Archive for category Internet censorship

So… I herd u liek censorships

Posted by Aaron in Internet censorship on February 21st, 2010

In light of Conroy’s recent – unintentional – announcement that the internet cannot be regulated, and because I am bored, here are my views on censorship.

Personally I am against any form of censorship. Illegal material should be dealt with by police and the creators of the material jailed. And other, non-illegal material should be classified (where possible) so that people are informed about the content they are viewing. This means that the Refused Classification (RC) category would disappear. The non-illegal material that was previously part of the RC category would fall under a new classification, perhaps called “Unclassified” (UC). Distribution of this UC material would be allowed, but sales restricted and all other reasonable measures taken to ensure that it doesn’t fall into the hands of minors. This would return the Australian Classification Board’s (ACB) job to what it was originally intended to be: informing Australians of the type of content included in publications, movies, etc.

But wait, I hear someone crying out “isn’t all RC illegal?” This is one of the biggest problems I have with the DBCDE’s plan to censor the Internet. RC certainly does include horrible stuff like child pornography, bestiality and rape. What Conroy fails to mention is that it also includes information on controversial topics such as euthanasia and abortion. When questioned on this, Conroy said that the government does not make the decisions about what is RC and that the ACB is the body who determines the categories included, independently of the government. This. Is. A. Lie. The Australian Government decides on the categories and what those categories actually mean. The ACB merely makes decisions on particular items based on these guidelines. Guidelines determined by the Australian Government. For more information see: http://libertus.net/censor/clscensor.html#legbasis

With this in mind, I move on to the next topic: Is it possible to censor content? I do not believe this is the case any more. The Internet contains far more content than could ever be classified and contains digital copies of physical products, too. If, say, a book was Refused Classification in Australia, it is likely that anyone who wants to view that book would be able to find it on the Internet.

I hear you crying out again. (Who are you, anyway? :P ) “But the government has proposed mandatory Internet filtering that will block all RC material.” This is only a half-truth. The government has proposed a system whereby people who discover content that they believe to be RC can submit the URL to ACMA, who will then either send to the ACB to be classified or will attempt to guess what the ACB will say. If it comes out as RC, then the URL will be added to a blacklist. This blacklist will be sent to every ISP in the country, who will then block anyone who attempts to access these URLs. The problem is that it assumes 3 things: that RC material only exists at URLs, that the content at a specific URL will always remain the same, and that RC content is only available at a handful of URLs. All are incorrect assumptions.

  1. RC material only exists at URLs:
    In case you don’t know, the data on the WWW is retrieved like this: Your computer sends a request to another computer (called a server) containing a URL. The server (which could be located anywhere in the world) sends back the content you requested. Under the government’s proposed ISP “filtering” scheme, your ISP would block your original request if the URL was on the blacklist, preventing you from getting the content. But the Internet is a lot bigger than just the World Wide Web (WWW). Approximately 60% of the traffic on the Internet is peer-to-peer (P2P), that is, it doesn’t involve URLs or servers, just computers like your desktop sending data to other computers. Because there are no URLs (or any other form of identifier that would indicate what data is being sent) for most P2P traffic, ISPs can’t block RC material sent via P2P.
  2. Content at a specific URL will remain the same, always:
    This should be pretty obvious to anyone who has ever used the Internet. If you’ve ever been to a news site, you’ll know that the content on the homepage changes constantly. If a URL is added to the Government’s blacklist, it’s on there forever. There’s (currently) no way to appeal and not even any way to tell if a URL is blocked or not (the list is kept secret). This could be extremely damaging to sites where the content is user-generated. All it would take is one user to upload something that would be rated RC, and the page at that URL would be blocked indefinitely. Even if the site’s moderator’s took down the content afterwards, the URL would remain on the blacklist.
  3. RC content is only available at a handful of URLs:
    The problem here is the sheer size of the WWW. Google recently estimated that the WWW contains over 1 Trillion (1,000,000,000,000) unique URLs, growing at a rate of over 1 Billion (1,000,000,000) per day. The Government plans for its blacklist to contain between 1,000 and 10,000 URLs with any more running into technical problems. To put that in comparison it’s less than 0.000001% of the WWW and less than 0.001% of the amount of content that is added EVERY DAY.

There are 2 conclusions to be had here: Either the Government’s plan will do NOTHING to combat the “problem” of RC content on the Internet, or the “problem” is so small that it is not really a problem at all. So if you are in support of mandatory ISP-level filtering censorship, or are on the fence, I suggest you take a good, hard look at the problem and work out whether it’s worth spending $40 million in taxpayer dollars plus tens of millions in increased ISP fees on.

