Thanks To Encryption, UK Efforts To Block Torrent Sites Are Pointless (betanews.com)

← Back to Stories (view on slashdot.org)

Thanks To Encryption, UK Efforts To Block Torrent Sites Are Pointless (betanews.com)

Posted by timothy on Tuesday February 23, 2016 @04:20AM from the praise-be-to-jeebus dept.

Mark Wilson writes: In the UK, ISPs are required to block access to a number of big-name torrent sites — the thinking being that sites such as The Pirate Bay are used primarily for (gasp!) downloading pirated material. Despite the government's desire to control what people can access online, good old HTTPS means that people are able to very easily bypass any blocks that may be put in place. There are all manner of proxy services and mirror sites that provide access to otherwise-blocked content, but these are really not needed. With the likes of The Pirate Bay and Kickass Torrents offering secure, encrypted connection, accessing the goodies they contain could involve little more than sticking an extra 's' in the URL.

79 comments

Min score:

Reason:

Sort:

Um by penguinoid · 2016-02-23 04:25 · Score: 4, Informative

Adding an 's' won't change the name nor IP address of the website you're visiting.

--
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
1. Re: Um by Esteanil · 2016-02-23 04:28 · Score: 2
  
  Works here. Blocked on http, no problem with https (ISP: Get.no, Norway)
  
  --
  I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
2. Re:Um by Anonymous Coward · 2016-02-23 04:30 · Score: 2, Informative
  
  From TFA:
  "In theory ISPs could also block the site’s IP-addresses, but since many use shared IPs from CloudFlare this would also take down other unrelated websites."
3. Re:Um by ShaunC · 2016-02-23 04:33 · Score: 1
  
  Turns out many of the verboten sites are using cloud-based hosting and CDNs. You can't block those IPs without affecting (possibly many) legitimate sites. I'm assuming the "Host:" HTTP header must be part of the encrypted traffic, and therefore impossible to filter against.
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
4. Re:Um by Anonymous Coward · 2016-02-23 04:35 · Score: 0
  
  From TFA:
  "completely irrelevant text goes here"
  https protects the payload, it does not obfuscate where you're trying to go. the ISP's are just doing the bare minimum to comply with the law, and if the Government Censor List doesn't specifically include the URL for the secure site, they aren't blocking it.
5. Re: Um by Kardos · 2016-02-23 04:36 · Score: 3, Insightful
  
  That doesn't seem right....the SNI is not encrypted. They can block based on SNI, see https://en.wikipedia.org/wiki/...
6. Re: Um by Anonymous Coward · 2016-02-23 04:36 · Score: 1
  
  It is harder to access BBC iplayer, than Torrent-sites. So it's easier to download BBC-material from Piratebay.
  Kinda poetic.
7. Re:Um by Impy+the+Impiuos+Imp · 2016-02-23 04:50 · Score: 1
  
  Adding an 's' won't change the name nor IP address of the website you're visiting.
  Yes, TFA acknowledges that. They point out a lot of these sites actually rent cloud for their service, so blocking the address will block a lot more sites than just theirs.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
8. Re:Um by wonkey_monkey · 2016-02-23 04:51 · Score: 1
  
  No, no it won't.
  Still works though.
  
  --
  systemd is Roko's Basilisk.
9. Re:Um by reanjr · 2016-02-23 04:54 · Score: 1
  
  You are correct that the host header (and all headers, including the URL) are encrypted. The only thing you see is the SNI host that might be the entrypoint to any number of other hosts.
10. Re:Um by AmiMoJo · 2016-02-23 04:56 · Score: 1
  
  Actually, in this case it's not government mandated blocking. The BPI, our equivalent of the RIAA, took the ISPs to court and got an order requiring them to block. It only affects the larger ISPs because the smaller ones were not included in the order.
  Many people have known about this for years. Like Usenet, we just kept quiet about it. I'd love to know how Sky is blocking these sites... DNS perhaps, which is easily circumvented, or some pretty horrific DPI.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
11. Re:Um by Anonymous Coward · 2016-02-23 05:04 · Score: 0
  
  Well, the government gave the court order...
12. Re: Um by Lennie · 2016-02-23 05:34 · Score: 2
  
  They are probably using deep packet inspection and some configuration recipe provided by the manufacturer. It will probably take them a couple of years to figure out they can block on the SNI.
  
