ugh.. the frustration of web content filtering...
I'll try to write a little bit about this. Please forgive me if its poorly written. It's just some thoughts I threw together, and I didn't take the time to proofread before I posted...
There are many forms of content filtering and enforcement varies from company to company depending on HR policies, IT Security compentency, Legal Concerns, etc...
firstly..
/soapbox on
Company's and organisations that think they can make their employees more productive by controlling where they surf are almost completely wrong. In the grand scheme of things, unproductive people are unproductive. Restricting web access (for certain sites) isn't likely to change that. It has been suggested that having a liberal Internet access policy can actually increase productivity and reduce employee turnover rates in some job types. Bottom line, you should be measuring your employees performance based on whether or not they are doing what you pay them for (and doing it to expected levels of performance), not how they spend their downtime (within reason of course).
/soapbox off
That said, there are other reasons to put some controls in place. The biggest is legal liability (another topic for another day). The second is resources. Bandwidth isn't cheap, and if a company is using the same internet access points for it's business apps as it is for employee Internet access, you can't risk compromising your BIG-C (paying customers) ability to access your business. Restricting streaming video access (i.e. youtube.com) can save a lot of bandwidth for a large company.
I digress...
One (less common) method of filtering is where the filtering engine will scan every page as it's loaded and look for certain keywords (I think Foamy may have been a victim of this at one point), and may block a page because of words found on it. This method is rarely used by company's/organizations who have done their homework, because of the high likelihood of blocking legitimate sites, and the frustration level it causes users. It's just not a good way to accomplish any of the objectives content filtering is intended to provide. In other words it has a really lousy ROI.
Website/domain categorization is the most common. This comes in the form of a subscription service provided by various vendors. When this technology was in it's infancy, the URL databases were mainly managed by humans (what a
!fun job..), but in the last few years, the process of categorizing sites/domains has been mostly automated.
The fact that this process is automated makes using specific words and phrases like "World Of Warcraft" in a forum name risky because the evil bots will find that text on every pass and automatically associate it with the most popular game in the solar system and apply the gaming category to it.
There are multiple ways a site can be categorized. It can be reported to the provider by a user directly. It can be discovered by automated crawlers/bots, or it can be 'discovered' by customers and administrators who manaually categorize a site, and then provide that information back to the vendors. HR Departments and IT managers can manually categorize a site as a 'gaming' site (or whatever) if they discover it during an audit. Web browser plugin's can report them as part of a locally installed security suite as well. I don't know for sure, but I would imagine there is some sharing of these resources among vendors as well...
Sites can be in more than one category (i.e. forums and games) and the vendors have various subscription levels and services they offer, depending on the customers needs and budget.
Once the customer subscribes to a service, they apply the databases to their web content filtering tool of choice (mcafee, bluecoat, websense, etc..), and then choose which categories to 'enforce', and what type of policy to apply to each. Database updates are pulled down from the vendor, usually nightly, but sometimes less often depending on the service agreement.
A small anecdote. I vaguely recall way back in the days of the original Rangers Glade, when a spat broke out between competing EQ fan sites (I forget who all was involved), where they were reporting each others sites to the database vendors as porn, etc... in the hope that they would inherit their users. Mostly they were unsuccessful, but I seem to recall a one long thread with a bunch of irate readers who had been blocked from a certain site because it was falsely reported as porn. If I recall, the issue was resolved a few days later after some adjudication done at the request of the site owner.
In most companies the HR department determines through corporate policy how to treat various categories. For example my company only blocks the "Pornography", "Sex", "Hate", "Hacker", "Proxy/Anonymizer", "Video/Streaming" and "Violence" categories for the majority of the employee base. "Games", "Forums", "Web Portals", "Social Network", etc.. are not blocked but are logged. People in Customer Service or Retail Rep roles only get access to a few specific sites needed to perform their jobs (i.e. a white list).
HR policy will usually determine what type of enforcement action is taken when a URL hits a protected category. It may be blocked, flagged, logged, etc...
Some company's allow managers and supervisors to review usage data for their employees (Kirra mentioned this happens to her). Most however do not. In my case, access to user usage data is very restricted, and requests to access data/reports must go through a vetting process and are on a case-by-case basis. There must be some documented investigation going on for usage data to be released. The director of the legal team has final approval.
One thing I'd like to mention. At least in my case, other than implementation and support/management of the hardware and software, IT folks have absolutely no access to the usage data and do not have any role whatsoever in deciding what is filtered/blocked/reported, etc... It was made very clear by our legal department that access to usage was very strictly audited and any unauthorized access would result in immediate termination with prejudice and possible criminal charges.
Here is a one site that will allow you to query it's databases. This is formerly Secure Computings (now McAfee) 'Trusted Source" web database.
https://www.trustedsource.org/en/feedback/urlHere is how the glade is currently categorized by trustedsource:
TrustedSource Query results wrote:
URL:
http://www.gladerebooted.orgStatus:
Categorized URL
Categorization:
- Forum
- Bulletin Boards
- GamesReputation:
Minimal Risk
So in this particular database (one of the more popular ones), gladerebooted.org is categorized as a 'Game' site; the same category as popcap.com and flash game sites. They don't differentiate between actual games and discussions about games. It's just 'Game'.
The same thing would apply to nudity/pornography. Some services may offer enough granularity to differentiate between ''Nudity", "Art", and "Pornography" (for example), but you are at the whim of the categorization service provider, and I am pretty sure they take the high road on such things.
By my experience, the various incarnations of the glade (post 1.0) have always been categorized as "Community/Forums/Message Boards" in all of the databases I've seen. The trustedsource database didn't have it in the "Game" category until fairly recently.
It might be possible to submit a request to McAfee (via the URL above) to remove the "Game" classification based on the lack of any actual games here. I don't know what their criteria is, so I don't know how successful that would be. Also, it might have to be done by the registered owner of the domain, although I'm not sure about that either.
Back to the situation here. I think that the community here (moderators, administrators, users, etc.. ), needs to come to some kind of consensus and decide if 'we' care how this site is categorized by URL Categorization Services. If it is important, then the posting rules should be ammended to reflect those concerns. Additionally, as has been suggested, the words and phrases used to create forum names should be carefully considered. Even what names users choose would need to be scrutinized...
Anyway, hopefully this sheds some light on the topic.
Disclaimer: I am not an "expert" in any way. I just have some experience implementing and managing these systems in previous job roles. I moved to a different position as part of a re-org and no longer work with them. There could be newer technology I'm not aware of.
Login
Register
FAQ
Search
