Enter a URL
As integral as the internet has become in daily private and professional life, it’s fraught with quite a bit of danger. Some of this danger can be quite severe, endangering the security or personal or professional data. Others can lead to damage of reputation or compromised privacy to a lesser extent. Still others can result in severe annoyance and inconvenience.
While the ramifications of these obviously range in severity, any one of them is enough to justify some smart technology to help fight off as much as possible. This is where a blacklist lookup feature can be so helpful in a number of situations. This is a pretty standard feature available in a lot of infrastructures and across platforms. While it’s somewhat indicative by its name what such a tool does, it may not be entirely clear how it works, and why it’s as important as it is.
Before discussing what a blacklist and whitelist are, and why they’re actually both equally important in different scenarios, we need to really examine what the dangers out there are. This includes understanding the different environments in which said dangers lurk, and what their ramifications can be.
One of the bigger dangers in modernity is unregulated internet access from business computers, permitted to employees. While businesses have grown more lax about letting users multitask so they can listen to podcasts or YouTube videos while working, fully unregulated access can let some nasty things in. A business allowing access to piracy sites is legally liable for actions taken over their network. They can garner a bad reputation (and even sexual harassment suits) if adult material were allowed to be freely viewed.
Of course, this also goes hand in hand with other dangers as well. Hazardous scripts can load in web pages which can let in dangerous things like viruses, worms and malware. They can sabotage computers, tie up bandwidth and cause other types of havoc along the way.
Unmitigated email inboxes can also allow a lot of spam, loaded messages with similar invasions and so on in as well. Ultimately, there needs to be a way to know ahead of time, sets of things which are known to be inappropriate, dangerous, unwelcome and/or annoying.
This is where blacklist lookup features are actually very helpful. A blacklist contains a series of things not permitted through a given platform. These can consist of scripts, ads and web elements where ad blockers and format control extensions are concerned.
These can consist of call outs to cross domain linkages to prevent circumventions of security measures (proxies being chief among them). They can be URLs and domains not permitted on a certain connection or a certain device.
The convenience of blacklists in these situations is that they can be easily distributed as well, making them as easily updated and shared as virus definitions and other security measures. Ad blockers famously subscribe to servers which send updated blacklist files on a regular basis. While some might argue that ad blockers are ethically shady at best, it’s entirely the fault of advertisers for being so annoying, most would contend.
Blacklist lookup features aren’t entirely all about blocking “bad things” though. One can blacklist keywords and patterns on a per-search basis in a lot of interfaces, which just helps to refine and restrict a search to more relevant things. This is very popular in genre searches and so on with entertainment provider sites like streams, audio services and so on. It’s important to note this, as a lot of users have hesitated to blacklist something they temporarily want filtered out of a search, thinking it may have long term ramifications for something that did nothing really wrong.
Blacklists, however, also allow people to regulate communications and prevent harassment or simple annoyance by disliked or disinteresting provocateurs. Instant messenger clients like Skype, Discord and the like happily provide a blacklist lookup which prevents blocked users from bothering someone.
Moving further, similar blacklist scripts can be set up to prevent offensive things from being said and certain unwelcome behavior from happening. Again, censoring people in this manner should absolutely never be done lightly. Nonetheless, there are times when it’s not only appropriate, but necessary, at least by current sensibilities.
This does however segue into a slippery slope everyone must consider when enforcing blacklists in some situations. Freedom of information, expression and speech are very serious tenets of most first world cultures, and people tend to take having such rights impinged upon … less than well.
One of the more frightening things that some “less than free” cultures tend to do is blacklist anything they don’t want their citizens to see. It’s very easy to start blacklisting things that seem perfectly justifiable in a communications environment, and it quickly devolve into an unintended climate of severe censorship.
Of course, most use of blacklist lookups aren’t so serious or so slippery a slope. They are so useful a tool to refine searches and prevent unwelcome incursions into secure environments, that no platform should really be without this feature.
Just remember the old cliché – with great power comes great responsibility, and in some circumstances, a blacklist can very much be such an environment where this needs to be considered closely.
So, that said, whitelists were mentioned earlier, and by the logic of opposites, it must be a list of permitted things in a given situation, correct? Absolutely right. They are worth mentioning, however, in a little detail, because there are two types of biases when it comes to white/black lists.
