Slashdot Mirror
Hundreds of Sites Blocked By Canadian ISP
An anonymous reader writes "Last week Slashdot reported on the blockage
of a union website by Telus, a leading Canadian ISP. Since
that story, the company has restored access but the fallout
continues. The move may lead to new
ISP regulations in Canada and a study
by the OpenNet Initiative has found that by blocking the union
site, Telus also blocked an additional 766 websites including a breast
cancer fundraising site." From the article: "While there are a number of different ways to block access to Web
sites, the method Telus chose to block the Voices for Change site --
blocking its IP address -- produced massive collateral filtering.
Filtering by IP address is efficient since ISPs can quickly and
effectively block access to the target site using their existing routing
technology. Many ISPs already block certain IP addresses to combat
spam and viruses. Large networks, like Telus, have mechanisms in
place to block IP addresses almost instantaneously, simply by
updating their routers with a "block list" of addresses.
However, it is common for many different, unrelated Web sites to
share the same IP address."
but expect to be sued for providing access to childporn, illegal software, coprighted material, terrorist training manuals, political sites, communists, bomb making equipment
slippery slope egh ? see you in the next RIAA lawsuit !!
From TFA: "the blockage occurred at the Internet backbone level, thereby blocking access for other ISPs (and their customers) that use Telus as their provider."
I'm certainly no legal expert, but this seems like it could open the floodgate for litigation. Maybe by the time the regulations arrive the market will have already corrected this problem?
From The OpenNet Initiative PDF:Clearly, Telus violated the Canadian Telecommunications Act by their heavy-handed disconnection of www.voices-for-change.com. This alone should be grounds for revocation of their license, but the incidental blocking of an additional 766 unrelated websites is even more reprehensible than their intended censorship.
____
~ |rip/\/\aster /\/\onkey
If your using hostname headers to distinguish between sites you host then yes, 1 ip can represent an unlimited number of websites.
<end/>
i'm glad i live in the US where i don't have to worry about such things
Yyyyyes, it is. Name-based hosting allows the web server to serve multiple sites up, based on the browser's Host: header as well as the IP address connected to.
== Jez ==
Do you miss Firefox? Try Pale Moon.
Yes! It is. It's called virtual hosting.
Free Scotland!
From the Apache WebSite.
http://httpd.apache.org/docs/2.0/vhosts/name-base
IP-based virtual hosts use the IP address of the connection to determine the correct virtual host to serve. Therefore you need to have a separate IP address for each host. With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. Using this technique, many different hosts can share the same IP address.
Name-based virtual hosting is usually simpler, since you need only configure your DNS server to map each hostname to the correct IP address and then configure the Apache HTTP Server to recognize the different hostnames. Name-based virtual hosting also eases the demand for scarce IP addresses. Therefore you should use name-based virtual hosting unless there is a specific reason to choose IP-based virtual hosting. Some reasons why you might consider using IP-based virtual hosting:
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
It's not that they blocked these websites really, it's that they went about it the wrong way. There are rules and regulations regarding this sort of thing, and they were not followed.
If they had gotten the permission of the Canadian Radio-Television and Telecommunications Commission, then you would be correct. Though i suspect that even if they did this the legal way, it would cause bad PR anydangway!
Nasa spent billions making a pen capable of writing in space. The Russians just use a pencil.
The ISP was pretty much forced to take down the block because of public outcry. No one wants to do business with an ISP that does things like that. With regulation the Canadian government has two options:
a) Force them to let everything through, but this means they can't block virus speading sites, etc
b) Only allow them to block what the regulators seem fit. Which puts what you see and can't see into the hands of beurocrats. This would cover all ISPs in Canada so you can't switch to one that does block stuff you want it to (Porn if you have little kids, etc.)
I personally prefer to let people hurt them in the wallet when they pull crap like this. Corporations take more notice when something hurts them in the wallet.
A buddy of mine is a desktop admin at Telus in Toronto (the strike is in Alberta and BC). That's a hell of a message to send to the rest of your employees: "We 'support' your right to strike, but we don't want your message to get out to the world."
And he thought he hated his job before the strike. Yow.
Don't block IPs unless you're really really sure about it. Lasy bastard admins.
For some reason I refuse to use either spell check or the spacebar properly.
