Hey Adam, I see your point of view but I'm afraid I have to disagree: any user of yours attempting to circumvent threat protection that you might have in place is opening up your network to kinds of threats. This in itself is a threat to the safety of your network.

Apple's Safe Browsing (which I believe proxies Google's Safe Browsing service) is designed to protect against a certain type of threat, but is very general and shouldn't be relied on - we often see domains which are clearly hosting malware or phishing resources, which haven't been recognised by Safe Browsing yet.

Thanks for the request Adam. The Proxy & Filter Avoidance category is a challenge because, as you mentioned, many digital assets communicate with proxies to get their job done but another use is circumventing DNS protection.

Would controlling visibility of Proxy & Filter Avoidance in reporting be a good compromise for you?

Thanks for the feedback. For a short term solution, we recommend adding any known utility domains (like those used by your VPN) to the allow list of the appropriate policy for more granular control.

I've had reports of people having trouble with devices that have Covenant Eyes on our wifi. Maybe this has something to do with it. I believe CE uses a VPN. I like to use filters and accountability software in multiple layers, but that doesn't work if those layers can't work together.