securecomputing.com · Domains

From Bess to Worse

Yro · Censorship · 2007-02-21 02:45 · posted by CmdrTaco · from the won't-somebody-please dept. · 146 comments

Frequent Slashdot contributor Bennett Haselton writes " From about 1996 to 2003, there were regular reports listing examples of sites stupidly blocked by blocking software. The genre has tapered off recently, probably as a result of the Supreme Court ruling in 2003 that the Children's Internet Protection Act (CIPA) was constitutional, requiring blocking software in schools and libraries that receive federal funds, despite all the evidence of over-blocking presented at the trial. The last high-profile story about a site blocked by blocking software was about the blocking of BoingBoing almost a year ago. But the lack of recent reports on blocking software errors doesn't mean that the software has gotten better." The rest of his essay follows.

One product that generated several reports over the years was "Bess, the Internet Retriever" from N2H2, which has since been bought out by Secure Computing, which also makes a blocking program called SmartFilter (the one that blocked BoingBoing) and now sells "SmartFilter, Bess Edition" which uses the same database as Bess. Different organizations and individuals published a series of investigative reports about Bess from 1997 until 2002, listing sites about gay rights, eating disorders, and other subjects that were blocked as "pornography". In Ben Edelman's supplemental report, submitted as testimony in the CIPA trial, he listed examples of erroneously blocked sites that he had reported to N2H2 in his first expert report, and which were still being blocked five months later.

Since Bess represents a set of data points showing how the accuracy of a blocking program can change, or not change, over the years, recently I began testing it again. I didn't know whether to expect it to be better or worse. On the one hand, advances in technology and greater revenue to censorware companies could have caused the software to improve. On the other hand, the number of Web pages, and the rate at which dynamic sites like blogs change content every day, has exploded. The result? I'm still tabulating data, but it looks as if the accuracy rate is roughly the same as it was in 2000, when about 30% of blocked sites were obvious errors. Then and now, I found most of the errors by starting with a large list of URLs culled from search engines and other sources, and simply running them through the software to see what was blocked.

Here is a partial list of some of the questionable categorizations made by Bess; as of this writing, all of the following sites are listed as "Pornography" when you look them up on Secure Computing's Bess lookup form. (This is not just a fluke of the lookup tool; I tested against a copy of the software that all of these sites really were blocked.) The "screen cap" link next to each site links to a snapshot of the results taken from the lookup form (you can check on http://database.n2h2.com/ to see if the page is still returning the same results, although the more obvious errors will probably be fixed after this article is published):

The Electronic Frontier Foundation, Austin chapter (screen cap)
Cretans of Houston (screen cap). That's Cretans, as in "people from the island of Crete". Not to be confused with the Cretins of Houston, located here.
The Rhode Island Coalition Against Domestic Violence (screen cap)
The website of the public art galleries of British Columbia, Canada (screen cap)
Rail2000, now the Bay Rail Alliance, a consumer group lobbying for a San Francisco regional rail system (screen cap)
Rainbow Service Organization, a gay rights advocacy group (screen cap)
GardenMentors.com, a custom gardening services company in Seattle (screen cap)
A web site for Catalina 380 series boats (screen cap)
Open Source ERP, a site promoting open source software for enterprise resource planning and customer relationship management (screen cap)
The Bryn Mawr Mainliners, a barbershop harmony group (screen cap)
Timber Trails, an outdoor recreation site (screen cap)
The MEFTA Institute: "Middle East Free Trade Areas for Business Peace" -- world peace through cheap oil! (screen cap)
Topple Rummy, a (somewhat out-of-date) site calling for the ouster of Donald Rumsfeld (screen cap)
The Alabama Network of Children's Advocacy Centers (screen cap)
PSARA, a non-profit organization for training cruise travel agents (screen cap)
Park Place Behavioral Health Care, a non-profit mental health care agency (screen cap)
The Oklahoma chapter of the American Institute of Building Design (screen cap)
The Boys & Girls Clubs of Metropolitan Phoenix (screen cap)
CEMTACH -- Computational ElectroMagnetics Theory-Algorithm-Code-Hardware. "Our goal is to develop systems simulations capabilities based on time-domain computational electromagnetics methods." Thanks for clearing that up. (screen cap)
Fund for Humanity, a San Francisco non-profit supporting environmental organizations and organizations that assist the poor. (screen cap)

