Wednesday, August 19, 2009

Safe Search – Not just a content filter

‘Safe search’ is a feature used by search engines to filter out explicit sexual or adult content from search results. Most search engines provide 3 modes of safe search as follows:

  • Strict: Filter all adult web, video, and image results
  • Moderate: Filter adult video and image results only
  • Off: No filtering

By default, most search engines implement a ‘moderate’ setting. Some search engines, such as Yahoo, additionally provide password protected preferences. Any user who is signed in can change the setting and save it for his/her preferences.

Bing, Microsoft’s newly launched search portal, came up with a feature to play a preview of videos directly from the search results. However, by turning off the safe search filter, people were able to play adult content from the search page itself, thus bypassing possible URL filtering controls on the network. Bing later recommended solutions to prevent explicit content from being displayed in the search results. They initially provided a workaround in a blog posting which suggested adding ’&adlt=strict’ to the end of the search query. This forced filtered results even if end users had disabled the feature. Bing later recommended another solution with explicit content being served from a separate domain, thus allowing for explicit content to be blocked simply by filtering access to a single domain. Here is an example of Bing results with safe search turned off:

Now as per the first suggestion on the Bing blog, we can add URL parameter ‘&adlt=strict’ to eliminate explicit content from the search results. Here is how the same query will look,

The search engine did not return any results, because the safe search setting is forced to be in ‘strict’ mode. The above solution of appending a safe search parameter in the URL is definitely a good way to prevent explicit content from being displayed even if safe search is turned off. Remember, you will have to also find out if the safe search parameter used by the search engine website should be appended or prepended to the final URL. This is because filtering can be bypassed by appending the same parameter with a different option. Look at the below result:

I have again appended an ‘&adlt=off’ name/value pair to the end of the URL in the second image. The search engine now takes last parameter i.e. ‘&adlt=off’ as safe search parameter to filter out the result. Imagine, without a proxy or filtering solution in place, a user would be able to add such a safe search parameter at the end of URL to bypass the safe search protection even if his/her search preferences were set to strict mode. But, how would a user do this if a proxy server is altering the URL? They will not have access to the query after it will be altered by the proxy server. In this case, even if a user were to add a safe search parameter anywhere in the URL to bypass safe search protection, the necessary safe search parameter to force strict filtering would then be added at the end of final URL (as shown previously) at the proxy level. This will override the user preferences and the proxy server will return only safe search results.

Almost every search engine implements safe search features but individuals control whether or not it is used, not the enterprise for which they work. Beyond the legal ramifications of allowing users to view inappropriate content while at work, it can also present a security risk as adult websites often contain malicious content. For example, pornographic sites may encourage users to download fake codec or flash applications to view the content of a video, which ultimately results in a system compromise. In the associated image, we are viewing a malicious website and AVG antivirus triggers immediately with message “Exploit Trojan Fake Codec”.

We land on this page because we have turned off the safe search and we searched for adult content. If safe search was on, the user would not have been permitted to visit the site and download the malicious program. This time antivirus identified the threat, but that may not always be the case. This shows the importance of safe search.

Happy Safe Search!!!

Umesh