conversation point - we all know blacklists (http://www.beskerming.com/commentary/2007/07/01/196/Time_to_Blacklist_Blacklists) are pretty useless but if "the internet" was to adopt a white list policy, what level should it be at? I would certainly say schools and public bodies should have a strict whitelist - with good enough organisation that new entries can be ratified very quickly.

ISP level is perhaps a bit much, you're general user is not going to like a whitelist that is never going to keep up with a changing internet. However, i could see the attraction of a whitelist policy for mail servers - you have to register domain names so why not something that is rarely EVER at a user level - mail servers....

comments...

Who gets to say whether a mail server belongs in the white-list registry?

the governing body that doesnt exist yet ;)

conversation point - we all know blacklists (http://www.beskerming.com/commentary/2007/07/01/196/Time_to_Blacklist_Blacklists) are pretty useless but if "the internet" was to adopt a white list policy, what level should it be at? I would certainly say schools and public bodies should have a strict whitelist - with good enough organisation that new entries can be ratified very quickly.



I am not sure we all know blacklists are pretty useless, or even that we all believe it.

The part of your quote that I have emboldened is a big sticking point in how well such an approach would work, in particular
* dealing with foregin language sites
* dealing with sites that are fundamentally OK for a whitelist but may contain some objectionable content (and who gets to define that) e.g image sites such as Flickr, Google Images

the governing body that doesnt exist yet ;)
Cool!

Who pays for this body?

How do they decide that the mail server I run on my server at home is more worthy than the one run remotely by a spammer on my neighbour's?

Cool!
DS is an Ideas Man, clearly :rofl:


Who pays for this body?
DS will, he's loaded.


How do they decide that the mail server I run on my server at home is more worthy than the one run remotely by a spammer on my neighbour's?
Throw a dice. Easy.

Can someone remind me what the point of all this categorisation is again?

I am not sure we all know blacklists are pretty useless, or even that we all believe it.

Really ? Surely if a list is incomplete the moment its published and is always firefighting to stay ahead - its really not that useful overall.


The part of your quote that I have emboldened is a big sticking point in how well such an approach would work, in particular

Indeed, it could be really hard work, but the end result is probably worth it.



* dealing with foregin language sites
* dealing with sites that are fundamentally OK for a whitelist but may contain some objectionable content (and who gets to define that) e.g image sites such as Flickr, Google Images

There will be a requirement for more than one whitelist, and probably "levels" of white list - ie. grades of 10 (extremely offensive, porn etc..) to 1 (safe for 4 year olds). A huge simplification of course, but you get the idea. Public Content management sites .e.g. sites that host the publics own uploads like flickr would be part of some "discretionary white list" and in the future, I would foresee them adopting a similar model for content themselves - e.g. Instead of hunting for bad clips (a never ending blacklist job) - flickr would mark content as "safe" - so the address safecontent.flickr.com for example would be one on the whitelist. Its doable - wikipedia manages this level of content management NOW. Inevitably some content will not make it to "safe" for some time if its fairly obscure, but if no one looks for it, it doesnt matter. I imagine the whole thing would snowball and trusted "taggers" of safe content and original uploaders will be fast tracked. So that a biologists insect videos appear "safe" right away.

Of course none of tis would affect users at home - in the privacy of your own home you would use whatever lists you want. But in my case, Ill be using my own whitelist when my children are old enough to use the internet if there isnt anything concrete by then.

As I said - this is a conversation point - i'm just thinking out loud so to speak ;)

conversation point - we all know blacklists (http://www.beskerming.com/commentary/2007/07/01/196/Time_to_Blacklist_Blacklists) are pretty useless but if "the internet" was to adopt a white list policy, what level should it be at? I would certainly say schools and public bodies should have a strict whitelist - with good enough organisation that new entries can be ratified very quickly.

ISP level is perhaps a bit much, you're general user is not going to like a whitelist that is never going to keep up with a changing internet. However, i could see the attraction of a whitelist policy for mail servers - you have to register domain names so why not something that is rarely EVER at a user level - mail servers....

comments...

