From the article: "Proprietary security software is an oxymoron -- if the user is not fundamentally in control of the software, the user has no security."
I cannot agree with you. A user, on a given day, interacts with countless interfaces, not all of those interfaces have to do with technology.
If you give everyone 100% control over every interface - this will drive the world crazy. How much control do you have on your house lock - do you take it apart everyday? How much control do you have on temperature regulation in your fridge, except for temperature dial?
People in computing must realize that a computer is just another interface for a user. For a programmer, I agree with you. But if I made cupcakes for a living, I'd want control over my oven, not my computer. As a programmer though, I trust that my oven company did their job and eat food out of it everyday.
Unless you consider the 'user' to be the employee sitting at the desk which is a topic for another discussion, unless the FSF is claiming that website blocking by an employer is user abuse.
Edit: There's speculation that the gambling classification was triggered by a pattern matching algorithm because of accepting bitcoin which mostly gambling sites tend to do. Maybe that's why only the donation page got blocked.
BadVista campaign pages were conspicuously absent from
Microsoft's live.com search results, even though the same
pages had been appearing on the first page of "windows
vista" Google results for some time. Many people contacted
Microsoft about this, and eventually the pages began
appearing as one would expect.
I wonder if services like DuckDuckGo, who aggregate search results across multiple providers, are effective at bypassing this kind of censorship[1]? For example if Yahoo started filtering out sites that are negative towards Yahoo, and Microsoft did the same for their brand, and Google did the same for their brand. I think DuckDuckGo would be able to provide a more balanced result set.
(Unfortunately the place where DDG seems to least effective is when I'm looking for a particular article by searching for a certain phrase; Google always seems to find it and with DDG I have to dig around. So hopefully that article isn't anti-Google...)
The software in question appears to be Microsoft Forefront Threat Management Gateway. From the features page [1], it states:
"Forefront TMG 2010 blocks malicious sites more effectively by using aggregated data from multiple URL filtering vendors and the anti-phishing and anti-malware technologies that also protect Internet Explorer 8 users. The highly accurate categorization of websites also blocks sites that may violate corporate policies."
Unless IE8 blocks fsf, then we can assume that the "multiple URL filtering vendors" are the source. Does anyone know who the URL filtering vendors might be?
This seems like a Hanlon's razor situation to me. A lot of these lists are purchased from third parties who do this for a living (make blacklists).
While we cannot say anything for certain until Microsoft responds - I think their response will essentially blame a "partner" and release an update which removes the FSF from the gambling blacklist.
Could someone explain how a mistake like this happens?
If there was a person typing IP addresses into a list I can imagine them making a typo, but obviously that's absurd and these lists are auto-created. So how does a website get labelled as a gambling site?
Based on non-Microsoft software, what happens is that uncategorised sites are fed back upstream, so the software provider receives a list of pages.
They will then forward this to a partner likely owned in the West but who out-sources most of the actual work to somewhere cheap: like India or perhaps China.
Then you have a bunch of people who come into work, and work their way through a massive list of web-pages trying to spend no more than few seconds on each (metrics etc) and put them into boxes:
- Adult
- Web Mail
- Social Media
- News
- Entertainment
- Gambling
- et al
These lists are then sold to many companies like Microsoft, firewall vendors like Sonicwall, Parent Software like Netnanny, and also sold on to people who write anti-spam software.
Each of these systems are probably different, but the way one vendor's system has been explained to me is that an automated classifier will eventually visit most sites and will come up with a computed category for only the main page. The system does not want to give full access to the site with a lot more potential harm, so if a customer visits one of these automatically classified sites and sees it is restricted, they can submit a classification at which point an employee will verify the classification and unlock the full site. Sometimes the restrictions are bizarre, such as allowing the HTML content to be viewed, but not the CSS. This process takes up to 24 hrs. From what I've seen, these automated classifiers are not always friendly to hostnames tacked onto a domain name (e.g., fsf.org/donate would probably be better than donate.fsf.org). They also routinely prevent visiting new domain names thrown up in Show HN posts until the URL is submitted for classification and gets whitelisted.
At the end they ask people to ask their employers to stop using Microsoft software like the kind causing this problem.
First, I really doubt all but a handful of companies would actually do this on account of the FSF site being blocked. It's a simple cost benefit analysis. The cost of replacing such software is high and the occurrences of such mistakes that would actually hurt a company are rare. Therefor it's not happening the vast majority of times.
Secondly, I'm surprised the FSF is using a service that has anything to do with proprietary, closed source, non-free software. Given their philosophy you'd think they'd have found some way to collect donations that uses free software from top to bottom. Maybe I'm way off on this but one of my first thoughts was that maybe even complaining about this takes away just a bit of the FSF's credibility. They preach the gospel of free software but when it's time to fundraise they make an exception? Is this a "do as I say, not as I do" situation now?
I'm not trying to be overly critical and I realize this may be a bit pedantic too. It's not a big deal to me, just thought it interesting. Food for thought maybe.
> Secondly, I'm surprised the FSF is using a service that has anything to do with proprietary, closed source, non-free software.
Where does FSF's post say anything about FSF using proprietary software? As far as I can tell, the post is simply about how some r/GNU redditors [1] noticed how Microsoft's gateway was incorrectly categorizing donate.fsf.org, not that FSF itself is using a service that is proprietary (unless you mean PayPal).
When you say mention "a service", are you referring to PayPal? In fairness, there are 0 payment gateways (as far as I know) that are open-source, sadly, so they don't have much choice. I guess the only option they have is Bitcoin, which they accept, however as that hasn't caught on they have little choice other services too.
