Websense is a company that develops and sells web security gateway software. This is the sort of software that companies use to keep employees from surfing porn, downloading virus infested files from peer to peer sharing sites and visiting other unacceptable sites.  There are various levels of restriction and the customer (e.g., the company IT department) decides how restrictive it wants to be.

Some folks have an emotional reaction to any sort of access restriction and claim that companies like Websense are inherently evil.  Websense has also come under criticism on the grounds that its software assists repressive regimes in restricting freedom of speech.  All of these points are worth discussing, but we have to realize that the issue is not as black and white as emotional reasoning may make it seem.

Anyone who has kids or lots of employees who will click on anything knows that sometimes you simply have to protect people from themselves.  And you have to protect your network from the people who need protection from themselves.  Blaming Websense because some dictator de jour uses its software to oppress freedom of speech is not too far from blaming Google because someone types hate mail using Google Docs.  While it might be a small victory to whip the pen and paper, it would be a more effective victory to whip the person writing with it.  Sure, it would be nice to live in a world where these applications weren’t necessary, but we don’t.

Having said that, I believe strongly that the developers and operators of these blocking applications have a duty to ensure that access to legitimate sites is not affected.  Legitimate should be broadly defined, without regard for politics, religion or philosophy.  If that duty is not met, then the developers and operators should be held accountable.  These blocking applications are the online equivalent of weapons- they can kill a website in an instant.  Just like guns, you need to be trained to use them, and you must handle them with utmost care.

Of course, that doesn’t always happen.  This family oriented, tech and music blog has been snared in Websense’s blocking net.  Twice.

For reasons that I never understood, Newsome.Org was first blocked by Websense back in 2006.  Eventually, I was able to get it off of whatever blacklist it had accidently been placed on, and Newsome.Org happily rejoined online society and we all went about our business.  For a while.

Earlier this week, while trying to figure out why Evernote occasionally has authentication problems when I synch the desktop client from my office, I tried to click through to Newsome.Org to test my internet connection.  I ran straight into this.

I’ve seen that before.  In three years I have moved from a bad “Entertainment” site to a really bad “Malicious” site.  I was greatly irritated, to put it mildly.

So I resolved to get out of Websense’s net, again.  Here’s what to do if Websense is blocking your blog or website.  While I was dealing with Websense, the same general approach should be applicable for any blocking application.

Email No. 1 (to my IT department)

First, I wanted to get the IT guys at my company on my side.  These guys are the customer of some security vendor who is a customer of Websense.  I figured if Websense wouldn’t listen to me, it might listen to them:

I just noticed that Websense has somehow added my blog (tech, music, etc.) to its list of malicious web sites. My blog has been operational for years, and has been quoted by C|Net, Business Week, etc. In other words, it’s a legitimate web site and not malicious.

Do we have a contact there who I can speak to about this? It would be a lot easier if I could talk to someone and work it out the nice, friendly way. I am concerned that people all over the place are unable to read my blog because these jerks have somehow decided to censor me.

Thanks,
Kent

The IT guys at my company are cool guys and friends of mine.  They very quickly reached out to their security vendors to see what could be done.

Research

Next, I did a little Google work to see what I could find out.  I saw a lot of discussion about what to do if your site gets blocked, with several links to a Websense “suggest a URL category” page that looked promising.  Unfortunately, that page no longer exists.  Eventually, I saw a reference to an email address for “suggesting” a site (suggest@websense.com).  So I decided to write and suggest that they stop blocking Newsome.Org.  I was irritated, but in most cases it’s best to start out friendly, as you can generally catch more flies with honey and you call always get meaner later if you have to.  Once you’ve been an asshole, it’s really hard to go the other direction.

Email No. 2 (to Websense)

Next, I wrote a short, but thoughtful, email to Websense.

Hello.

My name is Kent Newsome. I am a partner at ################ (a Websense customer). Here is my bio for confirmation.

[link to my company bio]

I also have a personal blog, Newsome.Org (www.newsome.org), which focuses on technology, music and family life. You will note the frequent references to my family, kids, etc.- all very family friendly.  Newsome.Org has been online since 1996, has a lot of readers, and has been quoted/linked by Business Week, C|Net, CBS news and numerous other major media publications.

And it is apparently being blocked by Websense as a “malicious site.”  See the attached screencap.

I have spent over a decade building Newsome.Org into the popular website it is today. It is a family friendly site. In fact, I have written for CBS news on family-related issues.

http://www.newsome.org/2006/06/cbs-reaches-out-to-bloggers/

http://www.cbsnews.com/stories/2006/06/12/gentech/main1704170.shtml

Blocking my site has a huge adverse impact on my traffic, and it is unnecessary and unfair.  Please remove Newsome.Org from whatever list it was incorrectly placed on, so that it will not be blocked by the Websense application.

Thanks,
Kent Newsome

See, I was courteous, but made my point.  I gave them a way to verify who I am and evidence that my blog was legitimate and certainly not a “Malicious” site.  Meanwhile, my IT friends filed a similar request with Websense.

The Happy (and Quick) Resolution

Less than 24 hours later, I received a satisfactory response from Websense:

Thank you for writing to Websense.

