
Dear Microsoft: fsf.org is not a "gambling site"  - pwg
http://www.fsf.org/blogs/community/dear-microsoft-fsf.org-is-not-a-gambling-site
======
cgranade
From the article: "Proprietary security software is an oxymoron -- if the user
is not fundamentally in control of the software, the user has no security."

I could not agree more.

~~~
arihant
I cannot agree with you. A user, on a given day, interacts with countless
interfaces, not all of those interfaces have to do with technology.

If you give everyone 100% control over every interface - this will drive the
world crazy. How much control do you have on your house lock - do you take it
apart everyday? How much control do you have on temperature regulation in your
fridge, except for temperature dial?

People in computing must realize that a computer is just another interface for
a user. For a programmer, I agree with you. But if I made cupcakes for a
living, I'd want control over my oven, not my computer. As a programmer
though, I trust that my oven company did their job and eat food out of it
everyday.

~~~
tikhonj
That's not really a valid analogy. Why? Well, the user of an open source
product gets the same sort of interface as the user of a proprietary product.
It can be a pretty GUI that only presents the things you care about.

The difference comes when you want to customize its behavior--in the open
source version, you could five until the code yourself or, more likely, hire
somebody to look into it for you. Similarly, if you were very worried about
security, you could run an independent audit of the code yourself. Neither of
these options exists for a proprietary product.

Basically, you're arguing against a straw man. Nobody is suggesting giving the
user more options in the interface. Rather, the suggestion is to give the user
access to the source code in case they want something modified.

The "fundamental control" in question is about who gets to see and use the
source code, not about what the average user can do from a GUI.

~~~
joesb
> The difference comes when you want to customize its behavior

What does that have to do with whether the unmodified one must means user has
no security?

All you said can mean you can be more sure that open source code is secure.
But it does in no way proof that "proprietary security software mean no
security at all (EDIT: better be 'proprietary security software mean user has
no security')".

~~~
nitrogen
That was addressed in the parent poster's very next sentence:

 _Similarly, if you were very worried about security, you could run an
independent audit of the code yourself. Neither of these options exists for a
proprietary product._

------
thebigshane
Off topic...

    
    
      BadVista campaign pages were conspicuously absent from 
      Microsoft's live.com search results, even though the same 
      pages had been appearing on the first page of "windows 
      vista" Google results for some time. Many people contacted 
      Microsoft about this, and eventually the pages began 
      appearing as one would expect. 
    

I wonder if services like DuckDuckGo, who aggregate search results across
multiple providers, are effective at bypassing this kind of censorship[1]? For
example if Yahoo started filtering out sites that are negative towards Yahoo,
and Microsoft did the same for their brand, and Google did the same for their
brand. I think DuckDuckGo would be able to provide a more balanced result set.

(Unfortunately the place where DDG seems to least effective is when I'm
looking for a particular article by searching for a certain phrase; Google
always seems to find it and with DDG I have to dig around. So hopefully that
article isn't anti-Google...)

[1]: <https://en.wikipedia.org/wiki/Corporate_censorship>

------
nhebb
The software in question appears to be Microsoft Forefront Threat Management
Gateway. From the features page [1], it states:

 _"Forefront TMG 2010 blocks malicious sites more effectively by using
aggregated data from multiple URL filtering vendors and the anti-phishing and
anti-malware technologies that also protect Internet Explorer 8 users. The
highly accurate categorization of websites also blocks sites that may violate
corporate policies."_

Unless IE8 blocks fsf, then we can assume that the "multiple URL filtering
vendors" are the source. Does anyone know who the URL filtering vendors might
be?

[1] [http://www.microsoft.com/en-us/server-
cloud/forefront/threat...](http://www.microsoft.com/en-us/server-
cloud/forefront/threat-management-gateway-features.aspx)

------
UnoriginalGuy
This seems like a Hanlon's razor situation to me. A lot of these lists are
purchased from third parties who do this for a living (make blacklists).

While we cannot say anything for certain until Microsoft responds - I think
their response will essentially blame a "partner" and release an update which
removes the FSF from the gambling blacklist.

~~~
jlgreco
Honestly I think Grey's Law should apply here.

~~~
eropple
Grey's Law? Because Snidely Whiplash at Microsoft really and fundamentally
cares about what the FSF is going to say to people, right? They care so deeply
that they're going to unleash a bwa-ha-ha eeeeeevil campaign to call the FSF's
site a gambling site?

Or, shock of shocks, maybe one person, working for the third-party that sold
Microsoft that particular "dodgy domains" list, clicked the wrong checkbox on
that one domain (of many hojillions checked per week).

~~~
jlgreco
I think you have misunderstood Grey's Law. The point is that it does not
really matter if they did not try it.

I think you probably need to calm down though.

------
DanBC
Could someone explain how a mistake like this happens?

If there was a person typing IP addresses into a list I can imagine them
making a typo, but obviously that's absurd and these lists are auto-created.
So how does a website get labelled as a gambling site?

~~~
UnoriginalGuy
Based on non-Microsoft software, what happens is that uncategorised sites are
fed back upstream, so the software provider receives a list of pages.

