I've worked with several kinds of public blocking lists and one thing I learned is that they are all full of false positives. For whatever reason, I would not be surprised if just nobody ever noticed the mistake.
Yeah, that's a given because they're not constructed manually ie. no manual verification.
Give them some time to react. My wife complained to me she could not visit a website (I run Pi-Hole on our network, and our mobile devices get routed to it even on external networks). I looked through the logs, figured the offending rule, contacted the maintainer, and they fixed it within a few hours.
Yeah, same here, I run OPNsense and make use of Unbound's blacklist feature to similar (and surprisingly potent!) effect, along with Suricata and Sensei. I have had to manually whitelist some stuff though.
False-positives, things that are good defaults but advanced users should be able to bypass, or just plain unfortunately necessary workarounds are certainly all issues though. I think user available fallbacks can be useful sometimes for that reason. Like at a site using 802.1x auth, set it up so users can append "-noblock" to their login and then it'll change them into a different VLAN which can just point at a different DNS (or alternately Unbound supports views for split-brain DNS).
I don't want to educate my wife about how to circumvent the blockade with an all or nothing decision. I mean, its possible, and I taught her to update Google Play over 4G because else it does not work (on Nvidia Shield and Google Pixel 3a it does not; on all my other devices it works, not sure why). The reason I don't want to teach her that, is that the measure helps her (and our) privacy and security. By temporarily giving that up, we open up the whole attack surface for that time, which is kinda OK if you remember to switch back immediately but people tend to forget... The correct way to solve the problem is by fixing the blacklist and/or whitelist, (temporary) collateral damage be damned.
I use Pi-Hole on EdgeOS with a second server with Docker as backup. I also have NextDNS as fallback. I'll probably switch to OPNsense at some point though.
If you're talking about the Green Party site, there is explanation at the bottom of the GitHub issue. It appears they were either compromised at some point in the past and used as a relay for spam ads or somebody with legitimate authority to edit the site abused their privileges and ran a spam ad operation on the side.
In either case, blocklistproject interprets spam ad vendors as damage and routes around them.
