Slashdot Mirror

Slashdot contributor Bennett Haselton writes: "Internet users in Saudi Arabia, along with most users in the United Arab Emirates, are blocked by their respective government censors from accessing the websites of the Trinity Davison Lutheran Church, Deliverance Tabernacle Ministries in Pittsburgh, the Amitayu Buddhist Society of Taiwan, and GayFaith.org. An attempt to access any of those websites yields an error page like this one. However, the sites are not blocked because they conflict with the religions beliefs of those countries' governments. Rather, they are blocked because Smartfilter -- the American-made blocking program sold by McAfee, and used for state-mandated Internet censorship in those countries -- classifies those sites as "pornography". You can see the screen shots here, here, here and here." Read on for the rest of Bennett's thoughts.

I found these blocked sites by starting with a combination of URL lists and ad hoc spidering, and running as many sites as possible through the Saudi filters to catch the ones that were blocked. Some of the sites were blocked for reasons that were easy to guess -- for example, http://www.bighornbasinsfw.org/, the home page of the Big Horn Basin, Wyoming chapter of Sportsmen for Fish & Wildlife, was almost certainly blocked because of the slang term "nsfw" in their URL. http://www.AgainstPornography.org and http://www.SearchingForMySpermDonorFather.org were presumably blocked because of the presence of the words "porn" and "sperm".

On the other hand, there appears to be no rational reason why the Filipino American Women's Network, the Tuscon Jazz Institute, or the Sacramento Police Activities League would have been blocked by Smartfilter, even by accident. A partial list of the blocked sites that I found is in the blog post I wrote for Citizen Lab, an Internet censorship research center at the University of Toronto.

Articles about sites that are erroneously blocked by Internet censorship software, have a storied history. The first widely read piece was the article "Keys to the Kingdom" written by Brock Meeks and Declan McCullagh in 1996, calling out Cyber Patrol for blocking EnviroLink.org and the University of Newcastle Computer Science Department, and CYBERsitter for blocking the National Organization for Women. I made a minor name for myself and the Peacefire.org site in the late 1990's by writing more pages about sites blocked by other products, including some (like X-Stop and SurfWatch) which no longer exist, and others that are still around, including Smartfilter. I was also one of six people comprising the Censorware Project, a loosely organized group of volunteers that published a few more reports.

By the early 2000's, however, it became clear that anyone whose mind was likely to be changed by information about what kinds of sites were blocked by blocking software, would have changed their mind already (or would, if they came across the research that had already been done up to that point). So the further reports on Internet blocking software errors, by me and other people, slowed to a trickle. I wrote a report in January 2002 on the latest list of sites blocked by Cyber Patrol, a product that most people today have forgotten. In 2006 I worked with the ACLU of Washington to publish a report on sites erroneously blocked by FortiGuard, a program used on computers in some libraries in central Washington, as part of the ACLU's suit to challenge the constitutionality of the program's use on public library terminals. (The Washington State Supreme Court rejected the lawsuit on the grounds that, regardless of what sites were blocked on the computers, it didn't matter because an adult library patron could request for the filter to be turned off.) In 2007 I wrote an article for Slashdot titled "From Bess to Worse" listing some sites that were blocked by an Internet filtering program called Bess (which was later bought out by Smartfilter and discontinued).

Most people's awareness of this debate, if they had heard about it at all, was limited to the perception that "breast cancer sites" and sites about "chicken breast recipes" were sometimes filtered by Internet blocking programs. Or they heard that "Beaver College" actually had to change its name to avoid being censored by web filters. As I tried to explain in a FAQ (written, according to the Wayback Machine, in 1999, but which still broadly holds true today), these examples are true, but they miss the point. These examples make it sound as if blocking software companies are doing the best job they can under the circumstances, and that the errors are unavoidable due to limitations on machine intelligence. In reality, any software algorithm that blocks the American Board of Vocational Experts, the Hopewell United Methodist Church, and the Patriot Guard Riders of Mississippi, as "pornography" (as Smartfilter currently does), is probably not the best algorithm the company could have come up with -- but there's no incentive for them to try harder, because few people will ever look that deep.

And yet, people continue to remember the "breast cancer site" examples. This sounds to me like an example of the narrative fallacy -- people remember that breast cancer sites were blocked, because there's a tidy explanation. There is no tidy explanation for most other examples of blocked sites, so the meme never spreads very far. Conveniently for the blocking companies, the blocked-site errors which make the company look most sloppy (the Kennels at Simpson Creek Farms, the St. Francis Institute of Milwaukee, etc.) are precisely the ones that, due to the narrative fallacy, most people won't remember or hear about.

One company, CYBERsitter, did manage to make a few blocking decisions in the 1990s that were egregious enough that their antics did make the news, and did finally raise some people's awareness that the controversy over private Internet filtering extended beyond "breast cancer sites". After TIME Magazine's website published an article (no longer online) that criticized CYBERsitter's blocking policies, CYBERsitter responded by blocking TIME Magazine's pathfinder.com domain. A few months earlier, CYBERsitter had blacklisted the monthly e-Zine "The Ethical Spectacle, after the Spectacle's founder, Jonathan Wallace, published an article criticizing CYBERsitter for blocking my own Peacefire.org website. And Peacefire.org had been blocked, in turn, because of a page I wrote (now very much out of date) listing some of the sites that CYBERsitter blocked, including the International Gay and Lesbian Human Rights Commission and Mother Jones. (Nowadays, of course, nobody would be surprised that filtering companies block Peacefire.org, since the site publishes ample instructions on how to get around Internet blockers. But at the time, the site's first and only article was the list of sites blocked by CYBERsitter, which is why CYBERsitter received so much criticism for blocking the domain in retaliation.) CYBERsitter also threatened to have Meeks and McCullagh criminally prosecuted for writing "Keys to the Kingdom" and threatened to sue me over the page that I had made.)

The moral, it seems, is that if you want an example of a censored web site to stick in people's minds, it either has to be a forgivable error, or an insane vindictive dick move -- because in either of those cases, people will understand why it happened. The vast swaths of censored websites on the spectrum in between, the ones for which there is no rational explanation for the blocking, go ignored.

These days, though, American and Canadian "censorware" makers have also come under fire for selling censoring software to foreign governments which use them for country-wide censorship. Most of the criticism focuses, naturally, not on the kinds of sites that are accidentally blocked by the blocking software, but on the immorality of these companies enabling statewide foreign censorship in the first place. Netsweeper, Blue Coat, and McAfee have all made the claim that "Once we sell their product to them, we have no control over what they do with it" -- which, as I wrote previously in Slashdot, is nonsense, because for the product to be effective, it has to rely on updates to the blocked-site list, which are provided at regular intervals by the manufacturer. Cut off the updates, and the product will not work, at least not as well.

So the fact that McAfee has classified the Boy Scout Troop 87 of North Andover, the Pan-Iranist Party of Iran, and Reptile Conservation International as "Pornography" is (rightly) overshadowed by the fact that McAfee is selling to government censors in Saudi Arabia and the UAE in the first place. However, as long as the filters are installed, these blocked sites are at least part of the problem for users in those countries, just as much as they are for students or cubicle workers in the U.S. whose network administrators happen to use Smartfilter. And, of course, I sampled only a miniscule fraction of the Web to find these examples of blocked sites, so the true number of stupid blocks affecting Saudi and UAE users is likely to be much larger. For each individual example, you might reasonably ask, "Is it really a big deal if Saudis are blocked from accessing Boy Scout Troop 87 of North Andover?" But it adds up.

