Everyone’s busy building admin tooling for shared block lists when what they could be building is structured “threat intelligence”

Which is kind of the same data (Except with much more focus on timestamps & description), its just the UI and how the data is consumed is different (rather than automatically blocking/unblocking things I get a queue of notifications I can act on)

Does it mitigate all of the issues that exist with shared blocklists? No, because those are human nature. An admin can decide to just blindly follow recommendations without doing their own investigations and there’s nothing you can do about it.

Does it mitigate all of the worst aspects? Yes.

Is it something you can build and deploy without doing complicated protocol development as might be required for something more ideal? Yes.

@erincandescent shared block lists really ought to be shared allow lists tbh