  --
  New things are always on the horizon
13. Re:Um by Anonymous Coward · 2016-02-23 05:54 · Score: 0
  
  tried this on a "Virgin" ISP connection. http routes to their blocked page, https doesn't but IP is blocked anyway so it doesn't load.
14. Re:Um by just_a_monkey · 2016-02-23 06:04 · Score: 1
  
  So there will be incitement for content providers to put pressure on their hosting solutions to make sure they not host anything torrent related...
  
  --
  How inappropriate to call this planet Earth, when clearly it is Ocean.
15. Re:Um by Anonymous Coward · 2016-02-23 06:06 · Score: 0
  
  Well, you elected the government. Why are you trying to block the pirate bay, jerk?
16. Re:Um by phorm · 2016-02-23 08:10 · Score: 1
  
  Actually, the name portion of the request is sent within the encrypted packet, so HTTPS does help there. Still, if you're using your ISP's DNS servers it probably wouldn't be hard for them to figure it out.
17. Re: Um by Anonymous Coward · 2016-02-23 08:28 · Score: 0
  
  That is really strange, the block here in Norway is DNS based and only involves a few ISPs.
  Both http and https where blocked for me (Canal Digital/Telenor), but I just changed to googles DNS servers and got my goodies back.
18. Re:Um by infolation · 2016-02-23 13:31 · Score: 1
  
  Proportional Representation has unfortunately yet to make an appearance in the UK's voting system.
19. Re:Um by countach · 2016-02-23 14:08 · Score: 1
  
  The name is encrypted and the IP address can't be blocked without blocking other non-infringing sites hosted at the same place.
20. Re:Um by countach · 2016-02-23 14:09 · Score: 1
  
  Only if they start blocking at the IP address level, and I'm not seeing that happening because every time ISPs have tried it there was such a backlash they had to back off.
21. Re:Um by Anonymous Coward · 2016-02-24 05:19 · Score: 0
  
  There's proportional representation voting for EU parliament elections in the UK, for elections to the Scottish Parliament (MMS), the National Assembly for Wales (AMS), and to the Northern Ireland Assembly (STV), there's proportional representation voting for local government in all four of the nations, with a diversity of systems, varying by council.
  PR or semi-PR is missing essentially only for votes cast for election to the UK parliament, and in large part that's because nobody trusted the Liberal Democrats (rest in pieces) who were the prime pushers of the horrible AV compromise offered up in the referendum, which was only warmly embraced by the LibDems (the Tories preferred the existing system; Labour preferred AV+; various smaller parties (e.g. SNP, Green Party) preferred that or still other mechanisms).
22. Re:Um by Anonymous Coward · 2016-02-24 08:00 · Score: 0
  
  Works OK for me on Virgin
  https://thepiratebay.se/
23. Re:Um by Anonymous Coward · 2016-02-24 14:48 · Score: 0
  
  https protects the url after the /
won't work for long by pedantic+bore · 2016-02-23 04:34 · Score: 2

The TLS handshake passes the name of the host being connected to (for the purpose of fetching its certificate) in plaintext. So if a site isn't being blocked, it's just a matter of time before the ISPs close this trivial loophole.
The next step is to ask for a different certificate that is being used on the same IP, by hacking the TLS handshake to specify a different hostname in the handshake than it uses in the HTTP request it sends later. This will probably just annoy whoever ends up paying for the bandwidth, and the loophole will get closed eventually.

--
Am I part of the core demographic for Swedish Fish?
1. Re:won't work for long by cdrudge · 2016-02-23 05:46 · Score: 2
  
  So if a site isn't being blocked, it's just a matter of time before the ISPs close this trivial loophole.
  You're presuming your ISP cares. Unless they are also a media company, they likely don't beyond the extent of the nuisance it creates in maintaining it and the small additional cost for hardware.
  If blocking packets based on simple HTTP host headers is the cheapest option that satisfies the requirements of the legal order while also creating the least collateral damage, then they really don't care if it's an ineffective measure easily circumvented (proxy, https, vpn, etc)
2. Re:won't work for long by countach · 2016-02-23 14:17 · Score: 1
  
  Mmm, I'm pretty sure sending the hostname is optional, and if a web browser didn't implement it, you'd just get a certificate warning. The user doesn't give a rip about real security, only that the ISP can't snoop and block. Of course if all standard browsers implement it, the average user might find it inconvenient to bypass.
3. Re:won't work for long by Anonymous Coward · 2016-02-23 21:46 · Score: 0
  
