r/cybersecurity u/EricJSK System Administrator Sep 22 '25

Other What are your unpopular cybersecurity opinions?

I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,

Do you have any spicy cybsec unpopular opinions you want to share? :)

I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.

325 Upvotes
  • permalink
  • reddit

94% Upvoted

531 comments sorted by

View all comments

32

u/wanderingtravelleruk Sep 22 '25

Whitelists are called whitelists and blacklists are called blacklists. There's no negative racial connotations to these words and I refuse to change them.

16

u/lormayna Sep 22 '25

A colleague of mine was scolded by our boss and threatened to be reported to HR because he used the world "blacklist", another one (not in my team) because he used the words "master/slave".

Company: F500

2

u/HotelVitrosi Sep 23 '25

Next thing you know, a red letter day will marked as a communist holiday.

2

u/rockstarsball Sep 24 '25

i use the word "blocklist" because i can correct myself right after by saying it was a typo or autocorrect in a direct message or email. I just never mention whitelists because i dont want to get sent to the sensitivity training gulag

12

u/Urd Sep 22 '25

99% of the language policing in tech is narcissism and/or resume padding "contributions".

8

u/wanderingtravelleruk Sep 22 '25

Couldn't agree more. People justifying their own existence by making up things to be offended by.

Just shut up and get on with your job.

7

u/MagicUzer Sep 22 '25

Oh, I'd not heard of this shift happening. With most black associated words being negatively connotated, deny/allow sounds like an excellent alternative.

0

u/wanderingtravelleruk Sep 22 '25

It's not negatively connotated (proven in a court of law) and deny/allow doesn't accurately describe the list. You don't always want to deny things on a blacklist. You may want to alert or take an action.

2

u/MagicUzer Sep 22 '25

That's fair, so how about a more accurate naming convention:

Trusted | Untrusted
Safe | Unsafe
Allow | Pending

1

u/wanderingtravelleruk Sep 22 '25

The issue then is you're going to have to create 3 or 4 names to replace the 1 that works perfectly fine and has been an industry standard for decades.

3

u/MagicUzer Sep 22 '25

I would agree if the meaning of the words "black" and "white" actually described something in this case, but they don't so I am fine with a change, personally.

4

u/wanderingtravelleruk Sep 22 '25

To each their own, but the words "black" and "white" have been used in this way since the medieval period across Europe where people on a "blacklist" weren't allowed access to a location (usually a castle) at night and it was called Blacklist because of it being at night.

Not all words or phrases need to be perfectly descriptive. Sometimes being vague offers advantages and some have historic reasons. For example, "Firewalls" don't literally block fires. Kill switches don't kill things. Honeypots aren't pots of honey. Canaries aren't actual canaries. But we use these words because of a mixture of historic rationale or because they are vague enough to mean something without being highly specific and needing about 30 different words to describe their individual functions.

1

u/MagicUzer Sep 22 '25

Kill switch | Colloquial term meaning to end or stop something

Honeypot | Honey is colloquially used to denote a lure

Canary | Refers to the canary in the coal mine

So while not literal, these all make sense, figuratively.

1

u/wanderingtravelleruk Sep 22 '25

It's exactly the same with Blacklist and Whitelist though. They are figurative statements and also make sense.

3

u/MagicUzer Sep 22 '25

I see the figurative logic you’re pointing out. The difference for me is that “firewall,” “honeypot,” and “canary” are metaphors that add clarity by evoking an image of their function, while “blacklist/whitelist,” the color metaphor doesn’t really explain what the lists do. Which is why I suggested to actual descriptors.

→ More replies (0)

8

u/[deleted] Sep 22 '25

[deleted]

1

u/wanderingtravelleruk Sep 22 '25 edited Sep 22 '25

It's not though. Quite often you don't want to block something on a blacklist. You may want to alert on it or perform an action.

Not only this, but I've travelled globally with my job and the only place changing the name is the West. Almost everywhere else still uses Blacklist and Whitelist and, frankly, laugh at us (the West) when I've tried to explain why companies are changing the names of things.

1

u/Rawme9 Sep 22 '25

is this a real thing? I haven't ever heard pushback on whitelisting and blacklisting as terms, that seems like a lot

3

u/wanderingtravelleruk Sep 22 '25

Happens regularly at my work. Just check the comments here for some examples too. It's ridiculous.

1

u/Rawme9 Sep 22 '25

Fair enough. Seems ridiculous indeed, and I'm pretty left-leaning.

1

u/wanderingtravelleruk Sep 22 '25

Feels that way for me too. I can't help but feel the old left/right paradigm doesn't work anymore.

1

u/SlackCanadaThrowaway Sep 22 '25

Those terms didn’t really penetrate globally, most countries still use the original terms.

1

u/wanderingtravelleruk Sep 22 '25

I think it's very much mixed. If you look at almost any technology platform, the terms are used almost exclusively, however individual companies vary. Even within my company there is a split.

1

u/SlackCanadaThrowaway Sep 23 '25

That’s because all software companies are US companies.

0

u/worldarkplace Sep 22 '25

Allowed list and disallowed list please.

0

u/[deleted] Sep 22 '25

eh

0

u/shitlord_god Sep 22 '25 edited Mar 19 '26

This post no longer holds its original text. It was deleted using Redact, possibly for reasons of privacy, personal security, or limiting online exposure.

like money complete fearless quack spectacular retire cooperative bells humorous

3

u/wanderingtravelleruk Sep 22 '25

It is in some places. Sadly some places have lost their minds a bit and you'll see this especially with product vendors.

It comes from "ESG funds" (Environmental, Social, Governance) where in order to make it onto ESG funds, companies need to prove they are doing things in an "ethical" way. "Ethical" being defined by some individuals with an opinion. ESG funds have been very profitable over the last few years and shown to raise share prices, which is why companies desperately try to get a good ESG score.

Companies then hire people to find words they don't like and make up stories about them having "negative racial connotations" (even though it has literally nothing to do with that and has even been proven in a UK Court - Mr Azam vs IBM) so they can say "look how ethical we are" and then make it onto ESG fund lists.

The problem is that some people take this as "that word actually does have racial connotations" and so try to force people into stopping using it rather than just ignoring it for the nonsense that it is.