For Nursery to Secondary education in Scotland we already have a government quango - I work for it! Learning and Teaching Scotland (http://www.ltscotland.org.uk/aboutlts/whatwedo/programmes/index.asp)


We are told to hit the delete button if we find a link that has gone bad, but we are actively trying to promote the use Flicker Bebo etc - there are members of our technologies team promoting the active education of learners of how to use these tools effectively and safely so as to avoid the security and personal safety problems.


We are also developing a personalisation tool so that everyone in education (from Nursery kids to Authority Development officers (within Scotland) can actively upload, download and share ideas, use IM, videoconferencing, messageboards etc etc - within a secure, safe and individually personalised space with one password... - Sound impossible?? We are nearly live Glow programme - subset of previous URL (http://www.ltscotland.org.uk/aboutlts/whatwedo/programmes/glow/introduction.asp)

Scotland is the only country in the world to attempt this - never mind get as far as we have already..

Oh and we are included as part of the taxes - no need to pay extra for us :)

Sorry Promotion / Rant over.

Whitetiger

Who pays for this body?

I would imagine it would be very easy. Look at how wikipedia manages. This would be a worthwhile public service with funded sections from public bodies for school lists etc..and support from private bodies. If it cleans up the internet and creates opportunities for the honest..whose going to object...the bad guys is all ;)


How do they decide that the mail server I run on my server at home is more worthy than the one run remotely by a spammer on my neighbour's?

you say who you are , you can prove it and you use it honestly.

Really ? Surely if a list is incomplete the moment its published and is always firefighting to stay ahead - its really not that useful overall.
Lots of information is "out-of-date" as soon as it gets published - doesn't mean that the information is useless. As one example, using your argument, no-one would ever publish any scientific research in academic journals.

For Nursery to Secondary education in Scotland we already have a government quango - I work for it! Learning and Teaching Scotland (http://www.ltscotland.org.uk/aboutlts/whatwedo/programmes/index.asp)


We are told to hit the delete button if we find a link that has gone bad, but we are actively trying to promote the use Flicker Bebo etc - there are members of our technologies team promoting the active education of learners of how to use these tools effectively and safely so as to avoid the security and personal safety problems.


We are also developing a personalisation tool so that everyone in education (from Nursery kids to Authority Development officers (within Scotland) can actively upload, download and share ideas, use IM, videoconferencing, messageboards etc etc - within a secure, safe and individually personalised space with one password... - Sound impossible?? We are nearly live Glow programme - subset of previous URL (http://www.ltscotland.org.uk/aboutlts/whatwedo/programmes/glow/introduction.asp)- and the only country in the world to attempt this - never mind get as far as we have already..


Sorry Promotion / Rant over.

Whitetiger
great! theres not enough of this sort of thinking ..:) and the more people that know about it the better....

Lots of information is "out-of-date" as soon as it gets published - doesn't mean that the information is useless. As one example, using your argument, no-one would ever publish any scientific research in academic journals.

not the same argument. In your example, the scientific paper would be appearing on a site already on a whitelist. And by "out of date" i mean information on locations, not information itself, for example, a child porn site is created on a new domain that wasn't on your blacklist - it could be avaiable to primary school kids for a whole day before the next list update. Is that good enough ?

great! theres not enough of this sort of thinking ..:) and the more people that know about it the better....

When we were setting Glow up we had governing / education groups being shown around us from all over the world...


We (and our predecessors) are quite well known within the Education sector.
Now especially with RSS feeds and several of our more high profile members blogging, those that need to know are in the know :)

Whitetiger

aah but the idea is a good one - so really the whole internet needs to know - especially parents 95%* of which allow their children to have internet access without knowing the difference between a black list and a white list ;)



*made up figure used to bias toward the point im making ;)

*made up figure used to bias toward the point im making ;)
To be a bit more authoritative, you should say 93%, it sounds better.