A long-standing point of contention while earlier reports about Bess were coming out, was whether every site on their blacklist had been reviewed by a human before being blocked. In 1998 the CEO testified before Congress that "All sites that are blocked are reviewed by N2H2 staff before being added to the block lists." However in their 2002 annual report the company finally admitted that not all sites were reviewed before being blocked: "Through automated categorization or human review, Web sites are identified as fitting into one or more of our categories". At one point an N2H2 employee also told me that when one site is blocked, they will often block all sites hosted on that machine or at that IP -- which of course means that those sites are also not reviewed before being blocked. In any case, it's possible to access some of these sites by IP address, such as the BC Art Galleries site via this link, or the or the Rhode Island Coalition Against Domestic Violence via this link -- so if they're not sharing their IP with other sites, that wouldn't explain how they got blocked either. Smartfilter spokesperson Tomo Foote-Lennox said that one other blocked URL that I found, http://www.arbiol.org/, was the result of an experiment N2H2 once did with fully automated website ratings.

Foote-Lennox added, "In general, we find that schools are VERY sensitive to under-blocking. The would rather block a whole lot of useful reference sites to avoid exposing one porn site." Probably true, although keep in mind we're talking about liability issues, not actual moral outrage. (If they were really morally outraged, they'd be trying to keep kids away from uncensored Internet access everywhere, not just in school! That is in fact the approach that schools take with things like drugs, which do inspire moral outrage because they really are harmful.) Perhaps what is needed is a law explicitly shielding schools from all liability for what students do or see on the Internet at school, if the faculty had no knowledge of it.

(Obligatory interstitial advertisement for common sense: I still don't see what the big deal is about porn anyway. Ask yourself: Why is it harmful to see a picture of a naked person, or even a picture of people having sex? And try to find an answer to that question that doesn't involve, "Lots of other people think so." That includes all variations like "Our society has determined...", "We as a people have decided...", which are just re-phrasings of "Lots of other people think so." I submit that if you disallow those variations of grownup-peer-pressure as an excuse, most people can't really come up with any reason at all.)

OK, flame-retardant suit off, lab coat back on. Previous reports have listed absurd examples of sites blocked by Bess, and looking at any one of those examples or the ones listed here, I'd say that in terms of public policy discussions -- specifically, whether a blocking software company should be trusted to decide what students can look at -- any one of these blocked sites would be more significant than, say, the blocking of BoingBoing which got so much attention. BoingBoing got blocked because of a non-sexual picture of a bare breast on the cover of one of the books they reviewed -- and in fact they were blocked only in the "nudity" category, which includes only "non-pornographic images of the bare human body". So the block on BoingBoing really only revealed that Secure Computing was a bit heavy-handed. (The real problem is that SmartFilter has the category for non-pornographic nudity blocked by default, even though the CIPA filtering law certainly doesn't require schools to block non-pornographic artistic images!) On the other hand, the fact that EFF Austin and the Rhode Island Coalition Against Domestic Violence are currently blocked as "Pornography", suggests that in many instances the blocking companies have nobody at the controls at all. To focus on stupid-but-not-completely-insane blocks like BoingBoing is letting them off easy.

So why did the laundry lists of blocked sites released over the years never become as widely known as BoingBoing, or the guffaw-inducing examples like "Beaver College", which had to change their name in part because of students reportedly being blocked from accessing their website? I think it's because the news favors a good "punch line" -- a fact that anybody can understand that makes us feel smarter than the computers making these dumb mistakes. "Oh, I get it, it was blocked because it was called Beaver College!" But the "punch line" anecdotes are precisely the ones that let the blocking companies off lightly, because it gives them a plausible-sounding excuse for making an error. On the other hand, when the Rhode Island Coalition Against Domestic Violence gets blocked as "Pornography", that could probably force the blocking company to answer some tough questions if it got more press, but there's no good punch line there, so the story just fizzles.

So, while I'm looking through the rest of the data, let me try and come up with some punch lines for reporters to make these blocked sites newsworthy. OK: Why was GardenMentor.com blocked? To keep kids away from all the dirty bitches and hoes! Get it? Ha ha! Why was the Catalina 380 yachting site blocked from kids? Because teens are too vulnerable to pier pressure! Hey, where are you going?

