Slashdot Mirror

← Back to Stories (view on slashdot.org)

Some Sites That Blue Coat Blocks Under "Pornography"

Posted by timothy on from the say-what's-under-that-blue-coat? dept.

Bennett Haselton writes this week with a dissection of the effects of one well-known, long-known problem with so-called Internet filters. "The New Braunfels Republican Women, the Weston Community Children's Association, and the Rotary Club of Midland, Ontario are among the sites categorized as 'pornography' by Blue Coat, a California-based Internet blocking software company. While the product may not be much worse than other Internet filtering programs in that regard, it reinforces the point that miscategorization of sites as 'pornographic' is a routine occurrence in the industry, and not just limited to a handful of broken products." Read on below for the rest.

On Monday I released a blog post through the Citizen Lab at the University of Toronto, listing some of the sites that we had found to be blocked by Blue Coat's Internet filtering program. Previously we had released a similar report on sites that were miscategorized as "pornography" by Smartfilter. We ran some of the same URL lists through both programs, and found that some unfortunate sites were even blocked as "pornography" by both products, including Barenboim-Said (a youth orchestra featuring musicians from Israel, Palestine, and different Arab nations), and the aforementioned New Braunfels Republican Women.

The full list of sites we said were "miscategorized" is at the end of the Citizen Lab blog post. As far as I know we didn't miss any porn hidden on any of the sites that were in the list. The closest we came was a photo on performancespace.org/ showing what appears to be a model taking one for the team by lying on the floor of a grungy art exhibit. There was also the other borderline case of http://safe-sex.org/, which does include articles on topics like "Safe Sex with Expensive London Escorts." But Blue Coat's own working definition of 'pornography' defines it as "Sites that contain sexually explicit material for the purpose of arousing a sexual or prurient interest," and the articles on Safe-Sex.org do not appear intended to arouse ("The heartwarming fact about having safe sex with expensive London escorts is that they usually present a clean bill of health to clients."), so it gets counted as a miscategorization. The overwhelming majority of miscategorized sites were completely G-rated fare like the Kiddie Kollege Nursery School (which, by the way, would probably have grounds for a lawsuit against Blue Coat, if parents trying to access their website were greeted with a message that it had been blocked for containing "pornography").

Anyone can play the parlor game of examining blocked websites looking for signs of what caused them to be blocked. Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title? (Tempting to thing so, but unlikely, since there are so many other sites with "women" in the name which were not blocked by either product.) One of the blocked websites, http://www.foundations4betterliving.org/, until recently contained statistics such as "A growing variety of sexual behaviour is being practiced by teens 15- to 19-year-old... 53% admit to masturbating; 49% have participated in oral sex; 11% have had anal sex," all of which you could read on their front page while Bette Midler's 'From A Distance' auto-played in the background. (I was hoping to introduce you to that sublime experience, but unfortunately the domain apparently expired right after the report was published. When you list 150 domain names in a report, that's bound to happen with some of them.) And there's neobit.org/, the homepage of a manufacturer of emulators for dongles. While many Americans probably heard the term for the first time when Amy Poehler asked the Best Buy salesman "Can I use a dongle with this? Does it make you uncomfortable when I use the word 'dongle'?", the eggheads at Blue Coat should know what a dongle actually is. 'Dongle' has never been generally accepted anatomical slang, one rogue entry at the Urban Dictionary notwithstanding.

On the other hand, most websites in the report are not only not pornographic, they don't even seem to contain any content that could have triggered an accidental block. So it's quite possible that Blue Coat simply blocks a certain number of sites as a result of some pseudo-random process, and just by chance, some of those sites happen to contain content which looks like it might have caused the block, but the content actually had nothing to do with it.

