Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Rights Group International Says Virgin, Sky Blocking Innocent Sites

Posted by timothy on from the no-brush-is-quite-broad-enough dept.

New submitter stewartrob70 writes with an explanation of the inadvertent (or at least unwarranted) blocking of innocuous sites that UK ISPs Virgin and Sky are engaged in, as reported by PC Pro. The ISPs' filtering systems "appear to be blocking innocent third-party sites with apparently little or no human oversight." stewartrob70 excerpts from a blog posting with an explanation of why: "In order to understand why this specific issue happened, you need to be familiar with a quirk in how DNS is commonly used in third-party load-balanced site deployments. Many third-party load balanced systems, for example those using Amazon's AWS infrastructure, are enabled by pointing CNAME records at names controlled by those third-party systems. For example www.example.com may be pointed at loadbalancer.example.net. However, 'example.com' usually cannot be directly given a CNAME record (CNAME records cannot be mixed with the other record types needed such as those pointing to nameservers and mailservers). A common approach is to point "example.com" to a server that merely redirects all requests to 'www.example.com.' From forum posts we can see that it's this redirection system, in this specific case an A record used for 'http-redirection-a.dnsmadeeasy.com,' that has been blocked by the ISPs — probably a court-order-blocked site is also using the service — making numerous sites unavailable for any request made without the ''www' prefix."

21 of 83 comments (clear)

  1. And this is why by gigaherz · · Score: 5, Insightful

    This is why ISPs have been complaining for years that filtering bad content is not as easy as the copyright people make the politicians think it is.

    1. Re:And this is why by FriendlyLurker · · Score: 3, Interesting

      You assume that "copyright people", "politicians" and rich elites in general care about "Innocent Sites": censorship for limiting, framing and generally controlling the political discourse is the goal. They have solved the majority of the ISP problem by compensating them with our tax dollars so their complaint's disappear. Soon if not already it is profitable for said ISP's to censor content against secret behind closed door lists, so only those with some sense of moral compass outside of pure profit motive will complain and that will be fine as they can be ignored by mass media. Virgin and Sky were too big to ignore when they were complaining - now they are silent on the issue.

    2. Re:And this is why by Joining+Yet+Again · · Score: 5, Informative

      "This is why ISPs..."

      Oh, what bullshit. ISPs have bent over backwards so they don't lose out on delicious government contracts, which in the UK require satisfactory filtering methods in place.

      There are maybe one or two ISPs which have had a backbone in all this - such as Andrews&Arnold. You can tell the difference because their Internet service is 100% unfiltered. They even ask you if you want filtering and refuse to provide you with service if you say "yes".

    3. Re:And this is why by gigaherz · · Score: 2

      My point was that some ISPs have complained about the cost of running good filters, not that it affects innocent websites. Good filters happen to be the ones that do NOT block innocent websites, but of course they cost more. Avoiding that cost is a very important topic for the ISPs, while blocking innocent websites is just a small PR issue. In the case of Virgin and Sky, cheap blocking seems to have been the chocie.

    4. Re:And this is why by Joining+Yet+Again · · Score: 3, Interesting

      I haven't heard many complaints about the cost, to be honest.

      Run no filter:
      - lose gov contracts;

      Run cheap filter:
      - gain gov contracts;
      - increase prices slightly for everyone;
      - minority of people notice they're missing legitimate web sites;

      Run expensive filter:
      - minority still complain because they tend to object to filtering in principle;
      - lose custom from extra costs which will be passed on to consumer.

      So "run cheap filter" is always the profitable option in the UK, which is why everyone feeds the IWF list plus the easiest interpretation of court orders into something in the style of the original Cleanfeed, augmented more recently by DPI by some ISPs.

    5. Re:And this is why by isorox · · Score: 3, Informative

      "This is why ISPs..."

      Oh, what bullshit. ISPs have bent over backwards so they don't lose out on delicious government contracts, which in the UK require satisfactory filtering methods in place.

      There are maybe one or two ISPs which have had a backbone in all this - such as Andrews&Arnold. You can tell the difference because their Internet service is 100% unfiltered. They even ask you if you want filtering and refuse to provide you with service if you say "yes".

      Not all ISPs

      Not only is Andrews & Arnold XKCD 806 compliant, but they meet all of mumsnet^W David Cameron's censorship requirements.

      The government wants us to offer filtering as an option, so we offer an active choice when you sign up, you choose one of two options:-

      Unfiltered Internet access - no filtering of any content within the A&A network - you are responsible for any filtering in your own network, or
      Censored Internet access - restricted access to unpublished government mandated filter list (plus Daily Mail web site) - but still cannot guarantee kids don't access porn.
      If you choose censored you are advised: Sorry, for a censored internet you will have to pick a different ISP or move to North Korea. Our services are all unfiltered.

      Is that a good enough active choice for you Mr Cameron?

    6. Re:And this is why by Joining+Yet+Again · · Score: 2

      I did mention AAISP in the final paragraph, but I suppose their approach is so correct that it's worth mentioning twice (or thrice, right here!).

