Cloudflare has apologized for blocking LGBTQIA+ sites with the launch of the new 220.127.116.11 for Families service.
Announced this week, 18.104.22.168 for Families is designed as an alternative to the 22.214.171.124 DNS resolver which also automatically filters out adult content and websites deemed to be a security threat.
"While 126.96.36.199 can safeguard user privacy and optimize efficiency, it is designed for direct, fast DNS resolution, not for blocking or filtering content," Cloudflare said. "The requests we've received largely come from home users who want to ensure that they have a measure of protection from security threats and can keep adult content from being accessed by their kids."
Two versions of the service were released: 188.8.131.52 for malware protection, and 184.108.40.206, designed to filter out both malware and adult content.
However, once released to the public, users quickly realized that a number of LGBTQIA+ sites were also restricted.
According to Cloudflare CEO Matthew Prince, the "mistake" was caused by categorizations used by data providers, of which information feeds are licensed by the company to create the backbone of the filtering service.
Prince said feeds provided by multiple providers are in use. While the last few months have been spent verifying which ones to use for the family service -- generally-agreed malware and blacklisted, malicious websites being the easiest to sort out -- Cloudflare attempted to mirror Google's SafeSearch tool in the definition of "sexually explicit content."
One of the providers in use had an adult content category that mirrored Google, as well as another category that also encompassed LGBTQIA+ sites and a broader range of topics.
The wrong category was chosen.
"When we released the production version we included the wrong "Adult Content" category from the provider in the build," the executive said. "As a result, the first users who tried 220.127.116.11 saw a broader set of sites being filtered than was intended."
Cloudflare said that it took several hours for a new data structure to be rebuilt once the mistake was spotted. As of now, websites should be unblocked, but the company has asked users to report any remaining, inadvertent LGBTQIA+ website blocks they come across.
"Going forward, we've set up a number of checks of known sites that should fall outside the intended categories, including many that we mistakenly listed," Prince commented. "I'm sorry for the error. While I understand how it happened, it should never have happened. I appreciate our team responding quickly to fix the mistake we made."
In the coming months, users will also be given the ability to customize category blocks in 18.104.22.168 for Families.
Previous and related coverage
- Mozilla: Cloudflare doesn't pay us for any DoH traffic
- Cloudflare IPO: A real tech giant in the making -- with a female co-founder
- Facebook, Mozilla, and Cloudflare announce new TLS Delegated Credentials standard
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0