Sparrowvsrevolution writes "Tor developers Arturo Filasto and Jacob Appelbaum have released OONI-probe, an open-source software tool designed to be installed on any PC and run to collect data about local meddling with the computer's network connections, whether it be website blocking, surveillance or selective bandwidth slowdowns. Unlike other censorship tracking projects like HerdictWeb or the Open Net Initiative, OONI will allow anyone to run the testing application and share their results publicly. The tool has already been used to expose censorship by T-Mobile of its prepaid phones' browser and also by the Palestinian Authority, which was found to be blocking opposition websites. The minister responsible for the Palestinian censorship was forced to resign last week."

Frequent Slashdot contributor Bennett Haselton writes "Tunisia's high court will decide on Wednesday whether to allow censoring of websites containing pornography or 'calls to violence.' It's disappointing that censorship continues in post-revolutionary Tunisia, but it's enough of an improvement over the old regime, that anti-censorship cyber-activism efforts would probably best be spent on helping other countries." Read on for Bennett's analysis.

In Tunisia, where dictator Zine El Abidine Ben Ali was ousted one year ago amid hopes for a new era of freedom, the high court will decide on Wednesday whether to censor foreign pornographic websites in accordance with local law. Facebook pages that "call for violence" may also be blocked. Conveniently, all the machinery for censoring the Internet in Tunisia is already in place, having been installed under Ben Ali's dictatorship for the purposes of censoring and spying on Tunisian citizens (and, for a while, phishing their Facebook passwords). The irony recalls the situation in Iraq in 2009, when the government announced plans to start censoring foreign websites -- to which Iraqi citizens complained that they thought censorship would end with the fall of Saddam's regime. Actually, apart from the three outlier countries of Turkey, Israel and Lebanon, pornography remains illegal in every Middle Eastern country (and some conservative African nations), including the recently "liberated" ones including Egypt, Iraq and Tunisia. (Although, Iraq's street market in pornography thrives as long as the police have better things to do.)

I'm against such censorship in principle -- I think that even the right to publish and access pornography counts as a fundamental human right. But I think we have to take what progress we can get, and censoring just pornography and calls to violence, is a big improvement over censoring pornography and dissident political speech, which is the norm in most non-"liberated" Middle Eastern countries like Syria, Iran, and Saudi Arabia. Syria blocks foreign opposition sites like All4Syria.info, Iran blocks Facebook and YouTube to keep dissidents from posting or viewing anti-government material, and Saudi Arabia blocks Reporters Without Borders and filters the Amnesty International report on human rights in Saudi Arabia (but not the rest of the Amnesty International site!).

Saudi Arabia blocking the Amnesty International report on human rights in their country (while leaving the rest of the site unblocked), in particular, seems like the kind of thing that a government would do more as a "fuck you" to human rights activists, than a means to achieve a practical goal. For one thing, most of the facts in the human rights report about Saudi Arabia -- about sex discrimination and lack of political and religious freedom -- are already well known to the people who live there. And secondly, what percent of the citizens of a country would ever read the Amnesty International report on human rights in that country, even if it were not blocked? How many Americans even know that Amnesty puts out an annual report about human rights violations in the United States? So it seems more like a symbolic move to remind everyone who's in charge. For all the disappointment in the lack of progress for free speech in post-"liberation" countries, the non-"liberated" ones are indeed worse.

As for the Tunisian proposal to censor "calls to violence", I wouldn't always be against that, even in principle. In most countries, direct incitements to violence can be considered illegal (it depends on what you say and, of course, on what judge you get). In a developing country rife with ethnic tensions, even greater restrictions on calls to violence could be justified. When you finally watched Hotel Rwanda , weren't you hoping someone would bust in on that radio DJ telling everyone to kill Tutsis in the middle of a civil war, and blow him to hell? The biggest problem with a rule against "calls to violence" is that the government could stretch the definition to silence political speech. But it's possible to keep that kind of abuse in check, as has mostly been achieved in the U.S. For that, what you need is an independent judiciary, not an abolishment of all rules against calls to violence.

So the free-speech situation in "liberated" Tunisia may be nothing to write home about, but it sounds much better than it used to be, when writing home to complain about it could get you arrested. A Wall Street Journal article from July 2011 describes how, under Ben Ali's dictatorship, Tunisian cyber-activist Slim Amamou had been imprisoned and abused by the police for calling for peaceful demonstrations. Post-revolution, he was freed and asked to join the interim government, where the strictest restriction placed on him was to "stop sending Twitter messages during internal government meetings to his 25,000 followers". They may not have their porn, but that's still progress.

Of course, if someone in Tunisia wants to circumvent the government filters (using tools like proxy sites, VPNs, Tor, UltraSurf, Psiphon, etc.) and get to a porn site, more power to them. I just wouldn't make it a priority to set aside resources to help them get it. Not while there are Iranians who need help getting around the latest restrictions blocking them from Facebook and Gmail.

Two caveats. First, if someone wants to sell circumvention services to Tunisians who just want to get around the porn blocker, that doesn't count as "setting aside resources", so that's a perfectly noble endeavor. In fact, given the economies of scale in the circumvention business, selling to Tunisians could help to bring the price down for other users, including users in countries like Saudi Arabia where the government does engage in political filtering, and where circumvention services could be a tool for social change. Second, providing circumvention services (free or paid) to Tunisians, does probably make it less likely that the new government would revert to political censorship, knowing that many of its citizens have the tools to beat it, even if those tools are only currently used to access porn sites. So to that extent, setting aside resources to provide circumvention services in Tunisia might be a worthwhile cause.

Still, I think it's a lot less important than using circumvention tools to fight political censorship in truly autocratic countries like Iran. For the next generation of proxy servers that I'm rolling out, I'm working on setting aside some of them just for Iranian IP addresses. Even if Iranians just use them to get on Facebook, that's still contributes more to advancing the cause of social democracy, than Tunisians using them to get on Playboy.

Frequent Slashdot contributor Bennett Haselton writes "Tunisia's high court will decide on Wednesday whether to allow censoring of websites containing pornography or 'calls to violence.' It's disappointing that censorship continues in post-revolutionary Tunisia, but it's enough of an improvement over the old regime, that anti-censorship cyber-activism efforts would probably best be spent on helping other countries." Read on for Bennett's analysis.

In Tunisia, where dictator Zine El Abidine Ben Ali was ousted one year ago amid hopes for a new era of freedom, the high court will decide on Wednesday whether to censor foreign pornographic websites in accordance with local law. Facebook pages that "call for violence" may also be blocked. Conveniently, all the machinery for censoring the Internet in Tunisia is already in place, having been installed under Ben Ali's dictatorship for the purposes of censoring and spying on Tunisian citizens (and, for a while, phishing their Facebook passwords). The irony recalls the situation in Iraq in 2009, when the government announced plans to start censoring foreign websites -- to which Iraqi citizens complained that they thought censorship would end with the fall of Saddam's regime. Actually, apart from the three outlier countries of Turkey, Israel and Lebanon, pornography remains illegal in every Middle Eastern country (and some conservative African nations), including the recently "liberated" ones including Egypt, Iraq and Tunisia. (Although, Iraq's street market in pornography thrives as long as the police have better things to do.)