This reminds me of working at a place where the Sonicwall filtering service would block the browser "Opera Desktop Blog" link claiming it was a swimsuit/modeling site.
"This reminds me of another situation several years ago, when BadVista campaign pages were conspicuously absent from Microsoft's live.com search results,..."
[+] [-] cgranade|13 years ago|reply
I could not agree more.
[+] [-] arihant|13 years ago|reply
If you give everyone 100% control over every interface - this will drive the world crazy. How much control do you have on your house lock - do you take it apart everyday? How much control do you have on temperature regulation in your fridge, except for temperature dial?
People in computing must realize that a computer is just another interface for a user. For a programmer, I agree with you. But if I made cupcakes for a living, I'd want control over my oven, not my computer. As a programmer though, I trust that my oven company did their job and eat food out of it everyday.
[+] [-] sseveran|13 years ago|reply
[+] [-] cooldeal|13 years ago|reply
http://technet.microsoft.com/en-us/library/dd441041.aspx
Unless you consider the 'user' to be the employee sitting at the desk which is a topic for another discussion, unless the FSF is claiming that website blocking by an employer is user abuse.
Edit: There's speculation that the gambling classification was triggered by a pattern matching algorithm because of accepting bitcoin which mostly gambling sites tend to do. Maybe that's why only the donation page got blocked.
[+] [-] thebigshane|13 years ago|reply
(Unfortunately the place where DDG seems to least effective is when I'm looking for a particular article by searching for a certain phrase; Google always seems to find it and with DDG I have to dig around. So hopefully that article isn't anti-Google...)
[1]: https://en.wikipedia.org/wiki/Corporate_censorship
[+] [-] nhebb|13 years ago|reply
"Forefront TMG 2010 blocks malicious sites more effectively by using aggregated data from multiple URL filtering vendors and the anti-phishing and anti-malware technologies that also protect Internet Explorer 8 users. The highly accurate categorization of websites also blocks sites that may violate corporate policies."
Unless IE8 blocks fsf, then we can assume that the "multiple URL filtering vendors" are the source. Does anyone know who the URL filtering vendors might be?
[1] http://www.microsoft.com/en-us/server-cloud/forefront/threat...
[+] [-] UnoriginalGuy|13 years ago|reply
While we cannot say anything for certain until Microsoft responds - I think their response will essentially blame a "partner" and release an update which removes the FSF from the gambling blacklist.
[+] [-] jlgreco|13 years ago|reply
[+] [-] DanBC|13 years ago|reply
If there was a person typing IP addresses into a list I can imagine them making a typo, but obviously that's absurd and these lists are auto-created. So how does a website get labelled as a gambling site?
[+] [-] UnoriginalGuy|13 years ago|reply
They will then forward this to a partner likely owned in the West but who out-sources most of the actual work to somewhere cheap: like India or perhaps China.
Then you have a bunch of people who come into work, and work their way through a massive list of web-pages trying to spend no more than few seconds on each (metrics etc) and put them into boxes: - Adult - Web Mail - Social Media - News - Entertainment - Gambling - et al
These lists are then sold to many companies like Microsoft, firewall vendors like Sonicwall, Parent Software like Netnanny, and also sold on to people who write anti-spam software.
Essentially it is an entire industry.
[+] [-] apaprocki|13 years ago|reply
[+] [-] clebio|13 years ago|reply
[+] [-] readme|13 years ago|reply
That's OK. I'm pretty sure it's malice already.
[+] [-] billpatrianakos|13 years ago|reply
First, I really doubt all but a handful of companies would actually do this on account of the FSF site being blocked. It's a simple cost benefit analysis. The cost of replacing such software is high and the occurrences of such mistakes that would actually hurt a company are rare. Therefor it's not happening the vast majority of times.
Secondly, I'm surprised the FSF is using a service that has anything to do with proprietary, closed source, non-free software. Given their philosophy you'd think they'd have found some way to collect donations that uses free software from top to bottom. Maybe I'm way off on this but one of my first thoughts was that maybe even complaining about this takes away just a bit of the FSF's credibility. They preach the gospel of free software but when it's time to fundraise they make an exception? Is this a "do as I say, not as I do" situation now?
I'm not trying to be overly critical and I realize this may be a bit pedantic too. It's not a big deal to me, just thought it interesting. Food for thought maybe.
[+] [-] isaacaggrey|13 years ago|reply
Where does FSF's post say anything about FSF using proprietary software? As far as I can tell, the post is simply about how some r/GNU redditors [1] noticed how Microsoft's gateway was incorrectly categorizing donate.fsf.org, not that FSF itself is using a service that is proprietary (unless you mean PayPal).
[1] http://www.reddit.com/r/gnu/comments/v21q3/how_microsoft_thr...
[+] [-] pmorici|13 years ago|reply
http://www.fsf.org/blogs/community/bitcoins-a-new-way-to-don...
[+] [-] kaolinite|13 years ago|reply
[+] [-] shellox|13 years ago|reply
* perl.org => pornography * duckduckgo => web proxy * google images => image sharing * flickr, devianart, youtube, vimeo etc. => media sharing * HN => hacking * securityfocus => gambling
There are more cases, of course. That's why I use tethering to access the internet at work ;)
[+] [-] cooldeal|13 years ago|reply
http://en.wikipedia.org/wiki/Websense#Blocking_errors
[+] [-] shareme|13 years ago|reply
[deleted]
[+] [-] AlexFromBelgium|13 years ago|reply
If you have poo, fling it now!
[+] [-] AlexFromBelgium|13 years ago|reply
[+] [-] cezar_sl|13 years ago|reply
[+] [-] Intermernet|13 years ago|reply
[deleted]