Blacklist (computing)

Source: Wikipedia, the free encyclopedia.
"Blocklist" redirects here. For the song by Lil Durk, see
Blocklist (song)
.
For Wikipedia guidelines, see Wikipedia:Spam blacklist
Screenshot of a website blocking the creation of content which matches a regular expression term on its blacklist

In

hashes, etc.), except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist
contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.

Blacklists can be applied at various points in a security architecture, such as a

directory servers or application authentication gateways. The type of element blocked is influenced by the access control location.[1]
DNS servers may be well-suited to block domain names, for example, but not URLs. A firewall is well-suited for blocking IP addresses, but less so for blocking malicious files or passwords.

Example uses include a company that might prevent a list of software from running on its network, a school that might prevent access to a list of websites from its computers, or a business that wants to ensure their computer users are not choosing easily guessed, poor passwords.

Examples of systems protected

Blacklists are used to protect a variety of systems in computing. The content of the blacklist is likely needs to be targeted to the type of system defended.[2]

Information systems

An information system includes end-point hosts like user machines and servers. A blacklist in this location may include certain types of software that are not allowed to run in the company environment. For example, a company might blacklist peer to peer file sharing on its systems. In addition to software, people, devices and Web sites can also be blacklisted.[3]

Email

Most email providers have an anti-spam feature that essentially blacklists certain email addresses if they are deemed unwanted. For example, a user who wearies of unstoppable emails from a particular address may blacklist that address, and the email client will automatically route all messages from that address to a junk-mail folder or delete them without notifying the user.

An

filter
may keep a blacklist of email addresses, any mail from which would be prevented from reaching its intended destination. It may also use sending domain names or sending IP addresses to implement a more general block.

In addition to private email blacklists, there are lists that are kept for public use, including:

Web browsing

The goal of a blacklist in a web browser is to prevent the user from visiting a malicious or deceitful web page via filtering locally. A common web browsing blacklist is Google's Safe Browsing, which is installed by default in Firefox, Safari, and Chrome.

Usernames and passwords

Blacklisting can also apply to user credentials. It is common for systems or websites to blacklist certain reserved usernames that are not allowed to be chosen by the system or website's user populations. These reserved usernames are commonly associated with built-in system administration functions. Also usually blocked by default are profane words and racial slurs.

Password blacklists are very similar to username blacklists but typically contain significantly more entries than username blacklists. Password blacklists are applied to prevent users from choosing passwords that are easily guessed or are well known and could lead to unauthorized access by malicious parties. Password blacklists are deployed as an additional layer of security, usually in addition to a password policy, which sets the requirements of the password length and/or character complexity. This is because there are a significant number of password combinations that fulfill many password policies but are still easily guessed (i.e., Password123, Qwerty123).

Distribution methods

Blacklists are distributed in a variety of ways. Some use simple

RESTful
API.

Examples

Usage considerations

As expressed in a recent conference paper focusing on blacklists of domain names and IP addresses used for Internet security, "these lists generally do not intersect. Therefore, it appears that these lists do not converge on one set of malicious indicators."[8][9] This concern combined with an economic model[10] means that, while blacklists are an essential part of network defense, they need to be used in concert with whitelists and greylists.

Controversy over use of the term

In 2018, a journal commentary on a report on predatory publishing[11] was released making claims that "white" and "black" are racially-charged terms that need to be avoided in instances such as "whitelist" and "blacklist". The journal hit mainstream in Summer 2020 following the George Floyd protests in America[12] wherein a black man was murdered by a police officer, sparking protests on police brutality.

The premise of the journal is that "black" and "white" have negative and positive connotations respectively.[11] It states that since the first recorded usage of "blacklist" was during "the time of mass enslavement and forced deportation of Africans to work in European-held colonies in the Americas," the word is therefore related to race. There is no mention of "whitelist" and its origin or relation to race.

This issue is most widely disputed in computing industries where "whitelist" and "blacklist" are prevalent (e.g. IP whitelisting[13]). Despite the commentary-nature of the journal, some companies and individuals in others have taken to replacing "whitelist" and "blacklist" with new alternatives such as "allow list" and "deny list".[14]

Those that oppose these changes question its attribution to race, citing the same etymology quote that the 2018 journal uses.[14][15] The quote suggests that the term "blacklist" arose from "black book" almost 100 years prior. "Black book" does not appear to have any etymology or sources that support ties to race, instead coming from the 1400s referring "to a list of people who had committed crimes or fallen out of favor with leaders" and popularized by King Henry VIII's literal usage of a book bound in black.[16] Others also note the prevalence of positive and negative connotations to "white" and "black" in the bible, predating attributions to skin tone and slavery.[17] It wasn't until the 1960s Black Power movement that "Black" became a widespread word to refer to one's race as a person of color in America[18] (alternate to African-American) lending itself to the argument that the negative connotation behind "black" and "blacklist" both predate attribution to race.

