Some Sites That Blue Coat Blocks Under "Pornography" 119
On Monday I released a blog post through the Citizen Lab at the University of Toronto, listing some of the sites that we had found to be blocked by Blue Coat's Internet filtering program. Previously we had released a similar report on sites that were miscategorized as "pornography" by Smartfilter. We ran some of the same URL lists through both programs, and found that some unfortunate sites were even blocked as "pornography" by both products, including Barenboim-Said (a youth orchestra featuring musicians from Israel, Palestine, and different Arab nations), and the aforementioned New Braunfels Republican Women.
The full list of sites we said were "miscategorized" is at the end of the Citizen Lab blog post. As far as I know we didn't miss any porn hidden on any of the sites that were in the list. The closest we came was a photo on performancespace.org/ showing what appears to be a model taking one for the team by lying on the floor of a grungy art exhibit. There was also the other borderline case of http://safe-sex.org/, which does include articles on topics like "Safe Sex with Expensive London Escorts." But Blue Coat's own working definition of 'pornography' defines it as "Sites that contain sexually explicit material for the purpose of arousing a sexual or prurient interest," and the articles on Safe-Sex.org do not appear intended to arouse ("The heartwarming fact about having safe sex with expensive London escorts is that they usually present a clean bill of health to clients."), so it gets counted as a miscategorization. The overwhelming majority of miscategorized sites were completely G-rated fare like the Kiddie Kollege Nursery School (which, by the way, would probably have grounds for a lawsuit against Blue Coat, if parents trying to access their website were greeted with a message that it had been blocked for containing "pornography").
Anyone can play the parlor game of examining blocked websites looking for signs of what caused them to be blocked. Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title? (Tempting to thing so, but unlikely, since there are so many other sites with "women" in the name which were not blocked by either product.) One of the blocked websites, http://www.foundations4betterliving.org/, until recently contained statistics such as "A growing variety of sexual behaviour is being practiced by teens 15- to 19-year-old... 53% admit to masturbating; 49% have participated in oral sex; 11% have had anal sex," all of which you could read on their front page while Bette Midler's 'From A Distance' auto-played in the background. (I was hoping to introduce you to that sublime experience, but unfortunately the domain apparently expired right after the report was published. When you list 150 domain names in a report, that's bound to happen with some of them.) And there's neobit.org/, the homepage of a manufacturer of emulators for dongles. While many Americans probably heard the term for the first time when Amy Poehler asked the Best Buy salesman "Can I use a dongle with this? Does it make you uncomfortable when I use the word 'dongle'?", the eggheads at Blue Coat should know what a dongle actually is. 'Dongle' has never been generally accepted anatomical slang, one rogue entry at the Urban Dictionary notwithstanding.
On the other hand, most websites in the report are not only not pornographic, they don't even seem to contain any content that could have triggered an accidental block. So it's quite possible that Blue Coat simply blocks a certain number of sites as a result of some pseudo-random process, and just by chance, some of those sites happen to contain content which looks like it might have caused the block, but the content actually had nothing to do with it.
Still, that leaves open the question of why so many sites turned up blocked by both Blue Coat and Smartfilter. Out of about 150 sites miscategorized by Smartfilter and about 150 sites miscategorized by Blue Coat, 8 sites showed up on both lists, or about 6%. (That group of 8 is listed in the middle of the blog post, beginning with balticsail.org.) Now if either Smartfilter or Blue Coat were blocking non-pornographic sites completely at random, then the percentage of overlap should be about the same as the percentage of non-pornographic sites that the product blocks generally. (For example: Suppose Blue Coat blocked 1% of non-pornographic sites completely at random. Out of 150 non-pornographic sites blocked by Smartfilter, we would therefore expect 1% of them -- about 1 or 2 sites -- to also be blocked by Blue Coat.) But despite the huge number of errors made by both products, neither of them comes close to blocking 6% of all non-pornographic websites as "pornography"; the percentage of overlap is much higher than we would expect if the blocking were random.