If you want more information on the Government’s proposed “filtering” scheme I recommend: http://libertus.net/censor/ispfiltering-au-govplan.html

, , , , ,

1 Comment

Internet Censorship in Australia… again

Posted by Aaron in Filter Circumvention, Internet censorship, Ranting, at stupidity, at the Australian Government on January 17th, 2010

It is with huge disappointment that I see Conroy still pushing ahead with his brainless attempt to censor the Internet. The policy has morphed slightly, it’s now only blocking “RC” content.

Conroy claims that this is to “bring the Internet in line with other media, like publications, radio, TV and Movies”. However, anyone who knows where the word “Internet” comes from will (hopefully) immediately see the problem: The word “Internet” comes from shortening “Interconnected Network”. The Internet isn’t a media for publication or broadcast. It’s a communications medium like the telephone or postal systems. We don’t “filter” them, so how, exactly, is the “filter” going to bring the Internet in line with similar mediums?

The results of the government’s 12-month-late live pilot were unsurprising, for the most part. After all, the government left it up to Enex to determine what were acceptable success criteria.

As a result, we end up with gems like the claim that a 10% speed reduction is “negligible”. Let me explain why this is just wrong. I have an ADSL2+ Internet connection. Being around 2km from the exchange, I get around 13Mbps. A 10% reduction in speed equates to around 1300kbps, or around 160kB/s. While it is true that this is not much, it does not meet the definition of “negligible”. According to wikipedia: “In engineering, mathematics, physics and similar disciplines, the term negligible refers to the quantities so small that they can be ignored (neglected) when studying the larger effect.”

The result of the test? A success, of course. It was a foregone conclusion, due to their being no success criteria specified. Not to mention that it failed to test the really important things. For example: whether the filter will still be effective in 10 years, when we have 100Mbps internet (the filters weren’t tested above 8Mbps) and are using IPv6 (none of the filters can handle IPv6 traffic, but Enex didn’t even test it), or even if the filterboxes are susceptible to DoS attacks.

Now to explain again why we still shouldn’t go ahead with this:

  1. The Internet is not a broadcast media like TV or radio, nor a publication like a magazine or newspaper. Trying to classify it as if it is is just stupid.
  2. The majority of RC content is not illegal to possess or view anyway. It’s only illegal to display (in public) or distribute (within Australia).
  3. An ISP filter cannot hope to block even a tiny fraction of the RC material on the web. The blacklist will be compiled by a complaints system. Complaints have been shown to take months to process. The current ACMA blacklist currently contains considerably less than 1000 RC URLs (1000 is actually very generous, since the ACMA blacklist contains stuff all the way down to MA15+). There are well over 1 Trillion (1,000,000,000,000) unique pages indexed by google. If there is only 1000 out of 1,000,000,000,000 URLs on the Internet that are actually RC (0.0000001%), then the problem is so small that there is no need to spend millions upon millions of taxpayer dollars (both taxes and increased ISP fees to cover the cost of implementation) on such a small problem. If there really is so much RC stuff on the web, then such a tiny blacklist, that takes months to add new sites is not going to have any appreciable effect upon people “accidentally stumbling” across it.
  4. It will not work. Anyone suitably determined is not going to be stopped by a blacklist-based ISP filter anyway. As I have pointed out on this very blog, it is incredibly simple to bypass the majority of filters. The live pilot results confirmed this, showing that none of the products tested were able to block even the majority of circumvention techniques. The Internet is not designed to be censored. There are many, many ways to bypass censorship, and the only way to make it effective is to do what China is doing (cutting itself off from the rest of the Internet) at which point it stops being the Internet.

If Conroy wants to continue with this mad scheme then he should not be surprised when it blows up in his face.

, , , , , , ,

2 Comments

Just in case you thought Conroy knew what he was doing…

Posted by Aaron in Filter Circumvention, Internet censorship, Ranting, at stupidity, at the Australian Government on July 1st, 2009

http://www.privacy.gov.au/internet/tools/#6

I find it a little ironic that the government’s own internet privacy website includes sites that would allow people to bypass its proposed censorship system. Conroy’s view about the ease of bypassing this little farce of a “filter” seems to have been that only the smart, spotty nerds or computing experts will be able to bypass the censorwall. And yet, on a GOVERNMENT SITE, no less, there is a simple-to-understand guide to bypassing it.