  I wonder why the SNI isn't encrypted. Sure, the situation is no worse than it would have been if the hosts would have been located on two different IP addresses, but adding a little security when you can seems like the sensible thing to do.
Re: Um https-everywhere by Anonymous Coward · 2016-02-23 04:34 · Score: 0

https://www.eff.org/https-everywhere, but everyone here new that, you might like to raise the bar of article quality, leave this level for the daily mail crowd
What part of Proxy don't you get? by s.petry · 2016-02-23 04:49 · Score: 1

Good grief, we know this is Slashdot so reading TFA is generally scoffed at, but at least read past the first sentence of a summary. The Subject of my post says it all. It is trivial to set up a proxy so that customer => Cloud service which can't be blocked => TOR. If an ISP blocks a cheap Amazon node's IP they move the service to a different node/vendor. They can't block all of Amazon, all of Azure, etc..
It would take tons of manpower for ISPs to block and unblock addresses the the level needed to have any impact, and even then it's just whack-a-mole.

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
1. Re:What part of Proxy don't you get? by Anonymous Coward · 2016-02-23 05:06 · Score: 0
  
  To be fair to pedantic bore, TFA says proxies aren't needed, because the sites can be accessed using HTTPS without using a proxy. The argument that if/when ISPs block direct access to the sites via HTTPS, proxies would become useful again, may be a valid one, but that isn't what TFA is saying. And proxies themselves are being added to the UK blocklist these days; while it's true that new ones spring up as soon as old ones are blocked, it's irritating to have to go look for new, working proxies, especially with all those malware-infested, distinctly shady proxies to avoid.
2. Re:What part of Proxy don't you get? by pedantic+bore · 2016-02-23 06:22 · Score: 1
  
  Good grief, we know this is Slashdot so reading TFA is generally scoffed at, but at least read past the first sentence of a summary. The Subject of my post says it all. It is trivial to set up a proxy so that customer => Cloud service which can't be blocked => TOR.
  You wrote that a proxies "aren't really necessary". I was responding to that. Good grief, indeed.
  If you'd like to move the goalposts by claiming that the summary isn't want you wrote, that's fine. I'll respond to your claim that proxies are easy to set up. Yes, they are. And they're really easy to block too, if someone is motivated to do so. If they weren't difficult to block, there would be laws in place that would make them harder to set up.
  
  --
  Am I part of the core demographic for Swedish Fish?
3. Re:What part of Proxy don't you get? by Anonymous Coward · 2016-02-23 09:53 · Score: 0
  
  Proxies are basically impossible to block effectively. One of the main uses of botnets these days is self-propagating proxy farms. You connect to a random host for every session and they are burnt soon after. Even large corporate vendors like McAfee with distributed reporting functions don't have the resources to blacklist them anymore. The only workable solution to blocking proxies is whitelisting.
Been playing that game for ten years... by Pollux · 2016-02-23 04:50 · Score: 2

...I mean, after all, as a school technology director, I've been playing that cat-and-mouse game with Facebook, etc. for 10 years. Block facebook.com, students figure out the "https" workaround...block all Facebook IPs, students use proxies...block all proxies, facebook.com now accessible w/ new IP address...neverending game of whack-a-mole.
And you just keep playing the game. As long as you make the efforts, you can say you're doing what you can, and that covers your back.
1. Re:Been playing that game for ten years... by DarkOx · 2016-02-23 05:02 · Score: 2, Informative
  
  Well then you are doing it wrong. A ISP does not have the option but a organization like a school certainly can MTIM SSL.
  There is no reason you should allow any SSL out you are not in the middle of.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
2. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-23 05:06 · Score: 0
  
  You're sometimes fighting parents too. I've given my son tips on getting around school access restrictions for years. Granted, he's a senior in high school now and most stuff he figures out on his own, but still I help if he needs it. Obviously I wasn't doing this when he was in elementary school or jr. high.
3. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-23 05:44 · Score: 4, Funny
  
  "Local teacher's union hacked by school administration"
  "Hundreds of teacher's bank accounts compromised by security breach"
  "School IT admin fired after uncovering principal's BDSM activity"
4. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-23 06:11 · Score: 0
  
  The very fact that you so blithely suggest, literally Man in the Middle SSL overrides shows how absurd and fundamentally broken our supposed encryption technologies really are, and how far security standards have fallen over the last 20 years.
  Why does Firefox throw a fit when I connect to a self-signed site again? Oh because using Certification Authorities is "more secure". This technology is a joke. At least the the blockchain is independently verifiable. CA based SSL is verifiably broken.
5. Re:Been playing that game for ten years... by WorBlux · 2016-02-23 07:24 · Score: 1
  
