The other day I tried to click on a tinyurl.com link while at work. I was surprised to see a site-blocked message from our SonicWALL firewall. Why block tinyurl? All it does is let you take a very lengthy URL (which are increasingly common for a lot of reasons) and convert it into a very short one. This is very useful for putting URL’s in email because some email readers break URL’s in half if they are longer than one line. This of course renders the URL useless, unless you take the time to paste it back together.
I did a short search, and it turns out that tinyurl is one of the sites that firewall companies have decided we don’t need to see. Actually, they classify it as a proxy bypass tool, but the net result is that they’ve decided tinyURL is guilty until proven innocent. Like the extra ounce of shampoo in the TSA security line, because it could be dangerous, it is dangerous.
This is fascinating to me because it creates a huge gap.
You see, tinyURL is blocked by default. You can unblock it, but the interesting part is that must be done by IT. IT, who has just about everything else to do but answer requests like this, and has a built-in defense against spending any time on it: It’s a default setting on the firewall, and we trust their judgement.
The employee probably isn’t motivated to get it unblocked, because going to some IT departments with a request like this is a great way to ask for trouble, even if you’ve got some ironclad business reason for needing it unblocked. Never mind that the tinyurl you can’t read may be pointing to a relevant article on a blog; It ain’t the Wall Street Journal or a company memo.
That leaves tinyurl.com. Or Facebook. Or Linkedin or a ton of other quasi-business sites to find a way to get firewall companies to not block them by default. They end up blocked in the first place at least partly because the firewall users block them, or some of them do.
From SonicWALL’s site:
SonicWALL CFS categorizes millions of URLs, IP addresses and domains in a continuously updated, dynamically rated database. CFS rates over four million URLs, with hundreds more added daily. Because the ratings are determined both by artificial intelligence and human observation, the database is highly accurate, and the instance of false positives is minimized.
I think it’s safe to say that part of the process is measuring how much time people spend on sites, so, ironically, the usage a site promotes might just be what gets it blocked.
Consider Linkedin and Facebook. Facebook is blocked, but Linkedin isn’t. I think that’s because Facebook came from the non-business end of the social networking space, but Linkedin came from the business end. Facebook can be a sinkhole for time. Between the applications, the photos, the groups and discussions one could really spend all day there and some probably do. Linkedin was the stoic busienss site. There wasn’t much to do except invite people, process requests, or tweak a rather limited profile. Linkedin has since tried very hard to become a lot more like Facebook. My prediction is that very soon Linkedin will cross the threshold, and will become a site that chews up so much time that companies block it.
The firewall blocks a site because a segment of it’s customers decide to, and by automation. The customer company probably has no way to check the list of blocked URLs in any reasonable way – it’s got to be in the millions – so probably has very little understanding of what they’re missing, so to speak. The user has the ability to lobby with their local IT group to get a site whitelisted if they choose, but that still leaves the site blocked elsewhere the firewall is used.
Here’s the gap: Suppose a site that started out blocked turns out to have a lot of value – does it’s rating ever decline? Automatically? Hard to say. SonicWALL doesn’t mention that, and I’m guessing that there’s only one way it ever happens, and that’s by people asking them to re-rate sites.
YOU can ask for SonicWALL to re-rate a site here.