VDARE Fights Blocking By Censorware

2006-10-19 09:23 · posted by ryuzaki0 · from the fighting-inconvenience-with-inconvenience dept. · 278 comments

Bennett Haselton writes "The anti-immigration site VDARE is publicizing the fact that it has been blocked as a 'hate site' by several Internet blocking programs, although some of them backed off and un-blocked it after receiving a letter from VDARE's lawyer. Since blocking software is bound to remain in use in most public schools for the foreseeable future, this raises the question: Is it possible for a blocking company to define a 'hate site' in a consistent way, without including conservative groups that might file a First Amendment lawsuit if their sites were blocked from public school computers? See what VDARE says about the content on their own site, and how blocking software companies have handled this issue in the past and what they might do this time." This is the first in a series of article by Bennett Haselton, writing for us from the Peacefire group. Read on for the rest of his piece. The anti-immigration site VDARE.com is publicizing the fact that their site is blocked as a "hate site" by several different blocking programs. They don't name the programs, although they say that four companies used to block VDARE and "backed off after receiving a lawyer's letter".

It seems to be working, since according to the online lookup forms provided by WebSense, N2H2, SurfControl and SmartFilter, only SmartFilter lists the site under "hate speech"; the rest either don't categorize it or list it in innocuous categories. (N2H2 lists it as "Web Page Hosting/Free Pages", which makes no sense -- but not only that, N2H2 is now owned by the same company that makes SmartFilter, which means the company has VDARE listed one way in one product, and a different way in another.)

VDARE says they decided that showing legal muscle was a good way to get unblocked, after reading about an experiment Peacefire did in which we found that censorware companies would block sites with anti-gay content when they thought the sites were run by individuals, but would not block the *exact same content* when it was hosted by "mainstream" groups like Focus on the Family. Concludes VDARE: "The obvious reason for the double standard is that the foundations have lawyers on staff, and volunteer lawyers, and the Censorware companies are afraid of them." True -- although we did nominate AFA.net as a "hate site" at about the same time, and it did get blocked by Cyber Patrol, so it is possible if the content is extreme enough.

I'm against blocking VDARE, even from people under 18, but only because I'm against such blocking in general. Polls show that most people under 18 are more liberally-minded about race than their parents, suggesting that if you want to end racism, give minors more rights and freedom of information, not less. There was a big flap when it came out that in some Islamic schools in New York, parents had their children taught with textbooks which said that "the Jews killed their own prophets" and "you will find them ever deceitful", but without more civil rights for people under 18 to seek information for themselves, there's not much that anybody can do about it.

But as for whether VDARE really should be listed as a "hate site", the site owner himself says that VDARE is not "white nationalist", but adds, "We also publish on VDARE.COM a few writers, for example Jared Taylor, whom I would regard as 'white nationalist'". Well even if VDARE itself claims not to be 'white nationalist', if they host white nationalist writings, it's still accurate to classify the site as a place where such content is located. VDARE itself is also listed by the Southern Poverty Law Center as a hate group. VDARE's founder insists they are merely anti-immigration, not white nationalist, although he admits he once thought about adding a chapter to his anti-immigration book Alien Nation about the "last white family" (not the "last non-illegal-immigrant family") to leave Los Angeles.

Like BoingBoing.Net did before them, VDARE is retaliating against the block by encouraging people to learn how to get around blocking software. I wonder if they looked closely at our site first, since we fight censorship from the point of view of advocating greater civil rights for minors, which would probably not be a popular view with VDARE's ultra-conservative base. And if that's not enough, I'm planning to contact WebSense, SurfControl, and any other company that doesn't currently list VDARE as a "hate site", and ask them why not. So, VDARE sends us traffic, and this is how we repay them.

Slashback: OSX Security, DoD Filtering, Anonymous Posting

2006-03-08 11:59 · posted by ryuzaki0 · from the dusting-off-the-old-tin-foil-hat dept. · 211 comments

Slashdot tonight brings some corrections, clarifications, and updates to previous Slashdot stories, including some favorable results from the University of Wisconsin's Mac OS X Challenge, skeptics investigate cold fusion claims, more on DoD web filtering, AT&T cuts 10,000 jobs after BellSouth merger, more child-proofing efforts for MySpace, Why Windows Vista Will Suck: a rebuttal, Harvard Professor punished for reporting bugs, Assemblyman Biondi backpedals on NJ anonymous posting bill, and a followup on Chinese TLDs -- Read on for details.

