Web Blocking

8/17/2012 11:40:57 AM

Don’t look now, but someone’s deciding what you can look at

The spectre of website blocking found its way back onto the news pages again recently when BT announced it had implemented a court-ordered block on the Pirate Bay website. As we report on p7, the block was, as usual, quickly rendered mostly useless by those pesky pirates, who offered alternative unblocked addresses where users could access their services. Visiting the Pirate Bay site is not in itself illegal, and there are no penalties for ordinary users who choose to circumvent this or any other court-ordered block to continue their own browsing.

Description: Website Block software utility allows you to block unwanted websites from display in Internet Explore

Website Block software utility allows you to block unwanted websites from display in Internet Explorer

There are two main methods an internet service provider (ISP) can use to block a site. The simplest is to remove its domain, such as, from its DNS (domain name server) database. That database is a crucial link in the chain for most broadband customers. It converts the web address typed into a browser, or clicked in a link, into the IP address for the website - the string of numbers that leads directly to the server where the information resides. Remove the domain from the database, and the site is no longer accessible.

There are a couple of problems with this basic method of denying access, however. The first is that it’s very easy to get around. Not every customer uses the ISP’s own DNS in the first place, and those who do can easily switch to an alternative, such as OpenDNS, by changing the settings on their router (though some I SP-supplied routers prevent this) or on the device being used to access the web. For example, in OS X, go to the Network pane of System Preferences, select your current connection on the left, click the Advanced button, go into the DNS tab, click the “+’ icon at the bottom left, and type the address(es) of your favourite DNS server into the panel. For OpenDNS, you would enter and (the pair of addresses is just in case one fails).

Take the ISP’s DNS out of the equation like this, and it’s as if the site block never happened. This method of blocking a site is also problematic because it prevents access to an entire domain, rather than specific pages. That could mean perfectly innocuous content, not intended to be blocked, would be made unavailable.

The Ease With which the DNS method can be circumvented means it’s obviously unsuitable for blocking access to illegal content such as sexually abusive images of children. To do that, ISPs use the BT-developed CleanFeed system. CleanFeed steps in after a DNS has resolved an IP address and compares the IP with a list of blocked addresses maintained by the Internet Watch Foundation. If it finds a match, access to the requested web page is prevented. CleanFeed is now mandatory for all ISPs in the UK.

The Internet Watch Foundation is a private organisation set up by commercial internet providers and funded by a variety of industry and public bodies. It has no special status in law, is not accountable to the public or to parliament, and does not respond to Freedom of Information Act requests. Its complaints procedures and code of practice are laid down and monitored by itself, and appeals are heard by the IWF’s own staff, whose decision is final. So what could possibly go wrong?

Description: Newzbin2

Newzbin2 itself didn’t host any content, and merely operated as an index, much like Google but with more of a specific focus on finding movies and music that you hadn’t paid for

Of course, many people would agree that it’s a good idea to prevent sexually abusive images of children being accessed, and it seems to have become accepted that this kind of content (whether correctly or incorrectly identified) is a special case. Inevitably, though, once an internet kill switch had been invented to block scary kiddie porn, the temptation was bound to arise to use the same technology for less noble purposes.

So when BT was ordered by a court last year to block the link aggregation site Newz-bin2, it opted to use CleanFeed to implement the block. The complaint against Newzbin2 came from copyright owners who were angry about the site providing links to other sites that hosted unlicensed copyright material.

Newzbin2 itself didn’t host any content, and merely operated as an index, much like Google but with more of a specific focus on finding movies and music that you hadn’t paid for. Compared to child pornography, this didn’t seem to present quite such a good case for trampling on freedom of expression and censoring users’ internet connections en masse. But the court was nevertheless convinced.

When BT was then ordered to block The Pirate Bay, a peer-to-peer file sharing service that openly flouted copyright. it asked for additional time to implement lessons learned from Newzbin2. Despite this, when the block finally came into effect, The Pirate Bay was able to make itself available to BT customers within minutes, simply by adding another couple of servers with new IP addresses. Users could then type these IP addresses, or click on a link in a forum, and, because the new IP address wasn’t on BT’s blacklist, would be able to access the site.