1 Comment

Advanced-level (but actually very simple) filter bypass technique: Putty/SSH

Posted by Aaron in Filter Circumvention, Internet censorship on May 3rd, 2009

SSH stands for Secure Shell, and is a way to securely administer a remote machine. In addition, SSH allows for secure file transfers (via SFTP) and tunneling of data through the SSH connection.

Using the OpenSSH client on the command line, all you have to do is add a single option, eg.

ssh username@server -D 9050

In PuTTY:

putty

This creates a SOCKS proxy on port 9050 of the local machine. Point your browser (and other apps) at this to bypass any local filter (as long as the filter allows SSH connections)

,

No Comments

Medium-level filter bypass: The Onion Router (tor) for Windows

Posted by Aaron in Filter Circumvention, Internet censorship on April 30th, 2009

The Onion Router, or tor, is a tool specifically designed to enable secure access to Internet content blocked in oppressive regimes. Earlier versions were somewhat difficult to set up, requiring you to edit config files. However, newer versions make the set up process absurdly simple.

There is an excellent how-to on the tor project site, however, I will explain how to set it up here too.

This guide is for Windows users only. I advise users of MacOS to go to https://www.torproject.org/documentation.html.en and follow the excellent guide there.

  1. Visit http://www.torproject.org/
  2. Click “Download Tor”
  3. Click on the “Installation Bundle for Windows”
  4. Once the file has downloaded, run it to begin the install process.
    Tor install, step 1
    At the first page click Next

    Tor install, step 2
    On the second page, I recommend you leave the options set to their defaults, ie. Full install. If you don’t have Firefox installed, untick Torbutton. Click Next.

    Tor install, step 3
    Click Install to begin the installation.

    Tor install, step 4
    The install is now complete. Click Next.

    Tor install, step 4.1
    If you installed Torbutton, Firefox will ask you to confirm its installation. Click Install Now.

    Tor install complete
    Click Finish to quit the installer and start the newly installed tools.

  5. You should now see a window like this
    1st tor start
    After a short time it should display that it is connected to the Tor network:
    Tor success
  6. If this is displayed, skip to step 10. If it is not, your ISP is likely blocking connections to the Tor network. Fortunately, Tor has a few tricks to get around these restrictions.
  7. On the Vidalia Control Panel, click the Settings button
    Tor Settings
    Next, click the Network tab at the top of the new window

    Tor network settings
    If your ISP has a HTTP proxy (if it doesn’t, leave the box unchecked), click “I use a proxy to access the Internet” and enter its details. Then click the “My ISP blocks connections to the Tor Network” checkbox.

    Tor bridges config
    Leave this window open, we will need it again soon

  8. Open your web browser and head to https://bridges.torproject.org you should see a page like this:
    Tor bridge relay page
    For each of the 3 lines on this page starting with “bridge” select and copy each into the box labelled “Add a Bridge:” in the Settings window. You should end up with something like this:
    Tor filled out bridge page
    Click OK.
  9. In the main Vidalia Control Panel window click “Start Tor” (you may need to click “Stop Tor” first). If all goes well, Tor should now connect successfully.
  10. The last step is different for each web browser. I will show you how to do it in Internet Explorer and Firefox.
    • Firefox: If you have torbutton installed, you simply click the new tor button in firefox to enable tor. If you didn’t install torbutton (like me) you’ll need to do it manually:
      In Firefox, click Tools -> Options -> Advanced -> Network -> Settings…
      Firefox tor settings
      Enter these settings and click OK and OK again.
      You are now browsing anonymously using the Tor network.
    • Internet Explorer:
      • Open the Windows Control Panel
      • Open Internet Options
      • Click the “Connections” tab
      • Click LAN settings
      • Set the options to this:
        Internet Exploder Tor settings
      • Click OK and OK again.
        You are now browsing anonymously using the Tor network.

,

1 Comment

Easy-level filter bypass: Web Proxies

Posted by Aaron in Filter Circumvention, Internet censorship on April 29th, 2009

This is by far the easiest way to bypass any filter, though many filters at workplaces, schools, etc. will attempt to block them. The Australian government’s filter, at the present time, will not attempt to block any circumvention techniques.