To be a bit more authoritative, you should say 93%, it sounds better.
96% of people claim you are talking rubbish :)

96% of people claim you are talking rubbish :)
So, out of 6 billion people, 240 million think I'm not? Wow, that's a lot of useful idiots.

So, out of 6 billion people, 240 million think I'm not? Wow, that's a lot of useful idiots.

So do you count yourself within the 93% or the 7% DJ? :wink:

the chinese don't count - you're not famous there :)

Whitelists are only the inverse of blacklists, the same problems of authentication apply but they are made worse by "somebody" having to "authorise" something. Whitelists are worse than blanklists IMHO, the cure is worse than the disease! Don't get me started on graylists...

Your original premise is wrong, blacklists DO work, the most effective one of which is the DUL - if you're trying to send me mail directly without using a smarthost relay then you will be ignored (well over 50% of all spam comes from zombies with small SMTP engines). Another very effective method is xenophobic filters, I routinely block anything from the far east with huge IP filters.

The very last thing we need is some nanny "you're not allowed to send email" body :(

Whitelists are only the inverse of blacklists, the same problems of authentication apply but they are made worse by "somebody" having to "authorise" something. Whitelists are worse than blanklists IMHO

Black or blank ? or both ?

The thing is - it depends what you mean by "made worse". With a whitelist I can be assured that if it is not uptodate the chances of something on the list being illegal/dodgy are next to zero i.e. say it was a year old and someone new registered a lapsed domain, it could compromise your list, but its a small chance. With a year old blacklist...well you might as well not have it at all - the content you can get to that you don't want, will outnumber the content you have blocked (it will always do this anyway but just more so with an older list). There is no contest whatsoever between a whitelist and a blacklist. As a country we are used to restrictions on lots of content - magazines on the top shelf, videos , films and computer games with age ratings; even childrens toys are marked with age ratings...we have no trouble with this as a concept and understand it is there to HELP us make decisions. A choice of whitelist for parents is a great idea ; and an enforced list for schools, public buildings etc..will soon be a legal requirement... after a few lawsuits :rolleyes:


Your original premise is wrong, blacklists DO work, the most effective one of which is the DUL - if you're trying to send me mail directly without using a smarthost relay then you will be ignored (well over 50% of all spam comes from zombies with small SMTP engines). Another very effective method is xenophobic filters, I routinely block anything from the far east with huge IP filters.

but DUL is effectively a whitelist.And if you have a xenophobic blacklist you could be blocking legitimate traffic- for me its better to KNOW what you have is 100% good than to blanket ban and know that 90% is bad. The 10% suffer. and war, famine and pestilence claim us all. I perhaps exaggerate.


The very last thing we need is some nanny "you're not allowed to send email" body :(

I don't see much of a difference between that and a domain registration body. How DARE they insist we go through them to register our domains ? ;)

Whitelists are only the inverse of blacklists, the same problems of authentication apply but they are made worse by "somebody" having to "authorise" something.

Yeah, it's like that at work. Everyone can log on except for people that we specifically tell it not to log on. Of course they could just use another name but we trust they don't do that.

I don't agree. Depending on how easy it is to generate a new "identity" then blacklists can be nearly pointless.


Whitelists are worse than blanklists IMHO, the cure is worse than the disease!

Depends what we are talking about here. I whitelist sites that are allowed to give me popup windows, it makes my browsing experience much more enjoyable.


if you're trying to send me mail directly without using a smarthost relay then you will be ignored...

Ah, now we are talking about SMTP (they don't call it simple for nothing) which is crap and, not surprisingly, lots of things have been done to try and make it less crap. More modern stuff often involves reverse lookups as part of the standard to ensure the person is coming from the server they claim to be.

White-lists are just the other side of the coin from black-lists. Same benefits and problems.

A legitimate white-list of internet web sites is going to be bigger and harder to update than any of the current black-lists.

If people start using white-lists more, the "bad people" will just find more ways to exploit entries on the white-list.

Making decisions based on metadata rather than actual content is not the right way to go, it's just a hack that mostly works for now.

White-lists are just the other side of the coin from black-lists. Same benefits and problems.