So this suggests that some factor is at work that caused the 8 sites in that list to be more likely than average to be blocked, such that they ended up blocked by both products. Did any of the domain names used to be registered to a porn site? It seems hard to imagine that balticsail.org or barenboimsaidusa.org/ could have ever been in demand as domain names used to advertise porn. moriah.org/ sounds like it possibly could have been (many domain names consisting solely of female first names are registered to porn sites), but according to the Wayback Machine, the a previous owner was a Christian band, before the domain expired and was bought by its present-day owner, a Jewish boarding school. Perhaps the IP addresses of these sites used to be held by porn companies, but then why would the products block the sites by their domain name as well? So I really don't know.
The good news is that, unlike Smartfilter, at least Blue Coat's blacklist doesn't appear to be used by any countries for nationwide Internet censorship. Citizen Lab had previously discovered installations of Blue Coat Internet blocking software in 19 "countries of interest" with poor human rights records, but none of them appeared to be set up to filter Internet traffic in and out of the country. In the one country where the product was being used for statewide Internet filtering, the United Arab Emirates, the Blue Coat software was being used in conjunction with Smartfilter's blacklist, so the sites that are mis-blocked by Blue Coat are not blocked in that country (unless of course they also happen to be mis-blocked by Smartfilter).
For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.
What a bunch of dongles.
Hentai Futanari Furry (Score:1, Funny)
Dildo Double Penetration Anal Blowjob Breasts Anus Penis Ass Tits
And yes, that IS on-topic!
Re: (Score:3)
TFS:
Is the website of the New Braunfels Republican Women blocked by both Blue Coat and Smartfilter because it has the word "women" in the title?
Braunfels sounds like brothels?
Re: (Score:3)
Re: (Score:3)
Well...
New Braunfels IS a popular destination for Comal and Guadalupe river riders, many of whom are college-age females wearig skimpy bathing suits.
New Braunfels is also home of Schlitterbahn, usually voted the worlds best water park and therefore also often full of nubile women in skimpy bathing suits.
So during the warm months there are many hot women in New Braunfels. However, I would wager that few if any of these hot women are registered republicans.
But if you want to look at hot women in skimpy bathi
Re: (Score:3)
Re: (Score:2, Funny)
No, because it has 'Republican'. That's as close to porn as it can be.
Exploited sites? (Score:5, Insightful)
Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge.
I know of at least one federal agency that had a poorly secured FTP server loaded with child porn back in to 90's
Re: (Score:1, Flamebait)
Re: (Score:3)
Very possible. Back when I was interested in the scene(aka warez in the mid 90's), and was following a lot of the underground news there was always some government ftp server somewhere that wasn't compromised but "opened" to allow access by someone. My theory on it was, it wasn't a honey pot but someone on the inside serving to select people, and serving to friends on the inside. Whether it still holds true today, I have no idea.
Re: (Score:3)
Re:Exploited sites? (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
"Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge."
Possibly, but most likely not.
When you automate filters, they make mistakes. Period.
When you put filters in the hands of government, they also make "mistakes", but how many of those mistakes are intentional is anybody's guess... though some of the sites blocked by UK filters have been rather telling.
Re: (Score:3)
Blue Coat makes the free K9 software which I used to use when my kids were younger. They allowed the end-users to flag any site as a violation of any category. I'm not sure how much checking they did, but I would imagine if 10-12 people called the same site the same thing they would probably block it.
Also, any user can request that a certain site should NOT be blocked as a certain category, as it is unlikely to apply. Again, hard to tell how long or how many users until it took effect.
Re: (Score:2)
One of the example sites is a political site. The other represents people from a politically contested region. Both subjects that might well attract some activists trying to manipulate classifications to smear the reputation of their political opposites. It's a good theory, but it can't explain all of the misblocks. It's likely there are actually several different causes going on at once.
