Archive for October, 2012
There are many nations who are rather keen on filtering the internet. Of course the examples they usually use are of sites run by pedophiles and criminals, which of course nobody objects to. However it rarely stops there, and once some sort of filtering system is adopted in a country you’ll find that list of sites that are blocked gets longer and more varied. Pretty soon there will be all sorts of extensive censorship being practiced – your Government will decide what you can and can’t do online.
But there’s another issue – the technical side is far from clear cut. There is no definitive best method for filtering on this scale. Here’s a couple of the methods some countries have implemented. Both of the techniques depend on the development of a blacklist (sites that needs to be blocked). So consider – somewhere there’s a little group of people who hold meetings deciding on what should be included in this list. Imagine if these people had strong religious or political beliefs – their decisions could be quite different from your own.
But to utilise this black list you have to find a way of stopping people visiting the sites on the list.
One of the most basic methods is DNS poisoning, an extremely simple method of modifying the domain name tables belonging to the ISP’s.
Using this method you can redirect requests for specific blocked pages to someplace else. So when a user asks for one of these pages his browser is actually misdirected to another server – either with a warning page or simply completely blank.
Surprisingly many of the Scandinavian countries like Norway and Sweden have used this method in the past, although it is also been utilised in Holland and Germany too. It’s an awful way of filtering as it messes around with the core functionality of the internet – DNS. But it’s biggest problem is it’s extremely easy to bypass, point your machine at any non-poisoned DNS server and you will get the right address and be able to access the website. The other obvious issue is that you have to block an entire website as the IP address is not related to a single page. Not easy with many social sites and collaborative platforms like Blogger and WordPress. For example is you want to block a single offensive YouTube video you’d end up blocking most of the site if you use this method.
There are more sophisticated methods of filtering the internet though, companies like BT and Optenet specialize in providing such services such as Netclean. All the solutions work in slightly different ways but fundamentally they all have some sort of method of comparing the requested URL with a list of ‘naughty urls’.
The list is obviously one problem as mentioned above – especially in the eyes of those of us who argue against censorship of the internet. But the technologies can also cause issues as well – a current report from Watchdog International highlighted a few technical difficulties that can happen with one of these technologies.
Here is a few of the instances.
ACMA Test of Blocking YouTube
When the Australian Government trialed the BGP filtering system Netclean White Box, they included a few URLs from Youtube to be blocked. The problem was that because a URL from this site was added, all requests for this domain name (Youtube) then got handled directly through the filter. Normally this wouldn’t be an issue with some low traffic criminal website but because YouTube is so popular the box had to deal with millions of requests – which in the end made the Whitebox fall over.
Wikipedia image was contained byIWF List
The Web Watch Foundation manages a very extensive black list of sites over the web. The list can be used by anybody as a master list of which web sites to block. In this event the IWF added the URL of a Picture saved on Wikipedia. Unfortunately this caused a problem with the BT Cleanfeed system being used, when the system filters the web request it acts like a proxy server replacing it’s own IP address with the request. In one of the tests this meant that Wikipedia got hundreds of thousands of request from a single IP address range (the BT Cleanfeed system) which ended up with it being banned and Wikipedia becoming inaccessible for everyone.
The Web Watch Foundation removed the URL pretty rapidly and realised their error but at least the potential problems were highlighted by it when you start any main-stream censorship and Internet Filtering. There is also the very real issue that such censorship can normally be bypassed very easily by simply using a proxy server if needed.