They will then forward this to a partner likely owned in the West but who out-
sources most of the actual work to somewhere cheap: like India or perhaps
China.

Then you have a bunch of people who come into work, and work their way through
a massive list of web-pages trying to spend no more than few seconds on each
(metrics etc) and put them into boxes: \- Adult \- Web Mail \- Social Media \-
News \- Entertainment \- Gambling \- et al

These lists are then sold to many companies like Microsoft, firewall vendors
like Sonicwall, Parent Software like Netnanny, and also sold on to people who
write anti-spam software.

Essentially it is an entire industry.

~~~
gcr
Sounds like machine learning could be competitive here. It shouldn't be very
hard to outperform a system that gives false positives for FSF.org

~~~
aristus
Except that no one involved really gives a shit. This is enterprise software
bought by some manager to restrict access for the hoi-polloi in order to
satisfy some HR rule. It's at least three levels removed from reality.

------
apaprocki
Each of these systems are probably different, but the way one vendor's system
has been explained to me is that an automated classifier will eventually visit
most sites and will come up with a computed category for only the main page.
The system does not want to give full access to the site with a lot more
potential harm, so if a customer visits one of these automatically classified
sites and sees it is restricted, they can submit a classification at which
point an employee will verify the classification and unlock the full site.
Sometimes the restrictions are bizarre, such as allowing the HTML content to
be viewed, but not the CSS. This process takes up to 24 hrs. From what I've
seen, these automated classifiers are not always friendly to hostnames tacked
onto a domain name (e.g., fsf.org/donate would probably be better than
donate.fsf.org). They also routinely prevent visiting new domain names thrown
up in Show HN posts until the URL is submitted for classification and gets
whitelisted.

------
clebio
I read this discussion when it showed up a few days ago, but at my work,
fsf.org is accessible. Today, though, I was reading this article on
Reacreational SVG (<http://intertwingly.net/blog/2007/02/16/Recreational-SVG>)
and find that the linked Open Solutions Alliance page
(<http://www.opensolutionsalliance.org/>) is blocked by my employer's
filtering (BlueCoat), so I'm somewhat distressed. I gather OSA is a benevolent
organization (<http://en.wikipedia.org/wiki/Open_Solutions_Alliance>) and
certainly not 'Scam/Questionable/Illegal' as the blocking page claims. Ach,
schade.

------
readme
> We will avoid attributing this error to malice just yet, and wait for their
> correction

That's OK. I'm pretty sure it's malice already.

------
billpatrianakos
At the end they ask people to ask their employers to stop using Microsoft
software like the kind causing this problem.

First, I really doubt all but a handful of companies would actually do this on
account of the FSF site being blocked. It's a simple cost benefit analysis.
The cost of replacing such software is high and the occurrences of such
mistakes that would actually hurt a company are rare. Therefor it's not
happening the vast majority of times.

Secondly, I'm surprised the FSF is using a service that has anything to do
with proprietary, closed source, non-free software. Given their philosophy
you'd think they'd have found some way to collect donations that uses free
software from top to bottom. Maybe I'm way off on this but one of my first
thoughts was that maybe even complaining about this takes away just a bit of
the FSF's credibility. They preach the gospel of free software but when it's
time to fundraise they make an exception? Is this a "do as I say, not as I do"
situation now?

I'm not trying to be overly critical and I realize this may be a bit pedantic
too. It's not a big deal to me, just thought it interesting. Food for thought
maybe.

~~~
kaolinite
When you say mention "a service", are you referring to PayPal? In fairness,
there are 0 payment gateways (as far as I know) that are open-source, sadly,
so they don't have much choice. I guess the only option they have is Bitcoin,
which they accept, however as that hasn't caught on they have little choice
other services too.

~~~
ams6110
So, when it comes to walking the walk, are you saying FSF is just like
everyone else: free software is great, as long as it doesn't stand in the way
of making money?

~~~
jiggy2011
If they couldn't raise funding they would be unable to do anything.

They would also have to forego actually purchasing anything incase proprietary
software was used anywhere in the supply chain.

It's a bit like the whole "Al-gore/Jet" argument, sometimes you have to make
sacrifices of principles for the "bigger picture".

------
shellox
I know this cases from work:

* perl.org => pornography * duckduckgo => web proxy * google images => image sharing * flickr, devianart, youtube, vimeo etc. => media sharing * HN => hacking * securityfocus => gambling

There are more cases, of course. That's why I use tethering to access the
internet at work ;)

------
cooldeal
This reminds me of working at a place where the Sonicwall filtering service
would block the browser "Opera Desktop Blog" link claiming it was a
swimsuit/modeling site.

<http://en.wikipedia.org/wiki/Websense#Blocking_errors>

------
AlexFromBelgium
_"This reminds me of another situation several years ago, when BadVista
campaign pages were conspicuously absent from Microsoft's live.com search
results,..."_

If you have poo, fling it now!

~~~
AlexFromBelgium
Humor isn't HN's strong spot :S

------
cezar_sl
Well, truth being said, using free software without the support you get from
buying Microsoft is a gamble.

