Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Cloudflare family-friendly DNS service flubs first filtering foray: Vital LGBTQ, sex-ed sites blocked 'by mistake'

For a biz that prides itself on not censoring the internet, it sure likes censoring the internet

Updated Cloudflare, known for free speech advocacy, rolled out a self-styled family-friendly variation of its DNS service to block adult content – and ended up denying access to LGBTQ websites and sex education resources.

Introduced on Wednesday, the service is called 1.1.1.1 for Families. It can be used by home internet users to block malware and prevent children from seeing adult content. Parents can configure their devices or gateways to use the DNS resolver 1.1.1.2 for protection from malware-serving websites, or 1.1.1.3 for malware and adult content protection.

Browsers and other apps use DNS resolvers to turn domain names like theregister.com into network addresses they can connect to. Thus, Cloudflare's filtered DNS can refuse to look up domain names considered off-limits or dangerous, preventing users, such as children, from seeing bad stuff. That's the theory.

Cloudflare's initial filter configuration for adult content, however, prevented users from visiting useful and crucial online resources including Stonewall, LGBT Foundation, Outright, Mermaids, Broken Rainbow, Transgender Law Center, Lambda Legal, and various sex education sites.

Via Twitter, Sarah Jamie Lewis, executive director of Open Privacy Research Society, an advocacy group based in Vancouver, Canada, slammed Cloudflare for its inept site blocking.

"You would think that an organization like @Cloudflare that spent weeks and agonizing over a decision to block literal nazis from its platform (and then minutes deciding to throw sex workers under the bus) would be more considerate when getting into the censorship game," she said.

Cloudflare CEO Matthew Prince promptly responded, saying, "Dumb mistake on our part and we are fixing it immediately."

Lewis said some but not all of the sites she identified have been unblocked.

In an email to The Register, Prince said as much. "It was a horrible mistake and we are working to remedy it as quickly as possible," he said. "We use a variety of external categorization services to categorize the internet. Our intention was to do something similar to 'Google Safe Search' and there were some categories that were included in Adult Themes by one provider that we missed when we did our review."

DNS

Cloudflare is over the moon because its pro-privacy 1.1.1.1 DNS service got a clean bill of health from everyone's favorite auditor – KPMG

READ MORE

The company said that 1.1.1.1 for Families uses the same site filtering and categorization technology as its Gateway corporate firewall.

"We use multiple external sources that we combine together to ensure we have good coverage of the internet," a company spokesperson explained in an email to The Register. "The list of providers is constantly being reviewed and checked against each other for errors. In the future, we plan to offer the ability for users to select more granular and additional categories that will only apply to them."

Via Twitter DM, Lewis acknowledged that content filtering can be difficult but said Cloudflare should have understood what its service would block before launching it.

"Content filtering is a very hard problem," she said. "Perhaps one of the hardest systems problems that exists in internet tech. That being said, filtering content intended to support queer youth is something that practically every naive filtering product has done since they were first invented. It's a known issue and the fact that no one at Cloudflare tried to access any resource site prior to launching (or did and didn't see it as an issue) reveals systemic issues that can't be fixed by whitelisting individual sites."

What makes the misstep particularly galling for Lewis is Cloudflare has been so vocal in the past about the dangers of censorship. As Prince wrote in 2011, "Cloudflare is firm in our belief that our role is not that of Internet censor."

"That this 'mistake' exists at all reveals a systemic issue at Cloudflare that has the potential to kill queer youth – millions of which attempt suicide every year – and the reason why these sites exist in the first place," Lewis observed. "You don't get to brand yourselves as neutral third parties and then turn around and enact policies that explicitly target such a marginalized population."

Lewis contends Cloudflare should take its content blocking service offline until the biz can demonstrate that it can filter without doing harm. ®

Updated to add

Cloudflare has shared a blog post "to walk through what happened, why, and what we've done to fix it."

Full disclosure: The Register is a Cloudflare customer.

 

Similar topics

TIP US OFF

Send us news


Other stories you might like