Copyright © 2009 What The Hell? Security
John Pescatore makes a point about warning vs. blocking bad links. But here’s the thing about links: We’re thinking about them all wrong.
Now, of course there are bad links. They end up on blacklists. Let’s pretend they’re more than marginally useful. (If you have issue with that statement, go make friends with somebody in the blacklist business and ask them.) Bad links aren’t the problem. That I’m addressing here I mean.
The problem is the way we think about all the other links. You know, the complement to the bad links. Not all of which are good. Only we treat them all as good by virtue of keeping them off blacklists. Get it?
What’s missing is a whitelist. But not the kind of whitelist we’re used to thinking about, like the one that confines your kid to age appropriate sites. The kind that:
- confines itself to the links that matter. Meaning, by and large, those pertaining to commerce
- brokers facts, not supposition. Blacklists are chock full of URLs that have been deduced as dangerous. For anything new that surfaces, we’re never quite sure unless an expert trained in the art proclaims it so
- is sanctioned by a trustworthy entity whose business it is to sanction
Said another way, what we need is a certified whitelist for commerce. One that complements, not unseats, blacklists. In thinking about it this way, we end up a trifecta classification system: the bad, the good, and the fraud neutral.
Now that would be useful.