Collateral damage happens, like it or not.
No, it doesn't. Collateral damage happens when the sysadmin is question is lazy and/or ignorant. It would have been easy to block access to only www.voices-for-change.com, and no others, but instead they chose to block the entire IP address. Either they wanted to pass the blockage off as an accidental outage (and failed) or the sysadmin just couldn't be bothered to do the extra work, and just blocked an entire IP in the router. Either way, it's despicable.
____
~ |rip/\/\aster /\/\onkey
It could have been both (at 766 sites, it could quite easily have been both), not to mention that business websites could have been blocked as well. It was a nice, tidy, cut-and-dry violation of the Canadian telecommunications regulations act. The CRTC will probably have some fun things to say about it.
If you are working with large-scale routing you aren't going to do application-layer filtering unless you have to. They didn't have to until this incident so the infrastructure (and it does require a massive one, transparent proxies for all their bandwidth) wasn't in place. Therefore, a quick instruction to the Cisco BFRs and no more website, based on IP.
It's unfortunate that the virtual hosting got nailed by it but if their decision (a bad one, the PR in Canada right now is horrible) was to block it, that was the only way to implement it.
For those of us with Dynamic IP addresses: there always been those times where you get that one bad bad 'black-listed' IP (previously used for spamming, haxing etc).
/renew? - sometimes does not work due to DHCP server keeps on serving you the same IP based on your MAC ADDR, and you are forced to wait for expiry lease to lapse.
Worse still, 'black-list' blocks not JUST only the IP, but entire subnets or IP ranges...you spend a whole friggen day debugging your network-router-firewall setup and spend the rest of the week arguing with your ISP about who's fault it is.
Solutions:
ifconfig
change MAC address? - an option, as 'most' routers can 'spoof' MAC addresses.
Hm, Telus is an NSP not just an ISP. They are a significant part of the backbone in Canada. As an NSP they are subject to different criteria for providing connectivity. Unfortunately, the laws in Canada are somewhat different than the laws elsewhere.
Telus is a company that holds itself out to the public. They had no right to block information that was discerning to their own viewpoints (something we agree on). So if they didn't have a right to block the union website, how does "some poor cancer website" constitute as just collateral damage? This is not war, this is a company stepping over the boundaries of its regulatory regime. Maybe I just see it differently than you.
So let me get this straight...you're comparing the behavior of an ISP, who is required by law to not impede access to the websites it hosts, to the behavior of a private website, who is under no such requirement.
Your argument is rather like saying since the city cannot ban people from driving down a street for no good reason, then it necessarily follows that these same people must be allowed unfettered access to the private residences on that street.
Next time, think before you post.
____
~ |rip/\/\aster /\/\onkey
In my area I have a choice between two high-speed internet carriers, Telus and Shaw Internet. Telus has pretty much just cinched the deal for me, that I'll be moving to Shaw as soon as possible.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
I like to think that I pay for access to the Internet, not some corporation's idea of what the Internet should be like.
Unfortunately, that's not the case.
And what of the poor terrorists who are incidentally paying for the bandwidth too ? I am not trolling or flamebaiting -- all I am saying is that censorship is not a part of a free society -- disagreement is.
when big corporations would just hire a bunch of thugs to beat the hell out of union organizers.
Collateral damage is, what it is: Damage. And as such it should be handled. If you damage something, it's YOUR fault. End of story.
Used to see films set in the future that corporations had replaced governments and thought, it will never happen.
But seeing more and more such news today, it happens to me that, are we in the midst of this change?
In China, the government censors you, in Canada and Australia, the ISP censors you!
I have long argued that the internet access business has needed regulations that govern Quality of Service, Code of Conduct and a Consumer's Bill of Rights.
The behaviour of Telus is outrageous and is probably a VERY SMALL tip on a MASSIVE iceberg.
As more and more services fight for consumer's internet pipe they should have protection against bad service and questionable tactics.
Thats not how it works, and I suspect these guys are running into the same problem we did.
I used to work for a national NSP and during my tenure there we developed a few ways to block IP's despite the fact that half the linecards in our network didn't support packet filtering.
