Block sites that are not that are not present in your database

Comments

116 comments

  • Avatar
    serra

    Worst idea ever.  Then every web designer on the planet who is developing a new site gets that site blocked on their computer and their clients computer before it is even open. 

  • Avatar
    utognazzi

    Ok I understand. Thanks

  • Avatar
    utognazzi

    But if OpenDNS staff introduce this idea like an option in the dashboard that we can select?

    What do you think about this?

  • Avatar
    serra

    As a clickable category, that would be fine.  The problem with the whole idea is that it takes time for a website to be tagged and then positively marked as a specific type of website.  This is because users provide input.  When a new site is blocked for no reason, and that block damages the ability of a business to do business because customers are being told that site is blocked by OpenDNS for no reason other than they are not on an allow list, then that can be very problematic. 

    The problem I would still have with this is that it would take time to get off the blocked list.  They couldn't just be removed, because they would still need to be categorized.  This basically penalizes new business.  This might be a customers first introduction to OpenDNS, finding they are blocked for no reason on peoples computers. 

     

  • Avatar
    serra

    I just want to make it clear that I understand the problem.   For example site could rotate URLs so that it couldn't be blocked.  Each new URL would allow it to slip past OpenDNS.   Each time the blocking system caught up to it, it could change URL.   Blocking new or unlisted sites solves that issue.

    I think that the problems it causes by creating a class of websites that simple can't be view because they have not been rated solves that problem, but creates a larger problem.

  • Avatar
    cervezafria

    +1

    I like the concept of an "Uncategorized" category that could be checked off for blocking. Seems easy to implement at a Dashboard level.

  • Avatar
    utognazzi

    Ok thanks :)

  • Avatar
    hopslover

    Sorry, Serra, but not everybody thinks like you do.  I understand your point, but as a parent, I'd rather have the option of turning off uncategorized sites.

  • Avatar
    hopslover

    I'm a huge fan of this idea.  No, it probably shouldn't be turned on for everyone or even be a default option, but for those that want it, I think it should be available.

    I disagree with the notion that having this option would somehow create more problems.  If anything, I think it would be a huge plus for the OpenDNS community because it would spur people (those blocking sites) to categorize those sites.  If I'm trying to shop on www.someshoppingsite.com and it's blocked.  I'm going to log into OpenDNS and categorize it. 

  • Avatar
    serra

    You are right that is a great idea.  So in 2 to 4 weeks people would actually be able to go to www.someshoppingsite.com with worrying that it is actually a porn or phishing site and having to whitelist it to find out.  Of course, some site are still not listed even though they have been in the system for months, because not enough rated them.  No problem though, I'm sure that the owners of www.someshoppingsite.com would be willing ti sit patiently while their site was being blocked for no reason while it was fixed up by the community.  

  • Avatar
    hopslover

    The concern for the poor owners of www.someshopping site.com might be valid if 100% of all internet users were going through OpenDNS.  Most users aren't using OpenDNS and most OpenDNS users wouldn't have this option turned on (because it's the worst idea ever).  So the impact to those sites would be minimal at most.

    Those of us who want it should be able to have it.  There are parents out there that don't want their kids going to some porn or phishing site for 2 to 4 weeks until it's blacklisted.

  • Avatar
    utognazzi

    Thanks Hopslover :)

    I sent an email to OpenDNS staff.

  • Avatar
    utognazzi

    And thanks Cervezafria and Serra for all comments and ideas

  • Avatar
    ereedy

    I agree that I would love to have this option. We use it at my large government office as an essential tool for stopping malware. My interest would be in having it as an anti-porn filter for my family. It is, admittedly, occasionally a pain. Here's one fairly straighforward way around the problem of blocked domains. This is essentially what is done at my office: For paying customers, create a special landing page that comes up on pages that are blocked for being "uncategorized." The page would have a form that would allow the end user to request that the particular domain be cleared. The end user could type a message into the request. The request would generate an e-mail to the admin on the account in question. The admin could then go in and approve the site for the local network by categorizing it for the whole OpenDNS community.

  • Avatar
    rotblitz (Edited )

    "create a special landing page that comes up on pages that are blocked for being "uncategorized." The page would have a form that would allow the end user to request that the particular domain be cleared. The end user could type a message into the request. The request would generate an e-mail to the admin on the account in question."

    Not sure why you're explaining this process here. Exactly this is in place already since years for the block pages, with free accounts too. Isn't that the case with your account?
    If not, go to Dashboard > Settings > Customization and check the option Show Contact Admin Form.
    Also, at https://dashboard.opendns.com/myaccount/email enter an e-mail address in Network feedback email address. You're done then.

    "The admin could then go in and approve the site for the local network by categorizing it for the whole OpenDNS community."

    This is not and should not be possible that a single individual can finally approve a domain for the community, generally not. This would lead to significant abuse of domain categorization.

    According to the existing domain tagging process (http://community.opendns.com/domaintagging/faq/), a few people must vote up the submission first before it can be approved by a domain tagging moderator. One thing such an "admin" could do is to submit/tag the domain for a category, but this is still far from an approval and has no effect before. The other thing this "admin" could do is to add the domain to the "never block" list.

    Or did I misunderstand you, and you meant to say something totally different?

    Edit April 2019:
    No matter how many people vote on this idea, it will never be implemented, because of this:
    https://support.umbrella.com/hc/en-us/articles/115005578883

    If you want something like this, you subscribe to OpenDNS Home VIP which comes with whitelist-only mode.

  • Avatar
    ereedy

    Thanks, I didn't know about the Admin Form option. Sorry for wasting reading time on that.