I'm against such censorship in principle -- I think that even the right to publish and access pornography counts as a fundamental human right. But I think we have to take what progress we can get, and censoring just pornography and calls to violence, is a big improvement over censoring pornography and dissident political speech, which is the norm in most non-"liberated" Middle Eastern countries like Syria, Iran, and Saudi Arabia. Syria blocks foreign opposition sites like All4Syria.info, Iran blocks Facebook and YouTube to keep dissidents from posting or viewing anti-government material, and Saudi Arabia blocks Reporters Without Borders and filters the Amnesty International report on human rights in Saudi Arabia (but not the rest of the Amnesty International site!).

Saudi Arabia blocking the Amnesty International report on human rights in their country (while leaving the rest of the site unblocked), in particular, seems like the kind of thing that a government would do more as a "fuck you" to human rights activists, than a means to achieve a practical goal. For one thing, most of the facts in the human rights report about Saudi Arabia -- about sex discrimination and lack of political and religious freedom -- are already well known to the people who live there. And secondly, what percent of the citizens of a country would ever read the Amnesty International report on human rights in that country, even if it were not blocked? How many Americans even know that Amnesty puts out an annual report about human rights violations in the United States? So it seems more like a symbolic move to remind everyone who's in charge. For all the disappointment in the lack of progress for free speech in post-"liberation" countries, the non-"liberated" ones are indeed worse.

As for the Tunisian proposal to censor "calls to violence", I wouldn't always be against that, even in principle. In most countries, direct incitements to violence can be considered illegal (it depends on what you say and, of course, on what judge you get). In a developing country rife with ethnic tensions, even greater restrictions on calls to violence could be justified. When you finally watched Hotel Rwanda , weren't you hoping someone would bust in on that radio DJ telling everyone to kill Tutsis in the middle of a civil war, and blow him to hell? The biggest problem with a rule against "calls to violence" is that the government could stretch the definition to silence political speech. But it's possible to keep that kind of abuse in check, as has mostly been achieved in the U.S. For that, what you need is an independent judiciary, not an abolishment of all rules against calls to violence.

So the free-speech situation in "liberated" Tunisia may be nothing to write home about, but it sounds much better than it used to be, when writing home to complain about it could get you arrested. A Wall Street Journal article from July 2011 describes how, under Ben Ali's dictatorship, Tunisian cyber-activist Slim Amamou had been imprisoned and abused by the police for calling for peaceful demonstrations. Post-revolution, he was freed and asked to join the interim government, where the strictest restriction placed on him was to "stop sending Twitter messages during internal government meetings to his 25,000 followers". They may not have their porn, but that's still progress.

Of course, if someone in Tunisia wants to circumvent the government filters (using tools like proxy sites, VPNs, Tor, UltraSurf, Psiphon, etc.) and get to a porn site, more power to them. I just wouldn't make it a priority to set aside resources to help them get it. Not while there are Iranians who need help getting around the latest restrictions blocking them from Facebook and Gmail.

Two caveats. First, if someone wants to sell circumvention services to Tunisians who just want to get around the porn blocker, that doesn't count as "setting aside resources", so that's a perfectly noble endeavor. In fact, given the economies of scale in the circumvention business, selling to Tunisians could help to bring the price down for other users, including users in countries like Saudi Arabia where the government does engage in political filtering, and where circumvention services could be a tool for social change. Second, providing circumvention services (free or paid) to Tunisians, does probably make it less likely that the new government would revert to political censorship, knowing that many of its citizens have the tools to beat it, even if those tools are only currently used to access porn sites. So to that extent, setting aside resources to provide circumvention services in Tunisia might be a worthwhile cause.

Still, I think it's a lot less important than using circumvention tools to fight political censorship in truly autocratic countries like Iran. For the next generation of proxy servers that I'm rolling out, I'm working on setting aside some of them just for Iranian IP addresses. Even if Iranians just use them to get on Facebook, that's still contributes more to advancing the cause of social democracy, than Tunisians using them to get on Playboy.

Slashdot regular contributor Bennett Haselton wrote in this week to say that "The proposed "Telex" anti-censorship system could technically work, but unless I'm missing something, it would more cost-effective to spend the same resources on fighting censorship using existing technologies." His essay on the subject follows.

Professor Alex Halderman published a paper in July describing a new anti-censorship system called Telex, whereby users in censored countries could request banned websites by sending an encrypted request to an SSL-enabled website (i.e., a Web address beginning with https://) outside of their country -- even if the owner of the SSL-enabled website is not participating in the scheme. Since encrypted communications usually contain some random variation, that random variation can be used to embed hidden messages, which can then be decoded by any third-party observer who intercepts the communication and knows how to decode the hidden message. The third-party observer still cannot decode the original encrypted communication between the end user and the SSL-enabled website -- SSL is designed to be unbreakable by all but the intended recipient -- but the observer can decode the "side message" that was designed to be intercepted in transit. So a Telex-enabled router, in the process of passing the communication along, would notice the hidden request for a banned website, and pass the requested content back to the original user.

By analogy, suppose Mrs. Smith wants to send a letter to a friend. Mrs. Smith knows the letter will be sealed, and supposedly unopenable by the postman. But Mrs. Smith also has many choices of colored envelopes to use, and she has agreed with the postman on a color-coded system -- red for "Meet me tonight at the Motel 6", blue for "Not tonight, he suspects something" -- that the postman can "decode" when he picks up the envelope for delivery. The choice of envelope color is the "random variation" inherent in the sending of the message, which the message sender can use to send a "side message" to anyone who passes it along and who knows the system. The postman -- who is analogous to the Telex-enabled router -- has no access to the original sealed message inside the envelope, but he understands the side message just fine. (A Telex user may have no control over what routers their messages pass through, though, so they simply have to hope that there are enough Telex-enabled routers on the Internet that one of them will pick up the message and decode it. Imagine many different amorous mail carriers in the Postal Service, and any one of them who finds the colored envelope will be happy to show up at the appointed time, if Mrs. Smith is not picky.)

The novel feature of Telex is that it would not require the cooperation of the owner of the SSL-enabled website in order to work. You could send an encrypted communication to any website -- https://www.paypal.com/ for example -- and any Telex-enabled routers along the pathway traveled by the connection, would be able to decode the embedded message hidden in the randomness of the encryption. By contrast, for a user to make use of a typical proxy website like Vtunnel, the owner of the Vtunnel website has to set up the site as a proxy; this means the supply of such sites is limited to those websites whose owners have installed proxy software, and the censors have a greater chance of finding and blocking them all. Telex, on the other hand, would continue to work as long as the user in the censored country was able to access any SSL-enabled website, as long as their request happened to pass through a Telex-enabled router.