  How do you make a block-chain authoritative on data that originates outside of it, like ICANN compliant domain names? Alternatives like the PGP web of trust or the GNU name system will explicit show you the chain of trust, but these webs aren't authoritative.
6. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-23 07:44 · Score: 1
  
  ...I mean, after all, as a school technology director, I've been playing that cat-and-mouse game with Facebook, etc. for 10 years. Block facebook.com, students figure out the "https" workaround...block all Facebook IPs, students use proxies...block all proxies, facebook.com now accessible w/ new IP address...neverending game of whack-a-mole.
  And you just keep playing the game. As long as you make the efforts, you can say you're doing what you can, and that covers your back.
  So... poison the facebook DNS over to a page that logs a report and warns the student, and don't allow any 3rd-party DNS queries through your edge firewall.
  Sure, some kids will eventually figure out they can use a VPN provider to get access to a working 3rd party DNS, at least on equipment they own and control, but you'll at least get rid of the bulk of the problem on the school equipment.
7. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-23 08:39 · Score: 0
  
  It sounds like you have admin access for school desktops. If so, you could install a browser plug-in or GreaseMonkey script that destroys Facebook pages then remove students' rights to edit those config files. So now it won't matter if they can get to Facebook, because they won't be able to do anything once there.
8. Re:Been playing that game for ten years... by Thiez · 2016-02-23 08:42 · Score: 2
  
  Seems pointless, don't they all have phones with mobile internet these days?
9. Re:Been playing that game for ten years... by StikyPad · 2016-02-23 08:51 · Score: 1
  
  It's not about keeping Facebook out of the school; it's about limiting the use of school resources (i.e. taxpayer dollars) to approved activities.
  
  --
  https://www.eff.org/https-everywhere
10. Re:Been playing that game for ten years... by Thiez · 2016-02-23 09:00 · Score: 2
  
  Since you can't actually block the students from accessing facebook, isn't attempting to do so a waste of taxpayer money?
11. Re:Been playing that game for ten years... by avandesande · 2016-02-23 09:04 · Score: 1
  
  Even better, have a script that once they are authenticated uploads goatse to their timeline.
  
  --
  love is just extroverted narcissism
12. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-23 11:50 · Score: 0
  
  You're the reason Tor is so important, a company or pubic school shouldn't be breaking security left and right. MITMing TLS sessions is not acceptable behavior.
13. Re: Been playing that game for ten years... by Anonymous Coward · 2016-02-24 07:43 · Score: 0
  
  Why bother blocking Facebook at all? That's trying to apply a technological solution to a social problem. If students are choosing to look at their phones instead of participating in lessons then that's something that should be addressed by teaching staff.
  Although, if you do want a technological fix, can't you just sort it with DNS? I presume devices connecting to your network will get a DNS config via DHCP. You do have a caching DNS server on your network?
14. Re:Been playing that game for ten years... by Anonymous Coward · 2016-02-24 22:35 · Score: 0
  
  Luckily apps are not browsers. I can use hardcoded self-signed certificates.
Re:Bob Dole by TheCarp · 2016-02-23 04:50 · Score: 0

Which is hilarious when you remember that he was always a democrat and is a good friend of the Clintons.
It is almost like, the entire slate on both "sides" is just a bunch of actors playing parts.....almost right?

--
"I opened my eyes, and everything went dark again"
Err... by RDW · 2016-02-23 04:52 · Score: 1

Surely all the naughty pirates with any sense have already signed up to a VPN for their actual torrenting, making ISP-level tracker site blocks completely irrelevant?
Not a blanket ban by clickclickdrone · 2016-02-23 04:53 · Score: 1

Strictly speaking, in the UK, something like the top ten ISPs are required to block these sites. All the others will happily let you access them.