    On the other point, I should have been more specific. I meant that the admin could submit and tag the domain. At the same time, the submission would function as a categorization immediately for the user's own account. I know that involves building out additional functionality. That's why I'm commenting in the "Idea Bank."

  • Avatar
    serra

    "The admin could then go in and approve the site for the local network by categorizing it for the whole OpenDNS community."

    It has been my experience that these type of request have very low priority, so it might be difficult to get a site actually unblocked.  Then the person unblocking it would need to take responsibility for allowing this type of site.  i.e. they would have to determine if the site met the blocking rules for the company that they work for.  That opens that person up to issues if they incorrectly identify a site or if a site is misrepresented.  

    This moves the admin from a passive role where OpenDNS and the community determine the classification of the site, to a more active role of being the final gatekeeper.  I think that can be problematic both for users and admins.

    I still say that for a system where all domains are blocked, unless they are fully tagged and approved, the OpenDNS system is simply too slow for that type of process.  The responsiveness of OpenDNS would need to be greatly improved for this to be effective.

    As long as this can be turned off, I see no reason why it can't be put into place, but I think that OpenDNS needs to think long and hard about the effect this will have on its reputation.  Rather than being the good guy protecting families and companies against sites they don't want to go to, it becomes a ham-fisted domain Nazi that blocks domains without ever reviewing them. 

  • Avatar
    ereedy

    Serra - this is a feature that has been present at my federal agency using network devices from Bluecoat and from Cisco. I don't think it is at all uncommon. In fact, I think that making this optional is now the industry standard.

  • Avatar
    picardfamily

    I think having the "uncategorized" feature would be very useful to families. I don't want my children searching and end up getting to a site that they should not see. If it is an OK site then I can white list it until it is tagged and approved. I feel that it should be an option and people can turn on or off as they choose. Just my thoughts on this. I have been asking for this for over 3 years.

  • Avatar
    cervezafria

    @OpenDNS Brian... How difficult is it to add an "Unclassified" option to the Settings' Web Content Filtering table—can we have this option available next week?

  • Avatar
    serra

    Having an unclassified or "Not Listed" category is a good idea.  However, the error screen for the blocked domain must say that the URL is being blocked as a result of NOT being listed, rather than being listed so that users who encounter the block will know to notify their admin to have it unblocked if it is a valid URL, rather than one that is being blocked by policy.  That is important because users often make assumptions based on the blocking, it will be a disservice to web site owners of their site was blocked and users thought it was because it had bad content rather just having the sin of omission from a database.

  • Avatar
    ereedy

    This is the message I get at work several times a week:

    Based on your corporate access policies, access to this web site ( http://www.somedomain.com/index.htm ) has been blocked because the web category "Uncategorized URLs" is not allowed.

    Admittedly it could be improved upon.

  • Avatar
    promitheus

    Let's say someone is logged in his account in opendns and surfs to an unclassified domain. In that case a small banner asks him to classify the domain.

  • Avatar
    picardfamily

    They added Typo Squatting and Web Spam but they are not a default. I think it should not be difficult to add an item that allows uncategorized urls to be blocked. I am sure businesses would not care to use it, but for those that use it at home or even for schools this is useful option. Just my opinion.

  • Avatar
    rotblitz

    "but they are not a default."

    None of the content filtering categories are active by default unless you use the FamilyShield addresses. This is intentional for good reasons and shall stay this way. Also an "uncategorized sites" category should never be active by default. This all has to be a decision of the individual home network admins.

    Phishing and malware site blocking are active by default nevertheless which is good.

  • Avatar
    utognazzi

    Hi, I forgot to show you the answer of OpenDNS staff:

    Thank you very much for your patience and feedback about our services. The best alternative to what you are asking for, we do offer the VIP service for $19.95 a year and it has the ability to block all sites except for what is white listed in your account. Below I've included all the features if you are interested, and let us know if you have any questions.

    • Speedier DNS resolution
    • Protection from phishing sites based on what we have listed in our PhishTank database, located at http://www.phishtank.com/
    • One year's worth of stats and logs, but this requires opening a web-based OpenDNS account
    • You can add only one IP address to your account
    • RFC-compliant DNS resolution
    • Web content filtering, controlled from the OpenDNS dashboard athttp://dashboard.opendns.com
    • Up to 50 blacklisted domains on your network, as well as up to 50 whitelisted domains on your network
    • Whitelist-only ability, meaning that you can block ALL domains, except for those you explicitly allow on your network
    • Enhanced customization of the block page on your network

    Best regards,

    Anthony Honciano
    Customer Support Representative
    OpenDNS, Inc.

  • Avatar
    rotblitz

    This is nothing new. But yes, the whitelist-only mode would block also "sites that are not present in your database".

  • Avatar
    ereedy

    I find it frustrating when someone offers as an "alternative" something that really isn't an alternative. I'm not asking to restrict my family to only seeing 50 sites (and I already do pay for the VIP Service). It makes me feel like they really aren't getting what we are asking for.

  • Avatar
    picardfamily

    I agree, I just want to provide a little more protection for my family. I have tried the Norton Family Parental control and it had a category for allowing anything not listed to be locked. I loved that feature, just the software sucked. I don't think we are asking alot when requesting this feature. Are we?

  • Avatar
    whataboutme

    +1 on this feature. I would have to agree with adding this feature. This gives families in particular another level of protection. There'll be plenty of other members in the opendns community who can categorize these sites. And the whitelist idea is NOT an alternative. 

Please sign in to leave a comment.