Wouldn't be the "other side" if it had the same benefits and problems would it Mr.Logic of Logictown - thats a silly argument etc.. (insults contd p94)


A legitimate white-list of internet web sites is going to be bigger and harder to update than any of the current black-lists.

So what? Black lists are rubbish. And a well organised white list governing body will make it work. An example to base it on...how about the domain registration system - it must be really complicated to handle all those country extensions , domain names, resellers ? yes it is - but i can register a domain in 5 seconds. Its then just a wait to propagate it around the net...


If people start using white-lists more, the "bad people" will just find more ways to exploit entries on the white-list.

I guarantee it would be better than what is currently in place*, but if anyone suggests something like this can be 100% accurate they are more "out there" than haleys comet.

* whitetiger et als efforts excepted ;)


Making decisions based on metadata rather than actual content is not the right way to go, it's just a hack that mostly works for now.

I wasn't suggesting a white list would be built purely on metadata. No one has relied purely on metadata for years - google certainly don't so theres no reason why a whitelist should be.

Sure people will TRY and circumvent any white list technology, just as people try and manipulate search engine rankings. Google manages to change and adapt without too much trouble and produce accurate search results, despite these efforts. We should start with a whitelist technology a.s.a.p and it'll will just get better and better.

I think the difference is - with a blacklist - you are constantly firefighting with NO protection against something you haven't come across yet. With a whitelist you simply will not see things you haven't come across yet and the only drawback from a user point of view is a possibly limited list - from a website owners point of view there needs to be a method to get yourself on the list and there will be - which if it is handled like Domains and DNS, could be 5 seconds registration if you are "trusted" and automatic propagation. The whole concept of "trust" will take off big style on the world wide web soon i think ;)

Ah, now we are talking about SMTP (they don't call it simple for nothing) which is crap and, not surprisingly, lots of things have been done to try and make it less crap. More modern stuff often involves reverse lookups as part of the standard to ensure the person is coming from the server they claim to be.SMTP may be far from perfect but at least it works :) Reverse lookup is far from the answer, it will normally give a false positive if your actual mailserver is hidden behind firewalls and MessageLabs towers, a very common business configuration.

DS : Virtually everybody has it within their power to run a whitelist if they want to, very few do - because whitelists are not the answer and a damn sight more trouble than blacklists! We await your solution to the internets problems with interest - What's your criteria for whitelisting? What are you whitelisting? Who pays? Procedures? Appeals? Time?

DS : Virtually everybody has it within their power to run a whitelist if they want to, very few do - because whitelists are not the answer and a damn sight more trouble than blacklists!

For an individual or a company yes. Noone would at to handle the entire DNS either ;) But I would foresee a time when theres an an organisation out there that provides these lists - say you want "UK specific, education specific, child friendly" - it will be usable right away...much like DNS is - you never need to ASK for resolution for all .com addresses do you ?.


We await your solution to the internets problems with interest - What's your criteria for whitelisting? What are you whitelisting? Who pays? Procedures? Appeals? Time?

It would help if you had read any of my posts, where Ive already mentioned some ideas ;). I think the Domain Name System and Google are starters for 10 on how this can be done. DNS for registration, arbitration, organisation. Google for crawling, heuristics, building lists on the fly. There would also be the concept of trust a la wikipedia - once you have some experience under your belt and have proved who and where you are. Your recommends for your specialist area, such as secondary school related material, will be accepted immediately. Others will benefit from adding and catagorising to get full access to lists for much less cost. I would say ISPs contributing to the governing body, as well as commerical sponsorship and revenue from advertising - again like Google. As for Appeals, this isnt as important as you would think as people will choose to use the whitleists and will greatly beenfit from them - if they miss a particular website because it is not on their list they can either use an "amber" list (or even none at all) or they can use their OWN trusted status (say if they are a school) to add the site to the list they DO use. If a person/company is appealing because their pages are not on a list they can work on their own trusted rating to allow them to progress it onto a main list. I don't see the problem with this, as although now we are used to finding pages quickly, that is generally because the page is either advertised, linked or returned in a search result. ALL of which take time to happen - a little bit of extra time for whitelist inclusion is no big deal if its for the betterment of the www. Companies already have dedicated SEO's, they would also handle whitelist negotiation. it would just be something you "have to do" like registering the domain name in the first place.