So far, so good. But this would presumably require an investment of at least several million dollars by any major backbone provider who wanted to try it, by re-configuring their major routers to speak the Telex protocol, and then potentially hundreds of millions of dollars for a sustained long-term effort. (As Halderman says, "We like to envision this technology as a possible government-level response to government-level censorship.") So here's my question: If any backbone provider (or government entity) wanted to go to that trouble to support the cause of fighting Internet censorship, why wouldn't it be much more straightforward for them to just set up proxy websites themselves?

Professor Halderman didn't respond to my inquiry on that point. The Telex FAQ notes that censorious governments can easily block new proxy sites once they find out about them. But in many censored countries, most proxy sites are not blocked, either because the government isn't trying, or they can't keep up. In China, hardly any proxy sites are blocked at all, as the government seems to put more of their resources into suppressing local dissent directly. Meanwhile in Iran, the censors do put more resources into actually blocking proxy sites -- but because Iran is on the U.S. State Department's embargo list, Iranian censors can't buy Internet censoring software from U.S. companies, so they have to find and block the sites themselves. As a result, newly released proxy sites often stay unblocked longer in Iran than they do in other Middle Eastern countries that use U.S.-made blocking software. Meanwhile, Saudi Arabia, for whatever reason, doesn't seem to block proxy sites at all for the time being. (Saudi Arabia is a strange outlier, since most conservative Islamic countries that filter the Web, also block proxy sites as well. It's not clear why Saudi Arabia doesn't.) So if a government or a philanthropist wants to help the cause of fighting censorship, just set up some proxy sites and pay to keep them running -- and you'll be helping the residents of all of those countries right away, for starters. This is in fact what Voice of America (through their various proxy programs) and the founders of UltraSurf (a privately funded network of anti-censorship servers) have been doing all along.

Even in the case of countries like U.A.E. and Yemen that are reasonably quick at finding and blocking proxy sites (as a result of using Western-made blocking software), the most cost-effective way to help these users is probably to set up more proxy sites, hosted at different locations and with perhaps with legitimate-looking "decoy" content, so that U.S. censorware companies can't keep up. My experience has been that the more money you spend (using unique IP addresses, buying .com domains instead of cheap .info ones, and setting up lots of proxies so that each one is sent to only a subset of your target audience), the longer the proxy sites last. You can also use proxy-like services (such as Tor, Hotspot Shield and UltraSurf) to route traffic through dedicated servers, to circumvent censorship in a way that is more transparent and convenient to the end user.

In short, existing proxy sites (and proxy-like services) do the job pretty well for many censored countries, and a massive cash expenditure on setting up more proxies (equivalent to the cost of setting up the Telex system) would probably be enough to demolish all other national filtering schemes completely. The software and tools to run proxy sites have already been tried and tested; all it takes to run them is money. Telex, by contrast, would require backbone providers to alter the architecture of their systems -- which means large-scale testing, isolation of any problems that arise, and countless other potential headaches. And that's not even counting the fact that censorious countries might detect which backbone providers are using Telex, and block all traffic from their countries to any sites hosted on those networks.

So I think Telex is a brilliant technical achievement, and I'd be happy if it got deployed, but I'd be scratching my head as to why the backbone providers (or the government, or whoever sponsored the effort) decided to kill a gnat with a flamethrower. I deal in flyswatters for a living, and they get the job done.

Slashdot regular contributor Bennett Haselton wrote in this week to say that "The proposed "Telex" anti-censorship system could technically work, but unless I'm missing something, it would more cost-effective to spend the same resources on fighting censorship using existing technologies." His essay on the subject follows.

Professor Alex Halderman published a paper in July describing a new anti-censorship system called Telex, whereby users in censored countries could request banned websites by sending an encrypted request to an SSL-enabled website (i.e., a Web address beginning with https://) outside of their country -- even if the owner of the SSL-enabled website is not participating in the scheme. Since encrypted communications usually contain some random variation, that random variation can be used to embed hidden messages, which can then be decoded by any third-party observer who intercepts the communication and knows how to decode the hidden message. The third-party observer still cannot decode the original encrypted communication between the end user and the SSL-enabled website -- SSL is designed to be unbreakable by all but the intended recipient -- but the observer can decode the "side message" that was designed to be intercepted in transit. So a Telex-enabled router, in the process of passing the communication along, would notice the hidden request for a banned website, and pass the requested content back to the original user.

By analogy, suppose Mrs. Smith wants to send a letter to a friend. Mrs. Smith knows the letter will be sealed, and supposedly unopenable by the postman. But Mrs. Smith also has many choices of colored envelopes to use, and she has agreed with the postman on a color-coded system -- red for "Meet me tonight at the Motel 6", blue for "Not tonight, he suspects something" -- that the postman can "decode" when he picks up the envelope for delivery. The choice of envelope color is the "random variation" inherent in the sending of the message, which the message sender can use to send a "side message" to anyone who passes it along and who knows the system. The postman -- who is analogous to the Telex-enabled router -- has no access to the original sealed message inside the envelope, but he understands the side message just fine. (A Telex user may have no control over what routers their messages pass through, though, so they simply have to hope that there are enough Telex-enabled routers on the Internet that one of them will pick up the message and decode it. Imagine many different amorous mail carriers in the Postal Service, and any one of them who finds the colored envelope will be happy to show up at the appointed time, if Mrs. Smith is not picky.)

The novel feature of Telex is that it would not require the cooperation of the owner of the SSL-enabled website in order to work. You could send an encrypted communication to any website -- https://www.paypal.com/ for example -- and any Telex-enabled routers along the pathway traveled by the connection, would be able to decode the embedded message hidden in the randomness of the encryption. By contrast, for a user to make use of a typical proxy website like Vtunnel, the owner of the Vtunnel website has to set up the site as a proxy; this means the supply of such sites is limited to those websites whose owners have installed proxy software, and the censors have a greater chance of finding and blocking them all. Telex, on the other hand, would continue to work as long as the user in the censored country was able to access any SSL-enabled website, as long as their request happened to pass through a Telex-enabled router.

So far, so good. But this would presumably require an investment of at least several million dollars by any major backbone provider who wanted to try it, by re-configuring their major routers to speak the Telex protocol, and then potentially hundreds of millions of dollars for a sustained long-term effort. (As Halderman says, "We like to envision this technology as a possible government-level response to government-level censorship.") So here's my question: If any backbone provider (or government entity) wanted to go to that trouble to support the cause of fighting Internet censorship, why wouldn't it be much more straightforward for them to just set up proxy websites themselves?

Professor Halderman didn't respond to my inquiry on that point. The Telex FAQ notes that censorious governments can easily block new proxy sites once they find out about them. But in many censored countries, most proxy sites are not blocked, either because the government isn't trying, or they can't keep up. In China, hardly any proxy sites are blocked at all, as the government seems to put more of their resources into suppressing local dissent directly. Meanwhile in Iran, the censors do put more resources into actually blocking proxy sites -- but because Iran is on the U.S. State Department's embargo list, Iranian censors can't buy Internet censoring software from U.S. companies, so they have to find and block the sites themselves. As a result, newly released proxy sites often stay unblocked longer in Iran than they do in other Middle Eastern countries that use U.S.-made blocking software. Meanwhile, Saudi Arabia, for whatever reason, doesn't seem to block proxy sites at all for the time being. (Saudi Arabia is a strange outlier, since most conservative Islamic countries that filter the Web, also block proxy sites as well. It's not clear why Saudi Arabia doesn't.) So if a government or a philanthropist wants to help the cause of fighting censorship, just set up some proxy sites and pay to keep them running -- and you'll be helping the residents of all of those countries right away, for starters. This is in fact what Voice of America (through their various proxy programs) and the founders of UltraSurf (a privately funded network of anti-censorship servers) have been doing all along.

