bbc

bbc

Transparency and responsiveness

Wired has an article about the U.S. government's lack of a transparent, responsive process for individuals who are on the terrorist watch list to request removal if they are innocent. According to the article, even the process they do have, which only addresses a subset of the people affected, has resolved only half of its cases since February. Others are left confused, with little information about the process or the individual's current status.

BBC columnist Bill Thompson recently raised questions about the responsiveness of StopBadware's own review process that helps site owners flagged by Google get their sites removed from Google's list. He even suggested that perhaps the authorities should be the ones keeping a URL blacklist and managing the appeals process.

Apart from the jurisdictional issues, which Mr. Thompson acknowledges as being a show-stopper, the example set by the U.S. government isn't exactly an encouraging sign for the future of a government-run blacklist.

At StopBadware, we believe that transparency and responsiveness are key to the success of our efforts. This is why we explain our review process in our FAQ. It's why anyone who submits a request for review of their site can return to our site at any time while the review is in progress to see its status. And it's why the average time for a review to be completed is under three days (typically shorter for sites that are, in fact, clean when they are submitted for review and a bit longer for those that are not).

There's still more to be done, of course. We encourage all security vendors and blacklist providers to offer a transparent and responsive process. We continue to improve our own process and communications to provide the most information as clearly and quickly as possible. And, over the next several months, we'll be doing even more to involve the community in our efforts.

Meanwhile, millions of users are being protected from badware every day, all without the bureaucracy that often comes with government security efforts.

Tags: 
bbc, government, stopbadware

Responding to feedback, and looking for more

Posted on November 13, 2007 - 13:54 by egeorge

BBC columnist Bill Thompson has posted a thoughtful critique of Google's safer searching warnings, and StopBadware's involvement in the reviews process for websites. Thompson raises some common concerns we often hear from owners of websites which have been flagged by Google, so we hope a public response here can help address those concerns not only for Mr. Thompson, but for other site owners with similar questions.

When website owners discover that their sites have been flagged, it's often because they or their web services provider received email from Google, or because someone simply noticed the "This site may harm your computer" warning in the results of a Google search. Google provides help pages for both web searchers and webmasters, and instructions for submitting a review request through Google's Webmaster Tools.

Google's warning also provides a link to the StopBadware site. Right now, the landing page on the StopBadware site includes some basic information about badware and Google's warnings, as well as links to other parts of the StopBadware site, such as our FAQ which addresses the Google warnings process in more depth. In response to feedback from website owners and internet users at our discussion group, we're also working on a new and improved landing page, which will provide more information, easier-to-find links to important resources, and a history of StopBadware's interaction with the site. We're hoping to roll out the new landing pages soon.

If site owners choose, they can also request a review from us instead of or in addition to a review through Google's Webmaster Tools. Our request for review page includes links to our two most important pages of information for owners of flagged websites - our Security Tips page and our FAQ. The Security Tips page helps explain common ways in which websites are compromised, and how to locate those issues in a site's source code. The FAQ provides more detailed information on the warnings and a step-by-step overview of the reviews process and what a site owner can expect. Both pages link to another very important StopBadware resource, our discussion group, where many site owners have found help from our generous technically proficient volunteers.

When requesting a review through StopBadware, it's best first to figure out what caused Google to flag the site, and clean and secure the site, before filing a review request. Here's why: The first step in our review process is actually a quick re-scan by Google. When Google confirms that a site is clean, it takes down the warning and the review process is already complete. If Google tells us that it's still seeing badware distributed by the site, StopBadware then must manually test the site before reporting to the site owner, a process that not surprisingly can take somewhat longer.

In the case of Mr. Thompson's site, Google's re-scan results showed badware still being distributed by the site. The site then went into StopBadware's queue for further testing. From his article, it looks like Mr. Thompson then signed up for Webmaster Tools and used the information Google provided there to clean the site. Google then let us know, so we closed our own review. While this process can no doubt be frustrating, it actually shows the system working the way it's meant to. The warning was not removed until the site was safe, and in two weeks from start to finish, even a site that was not already clean when it entered our reviews system had completed the process.

As an educationally-focused nonprofit, StopBadware's review option focuses on helping connect website owners to the tools and support they may need to help make their sites safe again, as well as less vulnerable to future attacks. Unlike many other online "black lists," both StopBadware and Google work hard to provide a relatively quick means of removal for site owners who have cleaned their sites. Our average turnaround time for sites that are already clean when a review request is submitted is under two days. The review process has also on a handful of occasions helped us to identify websites that fall within one of the exceptions to our Guidelines, such as sites designed with purely educational purposes and proper disclaimers.

We're quite proud to be one small part of a system that both helps protect average internet users - many of whom are operating vulnerable browsers and are not aware of the dangers of compromised websites - and that offers website owners an open and publicly accountable opportunity to request removal of the warning for their sites. We're even more proud of the educational resources we've developed for site owners, and are working hard on creating even more.

We're grateful to Mr. Thompson for his support for our project, and we strongly encourage anyone with feedback on our work to share it with us. Let us know your ideas by emailing contact [at] stopbadware [dot] org, or join the ongoing conversation at our discussion group.

Tags: 
bbc, google, reviews