This actually took down editing rights for wikipedia for virtually the whole of the UK a year back or so. For wikipedia the whole of the UK looked like it was coming from 6 IP addresses.
Turns out that they'd blacklisted an album cover for having a naked 14 year girl on it, so everyone going to wikipedia got shunted through the system, which makes it appear as if everyone's coming from a handful of IP addresses. Ironically the 70s album cover wasn't censored in the UK when it originally came out.
I can't remember all the details now, I'm paraphrasing a story told by Glyn Wintle from the Open Rights Group[1]. I saw him at a Notts Tuesday event[2], good speech, a whole lot more insidious things going on than you realise.
In the UK the Open Rights Group are the people you need to support/get involved with to help keep things like this in check!
I believe it was only un-logged-in users (if you log in, in most cases that takes precedence over your IP for Wikipedia's software). But yes still rather strange, and could prevent people who didn't already have accounts from creating them.
If you install the HTTPS-Everywhere Firefox addon, all wikipedia URLs and hundreds of other domains are automatically redirected to their https equivalent.
Once, delicious was very briefly on the block list. They quickly realized that it didn't host images and unblocked it.
Buuuuut:
Virgin and NTL blocked it for YEARS afterwards. It was a nightmare getting it unblocked. I eventually had to reach out to a friend that knew Branson to get a high enough level connection.
Government blunt weapons plus corporate disinterest are in aggregate bad for everyone.
Transparant HTTP proxying by your ISP isn't all bad. Back when Virgin was NTL, if you didn't pay your bill, instead of cutting you off at the exchange they would just put in place a proxy rule that redirected all HTTP requests to a page telling you to pay.
Some broke friends of mine noticed that their already downloaded torrents still worked. Obviously, all non HTTP traffic worked just fine. They took to going to the pub at the end of the road, grabbing .torrent files and downloading them at home. Pretty resourceful. I considered hooking them up with a SOCKS proxy but never did.
As it probably should, in this case, because we're not giving up a lot. People think that one child abused is one too many, which is hard to argue. But yes, you can argue that blocking entire domains instead of specific urls is overkill.
Accessing free child porn anonymously doesn't "incentivise" child abuse. But some think that it encourages abuse in real life. But that's a psychological argument, not a technical one.
> People think that one child abused is one too many, which is hard to argue.
It is hard to argue, but it's also a red herring. The missing bit is the solid link between someone(1) NOT accessing child porn and, somewhere down the line a child NOT getting abused.
1: and that someone is likely to be a small fish, as one must expect the serious guys to be perfectly capable of using any of the hundreds of easily accessible and usable tools (various flavours of crypto) to circumvent the deploy anti-measures.
To a certain extend, this is the war on drugs all over again. We fight (a very small subset of) the consumers because then we are seen to do something (tm), but it's not clear that it puts a significant dent in the production. And this is a harder nut to crack than drugs, because the easy demand-side solution (at least partial legalisation) is not really feasible here.
Actually, come to think of it. There exists a possible partial demand-side solution: CGI or drawings, but in recent debacles surrounding this, opinion has been firmly against. Flooding the market with easily accessible, legal no-victim drawn/CGI material at least has the potential of keeping potential consumers of the real stuff away from it.
This just goes to show that "one child abused is too many" only applies when the solution discussed isn't "wrong".
The think of the children squad is immune to reason. They'll smear your name and then your colleagues will look at you funny when you wander into the office at 10:30.
And transparent proxies being what they are, even when you're accessing legitimate content, you can end up with bizarre failures since cookies aren't working properly. Get quite a lot of "you don't have cookies enabled" errors from file transfer sites which don't occur through non-UK VPNs.
Shoddy transparent proxying and traffic shaping isn't anything new in the UK though. For the past couple of years I've frequently had Google go "down" for blocks of 5-10 minutes several times each week, yet through VPN it's fine. If you want a reliable connection at home in this country, it seems you need to just be permanently hooked up to a VPN located somewhere else.