Re: (Score:3)
Sometimes automated systems make mistakes, and when they do, they are corrected. Get over it and stop whining.
And by the way, all of the sites mentioned have been fixed.
The New Braunfels Republican Women (www.nbrw.com) > Political/Social Advocacy
Weston Community Children's Association (www.wccakids.org) > Charitable Organizations
Rotary Club of Midland, Ontario (www.clubrunner.ca) > Charitable Organizations
Unblock procedure. (Score:1)
Blaming it on a automated system is plain wrong. If you end up on the wrong end of a automated system, you find out that it might be very hard to get of some blacklist.
-Procedure to get off/ timeframe is NOT documented. (someone will look at it sometime),
-The procedure to get you on the list is made by humans. Setting criteria too strict and BOOM..
-if filtering software get too strict porn people will try to fight this.: (combining a political site with some hidden porn links, ask the child porn people e
Re: (Score:1)
I knew of this happening on a number of occasions for sites when I was working with Blue Coat hardware.
Often the main page was hacked and filled with hidden porn links and meta data to feed search engines.
Re: (Score:2)
Perhaps one or more of these sites were running expoitable software, and were hijacked to serve porn without their owners knowledge.
I know of at least one federal agency that had a poorly secured FTP server loaded with child porn back in to 90's
Perhaps, but most of these devices have a separate category for that (so you can run a report and quantify just how much "more secure" you are than if you'd stayed with your old product.)
Reinforcement (Score:2, Funny)
Re: (Score:2)
Bluecoat "features" SSL MITM bullshit.
Re: (Score:2)
Re: (Score:1)
+1 ontopic!
Re: (Score:2)
True, although by now I think it is +1 redundant, as we surely have read it before.
Re: (Score:2)
I was starting to wonder whether you were still around here, man. :)
Re:I prefer BlueCoat's SSL MITM functionality... (Score:4, Informative)
Sarbx requires record keeping for financial auditing, not logging every single action by employees. If you think it requires monitoring all internet traffic then you are afflicted with a clueless PHB who would rather enforce draconian measures that treat all employees as a liability.
Re: (Score:1)
You don't do SSL decryption "for the lulz" or whatever other reason you think it's done. You do it so that you can still allow people to occaisionally use Internet services (like checking on their email or watching Faceook) and have some way to keep confidential data from flowing out the same path.
Is it really that hard to imagine what a non-Dr Evil sysadmin would need that capability for?
Ugh, free speech again? (Score:4, Interesting)
For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.
It's against the law for the United States to censor its citizens. It's not against the law for citizens to self-censor, or to censor others in a private capacity. From my perspective, helping Saudia Arabia censor its citizens is not tantamount to the United States violating free speech of its own citizens. Stop trying to turn the first amendment into some kind of mandate that the U.S. do anything other that limit is own power so it never infringes upon its own citizens right to free speech
Re:Ugh, free speech again? (Score:5, Insightful)
This is a distinction lost on Bennett, who ironically screams bloody murder about private companies "violating" the first amendment while recommending that we gut the 5th.
Somehow one gets the impression that Bennett doesnt actually get WHY we have the bill of rights and what the threat model is.
Bennett, if it seems like I have a bit of a grudge against you in most of the posts you drop, its because you seem to utterly lack perspective in these things and miss the bigger picture. Companies need to monitor and filter THEIR networks for legal and HR reasons. The government is a whole different animal, and we have protections in place to keep them from becoming tyrants. Thats the disconnect that you seem to keep missing.
Maybe when BlueCoat is required by a piece of legislation Ill hop aboard the "tar and feather BlueCoat Labs" bandwagon, but until then I see the service they provide as valuable.
Re: (Score:2)
Because its none of my concern if some random company provides a crappy IT product. I as a consultant just tell my employer to pass when it comes up as an option.