Even in the case of countries like U.A.E. and Yemen that are reasonably quick at finding and blocking proxy sites (as a result of using Western-made blocking software), the most cost-effective way to help these users is probably to set up more proxy sites, hosted at different locations and with perhaps with legitimate-looking "decoy" content, so that U.S. censorware companies can't keep up. My experience has been that the more money you spend (using unique IP addresses, buying .com domains instead of cheap .info ones, and setting up lots of proxies so that each one is sent to only a subset of your target audience), the longer the proxy sites last. You can also use proxy-like services (such as Tor, Hotspot Shield and UltraSurf) to route traffic through dedicated servers, to circumvent censorship in a way that is more transparent and convenient to the end user.

In short, existing proxy sites (and proxy-like services) do the job pretty well for many censored countries, and a massive cash expenditure on setting up more proxies (equivalent to the cost of setting up the Telex system) would probably be enough to demolish all other national filtering schemes completely. The software and tools to run proxy sites have already been tried and tested; all it takes to run them is money. Telex, by contrast, would require backbone providers to alter the architecture of their systems -- which means large-scale testing, isolation of any problems that arise, and countless other potential headaches. And that's not even counting the fact that censorious countries might detect which backbone providers are using Telex, and block all traffic from their countries to any sites hosted on those networks.

So I think Telex is a brilliant technical achievement, and I'd be happy if it got deployed, but I'd be scratching my head as to why the backbone providers (or the government, or whoever sponsored the effort) decided to kill a gnat with a flamethrower. I deal in flyswatters for a living, and they get the job done.

Slashdot regular Bennett Haselton is back with a story about Internet censorship in the Middle East. Several blocking software companies claimed that they had no control over how various Middle Eastern governments used their software. Bennett says it's time to put this patently false claim to rest. American censorware companies could easily cut off Middle Eastern governments from using their software, and thus make their existing filtering systems far less effective; they just refuse to do it. Hit the link below to see what he has to say, and make up your own mind.

The Wall Street Journal published an article Monday listing the Western-made Internet censoring programs used by several Middle Eastern governments, in countries that filter what their citizens can access on the Web. Like a similar 2011 report from the OpenNet Initiative, hopefully this listing will shine a spotlight on the problem, and make it easier for human rights groups to call for these companies to stop aiding censorious governments.

However, I wish that the article had quoted someone giving a rebuttal to the several companies which claimed, "Once the customer buys the product, we have no control over it," as stated variously Netsweeper, Blue Coat, and McAfee (which makes Smartfilter). For a product that relies on continuous updates provided by the software company, this claim, of course, is nonsense. Unfortunately, the claim seems to go unchallenged so often, that there's a risk that it will start to affect policy -- people may believe that we can't regulate how American censorware is used by repressive countries, so we shouldn't even try.

Some background: When a customer buys a standard network filtering program like Websense, SmartFilter, or Blue Coat, the product comes with a built-in list of websites to be blocked by the software. (The customer can select or de-select categories of sites to be blocked, like "pornography" or "gambling".) The purchase of the software typically comes with a year or two of free updates to the blocked-site list. The software vendors employs a combination of human reviewers and (more often) automated crawlers to scour the Web looking for new sites that fall into their categories, and add these sites to their database. Customers who are within their subscription period can download periodic updates to this blocked-site list. After a customer's initial free subscription period runs out, they can opt to continue purchasing updates to the database. If they don't, then the product will continue to work, but the blocked-site list will be frozen (except for any new sites that the customer finds on their own and adds manually to their own blocked-site list).

Once the blocked-site list is frozen, the filtering product becomes ineffective against any user making a serious effort to get around it. This is because there are many mailing lists like mine that mail out new proxy sites every week (a proxy site is a site which contains a form that allows the user to access third-party Web sites indirectly, usually to circumvent Internet blocking). And as long as the user can access at least one unblocked proxy site, they can access any other blocked site by going through the proxy. So when a censorious regime stops updating their blocked-site list, the product becomes ineffective almost immediately. (For that, I suppose, the blocking companies should be grateful to us proxy site makers, since we make it necessary for their customers to keep renewing their blocked-site subscriptions year after year.)

So, even if one were to accept the (highly dubious) claim that the software vendors didn't realize what was going on when a foreign government approached them to buy their software, once they realize that their software is being used to violate the rights of the country's people, they can easily stop providing updates to that customer. This can be done by either (a) blocking the IP addresses that the customer uses to download the updates, or (b) blocking any further updates using that customer's license key. (Each installation of a blocking program like Websense comes with a license key unique to that customer, and the program has to submit the license key to the download server in order to download the latest update to the blocked-site list. If the customer's subscription runs out or gets cancelled, no more updates.)

This is roughly the situation that exists in Iran. The Iranian government claims to use McAfee's Smartfilter to filter Internet access for their citizens, despite McAfee's claim that they don't sell to Iran because of the embargo. But the evidence suggests that while Iran may have once acquired Smartfilter along with a copy of their filter list that was current at the time, they're not getting regular updates to the blocked-site list. From corresponding with Iranians and testing the filter through a server located inside Iran, I've found that most of the proxy sites we mail out never get blocked at all in Iran, even as they eventually get blocked in countries like Bahrain and Kuwait that are using Smartfilter with a subscription to the blocked-site database. The proxy sites we mail out that do get blocked in Iran are usually blocked a few days later than they are in Bahrain and Kuwait. This suggests that the Iranian censors are finding and blocking new proxy sites by ad hoc methods, and that they're not as effective at it as American censorware companies. So the Iranian situation proves two points: that Western blocking companies really can prevent a foreign government from using their products (well, duh), and that this restriction actually works, in the sense of making the country's filter less effective.

So when a McAfee spokesman told the WSJ reporters, "You can add additional websites to the block list; obviously what an individual customer would do with a product once they acquire it is beyond our control," that's true only in the most literal sense. Yes, Bahrain can add human rights web pages to their list of sites blocked by Smartfilter, and McAfee can't stop them, but the effectiveness of this block depends on the Bahrani censors using Smartfilter to block new proxy sites as well, which McAfee continues to aid them in doing, as a matter of choice.

Websense, incidentally, announced in 2009 -- in response to an earlier ONI report describing how their software was used to censor Internet access in Yemen -- that they would stop providing censoring software to the Yemeni government. But ONI's current report claims that the Yemeni government continued to use Websense into 2011, and Websense declined to comment. Maybe the Yemeni government was using Websense with a "frozen blocked-site list" -- but the ONI report includes at least one instance where a site that was un-blocked by Websense (the opennet.net domain itself!) became un-blocked in Yemen shortly afterwards. So maybe Websense just lied about canceling the Yemenis' license.

