If you are clicking on some links via Twitter, you might have gotten a phishing security warning over the weekend. Apparently, Bit.ly was blocked by mistake.
ISPs blocking websites is always going to be a touchy topic at best. It brings up topics like censorship and free speech. Some ISPs, however, block websites for security reasons. Australian ISP Optus is one such ISP. Over the weekend, people who click on links managed by Bit.ly immediately got redirected to a security warning about phishing.
Phishing is a method where criminals try and obtain sensitive information like login credentials. This is often done by tricking users into getting them to log in to a legitimate website when they are really typing their information in to a fake website where the information is harvested by criminals.
There’s no disputing that there is phishing attacks going on these days, but a website like bit.ly isn’t one of those sites. However, over the weekend, Optus began blocking the website to the confusion of a number of their subscribers. From the Daily Telegraph:
The block has since been lifted but in some cases users may experience difficulties with Bit.ly links for the next two days.
Bit.ly is a link management system popular with Twitter users, which allows them to shorten long web page links so the text takes up fewer characters.
Instead of being linked through to a newspaper article or website, people who clicked on the Bit.ly links were shown this error message instead:
“The web site has been blocked. For your protection, this web page has been blocked by the Optus Network. Please only ever use https://www.optus.com.au/customercentre/myaccountlogin to access your Optus account. Optus will never ask for your account details via email. Vis http://www.optus.com.au/shop/support/answer?question=phishing for more information about phishing and internet security. If you believe this web page has been blocked in error, email us at abuse@optusnet.com.au”
After a storm of comments erupted on Twitter, Optus went on the record to say that the block was initiated after a phishing attempt was reported. However, the block was applied to the bit.ly domain by mistake. A spokesperson apologized for the error and that users will see the issue clear up after a day or two.
While this is a mistake, it does at least offer an insight into how easily an innocent website can be targeted for blocking. In this case, it’s a fairly big website at that. It is why consumer advocates want such stringent oversight whenever there is an effort to block websites for one reason or another.
Obviously, blocking Bit.ly is enough to cause such a huge uproar that the issue gets resolved quickly. The question is, what about smaller websites that don’t have millions of users using them. As such, the backlash can be smaller and there may not be such a huge motivation to remove such a block as a result.
Either way, when stories like this hits the press, it has the potential of coming back to haunt those who call for blocking material on the web.
Drew Wilson on Twitter: @icecube85 and Google+.