Looking at the IWF website. Only child porn is within their remit. This seems a little crazy breaking parts of the web and effectively assuming everyone visiting a file sharing site is a paedophile.
As is noted in the original article, this is a malfunction: IWF issue a blocklist of URLs, not IP addresses, but the ISPs filter content by proxying. Some of the ISPs have crappier proxy setups than others. Notably, the biggest ISPs (Virgin and BT) are the most aggressive at enforcement; smaller ISPs may not have the resources to waste on nannying their customers. I'm on Be Unlimited -- smaller, aimed at clueful users, features include stuff like static IP addresses and unblocked SMTP access -- and Filesonic.com appears to be accessible.
(I am not-dumpster diving for kiddie porn, however. It's a strict-liability offense: merely having the stuff in your hard drive cache, unlooked-at, is enough to draw a gaol sentence.)
It's a strict-liability offense: merely having the stuff in your hard drive cache, unlooked-at, is enough to draw a gaol sentence.
That's something that comes up periodically w.r.t. to the IWF itself. It's not an agency of the police (or part of the govt at all), so the exception to child-porn laws that permits police to view such photographs in the course of an investigation doesn't apply. Thus, if the law were to be applied as written, it should be strictly illegal for IWF employees to have accessed many of the sites on its blocklist. So either they haven't done so, and their blocklist is of questionable accuracy; or they have done so, and thereby committed a crime.
Fortunately for them, the government supports the IWF and has no interest in prosecuting them.
There's a page on the Be User Group website about their proxying of the various file-storage sites, with workarounds. I'm with O2, and have found the messages about "failed the captcha too many times" or "you may only download one file at a time" popping up sometimes.
I don't suppose the ISPs are too bothered about the sites being filtered - although there is some legal content on them, they're mainly used to host copied music and TV, so there is little incentive for them to make allowances for access to the non-porn content.
Be Unlimited is a very good ISP (I use it too) but since it is now owned by O2, though it hasn't been merged, I think it's now much more vulnerable to being forced down any route that the more generic O2 broadband takes.
It seems the proxies are filtering by URL but all requests to any part of a flagged domain go through the proxy and so the sites see all subscribers of a particular ISP appearing to come from the same IP address. Hence the "your IP address has failed the Captcha too many times" type of messages. The Wikipedia/IWF 'edit ban' debacle was exactly the same thing due to Wikipedia limiting edits from any given IP address to prevent abuse.
Incidentally, I'm with BeUnlimited and it seems uploading.com always thinks that my IP address has exceeded some download limit:
"Sorry, you have reached your daily download limit.
Please try again tomorrow or acquire a premium membership."
This does not happen when browsing from a cheap Linux VPS box, looks like Be/O2 are proxying too, except from curl -I output it looks like it's a fully transparent proxy.
Note that I can still download from those site at will. It doesnt look like they're actually blocking anything. I'm on the 10mbit service, which is on a different network to the 50mbit+ plans.
Virgin have stiffed me before with deep packet inspection, but this one is new to me. Time to persuade my new housemates that changing to DSL is a good idea...
Or figure some more elegant way around it. Any ideas? Hooking up openDNS at the router level is on my list, but I doubt that will help.
If they are not using a transparent proxy to pick up the HTTP traffic then using OpenDNS or Google's public DNS (8.8.8.8 and 8.8.4.4) will help.
If they are going as far as inspecting http traffic (and selectively editing/blocking some of it) with a transparently proxy rather than redirecting selected domains via DNS poisoning then your only way around this is some sort of VPN which of course requires a host elsewhere for the VPN server to run on (unless you use something like Tor, but that is very slow and may cause the same "many people from a small set of IP addresses" problem itself anyway due to the relatively limited number of exit nodes).
Customer requests are redirected by ISPs to the transparent proxy on an IP:port basis. DNS is not poisoned; using a different DNS will not affect how it works.
I personally use a cheap VPS located in the US to get around IP geolocation (e.g. occasional Youtube videos, Hulu etc.), and it can also circumvent this, though I have never had cause to - my Be Pro account does not block filesonic.com, for example.