Still, that leaves open the question of why so many sites turned up blocked by both Blue Coat and Smartfilter. Out of about 150 sites miscategorized by Smartfilter and about 150 sites miscategorized by Blue Coat, 8 sites showed up on both lists, or about 6%. (That group of 8 is listed in the middle of the blog post, beginning with balticsail.org.) Now if either Smartfilter or Blue Coat were blocking non-pornographic sites completely at random, then the percentage of overlap should be about the same as the percentage of non-pornographic sites that the product blocks generally. (For example: Suppose Blue Coat blocked 1% of non-pornographic sites completely at random. Out of 150 non-pornographic sites blocked by Smartfilter, we would therefore expect 1% of them -- about 1 or 2 sites -- to also be blocked by Blue Coat.) But despite the huge number of errors made by both products, neither of them comes close to blocking 6% of all non-pornographic websites as "pornography"; the percentage of overlap is much higher than we would expect if the blocking were random.

So this suggests that some factor is at work that caused the 8 sites in that list to be more likely than average to be blocked, such that they ended up blocked by both products. Did any of the domain names used to be registered to a porn site? It seems hard to imagine that balticsail.org or barenboimsaidusa.org/ could have ever been in demand as domain names used to advertise porn. moriah.org/ sounds like it possibly could have been (many domain names consisting solely of female first names are registered to porn sites), but according to the Wayback Machine, the a previous owner was a Christian band, before the domain expired and was bought by its present-day owner, a Jewish boarding school. Perhaps the IP addresses of these sites used to be held by porn companies, but then why would the products block the sites by their domain name as well? So I really don't know.

The good news is that, unlike Smartfilter, at least Blue Coat's blacklist doesn't appear to be used by any countries for nationwide Internet censorship. Citizen Lab had previously discovered installations of Blue Coat Internet blocking software in 19 "countries of interest" with poor human rights records, but none of them appeared to be set up to filter Internet traffic in and out of the country. In the one country where the product was being used for statewide Internet filtering, the United Arab Emirates, the Blue Coat software was being used in conjunction with Smartfilter's blacklist, so the sites that are mis-blocked by Blue Coat are not blocked in that country (unless of course they also happen to be mis-blocked by Smartfilter).

For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.

What a bunch of dongles.

22 of 119 comments (clear)

  1. Exploited sites? by Kaenneth · · Score: 4, Insightful

    Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge.

    I know of at least one federal agency that had a poorly secured FTP server loaded with child porn back in to 90's

    1. Re:Exploited sites? by jythie · · Score: 2

      More likely they have some type of bayesian filter style process that categorizes sites based off reasons it does not have the capability of explaining. It could be something as simple as some headline or piece a site linked to had just the wrong words in it.

    2. Re:Exploited sites? by K.+S.+Kyosuke · · Score: 4, Funny

      Nah, Blue Coat announced a tender for the filter data. It's just that Rule34 Technologies, Inc. won the bid by delivering a two-byte filter definition (".*") under budget and on schedule.

      --
      Ezekiel 23:20
    3. Re:Exploited sites? by PRMan · · Score: 2

      Blue Coat makes the free K9 software which I used to use when my kids were younger. They allowed the end-users to flag any site as a violation of any category. I'm not sure how much checking they did, but I would imagine if 10-12 people called the same site the same thing they would probably block it.

      Also, any user can request that a certain site should NOT be blocked as a certain category, as it is unlikely to apply. Again, hard to tell how long or how many users until it took effect.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    4. Re:Exploited sites? by tattood · · Score: 2

      This is true. Their website is https://sitereview.bluecoat.co....

      Sometimes automated systems make mistakes, and when they do, they are corrected. Get over it and stop whining.

      And by the way, all of the sites mentioned have been fixed.

      The New Braunfels Republican Women (www.nbrw.com) > Political/Social Advocacy
      Weston Community Children's Association (www.wccakids.org) > Charitable Organizations
      Rotary Club of Midland, Ontario (www.clubrunner.ca) > Charitable Organizations

      --
      WTB [sig], PST!!!
    5. Re:Exploited sites? by Mashiki · · Score: 2

      Very possible. Back when I was interested in the scene(aka warez in the mid 90's), and was following a lot of the underground news there was always some government ftp server somewhere that wasn't compromised but "opened" to allow access by someone. My theory on it was, it wasn't a honey pot but someone on the inside serving to select people, and serving to friends on the inside. Whether it still holds true today, I have no idea.

