945)

Blue Coat is mostly optional. What Google is doing is far worse, with Blue Coat you know that the censored websites exists and are blocked. Googles censorship of sites with content they don't think you should know is something you don't notice: It just looks like those sites don't exist.

Re:Atleast it's optional (1)

PRMan (959735) | about 6 months ago | (#46545327)

Google's not doing it. The MAFIAA and the government are MAKING Google do it.

Re:Atleast it's optional (2)

lgw (121541) | about 6 months ago | (#46546701)

Google Image Search will auto-block-and-report anything matching the FBI CP database. Great idea in principle. But now the FBI has the ability to auto-block-and-report any image they want to. Ripe for abuse.

blue coat = virus (0)

Anonymous Coward | about 6 months ago | (#46544953)

perhaps major antivir suppliers should tag blue coat as "malware", "backdoor" or "virus".
Blue coat would have to taste its' own medicine.

Republican Women? (0)

Anonymous Coward | about 6 months ago | (#46545031)

Yeah.
Pornography.
Block it!

Wait! A web filter is overblocking??? (0)

Anonymous Coward | about 6 months ago | (#46545153)

Stop the presses! This warrants a SlashDot story.

What's next? Some computers require a reboot?

Shame on Timothy for letting this through!

A wage slave at Blue Coat used SmartFilter... (1)

RealGene (1025017) | about 6 months ago | (#46545255)

If he had the mind-numbing and soul-crushing job of checking sites for porn, a low-paid employee might find it easier to just type the URL into SmartFilter's check page, and copy what he found there. That would explain the more-than-chance overlap of mistakenly blocked sites.

Who knew... (1)

rnturn (11092) | about 6 months ago | (#46545261)

... that the photos from the annual awards banquet and the monthly meeting minutes from the Rotary Club could be NSFW?

Years ago, the web site for a local IT group -- who'd nominated our CIO for an industry award -- was being blocked by the corporate web filters that were marking it as "tasteless".

Why do these vendors even try if they're going to fail so spectacularly?

Re:Who knew... (1)

BenSchuarmer (922752) | about 6 months ago | (#46545857)

What do you expect? Do you know what you get when you take the middle two letters out of "annual"?

This is why hosts filtering is great... apk (-1)

Anonymous Coward | about 6 months ago | (#46545265)

YOU control it, completely: How? This - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

APK

P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

** "Less is more" = GOOD engineering!

*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

Re:This is why hosts filtering is great... apk (0)

Anonymous Coward | about 6 months ago | (#46545655)

That's it apk. Keep posting it when they down mod you when you're on topic.

Good luck (1)

Anonymous Coward | about 6 months ago | (#46545481)

Yeah, and good luck getting your site removed from one of their lists, once you're added. Unless you're a big enough name to warrant special attention, your site will just get tossed back into the queue to be automatically categorized, resulting in the same or similar categorization. Never will you be allowed to speak with a real person to get whitelisted as a workaround to their algorithms being complete BS.

Any system needs human review (1)

Badmovies (182275) | about 6 months ago | (#46545487)

A few years back one company's software identified my site under "Illegal: Gambling." Since it's a movie site, that was way off. I contacted the company and explained the situation to them. After a short exchange with 2 of their techs, they removed the tag from my site in their system.

Any filtering software needs a system for site owners to submit trouble tickets, and also employees, who can think independently, to review them and make corrections.

Why is every word capitalized? (0)

Anonymous Coward | about 6 months ago | (#46545581)

Is blue coat blocking sites or are sites coating blocks in blue paint?
Without knowing what the fuck blue coat is this tittle makes 0 sense at all.

This is why hosts filtering's great... apk (-1)

Anonymous Coward | about 6 months ago | (#46545613)

YOU control it completely: How? This - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

APK

P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

** "Less is more" = GOOD engineering!

*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

New trends in filtering (1)

trazom28 (134909) | about 6 months ago | (#46545707)

Typically products use URL filtering and search filtering - very challenging and full of false positives (and false negatives). The newest trend seems to be actual content filtering, where the page is pre-loaded on the filter, analyzed, and allowed through if OK, blocked if not. It seems to greatly increase the correct response of the filter to the pages in question. I only know of a couple of companies who are offering this now, but I definitely see it as where things are headed.

Can you report a site to either of these lists? (1)

Oligonicella (659917) | about 6 months ago | (#46545721)

Doesn't seem like anyone has mentioned the obvious, spurious reporting for nefarious reasons. If any of these sites (like YouTube and others do) rely on people reporting porn sites to them, it's open for rife neglect.

Quite misleading (1)

racermd (314140) | about 6 months ago | (#46545787)

There are a number of assumptions being made about all of this.

First, it's assuming one is using BlueCoat to begin with.

Second, it's assuming that the users of BlueCoat products are using some of BlueCoat's subscription services to ease management of those devices.

Third, it's assuming that the users of BlueCoat products are not modifying the filters by hand.

I've had some hands-on experience with BlueCoat products in the past, particularly the web-filtering/proxy devices described here, and our organization was large enough to have some of our staff (including myself) manage it part-time as part of their full-time IT responsibilities. We set it up in full white-list mode so that everything not explicitly allowed was blocked by default. We could have set it up in black-list mode or even a hybrid black- and white-list mode. We did not, however, subscribe to the filtering list that BlueCoat offers. That's just one option a customer can choose.