Of course, someones knocked up personal web page is going to have real trouble getting on a list a school would use - but so what? i don't want my children reading some of the woeful stuff out there easily - its the whole point of a white list.

Remember, us geeky users can user any list, none, or add what we need to our own local list.


non-geek section
-----------------
In fact to put things in perspective, and to get the non-geeks to agree with me. We already have a massive list in place on the internet. Its called DNS. And what it does is "alias" all the servers on the internet. So that a computer with the address "82.67.123.34" becomes "www.example.com". The only problem is anyone can register any domain thats not previously been used , put any content they like on it and it will be accessible in a few hours. A search engine, such as google, "crawls" around the net looking for sites, looks at their content, how many others sites link to them etc..and put them in its "big index of sites". For new sites - it could take sometime before you "see" this site on google. Advertising helps of course, so you can be told the address. All a whitelist does is specifically catagorise sites and, when used, only allows you to visit sites that are "approved" for that list. A blacklist specifically bans "bad" sites, a pointless exercise as the new animal porn site is not going to be on it and can be viewable to your 10 year old in the school library. Some places, in fact most, do manage a bit of both - they will have a blacklist but also a "dynamic whitelist" - meaning some software will "look" at the content of sites after someone tries to get to them and allow or deny based on words, links to sites that ARE on the blacklist, too many skin tones in pictures etc...

All im suggesting is this can be organised on a MUCH bigger scale.

SMTP may be far from perfect but at least it works :) Reverse lookup is far from the answer, it will normally give a false positive if your actual mailserver is hidden behind firewalls and MessageLabs towers, a very common business configuration.

False positive? Would that not be false negative (this user doesn't exist at this address) and surely an SMTP server should be visible on port 25 (even if that is NAT traversed to a cluster of servers on the inside)?

The way XMPP does reverse lookup (say in google talk) is if you get the message:

"bob@jabber.org wants to invite you to chat!"

then your server must check with jabber.org that it is a request from the identity "bob" on your server.

This is unlike SMTP which you can send a message from "bill.gates@mircrosoft.com" and your server will make no attempt to check the legitimacy of that address. Sometimes mail systems get around this, I believe, by sending a message back to the originating server to state that message was garbled. If the server resends the message then it obviously came from that server if it didn't then it might be because that server never sent the message in the first place. It's hardly an ideal solution (and has tonnes of problems) but the act of requesting the message again is a form of reverse lookup, surely?



What's your criteria for whitelisting? What are you whitelisting? Who pays? Procedures? Appeals? Time?

Again going to XMPP all servers on the federation are whitelisted (you can see the registration process here (https://www.xmpp.net/certificate-process)). I expect it is a simple form of trust. If you set up a server and have it added and all that is coming out of your server is SPIM then they'll revoke your rights. I expect the time take is by a couple of interested parties. If they were swamped by server requests then I expect that they might look for new people to "approve" servers.

(I'm using XMPP as an example because it's a more modern protocol I know a bit about).

I agree that blacklists are fairly useless. They certainly don't do much to prevent the hundreds of spam emails sent to me daily (most of which are thankfully filtered for me using heuristics - unfortunately due to the small chance of a false positive I do actually still need to trawl through the spam filter at my office email to check legitimate mails haven't been trapped). My filter uses a whitelist so that I can enable known senders (which is essential if you really do want to subscribe to a marketing newsletter for example).

