Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hundreds of Sites Blocked By Canadian ISP

Posted by Zonk on from the quite-the-smooth-move dept.

An anonymous reader writes "Last week Slashdot reported on the blockage of a union website by Telus, a leading Canadian ISP. Since that story, the company has restored access but the fallout continues. The move may lead to new ISP regulations in Canada and a study by the OpenNet Initiative has found that by blocking the union site, Telus also blocked an additional 766 websites including a breast cancer fundraising site." From the article: "While there are a number of different ways to block access to Web sites, the method Telus chose to block the Voices for Change site -- blocking its IP address -- produced massive collateral filtering. Filtering by IP address is efficient since ISPs can quickly and effectively block access to the target site using their existing routing technology. Many ISPs already block certain IP addresses to combat spam and viruses. Large networks, like Telus, have mechanisms in place to block IP addresses almost instantaneously, simply by updating their routers with a "block list" of addresses. However, it is common for many different, unrelated Web sites to share the same IP address."

10 of 302 comments (clear)

  1. Illegal, reckles, and dangerous. by TripMaster+Monkey · · Score: 4, Insightful

    From The OpenNet Initiative PDF:
    Section 36 of the [Canadian Telecommunications] Act states that, without the approval of the Canadian Radio-Television and Telecommunications Commission, a "Canadian carrier shall not control the content or influence the meaning of telecommunications carried by it for the public," and Section 27(2) of the Act prohibits a Canadian character, in providing a telecommunications service, from "unjustly discriminat[ing] or giv[ing] an undue or unreasonble preference toward any person, includ[ing] itself, or subject[ing] any person to an undue or unreasonable disadvantage.
    Clearly, Telus violated the Canadian Telecommunications Act by their heavy-handed disconnection of www.voices-for-change.com. This alone should be grounds for revocation of their license, but the incidental blocking of an additional 766 unrelated websites is even more reprehensible than their intended censorship.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

  2. i'm glad... by Anonymous Coward · · Score: 5, Funny

    i'm glad i live in the US where i don't have to worry about such things

  3. Re:i'm confused.... by bmalnad · · Score: 5, Informative

    Yes! It is. It's called virtual hosting.

    --
    Free Scotland!
  4. Public Outcry by Emperor+Cezar · · Score: 5, Insightful

    The ISP was pretty much forced to take down the block because of public outcry. No one wants to do business with an ISP that does things like that. With regulation the Canadian government has two options:

    a) Force them to let everything through, but this means they can't block virus speading sites, etc

    b) Only allow them to block what the regulators seem fit. Which puts what you see and can't see into the hands of beurocrats. This would cover all ISPs in Canada so you can't switch to one that does block stuff you want it to (Porn if you have little kids, etc.)

    I personally prefer to let people hurt them in the wallet when they pull crap like this. Corporations take more notice when something hurts them in the wallet.

  5. Wow by GordoTheGeek · · Score: 5, Informative

    A buddy of mine is a desktop admin at Telus in Toronto (the strike is in Alberta and BC). That's a hell of a message to send to the rest of your employees: "We 'support' your right to strike, but we don't want your message to get out to the world."

    And he thought he hated his job before the strike. Yow.

  6. Re:Hypocrisy in action. by TripMaster+Monkey · · Score: 5, Insightful


    Collateral damage happens, like it or not.

    No, it doesn't. Collateral damage happens when the sysadmin is question is lazy and/or ignorant. It would have been easy to block access to only www.voices-for-change.com, and no others, but instead they chose to block the entire IP address. Either they wanted to pass the blockage off as an accidental outage (and failed) or the sysadmin just couldn't be bothered to do the extra work, and just blocked an entire IP in the router. Either way, it's despicable.

    --
    ____

    ~ |rip/\/\aster /\/\onkey

  7. Re:Hypocrisy in action. by B3ryllium · · Score: 4, Informative

    It could have been both (at 766 sites, it could quite easily have been both), not to mention that business websites could have been blocked as well. It was a nice, tidy, cut-and-dry violation of the Canadian telecommunications regulations act. The CRTC will probably have some fun things to say about it.

  8. Re:Hypocrisy in action. by whois · · Score: 4, Informative

    Thats not how it works, and I suspect these guys are running into the same problem we did.

    I used to work for a national NSP and during my tenure there we developed a few ways to block IP's despite the fact that half the linecards in our network didn't support packet filtering.

    The best way to do this was with a global null route. We'd add a route on all the routers pointing one of our unused IPs to the null0 interface. Then we ran a "null route server" where anything we wanted to block was routed to that IP address (causing all traffic to it to get blocked at the entry point, rather than routed through the network)

    We used these measures exclusively for spammers and for large DOS attacks. (For DOS attacks it was less effective because you actually had to block the victim instead of the source, but it was better than nothing)

    The point behind this is, many times we had virtual hosting providers call us up and tell us we'd blocked thousands of sites, some even went on to name names. We told them to get the spammer off their server before service would be restored.

    This is the normal policy of most ISPs. No Collateral damage involved, you violated the terms of service and I'm sorry your business revolves around the idea of putting a thousand customers on one point of failure.

    Now, I'm not saying this is what Telus did. I'm saying this is what they probably did and you guys are jumping to conclusions. The fact is, from a router standpoint it's extrodinarly hard to block "www.example.com" without doing it by IP address.

  9. Telus ethics by TeQGame · · Score: 5, Informative
    Here's an exerpt quoted directly from the Telus Ethics page at http://about.telus.com/governance/ethics1.html

    How can they possibly claim that they took an ethical approach when they unilaterally terminated access to a website that depicted Telus in an unfavorable light. Whether the site in question was violating other contractual obligations or law is independent of the actions of Telus.

    " Fellow TELUS team members:

    Central to TELUS' purpose is to make the future friendly for our stakeholders. One of the critical elements in realizing this ambition is to ensure our individual and collective reputation is above reproach. How we work is just as important as what we do. Our goal is to demonstrate the highest level of ethics and integrity in our business dealings with all stakeholders (customers, shareholders, suppliers, colleagues, community). This is a corporate priority and a shared responsibility for all TELUS team members as each one of our actions and decisions affect our company and its reputation."

  10. DMCA by Chyeld · · Score: 4, Informative

    In the US of A. If you are a common carrier, you can not be held liable for the information being transmitted over your lines. However, if you censor/filter/control access to what is sent over your lines, you no longer have that safe harbor and are considered to be liable for what is sent as if you are filtering and allow something to go through, it's an implict acceptance of it.

    I don't know if this is something that applies to Canada as well. But it's be biggest reasons why ISP's in USA will not filter or control access to parts of the internet based on content. The end user has the option to filter, but it must be controlled by that user, not the ISP.