It is unacceptable to me that such filter subscriptions should block well-meaning websites under the guise of preventing porn. But it's entirely possible to remove or even white-list those same sites, on an individual basis, by the customer even if they're included as part of the filter subscription configuration. It's lazy on the part of the staff at BlueCoat for maintaining an inaccurate list and it's lazy on the part of IT managers and staff for keeping those sites blocked if their policies didn't specifically prohibit users from accessing them. The blame can't be solely pinned on BlueCoat, but they certainly share a significant portion of it with IT staff.

I wonder if slashdot is blocked? (0)

Anonymous Coward | about 6 months ago | (#46545871)

I wonder if slashdot is blocked? The neckbeard circle jerk that goes on here when a MIcrosoft article is posted is certainly not suitable for children!

Missed out again (1)

imikem (767509) | about 6 months ago | (#46545907)

They've got it going ON at the Rotary Club.

Misleading Indeed (1)

genpip (3587205) | about 6 months ago | (#46545941)

Several items to question here. Where did these lists come from? Did the author manually track down sites to find out which ones were specifically miscategorized by the specific vendors? Seems pretty unfair if you're only going to target two vendors instead of taking this ENTIRE list (the one used for Smartfilter and the one used for Blue Coat) and test them against ALL major vendors in this market space and report on that. Otherwise, he's just trying to create anger around two specific vendors (probably because they blocked his porn and he's upset with them). Did any of these websites host questionable content that WOULD have caused automatic rating services to trigger it as porn at any time? Without contacting the owners of each of these sites and getting them to admit that their sites were indeed hacked and used as hosting services for nefarious purposes, you're not going to know. A lot of times content can be hosted on sub-sites that aren't linkable off of the any of the pages. So again, how would he know if things weren't awry? He seems pretty misguided here, while trying to put on the show of "knowing" what he was reporting.

LAWYER TIME (2)

Jim Sadler (3430529) | about 6 months ago | (#46546155)

If someone blocks a site wrongly due to thinking it is pornographic can't they be sued? Why is it that businesses are treated differently than people? I am quite certain that if i blocked a site like a local college that I would face all kinds of legal issues and might even do prison time. So what about the people that supply and use this blocking software?

Re:LAWYER TIME (1)

genpip (3587205) | about 6 months ago | (#46546231)

As long as they don't correct it, then MAYBE! Again though, companies like Blue Coat who are arguably the market leaders in things like content filtering, wouldn't be there if they were arbitrarily blocking these sites without correcting wrong ones. Just a thought.

Try being webmaster of ANUS.com (1)

hessian (467078) | about 6 months ago | (#46546191)

We're blocked everywhere despite no pornographic content.

Somehow, web filter drones find it hard to believe that the "American Nihilist Underground Society (ANUS)" not only chose the domain deliberately, but has been around for 20+ years.

False positives and what to do about them (0)

Anonymous Coward | about 6 months ago | (#46546297)

Bluecoat and other web filtering technologies ARE subject to false positives. We currently use Websense which is an Industry leader and yes have had some sites blocked that caused us to wonder why. All of these products have ways of submitting a miss classified site for review. Such sites are often re classified within hours of submission. In some cases we have had sites we thought "looked good" to us, only to find out the reason for blocking was due to malware hosted on the site or the site serving porn from hidden pages due to the site being compromised.

Responsiveness (2)

Phreakiture (547094) | about 6 months ago | (#46546463)

Bluecoat don't vet every site. They vet what they can, and let bayesian classifiers do the rest.

That said, when you find a mistake, you can submit it to them and they will look into it. I have had a 100% success rate getting them to adjust the classification of sites I've submitted to them over the last six or seven years.

This IS why host file filtering's great... apk (0)

Anonymous Coward | about 6 months ago | (#46546465)

YOU control it, completely: How? This - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):

---

APK Hosts File Engine 9.0++ 32/64-bit:

http://start64.com/index.php?o... [start64.com]

(Details of hosts' benefits enumerated in link)

Summary:

---

A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen... [slashdot.org]

B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... [slashdot.org] w/ less added "moving parts" complexity + room 4 breakdown,

C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).

---

* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)

APK

P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein

** "Less is more" = GOOD engineering!

*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"

...apk

I could just imagine BlueCoat's unit tests. (0)

Anonymous Coward | about 6 months ago | (#46546557)

Guess it's safe to say employees over at BlueCoat are looking at porn all day.

Co-hosted solutions (0)

Anonymous Coward | about 6 months ago | (#46546815)

Having managed and dealt with many filtering companies over time, I can say that many .org, .gov, .edu etc... sites tend to run on the cheap and will go with the "best offer" for a hosting solution.

This can eventually lead to your site being on the same system as an adult site. The main site for the server is the adult site so when the IP is checked, this site shows up and the filter blocks the site.

Most vendors have been working on better tools to alleviate this issue, but it still persists.

Most of the vendors will respond to a "reclassification" request within 4 hours and it's fairly simple to "whitelist" the site if all else fails.

Really don't see the news here...

Time traveler's dilemma (1)

Workaphobia (931620) | about 6 months ago | (#46547117)

Quick, the cyborgs are hot on my tail -- when am I? Did I make it back to 2023? Or is it 2003? Let's see... Bennet Haselton is criticizing internet filtering... Dammit, that doesn't narrow the range in the slightest!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>