Could some censorious country like Yemen continue using the Websense filter -- with a continuously updated blocked-site list -- even after Websense truly tried to cut them off? Possibly, but it would probably be more trouble than it's worth. Yemen would have to set up a shell company outside of their own borders, with an overseas bank account, in order to purchase the software. Then after Yemen had installed Websense on their servers, they would have to download the updates indirectly by going through an anonymizing proxy set up in some other country as well. And if Websense ever found out which of their customers was a shell company used by the Yemeni government, they could cut off that customer's license, and the Yemeni censors would have to start all over again. It's probably safe to say that most Middle Eastern countries wouldn't find this worth the trouble. (After all, Iran could do everything I've just described, but apparently they haven't; they still seem to be using Smartfilter with an outdated copy of the blocked-site list, and adding new proxy sites to their blacklist manually.)

So far, proposals to ban American censorware companies from selling to foreign governments have not gotten off the ground -- and now with several Middle Eastern countries using or looking at Netsweeper, we'd have to get Canada on board as well. But at the very least, let's start calling out censorware companies on the canard that "We just sell the software and have no way of controlling who uses it." The companies know that foreign governments are using it to censor their own people, and they can cut them off as customers any time they want to; they just don't.

Slashdot regular Bennett Haselton is back with a story about Internet censorship in the Middle East. Several blocking software companies claimed that they had no control over how various Middle Eastern governments used their software. Bennett says it's time to put this patently false claim to rest. American censorware companies could easily cut off Middle Eastern governments from using their software, and thus make their existing filtering systems far less effective; they just refuse to do it. Hit the link below to see what he has to say, and make up your own mind.

The Wall Street Journal published an article Monday listing the Western-made Internet censoring programs used by several Middle Eastern governments, in countries that filter what their citizens can access on the Web. Like a similar 2011 report from the OpenNet Initiative, hopefully this listing will shine a spotlight on the problem, and make it easier for human rights groups to call for these companies to stop aiding censorious governments.

However, I wish that the article had quoted someone giving a rebuttal to the several companies which claimed, "Once the customer buys the product, we have no control over it," as stated variously Netsweeper, Blue Coat, and McAfee (which makes Smartfilter). For a product that relies on continuous updates provided by the software company, this claim, of course, is nonsense. Unfortunately, the claim seems to go unchallenged so often, that there's a risk that it will start to affect policy -- people may believe that we can't regulate how American censorware is used by repressive countries, so we shouldn't even try.

Some background: When a customer buys a standard network filtering program like Websense, SmartFilter, or Blue Coat, the product comes with a built-in list of websites to be blocked by the software. (The customer can select or de-select categories of sites to be blocked, like "pornography" or "gambling".) The purchase of the software typically comes with a year or two of free updates to the blocked-site list. The software vendors employs a combination of human reviewers and (more often) automated crawlers to scour the Web looking for new sites that fall into their categories, and add these sites to their database. Customers who are within their subscription period can download periodic updates to this blocked-site list. After a customer's initial free subscription period runs out, they can opt to continue purchasing updates to the database. If they don't, then the product will continue to work, but the blocked-site list will be frozen (except for any new sites that the customer finds on their own and adds manually to their own blocked-site list).

Once the blocked-site list is frozen, the filtering product becomes ineffective against any user making a serious effort to get around it. This is because there are many mailing lists like mine that mail out new proxy sites every week (a proxy site is a site which contains a form that allows the user to access third-party Web sites indirectly, usually to circumvent Internet blocking). And as long as the user can access at least one unblocked proxy site, they can access any other blocked site by going through the proxy. So when a censorious regime stops updating their blocked-site list, the product becomes ineffective almost immediately. (For that, I suppose, the blocking companies should be grateful to us proxy site makers, since we make it necessary for their customers to keep renewing their blocked-site subscriptions year after year.)

So, even if one were to accept the (highly dubious) claim that the software vendors didn't realize what was going on when a foreign government approached them to buy their software, once they realize that their software is being used to violate the rights of the country's people, they can easily stop providing updates to that customer. This can be done by either (a) blocking the IP addresses that the customer uses to download the updates, or (b) blocking any further updates using that customer's license key. (Each installation of a blocking program like Websense comes with a license key unique to that customer, and the program has to submit the license key to the download server in order to download the latest update to the blocked-site list. If the customer's subscription runs out or gets cancelled, no more updates.)

This is roughly the situation that exists in Iran. The Iranian government claims to use McAfee's Smartfilter to filter Internet access for their citizens, despite McAfee's claim that they don't sell to Iran because of the embargo. But the evidence suggests that while Iran may have once acquired Smartfilter along with a copy of their filter list that was current at the time, they're not getting regular updates to the blocked-site list. From corresponding with Iranians and testing the filter through a server located inside Iran, I've found that most of the proxy sites we mail out never get blocked at all in Iran, even as they eventually get blocked in countries like Bahrain and Kuwait that are using Smartfilter with a subscription to the blocked-site database. The proxy sites we mail out that do get blocked in Iran are usually blocked a few days later than they are in Bahrain and Kuwait. This suggests that the Iranian censors are finding and blocking new proxy sites by ad hoc methods, and that they're not as effective at it as American censorware companies. So the Iranian situation proves two points: that Western blocking companies really can prevent a foreign government from using their products (well, duh), and that this restriction actually works, in the sense of making the country's filter less effective.

So when a McAfee spokesman told the WSJ reporters, "You can add additional websites to the block list; obviously what an individual customer would do with a product once they acquire it is beyond our control," that's true only in the most literal sense. Yes, Bahrain can add human rights web pages to their list of sites blocked by Smartfilter, and McAfee can't stop them, but the effectiveness of this block depends on the Bahrani censors using Smartfilter to block new proxy sites as well, which McAfee continues to aid them in doing, as a matter of choice.

Websense, incidentally, announced in 2009 -- in response to an earlier ONI report describing how their software was used to censor Internet access in Yemen -- that they would stop providing censoring software to the Yemeni government. But ONI's current report claims that the Yemeni government continued to use Websense into 2011, and Websense declined to comment. Maybe the Yemeni government was using Websense with a "frozen blocked-site list" -- but the ONI report includes at least one instance where a site that was un-blocked by Websense (the opennet.net domain itself!) became un-blocked in Yemen shortly afterwards. So maybe Websense just lied about canceling the Yemenis' license.

Could some censorious country like Yemen continue using the Websense filter -- with a continuously updated blocked-site list -- even after Websense truly tried to cut them off? Possibly, but it would probably be more trouble than it's worth. Yemen would have to set up a shell company outside of their own borders, with an overseas bank account, in order to purchase the software. Then after Yemen had installed Websense on their servers, they would have to download the updates indirectly by going through an anonymizing proxy set up in some other country as well. And if Websense ever found out which of their customers was a shell company used by the Yemeni government, they could cut off that customer's license, and the Yemeni censors would have to start all over again. It's probably safe to say that most Middle Eastern countries wouldn't find this worth the trouble. (After all, Iran could do everything I've just described, but apparently they haven't; they still seem to be using Smartfilter with an outdated copy of the blocked-site list, and adding new proxy sites to their blacklist manually.)

