Slashdot Mirror
Some Sites That Blue Coat Blocks Under "Pornography"
On Monday I released a blog post through the Citizen Lab at the University of Toronto, listing some of the sites that we had found to be blocked by Blue Coat's Internet filtering program. Previously we had released a similar report on sites that were miscategorized as "pornography" by Smartfilter. We ran some of the same URL lists through both programs, and found that some unfortunate sites were even blocked as "pornography" by both products, including Barenboim-Said (a youth orchestra featuring musicians from Israel, Palestine, and different Arab nations), and the aforementioned New Braunfels Republican Women.
The full list of sites we said were "miscategorized" is at the end of the Citizen Lab blog post. As far as I know we didn't miss any porn hidden on any of the sites that were in the list. The closest we came was a photo on performancespace.org/ showing what appears to be a model taking one for the team by lying on the floor of a grungy art exhibit. There was also the other borderline case of http://safe-sex.org/, which does include articles on topics like "Safe Sex with Expensive London Escorts." But Blue Coat's own working definition of 'pornography' defines it as "Sites that contain sexually explicit material for the purpose of arousing a sexual or prurient interest," and the articles on Safe-Sex.org do not appear intended to arouse ("The heartwarming fact about having safe sex with expensive London escorts is that they usually present a clean bill of health to clients."), so it gets counted as a miscategorization. The overwhelming majority of miscategorized sites were completely G-rated fare like the Kiddie Kollege Nursery School (which, by the way, would probably have grounds for a lawsuit against Blue Coat, if parents trying to access their website were greeted with a message that it had been blocked for containing "pornography").
Anyone can play the parlor game of examining blocked websites looking for signs of what caused them to be blocked. Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title? (Tempting to thing so, but unlikely, since there are so many other sites with "women" in the name which were not blocked by either product.) One of the blocked websites, http://www.foundations4betterliving.org/, until recently contained statistics such as "A growing variety of sexual behaviour is being practiced by teens 15- to 19-year-old... 53% admit to masturbating; 49% have participated in oral sex; 11% have had anal sex," all of which you could read on their front page while Bette Midler's 'From A Distance' auto-played in the background. (I was hoping to introduce you to that sublime experience, but unfortunately the domain apparently expired right after the report was published. When you list 150 domain names in a report, that's bound to happen with some of them.) And there's neobit.org/, the homepage of a manufacturer of emulators for dongles. While many Americans probably heard the term for the first time when Amy Poehler asked the Best Buy salesman "Can I use a dongle with this? Does it make you uncomfortable when I use the word 'dongle'?", the eggheads at Blue Coat should know what a dongle actually is. 'Dongle' has never been generally accepted anatomical slang, one rogue entry at the Urban Dictionary notwithstanding.
On the other hand, most websites in the report are not only not pornographic, they don't even seem to contain any content that could have triggered an accidental block. So it's quite possible that Blue Coat simply blocks a certain number of sites as a result of some pseudo-random process, and just by chance, some of those sites happen to contain content which looks like it might have caused the block, but the content actually had nothing to do with it.
Still, that leaves open the question of why so many sites turned up blocked by both Blue Coat and Smartfilter. Out of about 150 sites miscategorized by Smartfilter and about 150 sites miscategorized by Blue Coat, 8 sites showed up on both lists, or about 6%. (That group of 8 is listed in the middle of the blog post, beginning with balticsail.org.) Now if either Smartfilter or Blue Coat were blocking non-pornographic sites completely at random, then the percentage of overlap should be about the same as the percentage of non-pornographic sites that the product blocks generally. (For example: Suppose Blue Coat blocked 1% of non-pornographic sites completely at random. Out of 150 non-pornographic sites blocked by Smartfilter, we would therefore expect 1% of them -- about 1 or 2 sites -- to also be blocked by Blue Coat.) But despite the huge number of errors made by both products, neither of them comes close to blocking 6% of all non-pornographic websites as "pornography"; the percentage of overlap is much higher than we would expect if the blocking were random.
