Websense is a company that develops and sells web security gateway software. This is the sort of software that companies use to keep employees from surfing porn, downloading virus infested files from peer to peer sharing sites and visiting other unacceptable sites. There are various levels of restriction and the customer (e.g., the company IT department) decides how restrictive it wants to be.
Some folks have an emotional reaction to any sort of access restriction and claim that companies like Websense are inherently evil. Websense has also come under criticism on the grounds that its software assists repressive regimes in restricting freedom of speech. All of these points are worth discussing, but we have to realize that the issue is not as black and white as emotional reasoning may make it seem.
Anyone who has kids or lots of employees who will click on anything knows that sometimes you simply have to protect people from themselves. And you have to protect your network from the people who need protection from themselves. Blaming Websense because some dictator de jour uses its software to oppress freedom of speech is not too far from blaming Google because someone types hate mail using Google Docs. While it might be a small victory to whip the pen and paper, it would be a more effective victory to whip the person writing with it. Sure, it would be nice to live in a world where these applications weren’t necessary, but we don’t.
Having said that, I believe strongly that the developers and operators of these blocking applications have a duty to ensure that access to legitimate sites is not affected. Legitimate should be broadly defined, without regard for politics, religion or philosophy. If that duty is not met, then the developers and operators should be held accountable. These blocking applications are the online equivalent of weapons- they can kill a website in an instant. Just like guns, you need to be trained to use them, and you must handle them with utmost care.
Of course, that doesn’t always happen. This family oriented, tech and music blog has been snared in Websense’s blocking net. Twice.
For reasons that I never understood, Newsome.Org was first blocked by Websense back in 2006. Eventually, I was able to get it off of whatever blacklist it had accidently been placed on, and Newsome.Org happily rejoined online society and we all went about our business. For a while.
Earlier this week, while trying to figure out why Evernote occasionally has authentication problems when I synch the desktop client from my office, I tried to click through to Newsome.Org to test my internet connection. I ran straight into this.
I’ve seen that before. In three years I have moved from a bad “Entertainment” site to a really bad “Malicious” site. I was greatly irritated, to put it mildly.
So I resolved to get out of Websense’s net, again. Here’s what to do if Websense is blocking your blog or website. While I was dealing with Websense, the same general approach should be applicable for any blocking application.
Email No. 1 (to my IT department)
First, I wanted to get the IT guys at my company on my side. These guys are the customer of some security vendor who is a customer of Websense. I figured if Websense wouldn’t listen to me, it might listen to them:
I just noticed that Websense has somehow added my blog (tech, music, etc.) to its list of malicious web sites. My blog has been operational for years, and has been quoted by C|Net, Business Week, etc. In other words, it’s a legitimate web site and not malicious.
Do we have a contact there who I can speak to about this? It would be a lot easier if I could talk to someone and work it out the nice, friendly way. I am concerned that people all over the place are unable to read my blog because these jerks have somehow decided to censor me.
The IT guys at my company are cool guys and friends of mine. They very quickly reached out to their security vendors to see what could be done.
Next, I did a little Google work to see what I could find out. I saw a lot of discussion about what to do if your site gets blocked, with several links to a Websense “suggest a URL category” page that looked promising. Unfortunately, that page no longer exists. Eventually, I saw a reference to an email address for “suggesting” a site (firstname.lastname@example.org). So I decided to write and suggest that they stop blocking Newsome.Org. I was irritated, but in most cases it’s best to start out friendly, as you can generally catch more flies with honey and you call always get meaner later if you have to. Once you’ve been an asshole, it’s really hard to go the other direction.
Email No. 2 (to Websense)
Next, I wrote a short, but thoughtful, email to Websense.
My name is Kent Newsome. I am a partner at ################ (a Websense customer). Here is my bio for confirmation.
[link to my company bio]
I also have a personal blog, Newsome.Org (www.newsome.org), which focuses on technology, music and family life. You will note the frequent references to my family, kids, etc.- all very family friendly. Newsome.Org has been online since 1996, has a lot of readers, and has been quoted/linked by Business Week, C|Net, CBS news and numerous other major media publications.
And it is apparently being blocked by Websense as a “malicious site.” See the attached screencap.
I have spent over a decade building Newsome.Org into the popular website it is today. It is a family friendly site. In fact, I have written for CBS news on family-related issues.
Blocking my site has a huge adverse impact on my traffic, and it is unnecessary and unfair. Please remove Newsome.Org from whatever list it was incorrectly placed on, so that it will not be blocked by the Websense application.
See, I was courteous, but made my point. I gave them a way to verify who I am and evidence that my blog was legitimate and certainly not a “Malicious” site. Meanwhile, my IT friends filed a similar request with Websense.
The Happy (and Quick) Resolution
Less than 24 hours later, I received a satisfactory response from Websense:
Thank you for writing to Websense.
The site you submitted has been reviewed by Websense Security Labs. We have made an update to the following URL(s) in our master database to address this issue:
http://www.newsome.org/ – Social Networking and Personal Sites
Categorization updates should be available in the next scheduled publication of the database. A new database is published every business day, five days a week, Pacific Standard Time. You should notice any updates referred to in this message within 72 hours.
Thank you for your assistance,
The Websense Database Services Staff
You know, I really can’t argue with that. It would have been better if I’d never gotten snared. Or if once I got out the first time, I was put on some whitelist to avoid a second problem. But Websense responded very quickly and did the right thing. Sure, their algorithm for indentifying malicious sites needs some work, but it’s hard to find fault with their response once the problem was pointed out.
A Cautionary Note
As noted above, Websense and undoubtedly other blocking applications have various administrator-selectable restriction levels. My IT guys told me that Newsome.Org should not have been blocked based on my company’s Websense configuration. But if a company blocks “music” or “social networking” sites, it would likely be inaccessible from that company’s network. In that case, I would have to take it up with the company. Or drop it.
Here are a few more resources that may be helpful if you’ve been snared.