Block sites that are not that are not present in your database
I do not know if it's a good idea, and if you can accomplish with a DNS service. I think, for FamilyShield DNS, it is important to block sites that are not already marked. Therefore it seems appropriate to block sites that are not present in your database.
Thanks and sorry for my bad english
-
I've been in the Information Security field for 14 years, and I cannot stress this enough. This needs to be implemented because as it was previously stated, it is a Security Best-Practice. I agree that it needs to be optional, instead of automatically included in the FamilyShield, but it really needs to be implemented. Every company that I have consulted for has seen dramatic reductions (usually between 75%-90%) in new malware infections by ensuring that this is implemented in some way. I was really hoping to simplify my home network (I'm on vacation so I can finally catch up on some much needed home infrastructure upgrades), but I have to keep my current transparent Proxy Server in place specifically to catch the Un-Categorized sites. Come on OpenDNS, lets get this right!
-
Having an option to block uncategorized domains whould not be a "great option for every day use" either. You can't imagine how many uncategized domains there are, but essential for websites to work, so many people would come to here again to complain about domains still not being categorized... -
It is interesting your argument rotblitz and don't get me wrong I understand it! I work for a big company and Unclassified websites are blocked. If we have an issue with that we can have Mcafee Classify it or we can have our internal IT security department whitelist it. Most people searching items do not usually have an issue with this and you would not encounter an unclassified website too often. Again if you do though it is only a matter of someone saying HEY I don't think that should be blocked and then asking the Admin to whitelist it.
I certainly hope OpenDNS is looking at this thread and is in process of creating an option for this. Even if it is apart of the Home VIP....
-
I have been watching this thread for 18 months now, and I'm getting a bit frustrated with the nay-sayers who assume we all must be a bunch of ignorant fools. Whitelisting is not the same at all, unless you expect me to whitelist a tens of thousands of commonly-used domains and all of the alternate domain names that are necessary to support them. I alone can't do that, but thanks to OpenDNS and the OpenDNS community, the data already exists. I don't want my family to only see a few hand-picked websites. I want them to have access to the vast majority of sites on the Internet. What I don't want them to have access to is rogue sites that are frequently used for phishing attacks. I also don't want them finding new and creative porn sites that pop up weekly and have yet to be included in filters.
I work at a federal agency with over 5,000 workstations and our IT Security team considers our "Unidentified Sites" filter to be absolutely essential to our Internet security. Yes, probably once a day I run into a site I can't immediately access. It isn't a huge deal. If I really need access I request that it be reviewed and it is available within 24 hours.
This isn't some bizarre, foolish, request. It is available as a standard feature in at least two different enterprise-class firewalls that have been used here at my office to manage IT security. Having the OPTION to add it to my filter preferences would greatly increase the utility of the OpenDNS service.
-
Having the ability to block unclassified domains would be one amazing option that OpenDNS is currently lacking. It is totally unfeasible to whitelist tens of thousands of perfectly acceptable domains, not to mention, they only allow up to 50. For example, if you search for "naked people," most of the things returned in that search will be blocked if your content filter is set up properly. However, many of those returned searches will still take you to domains that could be something like XRz57.com. This could be full of material that your content filter should block, yet misses, because this domain has not yet been categorized. If we have the ability to block all unclassified domains this would be included in that and would therefore be blocked. So, you would still have access to tons and tons of perfectly safe, categorized websites, while simply blocking everything that has not yet been categorized.
-
As a clickable category, that would be fine. The problem with the whole idea is that it takes time for a website to be tagged and then positively marked as a specific type of website. This is because users provide input. When a new site is blocked for no reason, and that block damages the ability of a business to do business because customers are being told that site is blocked by OpenDNS for no reason other than they are not on an allow list, then that can be very problematic.
The problem I would still have with this is that it would take time to get off the blocked list. They couldn't just be removed, because they would still need to be categorized. This basically penalizes new business. This might be a customers first introduction to OpenDNS, finding they are blocked for no reason on peoples computers.
-
I just want to make it clear that I understand the problem. For example site could rotate URLs so that it couldn't be blocked. Each new URL would allow it to slip past OpenDNS. Each time the blocking system caught up to it, it could change URL. Blocking new or unlisted sites solves that issue.
I think that the problems it causes by creating a class of websites that simple can't be view because they have not been rated solves that problem, but creates a larger problem.
-
I'm a huge fan of this idea. No, it probably shouldn't be turned on for everyone or even be a default option, but for those that want it, I think it should be available.
I disagree with the notion that having this option would somehow create more problems. If anything, I think it would be a huge plus for the OpenDNS community because it would spur people (those blocking sites) to categorize those sites. If I'm trying to shop on www.someshoppingsite.com and it's blocked. I'm going to log into OpenDNS and categorize it.
-
You are right that is a great idea. So in 2 to 4 weeks people would actually be able to go to www.someshoppingsite.com with worrying that it is actually a porn or phishing site and having to whitelist it to find out. Of course, some site are still not listed even though they have been in the system for months, because not enough rated them. No problem though, I'm sure that the owners of www.someshoppingsite.com would be willing ti sit patiently while their site was being blocked for no reason while it was fixed up by the community.