So this suggests that some factor is at work that caused the 8 sites in that list to be more likely than average to be blocked, such that they ended up blocked by both products. Did any of the domain names used to be registered to a porn site? It seems hard to imagine that balticsail.org or barenboimsaidusa.org/ could have ever been in demand as domain names used to advertise porn. moriah.org/ sounds like it possibly could have been (many domain names consisting solely of female first names are registered to porn sites), but according to the Wayback Machine, the a previous owner was a Christian band, before the domain expired and was bought by its present-day owner, a Jewish boarding school. Perhaps the IP addresses of these sites used to be held by porn companies, but then why would the products block the sites by their domain name as well? So I really don't know.
The good news is that, unlike Smartfilter, at least Blue Coat's blacklist doesn't appear to be used by any countries for nationwide Internet censorship. Citizen Lab had previously discovered installations of Blue Coat Internet blocking software in 19 "countries of interest" with poor human rights records, but none of them appeared to be set up to filter Internet traffic in and out of the country. In the one country where the product was being used for statewide Internet filtering, the United Arab Emirates, the Blue Coat software was being used in conjunction with Smartfilter's blacklist, so the sites that are mis-blocked by Blue Coat are not blocked in that country (unless of course they also happen to be mis-blocked by Smartfilter).
For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.
What a bunch of dongles.
Dildo Double Penetration Anal Blowjob Breasts Anus Penis Ass Tits
And yes, that IS on-topic!
Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge.
I know of at least one federal agency that had a poorly secured FTP server loaded with child porn back in to 90's
It reinforces that it's a slow news day at Slashdot.
There is a specific white list where bluecoat isn't supposed to log say your username and password, or information based on a BANKsite list or Financial institution, legal lawyer interaction site. You get this wrong then all the usernames/credentials/information/account numbers can flow into the logs where anyone can scrape them.
Man in the middle is always a bad idea, as its a single point where everything in the company can be compromised and we have decrypted it for you in advance.
YOU control it, completely: How? This - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)
APK
P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein
** "Less is more" = GOOD engineering!
*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
...apk
I prefer using BlueCoat because it can MITM all SSL connections (no accepting its cert, no communication allowed on any port.) Sarbanes-Oxley requires this by law, same with FERPA and PCI-DSS.
Even if you could identify all the sites in the world you don't want someone else to see for whatever reason you'd care to invent: you can still get it wrong.
For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.
It's against the law for the United States to censor its citizens. It's not against the law for citizens to self-censor, or to censor others in a private capacity. From my perspective, helping Saudia Arabia censor its citizens is not tantamount to the United States violating free speech of its own citizens. Stop trying to turn the first amendment into some kind of mandate that the U.S. do anything other that limit is own power so it never infringes upon its own citizens right to free speech
Look, in any filtering system there are going to be false positives and false negatives. Perhaps more with active systems because the true negatives have an incentive to get by, and so will adjust. (A certain actress and warm cereal is a /. example) The filterers will then have to clamp down, increasing false positives.
The whole thing has a whiff of Bruce Schneier's "security Theatre". Everyone serious knows it does not work, but it gives political cover of be able to claim an effort. Saving face at a price paid by other people. I try to avoid such predators.
Wow, yet another example of how Saul Alinski techniques are not only unethical but, in this case, can be libelous and slanderous.
Shame on them.
Have you fully checked out the New Braunfels Republican Women website? Republicans like porn too, and Republican porn....
"Seven Deadly Sins? I thought it was a to-do list!"
Blue Coat is mostly optional. What Google is doing is far worse, with Blue Coat you know that the censored websites exists and are blocked. Googles censorship of sites with content they don't think you should know is something you don't notice: It just looks like those sites don't exist.
9/11: Never forget it was a false-flag operation
perhaps major antivir suppliers should tag blue coat as "malware", "backdoor" or "virus".
Blue coat would have to taste its' own medicine.
Yeah.
Pornography.
Block it!
Stop the presses! This warrants a SlashDot story.
What's next? Some computers require a reboot?
Shame on Timothy for letting this through!
If he had the mind-numbing and soul-crushing job of checking sites for porn, a low-paid employee might find it easier to just type the URL into SmartFilter's check page, and copy what he found there. That would explain the more-than-chance overlap of mistakenly blocked sites.
Mission: To provide products that consume time and energy as entertainingly as permitted by the laws of thermodynamics.