It would be perfect if the DNS could also hold content tags which could be used to construct whitelists, but the volume is just so huge I'm not sure it could work except as a user-maintained system such as wikipedia - and therein lies the problem - wikipedia is not immune to malicious content, although it mostly gets cleaned up fairly quickly. The difference is that it's not really worth anyone's while to place malicious content on wikipedia while there are lots of other ways to dissemininate it, but it certainly would be in the interests of spammers etc to be attack a universal DNS tagging system.

very true, but its still worth a shot. The alternative is what we have now: its easy for spammers - whether that be email spammers or web pages spammers (i would consider a mistyped URL or google result that returns any sort of advert holding page to be web spam)

False positive? Would that not be false negative (this user doesn't exist at this address) and surely an SMTP server should be visible on port 25 (even if that is NAT traversed to a cluster of servers on the inside)? False positive or negative it's wrong no matter how you look at it, I'm easy on that :waycool: I used to admin a SMTP server that was deliberately not world visible on port 25, in fact we had to firewall it out because the spammers were ignoring the MX entries to the MessageLabs towers and Joe Jobbing direct onto our internal server on post 25. I think you will find most large organisations running that config, the only people allowed to talk on port 25 are the known filter servers. On that config a reverse lookup and verification of the mail server will always fail :nice:

All im suggesting is this can be organised on a MUCH bigger scale.May I suggest that you move to China - they seem to have exactly what you want sorted out and working right now! :cool:

May I suggest that you move to China - they seem to have exactly what you want sorted out and working right now! :cool:
at an ISP level with a political agenda? no thanks. Methinks you're not quite understanding me :rolleyes:

aah but the idea is a good one - so really the whole internet needs to know - especially parents 95%* of which allow their children to have internet access without knowing the difference between a black list and a white list ;)



*made up figure used to bias toward the point im making ;)


PR announcement - ignore unless you are DS.
;)


Sorry to disappoint DS but we work with a few different people to enable better School/ Community/ Home / Business communication and cooperations..

E.G. We work with the BBC, All local authorities, the Scottish Exec (we advise them on some policies! ), and the SQA - to name just a few. We even slightly overlap with the University and College systems.


LTS try and educate the parents as well as the staff and the pupils on relevant Web 1.5, and web 2.0 (probably 35 by the time I retire;)) upcoming issues.

As for companies:

We have worked with NASA on a project called Ticket to Space which was a yearly resource interactive event (stopped in 06 i think) where pupils could quiz NASA scientists via fora and (I think) even videoconferencing :worthy:
Looks like it will be replaced by working with the Royal Observatory LTS - Dark Skies News (http://www.ltscotland.org.uk/news/2007/educational/january/news_tcm4396150.asp)

LTS try and educate the parents as well as the staff and the pupils on relevant Web 1.5, and web 2.0 (probably web 35 by the time I retire;)) upcoming issues. Glow will have parents on the system by the time we get to the third stage - I think it goes Education Authorities and other partners, then schools, then parents.

Sorry PR announcement over ;)

Whitetiger

I think you will find most large organisations running that config, the only people allowed to talk on port 25 are the known filter servers. On that config a reverse lookup and verification of the mail server will always fail :nice:

Got you. Yup that would stop it (though not the rebound case I suggested later). But presumably that's because SMTP servers aren't very good with large volumes of traffic and being bugged on that port rather than someone just attacking other ports is more of a problem. Other protocols might well be more adapt.


Sorry to disappoint DS but we work with a few different people to enable better School/ Community/ Home / Business communication and cooperations..

I don't know why that is disappointing DS. He's suggesting a larger scale whitelist of the Internet, I'm sure he'd be delighted to see some action taken even if it is a smaller goal.


LTS try and educate the parents as well as the staff and the pupils on relevant Web 1.5, and web 2.0 (probably 35 by the time I retire;)) upcoming issues.

This post is buzz word compliant :nice: :flower:.

Sorry to disappoint DS

:confused: I'll hardly be disappointed about you doing something I think is the right thing to do. Theres not enough of it though and its not mainstream enough. I envisage a system very like the current DNS one in scope. Nothing comes close yet. e.g. If I want to use a whitelist to protect my children at home - my ISP allows me to pick one from a list and the whitelist server at their end handles the rest.

