BT, Sky, and Virgin Enforce UK Porn Blocks By Hijacking Browsers

An anonymous reader writes with this story at Ars Technica, excerpting: BT, Sky, and Virgin Media are hijacking people's web connections to force customers to make a decision about family-friendly web filters. The move comes as the December deadline imposed by prime minister David Cameron looms, with ISPs struggling to get customers to say yes or no to the controversial adult content blocks. The messages, which vary by ISP, appear during browser sessions when a user tries to access any website. BT, Sky,TalkTalk and Virgin Media are required to ask all their customers if they want web filters turned on or off, with the government saying it wants to create a "family friendly" Internet free from pornography, gambling, extreme violence and other content inappropriate for children. But the measures being taken by ISPs have been described as "completely unnecessary" and "heavy handed" by Internet rights groups. The hijacking works by intercepting requests for unencrypted websites and rerouting a user to a different page. ISPs are using the technique to communicate with all undecided customers. Attempting to visit WIRED.co.uk, for example, could result in a user being redirected to a page asking them about web filtering. ISPs cannot intercept requests for encrypted websites in the same way.

Re:MITM legalized at last

[gnasher719]

There is no Man-In-The-Middle attack. The man at the end is cut off. Nobody tricking you into anything; just annoying you.

And if you read the article, this only works for unencrypted connections where you should have known that anything can happen.

Re:Prohibitions do not work!

[91degrees]

Intentionally running a MITM attack against your customers aside, there is a huge problem with the legislation to begin with.

Yes. The fact that no such legislation exists. This is a voluntary ISP scheme

Cybersitter and NetNanny are not for me, but if I had young kids I may use that type of service if I was worried about their access.

Or you could use the service the ISP provides you with for free, that's easy to set up, available in the UK, and works with all network connected devices.

These companies get paid to manage content for you, and are _completely_voluntary so don't impose restrictions on everyone.

The UK ISP filters are completely voluntary as well.

And if those services are not available in the UK, or not good enough in the UK, why not create the company and let the free market do the work?

We tried. No suitable product became available. David Cameron pushed the market into providing such a service. The market obliged. If you really have a problem, you can always choose one of the dozens of ISPs that doesn't offer this service.

As bad as the US has become, I'm glad I'm not from the UK.

Why? You don't even have a choice of ISP in a lot of the US.

Re:MITM legalized at last

Who watches the watchers?

Nobody ever does. Except maybe their victims but they have no say and are rarely even belived.

Shame the no thanks button is broken with BT.

[Maquis196]

The sodding "no thanks" button would just not work so you had to accept the request, then log back into the BT portal to disable it again. Then it finally went.

What also finally went was my patience with BT, ordered my MAC code and migrating to Andrews and Arnold.

BT, you lost a customer over this. Idiots.

When every site gives "Certificate error"

[tepples]

How are you going to actually your HTTPS-only web sites when every single site you visit gives "Certificate error" until the householder has confirmed his censoring preference? This happens on open hotspots in hotels and restaurants, for example. The answer to "Why is HTTPS Everywhere preventing me from joining this hotel/school/other wireless network?" in the HTTPS Everywhere FAQ recommends visiting an HTTP-only site first in order to be redirected to the login page.