The Pirate Bay explained that this was intended as a ‘statement’ to show how easy it is to circumvent this type of block. It does illustrate that any type of filter which relies on comparing IP addresses with a list of known banned IPs ends up as a game of cat and mouse between the ISP and site operator.

If adding new IP addresses every time the ISP blocks one becomes impractical, there’s an easier method to circumvent a block: use a proxy server. Proxy servers allow users to make it look to their IS P as if they’re visiting one IP address, while the proxy forwards the request to another, such as a blocked site.

Using a proxy server carries its own risks for the user, however. Although there are thousands of open proxies that can be found with nothing more troublesome than a Google search, many will display pop-up adverts or other unwanted content, and there are also privacy and security issues in allowing HTTP requests to be intercepted by an unknown third party.

Description:  TalkTalk's HomeSafe adult

 TalkTalk's HomeSafe adult

Though not perfect, CleanFeed is more successful than other forms of site blocking, such as Talk Talk’s HomeSafe adult content filter. That system, which is offered to all new Talk Talk customers, allows content such as malware, pornography and gambling sites to be filtered at network level - that is, affecting every device on a broadband line, so anything parents decide their kids shouldn’t be able to see, they won’t be able to see themselves either.

Some MPs want to see this type of blocking adopted as standard by all ISPs. Earlier this year, an ‘independent’ parliamentary enquiry led by Conservative MP and conservative Christian Claire Perry recommended the implementation of ‘opt-irf filtering, where users would have to specifically ask their ISP to be allowed to view ‘adult’ content.

‘Our inquiry found that many children are easily accessing internet pornography as well as websites showing extreme violence or promoting self-harm and anorexia. This is hugely worrying,’ said Perry, who didn’t seem to be worried by the prospect of mass censorship, or by the plain fact that the millions of gigabytes of data accessible on the internet don’t come with age-appropriate stickers to enable software to categorise them.

The Internet Service Providers Association criticised the proposals, saying that ‘forcing ISPs to filter adult content at the network level, which users would then have to opt out of, is neither the most effective nor most appropriate way to prevent access to inappropriate material.’ And the Open Rights Group said the proposed filter ‘would endanger children, create disruption for small business, and would not work technically.’

Description: While copyright owners have forced ISPs to block individual sites, blanket censorship of child abuse images is already in place and the government is keen to auto-block a wide variety of ‘adult’ content

While copyright owners have forced ISPs to block individual sites, blanket censorship of child abuse images is already in place and the government is keen to auto-block a wide variety of ‘adult’ content

The First Problem with a filter such as HomeSafe is that it relies on comparing requests for web pages in a browser with an auto-generated list of blocked sites. This list is necessarily incomplete, thus lulling those who rely on the filter into a false sense of security, and will inevitably include thousands of false positives - sites that the list generator believes are of the type intended to be blocked, but aren’t.

As the Daily Telegraph journalist Tom Chivers put it after discovering that his newspaper’s website had been blocked by a mobile phone network: ‘Your children would not be able to access the edifying goodness that is Telegraph Blogs, but may be able to waltz freely into the darker recesses of Spankwire, because the algorithms are imperfect at best.’

Regardless of whether it’s blocking the right sites, TalkTalk admits HomeSafe is easily circumvente d by ‘any intelligent teenager.’ While TalkTalk is the only ISP currently offering to filter at the network level, other ISPs are considering introducing such systems as an option, and in the meantime can supply software that allows content to be blocked on Macs and PCs. The government, meanwhile, hasn’t made up its mind. It seems minded to require ISPs to provide some kind of network filter, but has so far stopped short of supporting the recommendation in Perry’s report. Perhaps a fact-finding mission to Iran or Burma would help?

Video tutorials
- How To Install Windows 8

- How To Install Windows Server 2012

- How To Install Windows Server 2012 On VirtualBox

- How To Disable Windows 8 Metro UI

- How To Install Windows Store Apps From Windows 8 Classic Desktop

- How To Disable Windows Update in Windows 8

- How To Disable Windows 8 Metro UI

- How To Add Widgets To Windows 8 Lock Screen

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
programming4us programming4us