So far, proposals to ban American censorware companies from selling to foreign governments have not gotten off the ground -- and now with several Middle Eastern countries using or looking at Netsweeper, we'd have to get Canada on board as well. But at the very least, let's start calling out censorware companies on the canard that "We just sell the software and have no way of controlling who uses it." The companies know that foreign governments are using it to censor their own people, and they can cut them off as customers any time they want to; they just don't.

Slashdot regular Bennett Haselton is back with a story about Internet censorship in the Middle East. Several blocking software companies claimed that they had no control over how various Middle Eastern governments used their software. Bennett says it's time to put this patently false claim to rest. American censorware companies could easily cut off Middle Eastern governments from using their software, and thus make their existing filtering systems far less effective; they just refuse to do it. Hit the link below to see what he has to say, and make up your own mind.

The Wall Street Journal published an article Monday listing the Western-made Internet censoring programs used by several Middle Eastern governments, in countries that filter what their citizens can access on the Web. Like a similar 2011 report from the OpenNet Initiative, hopefully this listing will shine a spotlight on the problem, and make it easier for human rights groups to call for these companies to stop aiding censorious governments.

However, I wish that the article had quoted someone giving a rebuttal to the several companies which claimed, "Once the customer buys the product, we have no control over it," as stated variously Netsweeper, Blue Coat, and McAfee (which makes Smartfilter). For a product that relies on continuous updates provided by the software company, this claim, of course, is nonsense. Unfortunately, the claim seems to go unchallenged so often, that there's a risk that it will start to affect policy -- people may believe that we can't regulate how American censorware is used by repressive countries, so we shouldn't even try.

Some background: When a customer buys a standard network filtering program like Websense, SmartFilter, or Blue Coat, the product comes with a built-in list of websites to be blocked by the software. (The customer can select or de-select categories of sites to be blocked, like "pornography" or "gambling".) The purchase of the software typically comes with a year or two of free updates to the blocked-site list. The software vendors employs a combination of human reviewers and (more often) automated crawlers to scour the Web looking for new sites that fall into their categories, and add these sites to their database. Customers who are within their subscription period can download periodic updates to this blocked-site list. After a customer's initial free subscription period runs out, they can opt to continue purchasing updates to the database. If they don't, then the product will continue to work, but the blocked-site list will be frozen (except for any new sites that the customer finds on their own and adds manually to their own blocked-site list).

Once the blocked-site list is frozen, the filtering product becomes ineffective against any user making a serious effort to get around it. This is because there are many mailing lists like mine that mail out new proxy sites every week (a proxy site is a site which contains a form that allows the user to access third-party Web sites indirectly, usually to circumvent Internet blocking). And as long as the user can access at least one unblocked proxy site, they can access any other blocked site by going through the proxy. So when a censorious regime stops updating their blocked-site list, the product becomes ineffective almost immediately. (For that, I suppose, the blocking companies should be grateful to us proxy site makers, since we make it necessary for their customers to keep renewing their blocked-site subscriptions year after year.)

So, even if one were to accept the (highly dubious) claim that the software vendors didn't realize what was going on when a foreign government approached them to buy their software, once they realize that their software is being used to violate the rights of the country's people, they can easily stop providing updates to that customer. This can be done by either (a) blocking the IP addresses that the customer uses to download the updates, or (b) blocking any further updates using that customer's license key. (Each installation of a blocking program like Websense comes with a license key unique to that customer, and the program has to submit the license key to the download server in order to download the latest update to the blocked-site list. If the customer's subscription runs out or gets cancelled, no more updates.)

This is roughly the situation that exists in Iran. The Iranian government claims to use McAfee's Smartfilter to filter Internet access for their citizens, despite McAfee's claim that they don't sell to Iran because of the embargo. But the evidence suggests that while Iran may have once acquired Smartfilter along with a copy of their filter list that was current at the time, they're not getting regular updates to the blocked-site list. From corresponding with Iranians and testing the filter through a server located inside Iran, I've found that most of the proxy sites we mail out never get blocked at all in Iran, even as they eventually get blocked in countries like Bahrain and Kuwait that are using Smartfilter with a subscription to the blocked-site database. The proxy sites we mail out that do get blocked in Iran are usually blocked a few days later than they are in Bahrain and Kuwait. This suggests that the Iranian censors are finding and blocking new proxy sites by ad hoc methods, and that they're not as effective at it as American censorware companies. So the Iranian situation proves two points: that Western blocking companies really can prevent a foreign government from using their products (well, duh), and that this restriction actually works, in the sense of making the country's filter less effective.

So when a McAfee spokesman told the WSJ reporters, "You can add additional websites to the block list; obviously what an individual customer would do with a product once they acquire it is beyond our control," that's true only in the most literal sense. Yes, Bahrain can add human rights web pages to their list of sites blocked by Smartfilter, and McAfee can't stop them, but the effectiveness of this block depends on the Bahrani censors using Smartfilter to block new proxy sites as well, which McAfee continues to aid them in doing, as a matter of choice.

Websense, incidentally, announced in 2009 -- in response to an earlier ONI report describing how their software was used to censor Internet access in Yemen -- that they would stop providing censoring software to the Yemeni government. But ONI's current report claims that the Yemeni government continued to use Websense into 2011, and Websense declined to comment. Maybe the Yemeni government was using Websense with a "frozen blocked-site list" -- but the ONI report includes at least one instance where a site that was un-blocked by Websense (the opennet.net domain itself!) became un-blocked in Yemen shortly afterwards. So maybe Websense just lied about canceling the Yemenis' license.

Could some censorious country like Yemen continue using the Websense filter -- with a continuously updated blocked-site list -- even after Websense truly tried to cut them off? Possibly, but it would probably be more trouble than it's worth. Yemen would have to set up a shell company outside of their own borders, with an overseas bank account, in order to purchase the software. Then after Yemen had installed Websense on their servers, they would have to download the updates indirectly by going through an anonymizing proxy set up in some other country as well. And if Websense ever found out which of their customers was a shell company used by the Yemeni government, they could cut off that customer's license, and the Yemeni censors would have to start all over again. It's probably safe to say that most Middle Eastern countries wouldn't find this worth the trouble. (After all, Iran could do everything I've just described, but apparently they haven't; they still seem to be using Smartfilter with an outdated copy of the blocked-site list, and adding new proxy sites to their blacklist manually.)

So far, proposals to ban American censorware companies from selling to foreign governments have not gotten off the ground -- and now with several Middle Eastern countries using or looking at Netsweeper, we'd have to get Canada on board as well. But at the very least, let's start calling out censorware companies on the canard that "We just sell the software and have no way of controlling who uses it." The companies know that foreign governments are using it to censor their own people, and they can cut them off as customers any time they want to; they just don't.

Slashdot regular Bennett Haselton is back with a story about Internet censorship in the Middle East. Several blocking software companies claimed that they had no control over how various Middle Eastern governments used their software. Bennett says it's time to put this patently false claim to rest. American censorware companies could easily cut off Middle Eastern governments from using their software, and thus make their existing filtering systems far less effective; they just refuse to do it. Hit the link below to see what he has to say, and make up your own mind.

The Wall Street Journal published an article Monday listing the Western-made Internet censoring programs used by several Middle Eastern governments, in countries that filter what their citizens can access on the Web. Like a similar 2011 report from the OpenNet Initiative, hopefully this listing will shine a spotlight on the problem, and make it easier for human rights groups to call for these companies to stop aiding censorious governments.