I don't know why that is disappointing DS. He's suggesting a larger scale whitelist of the Internet, I'm sure he'd be delighted to see some action taken even if it is a smaller goal.

Very true - i replied to whitetiger before reading this :waycool:

If I want to use a whitelist to protect my children at home - my ISP allows me to pick one from a list and the whitelist server at their end handles the rest.

We don't actually have any metadata tag, as far as I know, to describe the suitability of content to kids do we. I know it's not an ideal solution (for the deceptive reason) but if someone gave me the ability to regulate my own content then I'd probably add in the information to my web page. I know Flickr rates people on their ability to judge their own photos suitability.

:confused: I'll hardly be disappointed about you doing something I think is the right thing to do. Theres not enough of it though and its not mainstream enough. I envisage a system very like the current DNS one in scope. Nothing comes close yet. e.g. If I want to use a whitelist to protect my children at home - my ISP allows me to pick one from a list and the whitelist server at their end handles the rest.

It's OK don't be confused DS - it was my fault for reading moods into your words. I'm afraid that one country wide system is all we are planning / hoping to impliment as yet. It might take off and be replicated - who knows??


We don't actually have any metadata tag, as far as I know, to describe the suitability of content to kids do we

I'm not sure how this would be done killingtime... It might end up with a tag or a dozen to seperate the different content - AFAIK (I'm not involved this deep in the implementation) there are going to be sections that are aimed towards learners, teachers, authority staff, parents etc but the content that will be used to create those sections will still be screened by us or by the BBC or our other partners.

Whitetiger

Ooh look at the PR job I'm doing - Who says that I'm not working while I am on the forum ;)

I'm not sure how this would be done killingtime...

Well as easily as having <meta name="audience" content="mature"/> on the page and having your browser recognise that. So parents can "lock" their kids browsers to a lower level ("everyone" say) and anything that isn't at that level is restricted so the child can't view it. This requires that the sites self regulate their content and I can tell you now that a lot of sites would incorrectly set this, not bother with it or straight up lie but if something like this became a recognised system then I'd be happy to include the tag on sites I have control over (of course they'd need guidelines as to what content constitutes what level).

why don't you provide us some web links to some choice bits too ;)

Well as easily as having <meta name="audience" content="mature"/> on the page and having your browser recognise that. So parents can "lock" their kids browsers to a lower level ("everyone" say) and anything that isn't at that level is restricted so the child can't view it. This requires that the sites self regulate their content and I can tell you now that a lot of sites would incorrectly set this, not bother with it or straight up lie but if something like this became a recognised system then I'd be happy to include the tag on sites I have control over (of course they'd need guidelines as to what content constitutes what level).
:rofl: oh wouldnt that be lovely, that we can trust people to create web sites and successfully self-regulate :) It'd be like giving people a ferrari and trusting them to NEVER break the speed limit . Or communism. A fantastic political system that works perfectly until someone notices that in an equal society, one step forward is all it takes to be more powerful than EVERYONE else. Human nature's a bitch. :)

:rofl: oh wouldnt that be lovely, that we can trust people to create web sites and successfully self-regulate :)

Why not? I'm not saying all people would do it but I'd be happy to and I'm quite sure other people would be as well. Do you not think that most people on, say, Wikipedia would provide this information if the option was there? I'm sure there would be cases where some other user then changed it for laughs but I'm not convinced that some level of self-regulation has no merit.

Why not? I'm not saying all people would do it but I'd be happy to and I'm quite sure other people would be as well. Do you not think that most people on, say, Wikipedia would provide this information if the option was there? I'm sure there would be cases where some other user then changed it for laughs but I'm not convinced that some level of self-regulation has no merit.
oh i agree - but when looking at the commercial angle and what unscrupulous people have to gain by lying, i know it wouldnt work. If someone was to organise what you say tomorrow, you're right it would improve things but it wouldnt stop search engines returning the usual "not what i was looking for" pages that are lying or not taking part in the meta-tag description idea. In effect this already exists in html and google learned long ago to ignore it completely in results.