      --
      Om, nomnomnom...
  2. Re:Hentai Futanari Furry by noh8rz10 · · Score: 2

    TFS:

    Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title?

    Braunfels sounds like brothels?

  3. Ugh, free speech again? by Anonymous Coward · · Score: 4, Interesting

    For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.

    It's against the law for the United States to censor its citizens. It's not against the law for citizens to self-censor, or to censor others in a private capacity. From my perspective, helping Saudia Arabia censor its citizens is not tantamount to the United States violating free speech of its own citizens. Stop trying to turn the first amendment into some kind of mandate that the U.S. do anything other that limit is own power so it never infringes upon its own citizens right to free speech

    1. Re:Ugh, free speech again? by LordLimecat · · Score: 4, Insightful

      This is a distinction lost on Bennett, who ironically screams bloody murder about private companies "violating" the first amendment while recommending that we gut the 5th.

      Somehow one gets the impression that Bennett doesnt actually get WHY we have the bill of rights and what the threat model is.

      Bennett, if it seems like I have a bit of a grudge against you in most of the posts you drop, its because you seem to utterly lack perspective in these things and miss the bigger picture. Companies need to monitor and filter THEIR networks for legal and HR reasons. The government is a whole different animal, and we have protections in place to keep them from becoming tyrants. Thats the disconnect that you seem to keep missing.

      Maybe when BlueCoat is required by a piece of legislation Ill hop aboard the "tar and feather BlueCoat Labs" bandwagon, but until then I see the service they provide as valuable.

    2. Re:Ugh, free speech again? by LordLimecat · · Score: 4, Insightful

      I'd argue that the government is a "whole different animal" about as much as mules are a whole different animal from horses. The same arguments against government censorship hold true for corporate censorship

      No, they dont, for the following reasons:

      • 1) Its NOT YOUR PROPERTY. The company is providing you with bandwith, keyboards, mice, chairs, office space, and computers, and it is THEIR prerogative to decide how and under what circumstances they may be used. If you dont like it or feel oppressed, exercise your rights at home: noone can stop you from doing so.
      • 2) They are sometimes LEGALLY REQUIRED to do so. If they host data protected by HIPAA or SOXley or protected by export restrictions, they can be raked over the coals for failing to police their network. If someone prints porn out on the network printer and some woman gets offended, she could potentially sue the company for sexual harassment if they cannot show that theyre taking due diligence to prevent such things.
      • 3) They are often TECHNICALLY required to do so. Dont monitor your outbound email, and one day youll find yourself on DNSRBL or SpamHaus. Have fun dealing with that and getting delisted without implementing "censorship" of some kind. Also have fun preventing virus outbreaks on the network without both filtering and monitoring what goes on there.
      • 4) You can leave your company, your company can dissolve, and it has no jurisdiction over what you do at home. You cannot "opt out" of the US Government, it doesnt go away, and it has the power to enforce laws regardless of where you go. Thus, it makes a lot more sense to worry about what the Government decides are "the rules" than what your company does in its own little corner of the playground.
      • 5) You almost always explicitly agree to such "censorship" in a voluntary contract with your employer. Dont like it, dont agree to the acceptable use policy and find a different employer.

      The two look alike only at the most shallow and irrelevant levels.

    3. Re:Ugh, free speech again? by bennetthaselton · · Score: 5

      For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.

      It's against the law for the United States to censor its citizens. It's not against the law for citizens to self-censor, or to censor others in a private capacity. From my perspective, helping Saudia Arabia censor its citizens is not tantamount to the United States violating free speech of its own citizens.

      Well obviously, the U.S. government permitting American companies to aid foreign governments in censoring their own citizens, is not the same thing as the U.S. government censoring its own citizens -- but that doesn't make it right.