However, I wish that the article had quoted someone giving a rebuttal to the several companies which claimed, "Once the customer buys the product, we have no control over it," as stated variously Netsweeper, Blue Coat, and McAfee (which makes Smartfilter). For a product that relies on continuous updates provided by the software company, this claim, of course, is nonsense. Unfortunately, the claim seems to go unchallenged so often, that there's a risk that it will start to affect policy -- people may believe that we can't regulate how American censorware is used by repressive countries, so we shouldn't even try.

Some background: When a customer buys a standard network filtering program like Websense, SmartFilter, or Blue Coat, the product comes with a built-in list of websites to be blocked by the software. (The customer can select or de-select categories of sites to be blocked, like "pornography" or "gambling".) The purchase of the software typically comes with a year or two of free updates to the blocked-site list. The software vendors employs a combination of human reviewers and (more often) automated crawlers to scour the Web looking for new sites that fall into their categories, and add these sites to their database. Customers who are within their subscription period can download periodic updates to this blocked-site list. After a customer's initial free subscription period runs out, they can opt to continue purchasing updates to the database. If they don't, then the product will continue to work, but the blocked-site list will be frozen (except for any new sites that the customer finds on their own and adds manually to their own blocked-site list).

Once the blocked-site list is frozen, the filtering product becomes ineffective against any user making a serious effort to get around it. This is because there are many mailing lists like mine that mail out new proxy sites every week (a proxy site is a site which contains a form that allows the user to access third-party Web sites indirectly, usually to circumvent Internet blocking). And as long as the user can access at least one unblocked proxy site, they can access any other blocked site by going through the proxy. So when a censorious regime stops updating their blocked-site list, the product becomes ineffective almost immediately. (For that, I suppose, the blocking companies should be grateful to us proxy site makers, since we make it necessary for their customers to keep renewing their blocked-site subscriptions year after year.)

So, even if one were to accept the (highly dubious) claim that the software vendors didn't realize what was going on when a foreign government approached them to buy their software, once they realize that their software is being used to violate the rights of the country's people, they can easily stop providing updates to that customer. This can be done by either (a) blocking the IP addresses that the customer uses to download the updates, or (b) blocking any further updates using that customer's license key. (Each installation of a blocking program like Websense comes with a license key unique to that customer, and the program has to submit the license key to the download server in order to download the latest update to the blocked-site list. If the customer's subscription runs out or gets cancelled, no more updates.)

This is roughly the situation that exists in Iran. The Iranian government claims to use McAfee's Smartfilter to filter Internet access for their citizens, despite McAfee's claim that they don't sell to Iran because of the embargo. But the evidence suggests that while Iran may have once acquired Smartfilter along with a copy of their filter list that was current at the time, they're not getting regular updates to the blocked-site list. From corresponding with Iranians and testing the filter through a server located inside Iran, I've found that most of the proxy sites we mail out never get blocked at all in Iran, even as they eventually get blocked in countries like Bahrain and Kuwait that are using Smartfilter with a subscription to the blocked-site database. The proxy sites we mail out that do get blocked in Iran are usually blocked a few days later than they are in Bahrain and Kuwait. This suggests that the Iranian censors are finding and blocking new proxy sites by ad hoc methods, and that they're not as effective at it as American censorware companies. So the Iranian situation proves two points: that Western blocking companies really can prevent a foreign government from using their products (well, duh), and that this restriction actually works, in the sense of making the country's filter less effective.

So when a McAfee spokesman told the WSJ reporters, "You can add additional websites to the block list; obviously what an individual customer would do with a product once they acquire it is beyond our control," that's true only in the most literal sense. Yes, Bahrain can add human rights web pages to their list of sites blocked by Smartfilter, and McAfee can't stop them, but the effectiveness of this block depends on the Bahrani censors using Smartfilter to block new proxy sites as well, which McAfee continues to aid them in doing, as a matter of choice.

Websense, incidentally, announced in 2009 -- in response to an earlier ONI report describing how their software was used to censor Internet access in Yemen -- that they would stop providing censoring software to the Yemeni government. But ONI's current report claims that the Yemeni government continued to use Websense into 2011, and Websense declined to comment. Maybe the Yemeni government was using Websense with a "frozen blocked-site list" -- but the ONI report includes at least one instance where a site that was un-blocked by Websense (the opennet.net domain itself!) became un-blocked in Yemen shortly afterwards. So maybe Websense just lied about canceling the Yemenis' license.

Could some censorious country like Yemen continue using the Websense filter -- with a continuously updated blocked-site list -- even after Websense truly tried to cut them off? Possibly, but it would probably be more trouble than it's worth. Yemen would have to set up a shell company outside of their own borders, with an overseas bank account, in order to purchase the software. Then after Yemen had installed Websense on their servers, they would have to download the updates indirectly by going through an anonymizing proxy set up in some other country as well. And if Websense ever found out which of their customers was a shell company used by the Yemeni government, they could cut off that customer's license, and the Yemeni censors would have to start all over again. It's probably safe to say that most Middle Eastern countries wouldn't find this worth the trouble. (After all, Iran could do everything I've just described, but apparently they haven't; they still seem to be using Smartfilter with an outdated copy of the blocked-site list, and adding new proxy sites to their blacklist manually.)

So far, proposals to ban American censorware companies from selling to foreign governments have not gotten off the ground -- and now with several Middle Eastern countries using or looking at Netsweeper, we'd have to get Canada on board as well. But at the very least, let's start calling out censorware companies on the canard that "We just sell the software and have no way of controlling who uses it." The companies know that foreign governments are using it to censor their own people, and they can cut them off as customers any time they want to; they just don't.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

An anonymous reader writes "Since 2006, Internet users in Argentina have been blocked from searching for information about some of the country's most notable individuals. Over 100 people have successfully secured temporary restraining orders that direct Google and Yahoo! Argentina to scrub the results of search queries. The list of censorship-seeking celebrities includes judges, public officials, models and actors, as well as the world-cup soccer star and national team head coach Diego Maradona. Try it yourself — compare the results for a Yahoo! Argentina search for Diego Maradona (0 results) to a search at Yahoo! Mexico and Google Argentina (both with millions of results)."

mrogers writes "A journalism student in Afghanistan has been sentenced to death by a Sharia court for downloading and sharing a report criticizing the treatment of women in some Islamic countries. The student was accused of blasphemy and tried without representation. According to Reporters Without Borders, sixty people are currently in jail worldwide for criticizing governments online, fifty of them in China, but this may be the first time someone has been sentenced to death for using the internet. Internet censorship is on the rise worldwide, according to The OpenNet Initiative."

An anonymous reader writes "State-led internet censorship is on the rise around the world. According to a study conducted by the Open Net Initiative and reported by the BBC, some 25 of 41 countries surveyed were filtering at least some content. Skype and Google Maps were two of the most often-censored sites, according to the article. 'The filtering had three primary rationales, according to the report: politics and power, security concerns and social norms. The report said: 'In a growing number of states around the world, internet filtering has huge implications for how connected citizens will be to the events unfolding around them, to their own cultures, and to other cultures and shared knowledge around the world.'"