-
The concern for the poor owners of www.someshopping site.com might be valid if 100% of all internet users were going through OpenDNS. Most users aren't using OpenDNS and most OpenDNS users wouldn't have this option turned on (because it's the worst idea ever). So the impact to those sites would be minimal at most.
Those of us who want it should be able to have it. There are parents out there that don't want their kids going to some porn or phishing site for 2 to 4 weeks until it's blacklisted.
-
I agree that I would love to have this option. We use it at my large government office as an essential tool for stopping malware. My interest would be in having it as an anti-porn filter for my family. It is, admittedly, occasionally a pain. Here's one fairly straighforward way around the problem of blocked domains. This is essentially what is done at my office: For paying customers, create a special landing page that comes up on pages that are blocked for being "uncategorized." The page would have a form that would allow the end user to request that the particular domain be cleared. The end user could type a message into the request. The request would generate an e-mail to the admin on the account in question. The admin could then go in and approve the site for the local network by categorizing it for the whole OpenDNS community.
-
"create a special landing page that comes up on pages that are blocked for being "uncategorized." The page would have a form that would allow the end user to request that the particular domain be cleared. The end user could type a message into the request. The request would generate an e-mail to the admin on the account in question."
Not sure why you're explaining this process here. Exactly this is in place already since years for the block pages, with free accounts too. Isn't that the case with your account?
If not, go to Dashboard > Settings > Customization and check the option Show Contact Admin Form.
Also, at https://dashboard.opendns.com/myaccount/email enter an e-mail address in Network feedback email address. You're done then."The admin could then go in and approve the site for the local network by categorizing it for the whole OpenDNS community."
This is not and should not be possible that a single individual can finally approve a domain for the community, generally not. This would lead to significant abuse of domain categorization.
According to the existing domain tagging process (http://community.opendns.com/domaintagging/faq/), a few people must vote up the submission first before it can be approved by a domain tagging moderator. One thing such an "admin" could do is to submit/tag the domain for a category, but this is still far from an approval and has no effect before. The other thing this "admin" could do is to add the domain to the "never block" list.
Or did I misunderstand you, and you meant to say something totally different?
Edit April 2019:
No matter how many people vote on this idea, it will never be implemented, because of this:
https://support.umbrella.com/hc/en-us/articles/115005578883If you want something like this, you subscribe to OpenDNS Home VIP which comes with whitelist-only mode.
-
Thanks, I didn't know about the Admin Form option. Sorry for wasting reading time on that.
On the other point, I should have been more specific. I meant that the admin could submit and tag the domain. At the same time, the submission would function as a categorization immediately for the user's own account. I know that involves building out additional functionality. That's why I'm commenting in the "Idea Bank."
-
"The admin could then go in and approve the site for the local network by categorizing it for the whole OpenDNS community."
It has been my experience that these type of request have very low priority, so it might be difficult to get a site actually unblocked. Then the person unblocking it would need to take responsibility for allowing this type of site. i.e. they would have to determine if the site met the blocking rules for the company that they work for. That opens that person up to issues if they incorrectly identify a site or if a site is misrepresented.
This moves the admin from a passive role where OpenDNS and the community determine the classification of the site, to a more active role of being the final gatekeeper. I think that can be problematic both for users and admins.
I still say that for a system where all domains are blocked, unless they are fully tagged and approved, the OpenDNS system is simply too slow for that type of process. The responsiveness of OpenDNS would need to be greatly improved for this to be effective.
As long as this can be turned off, I see no reason why it can't be put into place, but I think that OpenDNS needs to think long and hard about the effect this will have on its reputation. Rather than being the good guy protecting families and companies against sites they don't want to go to, it becomes a ham-fisted domain Nazi that blocks domains without ever reviewing them.
-
I think having the "uncategorized" feature would be very useful to families. I don't want my children searching and end up getting to a site that they should not see. If it is an OK site then I can white list it until it is tagged and approved. I feel that it should be an option and people can turn on or off as they choose. Just my thoughts on this. I have been asking for this for over 3 years.
-
Having an unclassified or "Not Listed" category is a good idea. However, the error screen for the blocked domain must say that the URL is being blocked as a result of NOT being listed, rather than being listed so that users who encounter the block will know to notify their admin to have it unblocked if it is a valid URL, rather than one that is being blocked by policy. That is important because users often make assumptions based on the blocking, it will be a disservice to web site owners of their site was blocked and users thought it was because it had bad content rather just having the sin of omission from a database.
-
This is the message I get at work several times a week:
Based on your corporate access policies, access to this web site ( http://www.somedomain.com/index.htm ) has been blocked because the web category "Uncategorized URLs" is not allowed.
Admittedly it could be improved upon.
-
They added Typo Squatting and Web Spam but they are not a default. I think it should not be difficult to add an item that allows uncategorized urls to be blocked. I am sure businesses would not care to use it, but for those that use it at home or even for schools this is useful option. Just my opinion.
-
"but they are not a default."
None of the content filtering categories are active by default unless you use the FamilyShield addresses. This is intentional for good reasons and shall stay this way. Also an "uncategorized sites" category should never be active by default. This all has to be a decision of the individual home network admins.
Phishing and malware site blocking are active by default nevertheless which is good.
Please sign in to leave a comment.
Comments
117 comments