... that the photos from the annual awards banquet and the monthly meeting minutes from the Rotary Club could be NSFW?
Years ago, the web site for a local IT group -- who'd nominated our CIO for an industry award -- was being blocked by the corporate web filters that were marking it as "tasteless".
Why do these vendors even try if they're going to fail so spectacularly?
CUR ALLOC 20195.....5804M
Yeah, and good luck getting your site removed from one of their lists, once you're added. Unless you're a big enough name to warrant special attention, your site will just get tossed back into the queue to be automatically categorized, resulting in the same or similar categorization. Never will you be allowed to speak with a real person to get whitelisted as a workaround to their algorithms being complete BS.
A few years back one company's software identified my site under "Illegal: Gambling." Since it's a movie site, that was way off. I contacted the company and explained the situation to them. After a short exchange with 2 of their techs, they removed the tag from my site in their system.
Any filtering software needs a system for site owners to submit trouble tickets, and also employees, who can think independently, to review them and make corrections.
Andrew Borntreger
Champion of cinematic disasters
Is blue coat blocking sites or are sites coating blocks in blue paint?
Without knowing what the fuck blue coat is this tittle makes 0 sense at all.
That's it apk. Keep posting it when they down mod you when you're on topic.
Typically products use URL filtering and search filtering - very challenging and full of false positives (and false negatives). The newest trend seems to be actual content filtering, where the page is pre-loaded on the filter, analyzed, and allowed through if OK, blocked if not. It seems to greatly increase the correct response of the filter to the pages in question. I only know of a couple of companies who are offering this now, but I definitely see it as where things are headed.
{} ------ When I think of a good sig, I'll put it here
Doesn't seem like anyone has mentioned the obvious, spurious reporting for nefarious reasons. If any of these sites (like YouTube and others do) rely on people reporting porn sites to them, it's open for rife neglect.
There are a number of assumptions being made about all of this.
First, it's assuming one is using BlueCoat to begin with.
Second, it's assuming that the users of BlueCoat products are using some of BlueCoat's subscription services to ease management of those devices.
Third, it's assuming that the users of BlueCoat products are not modifying the filters by hand.
I've had some hands-on experience with BlueCoat products in the past, particularly the web-filtering/proxy devices described here, and our organization was large enough to have some of our staff (including myself) manage it part-time as part of their full-time IT responsibilities. We set it up in full white-list mode so that everything not explicitly allowed was blocked by default. We could have set it up in black-list mode or even a hybrid black- and white-list mode. We did not, however, subscribe to the filtering list that BlueCoat offers. That's just one option a customer can choose.
It is unacceptable to me that such filter subscriptions should block well-meaning websites under the guise of preventing porn. But it's entirely possible to remove or even white-list those same sites, on an individual basis, by the customer even if they're included as part of the filter subscription configuration. It's lazy on the part of the staff at BlueCoat for maintaining an inaccurate list and it's lazy on the part of IT managers and staff for keeping those sites blocked if their policies didn't specifically prohibit users from accessing them. The blame can't be solely pinned on BlueCoat, but they certainly share a significant portion of it with IT staff.
My sources are unreliable, but their information is fascinating. -- Ashleigh Brilliant
I wonder if slashdot is blocked? The neckbeard circle jerk that goes on here when a MIcrosoft article is posted is certainly not suitable for children!
They've got it going ON at the Rotary Club.
Perscriptio in manibus tabellariorum est.
Several items to question here. Where did these lists come from? Did the author manually track down sites to find out which ones were specifically miscategorized by the specific vendors? Seems pretty unfair if you're only going to target two vendors instead of taking this ENTIRE list (the one used for Smartfilter and the one used for Blue Coat) and test them against ALL major vendors in this market space and report on that. Otherwise, he's just trying to create anger around two specific vendors (probably because they blocked his porn and he's upset with them). Did any of these websites host questionable content that WOULD have caused automatic rating services to trigger it as porn at any time? Without contacting the owners of each of these sites and getting them to admit that their sites were indeed hacked and used as hosting services for nefarious purposes, you're not going to know. A lot of times content can be hosted on sub-sites that aren't linkable off of the any of the pages. So again, how would he know if things weren't awry? He seems pretty misguided here, while trying to put on the show of "knowing" what he was reporting.