Re: (Score:2)
Re:Ugh, free speech again? (Score:5, Insightful)
I'd argue that the government is a "whole different animal" about as much as mules are a whole different animal from horses. The same arguments against government censorship hold true for corporate censorship
No, they dont, for the following reasons:
The two look alike only at the most shallow and irrelevant levels.
Re: (Score:1)
You cannot "opt out" of the US Government, it doesnt go away, and it has the power to enforce laws regardless of where you go.
But we have, should we ever decide to use it, the power of the vote. We can't opt out, but we can change it.
The thing you don't understand is that we let big money stuff the ballot box, so we elect servants to the companies, who make regulations so obnoxious as to keep out any upstart competition. We actually have more control over the government than we do over private business. The
Re:Ugh, free speech again? (Score:5)
Re: (Score:2)
See my post here
http://slashdot.org/comments.p... [slashdot.org]
On why it is "right" and necessary.
Call me when you deal with protected data, and then explain how you dont monitor you
Re: (Score:2)
Along with many other things.
Re:Ugh, free speech again? (Score:5)
For the time being, it is not against U.S. law for a company to sell Internet censoring software to foreign governments, even with the knowledge that the tools are being used to restrict freedom of speech in a manner that would be considered a human rights violation by international standards, so both companies have made it a core part of their business.
It's against the law for the United States to censor its citizens. It's not against the law for citizens to self-censor, or to censor others in a private capacity. From my perspective, helping Saudia Arabia censor its citizens is not tantamount to the United States violating free speech of its own citizens.
Well obviously, the U.S. government permitting American companies to aid foreign governments in censoring their own citizens, is not the same thing as the U.S. government censoring its own citizens -- but that doesn't make it right.
Saying that Bad Thing 1 is not the same as Bad Thing 2, doesn't make Bad Thing 1 into a good thing.
Security Theatre (Score:3)
Look, in any filtering system there are going to be false positives and false negatives. Perhaps more with active systems because the true negatives have an incentive to get by, and so will adjust. (A certain actress and warm cereal is a /. example) The filterers will then have to clamp down, increasing false positives.
The whole thing has a whiff of Bruce Schneier's "security Theatre". Everyone serious knows it does not work, but it gives political cover of be able to claim an effort. Saving face at a price paid by other people. I try to avoid such predators.
Re: (Score:2)
Re: (Score:3)
BlueCoat may be the best of a bad breed, but that just encourages complacency. Far better to choose less-insecure software (anything-but-IE) and instill some security consciousness into users. Filters might have a "training-wheels" place for learners, but reliance is dangerous.
Re: (Score:2)
There's really no difference in the security of browsers these days - it's all about the plug-ins.
And what does any of that have to do with wanting a porn-blocking filter for your kids?
Re: (Score:1)
Nothing much... but anybody who thinks kids need (or even will benefit from) porn blocking has their head shoved so far up their puritan ass they could offer a whole new camera angle for porn if they wore Google Glass. Most kids learn (a flawed version of) what sex is long before they're old enough for it themselves. Some of them develop weird ideas about it, but those ideas near-universally come down to "ew, gross!" and stay that way until they get old enough for hormones to kick in. At that point, a porn
Re: (Score:2)
Sure, that's one opinion. But that doesn't mean there's no place for such a product for people with a their own opinion about how to raise their kids.
Re: (Score:1)
How can we expect young people to make wise choices regarding sex when we hide it from them, depriving them of the information they'll need to make a intelligent, informed decisions when the time comes? For the kids' sake, teach them reality before the world smacks them in the face with it!
Re: (Score:2)
Sure, that's one opinion. But that doesn't mean there's no place for such a product for people with a their own opinion about how to raise their kids.
Re: (Score:2)
Re: (Score:2)
You seem very intent on imposing your ideas about how to raise children on other people families. Seems a bit intellectually arrogant to me.
Re: (Score:2)
Re: (Score:2)
It's bothered me for a long time that games.slashdot.org is blocked at my job.