To do this, all you need is a web-browser such as Internet Explorer (this I do not recommend), Firefox, Google Chrome, Opera, or Safari

  1. Head to http://www.google.com
  2. Type in “Web Proxy”
  3. Click on one of the links, such as http://anonymouse.org/anonwww.html
  4. If the site is blocked, return to the Google search and try another link
  5. Enter the URL of any blocked site (into the “website address” box, obviously) and hit Enter
  6. Browse unfiltered

,

4 Comments

ALL ISP-level filtering is opt out. Methods to follow

Posted by Aaron in Filter Circumvention, Internet censorship on April 29th, 2009

The Australian government’s plan to censor the internet is now opt-out. That’s right. Well, it’s still mandatory for ISPs to implement for all customers (as far as I know. Conroy might change his mind. Again) but since bypassing it will be trivial, as I will discuss in future posts, it is effectively opt-out for anyone who doesn’t want it.

I will rank the difficulty of these bypass methods as easy, moderate, or technical. Easy methods will be easy for even an Internet newbie who doesn’t know a URL from a URI. Moderate should be able to be done with anyone who knows how to install software on their PC. Technical-level methods will require knowledge of unix and windows command lines and remote access to a server in a non-filtered country.

, ,

1 Comment

Now I know that a mandatory blacklist is pointless

Posted by Aaron in Internet censorship, Ranting, at stupidity, at the Australian Government on April 14th, 2009

  1. The blacklist will contain “almost exclusively RC material”.
  2. RC material (excluding “child abuse material”) is legal to possess and view within Australia, in addition anything classified is definitely legal to view and possess.
  3. Child pornography websites rarely exist for more than a couple of weeks.
  4. The filter is/will be trivial to bypass.
  5. Bypassing the filter will not be illegal.

These are all facts. Given that adding sites to the blacklist can take months, it will be ineffective at stopping access to the illegal content (child abuse material). In addition, access to any other blacklisted content is not illegal and can be done easily.

The government knows all this, but is pressing ahead nevertheless. I must wonder: Is there something else that the government wishes to do with this filter?

The only thing I can conclude is that the government actually wants scope creep to occur, but won’t say so in public. It wants to silence its political opponents. It wants to stop access to all pornography. It wants to stop so-called “copyright theft” (even though internet filters cannot hope to achieve this). If it didn’t want to do this, it would have no reason to keep the blacklist secret. The blacklist contains “the worst of the worst” no sane person would want to access stuff on it if the blacklist was only CP.

Above all the government wants to be seen to be “doing something” for all the lobby groups screaming out pleas like “won’t somebody think of the children?”

, , , , , ,

No Comments

What can we do about mandatory Internet filtering?

Posted by Aaron in Internet censorship on April 11th, 2009

This blog post raises a valid point: “if we don’t start offering an alternative workable solution as part of our strategy, we will ultimately fail.”

So what is a workable solution? Education isn’t a solution in itself. The problem is that no good technological solution exists. Accessing the kind of material that is supposed to be on the mandatory blacklist is illegal anyway, so there are disincentives there already.

As Mark Newton stated on Insight: “Remove the mandatory, and we can all go home”. It’s not the idea of ISP-level filtering we’re against, it’s the mandatory part.

Reasons we’re against it include:

  • The power it places in the hands of an unaccountable, secret organisation to choose what is and what isn’t apropriate for all Australians to view.
  • The mandatory blacklist will be ineffective at achieving its stated goals (ie. blocking access to RC and above content)
  • A static blacklist cannot hope to address the dynamic nature of the world wide web.
  • The people who are pushing the filter don’t fully understand the possible implications of what they are asking for (Censorship has no friends)
  • The technical ability of censorware will always lag behind internet technology by a significant margin, and the margin will grow as the Internet moves towards new technologies.

These are all arguments against mandatory filtering, but what solution can we offer in its place? Not a technological one, we know there’s no technological solution. More funding to the AFP would be nice, but that wouldn’t have a very obivous or immediate affect and the Government wants to be seen to be doing something. So the question is: Does a workable solution to the “problem” exist?

, ,

No Comments

It looks like ACMA really do have no idea about the Internet

Posted by Aaron in Internet censorship on March 26th, 2009

From this, it looks like ACMA haven’t actually looked into circumvention techniques for bypassing ISP-level filtering. They ignore VPNs and HTTP/SOCKS proxies (which are ineffective against PC-level filters) not to mention SSH tunnels or tor (also ineffective against PC-level filters) nor any other kind of tunneling protocol…

So, people with servers in the US, you stand to gain a great deal of money if you were to maybe sell access to a VPN or proxy (web, SOCKS or HTTP) that you have set up on your server…

After all, the Streisand effect will definitely take much greater hold after the sites on the blacklist are actually blocked

, , , ,

No Comments