Some situations default to blacklisting things that aren’t specifically whitelisted, where others are the opposite. To look once more at the ad blocker example, it can be a little bit of both. While things not blacklisted specifically tend to come through, there may be times when the blacklisted elements are needed for a site to work. Some sites have become somehow able to detect ad blockers, for example, and render themselves inoperative until the ad blocker is disabled. Having to disable this feature on a browser-wide level would let other tabs become problems. Having to uninstall and reinstall these features would be even worse yet.
Therefore, in cases like this, whitelists allow specific cases where otherwise blocked things are let through.
In recent times, it’s proven rather useful for a specific form of blacklist lookup to be made available to users as well. It allows users of forums, communications systems and other media, to make sure that nothing they are saying or doing is blacklisted, ergo avoiding getting into trouble in the first place. This overly serious society in which we presently live is not forgiving of ignorance of verboten things, and this could land users themselves on another sort of blacklist known as being banned. While in most cases, terms of service often lay out what isn’t ok in a given environment, many people are bad about not reading those things. This isn’t just laziness – they can be a little “too long, didn’t read” for today’s on the go lifestyles as well.
On top of this, terms of service pages often can’t itemize and point out every single “no, no” that might come up. This is both impractical and it can result in things being written, even in a neutral context, that … probably shouldn’t be written anywhere on the site.
While a lot of administrators would push the “when in doubt, don’t” mindset, it’s better to just go the extra mile, and implement a smart blacklist lookup that can let users double check themselves before they make a mistake.
Of course, these can be automated too, simply telling a user “you cannot do or say this”, and clearing the form and not letting the data through.
Finally, and this one is very obvious, blacklists are a great way to control authorization levels within an environment as well. Those whom have specific privileges that the average user does not have, would be absent from the blacklist (or present on a whitelist), whereas the remainder would be the opposite.
This is a fast way to determine if features should be made available and things made visible, without a lot of sensitive, time consuming authentication. However, while this is a convenient and simple authorization control approach, it should only be made this simple when it’s not highly, highly sensitive data being handled.
No personal information transfers, financial transactions or the like should rely on simple blacklist lookups to control permissions and authorizations. While this isn’t a hack risk in and of itself, it often leads to the omission of added security measures that other, more formal authorization controls do by default. Therein, of course, lies the risk.
So, understanding the simple concept of blacklist lookup features and the various things they can prevent, it’s pretty obvious that everyone should be glad that these things exist. While, as said before, it can lead to bad trends where certain liberties are crippled by blacklists, there aren’t a lot of cases where this would even be possible.
Aside from that moderation, the only other advice really imperative here is that, when designing a blacklist, it’s important to make sure it’s either not too literal in its lookups, or is capable of “secondary key words” alongside the main entries.
Just like how SEO is optimized better by having alternate versions of key word layouts and synonymous patterns, blacklists often call for the same kind of care. Otherwise, users whom seek to circumvent these blacklists will waste no time in discovering them and sharing them with their peers. Depending on the consequences of a blacklist failing to fence things properly, this could do a lot of damage before things are done to contain the holes in security.
Blacklists, despite their foreboding names, are not a bad thing, and can so often be crucial to preventing intrusions, access of inappropriate things and just generally causing inefficiency when searching.
Perhaps one other thing to consider is, these lookups, while often helpful in improving efficiency, only do so when needed. If blacklisted items are rare, it’s wise to bypass the lookup every time a data transaction occurs. These lookups are a linear lookup of entries, and they do add up over enough executions, especially if lots of users are running them simultaneously.
This is why defaulting to whitelists with blacklisted items being a much smaller list goes a long way to preventing tightened security and control like this from causing slowdowns and alienating users undeservingly.
Thankfully, most designers and system engineers working for businesses understand this, and these blacklist lookups aren’t generally inefficient. Sadly, while they often understand the importance of these lookups, a lot of their bosses may not, and if told to turn this sort of feature off, they’re left with no real choice but to do so, even if under protest.
A general rule of thumb is, if a blacklist feature is available readily on a platform, and is activated by default, it’s probably best to leave it alone, even if nothing is blacklisted. And empty blacklist will harm nothing, and having the feature active and ready should an update to the platform need it, or the users need it to ensure secure and reliable operations, it’s a precaution well worth the cost of virtually nothing.
Imagine a digital world where things couldn’t be blacklisted in certain circumstances. Everyone could harass everyone else, everyone could access anything from anywhere. No searches could be refined. It would be an internet of madness, that would probably have come to a halt long, long ago. There was a time when blacklisting things was difficult, and that was the time when the internet was so much more dangerous, especially to underage users and family households. Nobody wants a return to this.