> Do you also block pastebin? Anything else that has a web form?

pastebin and indeed most things that has some sort of public webform is blocked in all the companies I have worked with.

It is probably a losing battle though, as it is very hard to block everything without default deny.

Paradoxically, maybe GPT could be used to veto websites on first access :)

> pastebin and indeed most things that has some sort of public webform is blocked in all the companies I have worked with.

Search engines too? And these days, that means web browsers, because the (IMHO stupid) idea of combining address and search bars into one means everything you type while trying to open a website gets leaked to some party (most likely Google).

Search engines (and url bars) are indeed not blocked, but I do worry every time I use them. Internal url leaks to google must be extremely common.

I imagine they must be. I'm habitually careful to either click on a link, paste the entirety of the internal URL at once, or enter only the most generic word or words that will surface the URL I want as a history suggestion - all to minimize the chances of leaking anything this way.

You can turn the auto search off

There's a lot of things that you can turn off, but nobody actually does - which is the very reason they ship turned on in the first place.

Because "awareness only" has such a great track record when it comes to security-adjacent issues, and totally satisfies auditors/customers/regulators/...?

I don't think awareness only has any reasonable track record and I would always prefer a technical control if there is one. But I have a hard time seeing any alternative here.

I don't think the idea that you can give people access to the www and at the same time preventing them from putting things in forms can be done. That's simply not how it works. And if you're blocking access to a few services where they might do that, well, they have a million others, and you're deceiving yourself that you've done something.