University of Wisconsin's Mac OS X Challenge. HABITcky writes "The University of Wisconsin Security Challenge has ended after 38 hours, intermittent DoS attacks, 4000 ssh login attempts, a bandwidth spike of 30 Mbps, and 6 million logged ipfw events. During this time there were 'no successful access attempts, nor any claims of a successful attempt.' You may remember this challenge was proposed in response to the 'woefully misleading' ZDnet article, Mac OS X hacked under 30 minutes, which was previously discussed here on Slashdot."

Skeptics investigate cold fusion.smooth wombat writes "As a follow-up to a previous Slashdot posting, Purdue University is investigating the claims of Rusi Taleyarkhan who claimed in 2004 to have created nuclear fusion at room temperature. The investigation came about from complaints from colleagues who suspect something is amiss. Taleyarkhan, who used to work at Oak Ridge National Laboratory, has, since working at Perdue, removed the equipment the co-workers were using to try and replicate the results, claimed results for experimental runs were positive for fusion despite the co-workers never seeing the raw data and opposed the publication of results which contradicted his findings."

More on DoD web filtering. timetrap writes "I work in a mobile combat communications unit, while I'm not in the sandbox right now, I can attest to the DoD policy on blocking web access. First of all when you are down range don't expect to even get DSL speeds from a satellite, we usually roll with about 256kbs for the data side of our trunk. So blocking sites is very important, otherwise 4 or 5 people could start streaming audio and pretty much knock down any legitimate use of the network. We filter websites with smartfilter and yes the military system admins in the IPO office will unblock any web site that isn't blocked by local policy (no pr0n, no streaming audio, no civilian web mail: both the hot and the g varieties, and no chat programs; although irc is used by the DoD) This is no Orwellian conspiracy, but quick and easy system administration; apply smartfilter: check! If you want to check the current smartfilter blocked sites goto: securecomputing and submit some sites to check." Slashdot's own Jamie took a look at Smartfilter back in '99 as a part of the Censorware project and it still remains a mysterious black box to this day. While some would advocate full disclosure using censorware still appears to be merely passing the buck.

AT&T cuts 10,000 jobs after BellSouth merger. mytrip writes to tell us that immediately following their $67 billion acquisition of BellSouth, AT&T plans on cutting about 10,000 jobs.

More child-proofing efforts for MySpace. conq writes "BusinessWeek has an interview with Connecticut Attorney General Richard Blumenthalin in which he describes measures MySpace and other similar sites should take to protect children. From the article: 'We're going to be suggesting some very specific measures that MySpace can take based on our conversations with MySpace as well as with other law enforcement authorities at the state and local levels. We've received hundreds of complaints from parents who are concerned about these issues, and we want to be sure that the measures we propose are technologically feasible and financially viable.'"

Why Windows Vista will Suck: a rebuttal. shrapnull writes "Hot on the heels of Extreme Tech's 'Why Windows Vista Won't Suck', Steven J. Vaughan-Nichols has an alternate position posted on DesktopLinux, and sent to subscribers of Novell's 'Suse Linux Cool Solutions' newsletter."

Harvard researcher punished for reporting bugs. Guillermito writes "A story previously discussed came to a sad conclusion two weeks ago. The bottom line is this means that it is forbidden to use reverse engineering tools to find bugs in a software. You also have to prove that you own a valid license for each version of the tested software. To publish a proof of concept that contains a few dozens of copyrighted bytes is also forbidden. It's a nice precedent for any company selling a defective product."

Assemblyman Biondi backpedals on NJ anonymous posting bill. Quadraginta writes "Earlier, denizens of Slashdot reacted to a story about a bill to be introduced to the New Jersey legislature that would require hosts of forums, bulletin boards and the like to keep track of the real identity of anonymous posters. Seems like there was a strong reaction all over. Assemblyman Biondi now appears to be backpedalling furiously. From a letter quoted after the link: 'I am getting inundated with responses which I will review and use to better educate myself on the implications of this bill. If, after reviewing all of the correspondence and the opinion of OLS, it turns out that the bill is, in fact, unworkable, I will certainly reconsider and withdraw it.'"

A followup on Chinese TLDs. nqz writes "In this story on ComputerWorld, ICANN and the China Internet Network Information Center (CNNIC) both dispute a previous story discussing China's new top-level domains containing Chinese characters."