The site you submitted has been reviewed by Websense Security Labs. We have made an update to the following URL(s) in our master database to address this issue:

http://www.newsome.org/ – Social Networking and Personal Sites

Categorization updates should be available in the next scheduled publication of the database. A new database is published every business day, five days a week, Pacific Standard Time. You should notice any updates referred to in this message within 72 hours.

Thank you for your assistance,
The Websense Database Services Staff

You know, I really can’t argue with that.  It would have been better if I’d never gotten snared.  Or if once I got out the first time, I was put on some whitelist to avoid a second problem.  But Websense responded very quickly and did the right thing.  Sure, their algorithm for indentifying malicious sites needs some work, but it’s hard to find fault with their response once the problem was pointed out.

A Cautionary Note

As noted above, Websense and undoubtedly other blocking applications have various administrator-selectable restriction levels.  My IT guys told me that Newsome.Org should not have been blocked based on my company’s Websense configuration.  But if a company blocks “music” or “social networking” sites, it would likely be inaccessible from that company’s network.  In that case, I would have to take it up with the company.  Or drop it.

Resources

Here are a few more resources that may be helpful if you’ve been snared.

Lightspeed Database Search
Blog Herald: How Do You Know if Your Blog is Banned or Blocked
Boing Boing:  Guide to Defeating Censorware

Follow. But. Follow only if ye be men of valour, for the entrance to this cave is guarded by a creature so foul, so cruel that no man yet has fought with it and lived.
–-Tim

So I set up my private cloud.  Reports were positive.  I was feeling good.

Until I got to the office this morning.  Since my network permissions will always override my internet permissions when I am accessing my cloud from home, I decided to see how true remote access worked.  I gleefully pointed my browser to BuffaloNAS.com, Buffalo’s remote access portal.  As I was preparing for the sheer awesomeness that my private cloud was surely about to deal. . .

That happened.

“Peer-to-Peer File Sharing?”  Are you freakin’ kidding me?  I hadn’t thought about Websense since 2006, when it concluded that a bunch of web sites, including mine, should be censored for the good of society, or something like that.  Just when I thought it was all good and the world was one giant field full of butterflies, unicorns and A-Listers about to start linking wildly to my blog posts, I get another beatdown by the man.

I know, from talking to our IT folks, that my company only uses Websense to restrict access to porn sites (that’s certainly appropriate) and, as noted above, “Peer-to-Peer File Sharing” sites.  This would also be appropriate, if you’re talking about torrent sites and whatever has replaced Napster.  Lots of computer un-saavy folks use computers at work and there is an eager clicker for every trojan horse or phishing scam.  Unless they want to spend all day wiping and restoring computers, the IT folks have to protect people from themselves.  On the other hand, if Websense defines every site that allows the possibility of accessing a file as a peer-to-peer file sharing site, we’re talking about a pretty wide net.  Right click on almost any link, anywhere and, as big as Elvis, there’s an option to save (e.g., download) the target file.

Interestingly enough, while Buffalo’s NAS site was snared in this net, several online storage sites (no names because I don’t want to inadvertently nark) were not.

Other than a general skepticism about companies that get paid to decide what falls within or without the forbidden zone, I’m not proposing any specific reforms.  I’m certainly not proposing that everyone should have the right to access their private clouds from their offices.  Practically speaking, I would rarely if ever need to access my cloud from my office 8 miles away.  If I’m in town, I’m staying at home and can get whatever I need when I get there.

But nets too wide and an overly active distrust of technology are not conducive to the sort of technological advancements I am interested in using and writing about.  I also think a lot of people are kidding themselves if they think corporate America is about to toss all its content into the very same cloud it is currently so wary of.

And it’s kind of a bummer that the same company that decided my entire web site should be blocked has now rained all over my private cloud parade.

When I read the post the other day at Boing Boing about internet censors denying people access to Boing Boing, I thought that was stupid and mentally wished Cory, et al. success in their efforts to expose such nonsense.

Then I sort of forgot about it.

Until, that is, Steve Newson discovered today that Newsome.Org is also being blocked by these idiots. Steve has all the particulars posted on his site, but the bottom line is that some outfit called Websense has decided that Newsome.Org is forbidden entertainment and has added it to its blocked sites list.

Let me first say a word about my censorship philosophy.

Business Context

There are only two legitimate reasons to censor adults at work- bandwidth issues and security issues. If everyone is listening to online radio at the same time, that can bring the entire network to a crawl, and that’s not good. Additionally, IT departments simply have to protect people from themselves where viruses, etc. are concerned. 99 people might know better than to open an email containing a virus, but the 100th person will do it every time.

Otherwise, if you have people who want to goof off and they can’t goof off on the net, they’ll goof off some other way. If they are not getting their work done, keeping them from reading Boing Boing and Newsome.Org is not going to change a thing.

That is an HR issue, not a technology issue.

Family Context

My kids aren’t yet old enough to surf the net (thankfully). But when they are, you can bet Daddy will lock down the family computer in a material and redundant fashion to keep them from seeing stuff on the net that we don’t let them watch on TV.

So I’m not a censorship basher. To the contrary, I am a future customer.

But this is Horse Manure

But for some jackass sitting in a cubicle somewhere to decide that this site, which by design is very family friendly, should be blocked is utter nonsense.

I’m going to look into this business and see what I can find out. I’ll leave it at that for now.

In the meantime, please read Boing Boing’s Guide to Defeating Censorware.

And stay tuned.