If someone blocks a site wrongly due to thinking it is pornographic can't they be sued? Why is it that businesses are treated differently than people? I am quite certain that if i blocked a site like a local college that I would face all kinds of legal issues and might even do prison time. So what about the people that supply and use this blocking software?
We're blocked everywhere despite no pornographic content.
Somehow, web filter drones find it hard to believe that the "American Nihilist Underground Society (ANUS)" not only chose the domain deliberately, but has been around for 20+ years.
Futurist Traditionalism
Bluecoat and other web filtering technologies ARE subject to false positives. We currently use Websense which is an Industry leader and yes have had some sites blocked that caused us to wonder why. All of these products have ways of submitting a miss classified site for review. Such sites are often re classified within hours of submission. In some cases we have had sites we thought "looked good" to us, only to find out the reason for blocking was due to malware hosted on the site or the site serving porn from hidden pages due to the site being compromised.
I never post on hosts when they don't apply. You lose. IP blocking? LMAO - good luck (I am IMPOSSIBLE to 'ban out' douchebag, & THAT? Is truly that... get used to it!)
* You make me laugh - especially since I can just RUN YOU DRY of your modpoints, & keep on posting in UNLIMITED fashion (unlike other ac posters here).
APK
P.S.=> Of course, a no balls troll by ac post dimwit like YOU believes your own crap, which makes me realize you're a "10 below plantlife IQ" type... apk
Bluecoat don't vet every site. They vet what they can, and let bayesian classifiers do the rest.
That said, when you find a mistake, you can submit it to them and they will look into it. I have had a 100% success rate getting them to adjust the classification of sites I've submitted to them over the last six or seven years.
www.wavefront-av.com
YOU control it, completely: How? This - Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?o...
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/commen...
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comme... w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* Addons are more complex + slowup browsers in message passing (use a few concurrently & see) - Addons slowdown SLOWER usermode browsers layering on MORE: I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)
APK
P.S.=> * "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein
** "Less is more" = GOOD engineering!
*** "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
...apk
Guess it's safe to say employees over at BlueCoat are looking at porn all day.
Having managed and dealt with many filtering companies over time, I can say that many .org, .gov, .edu etc... sites tend to run on the cheap and will go with the "best offer" for a hosting solution.
This can eventually lead to your site being on the same system as an adult site. The main site for the server is the adult site so when the IP is checked, this site shows up and the filter blocks the site.
Most vendors have been working on better tools to alleviate this issue, but it still persists.
Most of the vendors will respond to a "reclassification" request within 4 hours and it's fairly simple to "whitelist" the site if all else fails.
Really don't see the news here...
I've always been around/never left - perhaps we just post in diff. parts of /.'s all...
* In any event? There ya are...
APK
P.S.=> "Onwards & UPWARDS"...
... apk
Quick, the cyborgs are hot on my tail -- when am I? Did I make it back to 2023? Or is it 2003? Let's see... Bennet Haselton is criticizing internet filtering... Dammit, that doesn't narrow the range in the slightest!
Evidently, the key to understanding recursion is to begin by understanding recursion. The rest is easy.
It's a tool used by left-wing zealots opposed to free speech.
Blaming it on a automated system is plain wrong. If you end up on the wrong end of a automated system, you find out that it might be very hard to get of some blacklist.
-Procedure to get off/ timeframe is NOT documented. (someone will look at it sometime),
-The procedure to get you on the list is made by humans. Setting criteria too strict and BOOM..
-if filtering software get too strict porn people will try to fight this.: (combining a political site with some hidden porn links, ask the child porn people exactly how)
-Everyone has enemies. It is easy to report someone to put a site on filter list. I bet the site owner was never notified.
Regarding whatever software / process created the filter lists for these programs: With huge numbers of sites being infected with some form of malware on a regular basis I'm wondering if it is possible that these sites when scanned did re-direct the scanner to an elicit site. There is also conditional malware that is often very difficult to detect that shows different things to different people. Perhaps it could be as simple as the malware injected adult banner ads that the filter saw and flagged the site for.
Porn sites should have to use .xxx and then filtering would be easy and not produce these false-positives.