The best way to do this was with a global null route. We'd add a route on all the routers pointing one of our unused IPs to the null0 interface. Then we ran a "null route server" where anything we wanted to block was routed to that IP address (causing all traffic to it to get blocked at the entry point, rather than routed through the network)
We used these measures exclusively for spammers and for large DOS attacks. (For DOS attacks it was less effective because you actually had to block the victim instead of the source, but it was better than nothing)
The point behind this is, many times we had virtual hosting providers call us up and tell us we'd blocked thousands of sites, some even went on to name names. We told them to get the spammer off their server before service would be restored.
This is the normal policy of most ISPs. No Collateral damage involved, you violated the terms of service and I'm sorry your business revolves around the idea of putting a thousand customers on one point of failure.
Now, I'm not saying this is what Telus did. I'm saying this is what they probably did and you guys are jumping to conclusions. The fact is, from a router standpoint it's extrodinarly hard to block "www.example.com" without doing it by IP address.
Ok fine it is a stupid move to have an ISP block access to any website and it should not be done... But the striking telus workers are just as much to blame. Those striking goons have been going about cutting fiber lines... Not to mention they have been asking people to pretty much DOS telus call centers with fake problems.
PS: The website was blocked after Telus found that their striking workers where taking pictures of employees who were crossing the picket line for the purpose of later harrasing those said employees. In my opinion both parties are equally at fault for the nice mess they cooked up.
http://www.crtc.gc.ca/RapidsCCM/Register.asp?lang= E
= E
for details on the violation.
There's a five-step form, and they'll refer the complaint. For a quick cut-and-paste snippet, go to the following:
Please be advised that Telus Corporation may be in violation of the Telecommunications Act, Section 36. Please see http://www.crtc.gc.ca/RapidsCCM/Register.asp?lang
How can they possibly claim that they took an ethical approach when they unilaterally terminated access to a website that depicted Telus in an unfavorable light. Whether the site in question was violating other contractual obligations or law is independent of the actions of Telus.
" Fellow TELUS team members:
Central to TELUS' purpose is to make the future friendly for our stakeholders. One of the critical elements in realizing this ambition is to ensure our individual and collective reputation is above reproach. How we work is just as important as what we do. Our goal is to demonstrate the highest level of ethics and integrity in our business dealings with all stakeholders (customers, shareholders, suppliers, colleagues, community). This is a corporate priority and a shared responsibility for all TELUS team members as each one of our actions and decisions affect our company and its reputation."
In the US of A. If you are a common carrier, you can not be held liable for the information being transmitted over your lines. However, if you censor/filter/control access to what is sent over your lines, you no longer have that safe harbor and are considered to be liable for what is sent as if you are filtering and allow something to go through, it's an implict acceptance of it.
I don't know if this is something that applies to Canada as well. But it's be biggest reasons why ISP's in USA will not filter or control access to parts of the internet based on content. The end user has the option to filter, but it must be controlled by that user, not the ISP.
I know for a fact that they block port 80, 21, and some other common ones for accounts with dynamic IP's. I was stuck with a dynamic while waiting for my server account to kick in at my new address, and all the common inbound web-ports were blocked. Telus wants you to pay up for inbound traffic, no dyndns for you!
The voices-for-change website was being put all over the news and the radio, saying GO AND SEE PICS OF THE SCABS AT www.voices-for-change.com
The voices for change website was publicly posting pictures of telus employees, management and Union employees that crossed the picket lines, putting their saftey at risk. If you have not noticed, the union in BC can be pretty militant, so yes Telus Banned access to the website until they were able to get a court order to have the website admin remove the pictures, once Telus had this court order, they returned access to the website.
so some can argue that they did it `so that the word of the union cant get out`, but Telus does actually care about their employees, so they shut it down for that reason, for the saftey of their employees, until they were able to take legal action that came to the same result.
"AOL also uses their web filters to promote a political agenda. For example, children can visit the home page of the Republican National Committee, but not the Democratic National Committee." http://www.computergripes.com/Aol.html
:P I didn't like Earthlinks webmail system or their customer service or their price, but at least they gave me the same level of internet access as I got in the computer labs.
AOL is a good example of this, but I have found censorship to be a big problem with a few other cheap internet providers.
In college, I think I was trying compuserve, but they blocked lots of sites. With them, I could not do political research for my sociology class at home. I would have had to go to the computer lab to do real research. That made me angry, so back then I decided not to switch and to keep my $24 a month Earthlink account
It makes me wonder about people looking for a good deal (poor people) and how this affects their political views.