      Saying that Bad Thing 1 is not the same as Bad Thing 2, doesn't make Bad Thing 1 into a good thing.

    4. Re:Ugh, free speech again? by bennetthaselton · · Score: 5

      (1) As I just said to an Anonymous Coward, U.S. companies helping foreign governments to censor their citizens may not be prohibited under the Bill of Rights, but that doesn't make it right. (2) In my article about the 5th Amendment, I said multiple times that the question was whether you could describe a scenario that had a better outcome with the 5th Amendment than without it, if you hold all other assumptions constant. If you haven't described a scenario then you haven't answered the question. (And I listed several scenarios in the article that were not valid answers, and why.)

  4. Security Theatre by redelm · · Score: 2

    Look, in any filtering system there are going to be false positives and false negatives. Perhaps more with active systems because the true negatives have an incentive to get by, and so will adjust. (A certain actress and warm cereal is a /. example) The filterers will then have to clamp down, increasing false positives.

    The whole thing has a whiff of Bruce Schneier's "security Theatre". Everyone serious knows it does not work, but it gives political cover of be able to claim an effort. Saving face at a price paid by other people. I try to avoid such predators.

    1. Re:Security Theatre by redelm · · Score: 2
      ... that you know of!

      BlueCoat may be the best of a bad breed, but that just encourages complacency. Far better to choose less-insecure software (anything-but-IE) and instill some security consciousness into users. Filters might have a "training-wheels" place for learners, but reliance is dangerous.

  5. Re:Hentai Futanari Furry by QRDeNameland · · Score: 2

    Maybe they added picture scanning technology and the New Braunfels Republican Women are simply hawt.

    --
    Momentarily, the need for the construction of new light will no longer exist.
  6. Re:Hentai Futanari Furry by boristdog · · Score: 2

    Well...
    New Braunfels IS a popular destination for Comal and Guadalupe river riders, many of whom are college-age females wearig skimpy bathing suits.
    New Braunfels is also home of Schlitterbahn, usually voted the worlds best water park and therefore also often full of nubile women in skimpy bathing suits.

    So during the warm months there are many hot women in New Braunfels. However, I would wager that few if any of these hot women are registered republicans.

    But if you want to look at hot women in skimpy bathing suits, New Braunfels is a pretty good place to go. Maybe that's it.

  7. Re:Hentai Futanari Furry by CMYKjunkie · · Score: 2

    No no no. The filter got it right! Those New Braunfels Republican Women are SKANKS!!!

  8. LAWYER TIME by JimSadler · · Score: 2

    If someone blocks a site wrongly due to thinking it is pornographic can't they be sued? Why is it that businesses are treated differently than people? I am quite certain that if i blocked a site like a local college that I would face all kinds of legal issues and might even do prison time. So what about the people that supply and use this blocking software?

  9. Re:I prefer BlueCoat's SSL MITM functionality... by wiredlogic · · Score: 3, Informative

    Sarbx requires record keeping for financial auditing, not logging every single action by employees. If you think it requires monitoring all internet traffic then you are afflicted with a clueless PHB who would rather enforce draconian measures that treat all employees as a liability.

    --
    I am becoming gerund, destroyer of verbs.
  10. Responsiveness by Phreakiture · · Score: 2

    Bluecoat don't vet every site. They vet what they can, and let bayesian classifiers do the rest.

    That said, when you find a mistake, you can submit it to them and they will look into it. I have had a 100% success rate getting them to adjust the classification of sites I've submitted to them over the last six or seven years.

    --
    www.wavefront-av.com
  11. Re:Hentai Futanari Furry by Anonymous Coward · · Score: 2, Funny

    No, because it has 'Republican'. That's as close to porn as it can be.

  12. Re:Atleast it's optional by lgw · · Score: 2

    Google Image Search will auto-block-and-report anything matching the FBI CP database. Great idea in principle. But now the FBI has the ability to auto-block-and-report any image they want to. Ripe for abuse.

    --
    Socialism: a lie told by totalitarians and believed by fools.