I see that and the same with idle.slashdot.org. But the solution is to paste the article link into your browser and remove the games or idle part of the link. So instead of yro.slashdot.org/story/14/03/21/1453253/some-sites-that-blue-coat-blocks-under-pornography you can go to slashdot.org/story/14/03/21/1453253/some-sites-that-blue-coat-blocks-under-pornography and get the same article.
Now let's not be too hasty in whitelisting (Score:2)
Re: (Score:2)
Suburbia (The Full Horror).
http://www.flickr.com/photos/4... [flickr.com]
Re: (Score:2)
Atleast it's optional (Score:2)
Re: (Score:2)
Re: (Score:3)
Google Image Search will auto-block-and-report anything matching the FBI CP database. Great idea in principle. But now the FBI has the ability to auto-block-and-report any image they want to. Ripe for abuse.
A wage slave at Blue Coat used SmartFilter... (Score:2)
Who knew... (Score:2)
... that the photos from the annual awards banquet and the monthly meeting minutes from the Rotary Club could be NSFW?
Years ago, the web site for a local IT group -- who'd nominated our CIO for an industry award -- was being blocked by the corporate web filters that were marking it as "tasteless".
Why do these vendors even try if they're going to fail so spectacularly?
Re: (Score:2)
Good luck (Score:1)
Yeah, and good luck getting your site removed from one of their lists, once you're added. Unless you're a big enough name to warrant special attention, your site will just get tossed back into the queue to be automatically categorized, resulting in the same or similar categorization. Never will you be allowed to speak with a real person to get whitelisted as a workaround to their algorithms being complete BS.
Any system needs human review (Score:2)
A few years back one company's software identified my site under "Illegal: Gambling." Since it's a movie site, that was way off. I contacted the company and explained the situation to them. After a short exchange with 2 of their techs, they removed the tag from my site in their system.
Any filtering software needs a system for site owners to submit trouble tickets, and also employees, who can think independently, to review them and make corrections.
New trends in filtering (Score:2)
Typically products use URL filtering and search filtering - very challenging and full of false positives (and false negatives). The newest trend seems to be actual content filtering, where the page is pre-loaded on the filter, analyzed, and allowed through if OK, blocked if not. It seems to greatly increase the correct response of the filter to the pages in question. I only know of a couple of companies who are offering this now, but I definitely see it as where things are headed.
Can you report a site to either of these lists? (Score:2)
Quite misleading (Score:2)
There are a number of assumptions being made about all of this.
First, it's assuming one is using BlueCoat to begin with.
Second, it's assuming that the users of BlueCoat products are using some of BlueCoat's subscription services to ease management of those devices.
Third, it's assuming that the users of BlueCoat products are not modifying the filters by hand.
I've had some hands-on experience with BlueCoat products in the past, particularly the web-filtering/proxy devices described here, and our organization
Missed out again (Score:2)
They've got it going ON at the Rotary Club.
Misleading Indeed (Score:1)
LAWYER TIME (Score:3)
Re: (Score:1)
Try being webmaster of ANUS.com (Score:2)
We're blocked everywhere despite no pornographic content.
Somehow, web filter drones find it hard to believe that the "American Nihilist Underground Society (ANUS)" not only chose the domain deliberately, but has been around for 20+ years.
Responsiveness (Score:3)
Bluecoat don't vet every site. They vet what they can, and let bayesian classifiers do the rest.
That said, when you find a mistake, you can submit it to them and they will look into it. I have had a 100% success rate getting them to adjust the classification of sites I've submitted to them over the last six or seven years.
Time traveler's dilemma (Score:2)
Quick, the cyborgs are hot on my tail -- when am I? Did I make it back to 2023? Or is it 2003? Let's see... Bennet Haselton is criticizing internet filtering... Dammit, that doesn't narrow the range in the slightest!
Malware / hijacked sites = redirects? (Score:1)