See also similar concerns regarding the technology terms

"Master" and "Slave"
.

In August 2018, Ruby on Rails changed all occurrences of "blacklist" and "whitelist" to "restricted list" and "permitted list".[19]

Several companies responded to this controversy in June and July 2020:

  • GitHub announced that it would replace many "terms that may be offensive to developers in the black community".[20]
  • Apple Inc. announced at its developer conference that it would be adopting more inclusive technical language and replacing the term "blacklist" with "deny list" and the term "whitelist" with "allow list".[21]
  • Linux Foundation said it would use neutral language in kernel code and documentation in the future and avoid terms such as "blacklist" and "slave" going forward.[22]
  • The Twitter Engineering team stated its intention to move away from a number of terms, including "blacklist" and "whitelist".[23]
  • Red Hat announced that it would make open source more inclusive and avoid these and other terms.[24]

ZDNet reports that the list of technology companies making such decisions "includes Twitter, GitHub, Microsoft, LinkedIn, Ansible, Red Hat, Splunk, Android, Go, MySQL, PHPUnit, Curl, OpenZFS, Rust, JP Morgan, and others."[25]

References

  1. ISBN 9781597499729
    .
  2. ^ "Domain Blacklist Ecosystem - A Case Study". insights.sei.cmu.edu. 17 June 2015. Retrieved 2016-02-04.
  3. ISBN 978-1-118-45213-4
    .
  4. ^ "反垃圾邮件联盟". Archived from the original on 2015-08-11. Retrieved 2015-08-10.
  5. ^ "Fabelsources - Blacklist".
  6. ^ "Guidelines". www.surbl.org. Retrieved 2016-02-04.
  7. ^ "B.I.S.S. Forums - FAQ - Questions about the Blocklists". Bluetack Internet Security Solutions. Archived from the original on 2008-10-20. Retrieved 2015-08-01.
  8. S2CID 4720116
    .
  9. S2CID 12276874
    .
  10. S2CID 8812531.{{cite conference}}: CS1 maint: date and year (link
    )
  11. ^ a b Houghton, F., & Houghton, S. (2018). "“Blacklists” and “whitelists”: a salutary warning concerning the prevalence of racist language in discussions of predatory publishing."
  12. ISSN 0362-4331
    . Retrieved 2020-10-14.
  13. ^ "IP Whitelisting - Documentation". help.gooddata.com. Retrieved 2023-07-10.
  14. ^ a b Cimpanu, Catalin. "GitHub to replace "master" with alternative term to avoid slavery references". ZDNet. Retrieved 2020-10-14.
  15. ^ "blacklist | Origin and meaning of blacklist by Online Etymology Dictionary". etymonline.com. Retrieved 2020-10-14.
  16. ^ "What is Little Black Book?". Writing Explained. Retrieved 2020-10-17.
  17. ^ Grammarian, Angry (22 July 2020). "Is 'master bedroom' a racist term? As language evolves, consider history and usage. | The Angry Grammarian". inquirer.com. Retrieved 2020-10-14.
  18. JSTOR 2152175
    .
  19. ^ "Merge pull request #33681 from minaslater/replace-white-and-blacklist · rails/rails@de6a200 · GitHub". Github.com. Retrieved 2022-03-03.
  20. ^ "GitHub to replace "master" with alternative term to avoid slavery references". zdnet.com. Retrieved 2020-08-14.
  21. ^ "Apple banishes 'blacklist' and 'master branch' in push for inclusive language". msn.com. Retrieved 2020-07-20.
  22. ^ "pull request for inclusive-terminology". git.kernel.org. Retrieved 2020-08-14.
  23. ^ "We're starting with a set of words we want to move away from using in favor of more inclusive language". twitter.com. Retrieved 2020-08-14.
  24. ^ "Making open source more inclusive by eradicating problematic language". redhat.com. Retrieved 2020-08-14.
  25. ^ "Linux team approves new terminology, bans terms like 'blacklist' and 'slave'". zdnet.com. Retrieved 2020-08-14.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Blacklist_(computing)&oldid=1214191969"