      Government and big business play an on-going game of pretending to wrestle each other, but they're usually happy enough to work together while giving the plebs some "state vs private sector interests" theatre to get worked up about.

    7. Re:And this is why by Joining+Yet+Again · · Score: 3, Informative

      See e.g. the long thread on the Be Internet user forum. It was noted that the government refuses to purchase services from ISPs which aren't already enforcing IWF-strength filtering. This was done to encourage ISPs to follow government pro-censorship policy, instead of directly legislating to require censorship. Then the ISP's filters would look like a business decision and the civil libertarians who are "pro-freedom-of-business" wouldn't be able to get their panties in a twist. Fairly clever, if you ask me, and it's just another reminder of the danger of public-private partnerships.

  2. BGP instead of DNS filtering makes more sense? by Quick+Reply · · Score: 2

    Technically speaking that is, not politically.

    I remember reading about this on one of my ISPs' blog a while ago.

    http://steve.blogs.exetel.com.au/index.php?/archives/186-Content-Filtering.html

    1. Re:BGP instead of DNS filtering makes more sense? by dutchwhizzman · · Score: 5, Insightful

      No, any IP based filtering is bad if you want to only block websites. As just explained in TFA, the http protocol is used to put more than one website on a single IP address. You will block other websites if you are blocking entire IP addresses.

      The big catch here is that to do this "properly" ISPs will have to put up transparent HTTP proxies and MitM https as well, just to be able to block these websites. This will effectively make the entire internet insecure for any serious stuff like banking or purchasing goods, since anyone will be able to spoof https. Not only that, but ISPs will suddenly have complete records of your complete web browsing history. There is no way to deny it, those logs will end up in the hands of the government sooner or later. Having ISPs block web sites is like having road workers make sytems that block foreign people that commit traffic violations, it's just not a feasible concept.

      --
      I was promised a flying car. Where is my flying car?
    2. Re:BGP instead of DNS filtering makes more sense? by SuricouRaven · · Score: 3, Informative

      Actually, they *do*. That's how the 'cleanfeed' system works. As was discovered when they blocked wikipedia a few years ago - ISPs redirected all traffic for that IP on port 80 to a transparent proxy that then blocked the offending files specifically, playing hell with wikipedia's anti-vandalism measures.

  3. why?! by Gravis+Zero · · Score: 2, Funny

    who is this Sky character and why is he blocking innocent sites?

    oh, virgin... maybe he just needs to get laid.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:why?! by Anonymous Coward · · Score: 2, Funny

      Lieber Slashdot Englisch Kapitalisierung ist schlecht für visuelle Lesbarkeit und Verständnis. Werfen Sie einen Punkt und nimmt eine besser lesbare europäischen Stil. Vielen Dank.

      Like that?

  4. Old News from August? by stiggle · · Score: 4, Informative

    I know Slashdot is usually behind the curve on news, but the linked articles date back to August....
    (I know - shocking someone read both linked articles :-) )

  5. Re:Not all is inadvertent by Joining+Yet+Again · · Score: 3, Funny

    I assume this is a parody of the gun nuts who weaken every decent discussion with paranoid, extremist ramblings.

  6. Re:Not all is inadvertent by cyber-vandal · · Score: 2

    Guns are not illegal in the UK, they are just much harder to get.

  7. Re:Not all is inadvertent by oobayly · · Score: 3, Funny

    No, it's a bad thing - have you any idea how these people not being killed in gun massacres are over-burdening the NHS? Come on people, you have to think about the greater good.

  8. SWEDEN!? by FriendlyLurker · · Score: 3, Informative

    VPN via Sweden, are you freakin kidding me - you might as well cc all your data to GCHQ directly!? Sweden's NSA Spy Links “Deeply Troubling”, or check out the professors blog for ongoing abuses on all fronts by the Swedish authorities. Whatever cred Sweden may have established during the cold war years, they have more than used up and are still digging down. The country (well its political leaders) can't be trusted - not a good place to do business anymore.

    If any country near the UK has some semblance of credibility, perhaps try Iceland as the first hop for your VPN. They are even trying to promote themselves as a naturally cooled server hub, which is nice...

  9. Re:Not all is inadvertent by Joining+Yet+Again · · Score: 2

    Last successful invasion: 1066.

    Get back to me in a millennium, yank.

  10. Re:Not all is inadvertent by Joining+Yet+Again · · Score: 3, Informative

    As a successful invasion? No. Not unless 9/11 counts as a successful invasion of the US.

    Although WW2 was over 5 years after the Battle of Britain, while the US has indentured itself for decades, so maybe 9/11 was a more effective attack. Thanks for making me think about this.

  11. Re:Not all is inadvertent by TheRaven64 · · Score: 2

    I don't shoot anymore (it's fun for a while, but it gets boring after a bit), but I never had problems getting access to shotguns or target rifles (including some fully and semi automatic) as a teenager in the UK. Handguns became illegal around this time, although there were some exemptions, such as for black-powder revolvers that kept most hobbyists happy (they take ages to reload, but you get half a dozen shots before you need to, which lets you put some holes in a target) and many of the rest moved to air pistols or carbines.

    --
    I am TheRaven on Soylent News