Get a VPS with an unlimited bandwidth deal and set up openvpn, strongswan or even an SSH vpn (works under linux only). Get your default gateway to connect up permanently and route as much or as little traffic as you want through it. I use this for things like Hulu, so I can watch iPlayer in the UK and Hulu in the US from the same location.
You can use putty and firefox to do sock proxy on windows. When configuring a connection in Putty add a port for dynamic forwarding (under connection -> ssh -> tunnels, put something like 4999 in the source port, select the Dynamic radio button and click add next to the source port)
Then in firefox you can setup a socket proxy (in options, under advanced settings -> connection settings select
manual proxy then add 127.0.0.1 and port 4999.) This should be enough to get around it. I use this to secure my connection while on other peoples laptop (work etc..)
I use this in conjunction with the FoxyProxy[1] extension sometimes to get around censorship in some countries. Good call on writing it up here, I missed it.
Germany doesn't. The government just decided not to implement blocking (after arguing about it for years). Anyone (worldwide) who hosts child porn will be contacted by the police and asked to delete it. (When that was tested in January, 99% of the offending sites were gone after four weeks.)
That's why I was so surprised. I only really followed the debate in Germany (that's where I'm from), not in the rest of Europe.
They're trying to get internet filters back through the Glücksspielstaatsvertrag (gambling act), so if you're interested in an uncensored internet in Germany, contact http://www.ak-zensur.de/ and see how you can help.
DA notices aren't legally enforceable though. Most newspapers comply voluntarily.
They're overseen by a committee of both government representatives and those from the press and news distribution (including Google's Europe head of PR)
One thing that annoyed me a lot while I was living in China was the extensive censorship of the internet. Seeing the same amount of censorship in the western countries is even more unsettling.
The only difference is in the definition of the illegal content used .
Yep, my connection is "IWF'd"... I had no idea this kind of thing was going on. At least when they block a website in China they block it with a clear message instead of just silently breaking its functionality.
My friend in China says it isn't a 404, the connection is just RST'ed to both sides and dropped. Simple, and effective. Your browser should display a "connection reset by peer" message or something to such an effect.
In Syria, however, you do get an error page saying the page was blocked. Facebook, for example, is blocked in Syria (or at least, it was when I was there in 2009 - of course, I had a VPN to Ireland, so it didn't affect me at all).
Damn that's annoying. They are actually quite good in their package, I shall list the options from memory (ignoring what doesn't apply or is just plain out of mind).
Sky - Broadband, phone, TV. Requires you to pay a Murdoch (hard pill to swallow for one parent)
Virgin - Cable (internet on different unshared fiber), phone, tv. Requires acceptance of this article. (Tbh not too fussed)
BT - Broadband and calls. TV package is an expensive joke. Call centre is shit/Indian (quality of the line and training, not racism)
Talktalk - Broadband and calls. Even worse call centers. My parents are afraid to leave them now...
Anyway, I believe I'm wrong somewhere, I wish I was wrong in more places (everything negative).
I used to live in Australia, at a time when most .au ISPs did not censor the Internet. However, transparent proxying was fairly common among ISPs anyway, because it saved them money. I suspect that might be what's happening here (though I guess the cost savings are higher when you do it in Australia, because data charges to Australia are ridiculous).
If the ISPs just wanted to implement IWF censorship, they could do it less invasively by using packet inspection.
Turns out that they'd blacklisted an album cover for having a naked 14 year girl on it, so everyone going to wikipedia got shunted through the system, which makes it appear as if everyone's coming from a handful of IP addresses. Ironically the 70s album cover wasn't censored in the UK when it originally came out.
I can't remember all the details now, I'm paraphrasing a story told by Glyn Wintle from the Open Rights Group[1]. I saw him at a Notts Tuesday event[2], good speech, a whole lot more insidious things going on than you realise.
In the UK the Open Rights Group are the people you need to support/get involved with to help keep things like this in check!
[1]http://www.openrightsgroup.org/ [2]http://notttuesday.com/2010/07/05/tuesday-13th-july-keeping-...