FOX NEWS INTERNET Explosions, Warnings, and none of those boring educated LIBERALS!
Does Censorship = Profit? For who?
- Your friendly neighborhood systems analyst
Five continents: America, Eurasia, Africa, Oceania, Antarctica.
America has three subcontinents: North -, South -, and Central America.
North and South America aren't separated by sea, only by an ARTIFICIAL cannal in Panama.
Eurasia has subcontinents: Europe and Asia.
Asia is not considered a subcontinent as a matter of fact, being "the central and eastern part of the continent of Eurasia, defined by subtracting the European peninsula from Eurasia", according to wikipedia; it's further subdivided in various regions: North Asia, Central Asia, East Asia, Southeast Asia, South Asia, Southwest Asia.
Back to America, WP says: "The Americas refers collectively to North, Central and South America. The term is a relatively recent and less ambiguous alternative to the name America, which may refer to either the Americas or the USA. The former usage is now often considered archaic in English, but still in use in other languages, where the Americas is often considered to form a single continent. The use of the term America for the United States of America in English and colloquially in other languages is seen by some as politically incorrect (it may be seen as cultural imperialism). Strictly speaking, it is also illogical (for example, it would place South America outside America). Although the context usually makes clear which 'America' is meant, this led to the emergence of the term Americas to take away the ambiguity (in English), if not the illogicality."
Because I consider myself an inhabitant of America, even if I am not a citizen of the US, in Portuguese, I refer to the continent as "América" and to the country as "Estados Unidos" (and its citizens as "Estado-unidenses") and, in English, the continent as America, the country as "the United States" or "USofA", and the citizens "US citizens" if formal and "USofAns" if informal.
You can say all you want that "it won't change a few hundred years of established usage in the English language", but IMHO you are really talking about en_US, not about the other kinds of English. I believe British People refer to the country as "the United States", also.
Feel free to ignore me.
MODERATORS: *Please*, feel free to ignore me.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
Does anyone know of a class action lawsuit against Telus for this act? I am *mighty* pissed that they blocked my access to the site, and I want to make them pay for it: I want to join a lawsuit against them.
Please post a reply to this message if you know of a class-action lawsuit against Telus for IP blocking.
--
Don't like it? Respond with words, not karma.
Just like to point out this blerb from the front page of the site in question:
After an out of court settlement today, TELUS acted quickly to remove the restrictions it placed on nearly one million customers. TELUS customers, and other Internet Service Providers who provide ADSL connections through the TELUS network are now able to connect to Voices For Change through its domain name www.voices-for-change.com.
(Now why the frack are ppl arguing about semantics and host headers? It's not even relevant to the topic.. sheesh)
Reality is in the mind of the beholder - me 1996
AA -- if it was illegal why did Telus not use the law? (Maybe because they like to stay outside the law themselves??)
Also, it was not the union who "was posting pictures of employees...". The site was run by a union member, which is a completely different story.
See you,
Stephan
http://stephan.sugarmotor.org
No no no, the IP address was blocked. That's why over 700 other sites were unavailable to Telus customers as well -- making Telus look really foolish and incompetent.
But maybe there is another angle here: the staff on strike may have been able to point out the (purely technical) foolishness of blocking an IP address, while the current replacement staff knows only little.
Stephan
http://stephan.sugarmotor.org
It would seem to me that primus has definitely crossed the line. I would hope to hear a strong response from the government and the other members of parliament. As we have become inundated with spam and virus traffic people have let the internet providers filter all of their emails and web content already. Now I get the odd email that is sanitized with .pif virus, funny in it that it doesn't even run on a mac.
Internet providers have been able to sneak their filters into service supposedly based on this threat.
So it's like grade school all over again. I can just hear the teacher, " Nobody can throw snowballs all winter again because of what "Johnny" did".
Because of a bunch of sick bastards who write spam and virus's we must now submit ourselves to a level of censorship we don't even allow our own governments, and yes I am Canadian.
My closing idea is that if these businesses are not classed as common carriers, this would imply a failure of government to protect it's citizens. I see hand washing all the way to the top.
By the way write your MP.