--
I want a list of atrocities done in your name - Recoil
Sick of torrent sites by Andy+Smith · 2016-02-23 04:54 · Score: 2

I'm so sick of most torrent sites nowadays. There's one I still use, an ExtraTorrent proxy, that is just about tolerable, but every other site I've tried over the past year is full of popups, popunders, redirects, etc. I've got popups blocked, adverts blocked, everything blocked that I know how to block, and still the sites are practically unusable.
When I read this story, just out of interest I went to the https version of the pirate bay to see if it worked. Clicked on the search box and immediately I had a full-screen popup, two smaller popups, and a text-to-speech reader (ffs!!) reading out a warning message about my system having been compromised and giving me a phone number to call.
1. Re:Sick of torrent sites by Anonymous Coward · 2016-02-23 05:02 · Score: 0
  
  I don't see any of that with NoScript.
2. Re:Sick of torrent sites by Anonymous Coward · 2016-02-23 05:09 · Score: 0
  
  Same here. Pirate Bay works perfectly for me with none of that crap. I use noscript and privacy badger too.
3. Re: Sick of torrent sites by Anonymous Coward · 2016-02-23 05:19 · Score: 0
  
  Retard
4. Re:Sick of torrent sites by AntronArgaiv · 2016-02-23 06:02 · Score: 1
  
  I'm so sick of most torrent sites nowadays. There's one I still use, an ExtraTorrent proxy, that is just about tolerable, but every other site I've tried over the past year is full of popups, popunders, redirects, etc. I've got popups blocked, adverts blocked, everything blocked that I know how to block, and still the sites are practically unusable.
  When I read this story, just out of interest I went to the https version of the pirate bay to see if it worked. Clicked on the search box and immediately I had a full-screen popup, two smaller popups, and a text-to-speech reader (ffs!!) reading out a warning message about my system having been compromised and giving me a phone number to call.
  I use Linux with Firefox (plus Adblock and NoScript). A lot of the advertising tricks don't work with that combo. HMA VPN and Transmission.
5. Re:Sick of torrent sites by Anonymous Coward · 2016-02-23 08:10 · Score: 0
  
  adblock, noscript, privacy badger.
  I have no problems with torrent sites.
  Maybe you are using shitty ones?
6. Re:Sick of torrent sites by Anonymous Coward · 2016-02-23 08:32 · Score: 0
  
  Really? I just use basic Chrome, no adblockers or anything, and I do not see any of that shit
7. Re:Sick of torrent sites by Anonymous Coward · 2016-02-23 08:56 · Score: 0
  
  You should probably do a S&D scan. I genuinely imagine it will help.
  
  https://www.safer-networking.o...
  
  Alternately, MalwareBytes.
8. Re:Sick of torrent sites by AmiMoJo · 2016-02-23 10:28 · Score: 1
  
  Disable JavaScript for those sites. YesScript is great for that.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
9. Re:Sick of torrent sites by Anonymous Coward · 2016-02-23 11:23 · Score: 0
  
  I actually just straight up don't believe you. Got privacy badger and simple adblock plus installed in FF. Went to site, did a search. Nothing, no pop us, no ads, nada.
10. Re:Sick of torrent sites by thegarbz · 2016-02-23 20:18 · Score: 1
  
  Sounds like you really should be sick of your crappy adblocker.
  Seriously I didn't know TPB had pop-ups until you mentioned it just now, and I certainly didn't configure anything or put any effort into blocking things.
  Likewise with Kickass Torrents. I have noticed one of the aggregators torrentz.eu did have a popup, but that cumulated to nothing more than an annoying flash on the screen as the popup blocker did it's work.
  Just like buying the wrong sized condom can lead to breaking at an unfortunate time it sounds like you're attempts at safely browsing the internet haven't really hit the mark.
My tongue by Anonymous Coward · 2016-02-23 04:58 · Score: 0

Change the protocol. Make it have a timestamp to know a package life-time. It's just an additional damn number... But then it would be possible to abduct it's origin. (or You could make the one that already exist, just in case I'm missing something from net class).
DNS blocking by Anonymous Coward · 2016-02-23 05:05 · Score: 0

In Portugal, ISPs implemented these blocks with DNS, which means that the sites eon't work regardless of protocol. However, it's trivial to use another DNS resolver, like Google's 8.8.8.8, to get around this. I sure hope they don't put any more effort into it.
Guess you haven't worked in a school by Anonymous Coward · 2016-02-23 05:23 · Score: 0

Good luck trying to explain to every teacher what an "unsafe connection" is. Trying to get every single device in the building that works outside of the domain...iPads, phones, Android tablets, not to mention all the departments that worked outside of the domain...to accept the self-signed certificate was a pain in the patootie. I spent months trying to make it work, but it was way too inconvenient for the work that needed to be done.
Re:Bob Dole by Anonymous Coward · 2016-02-23 05:27 · Score: 0

No, he wasn't always a Democrat. He's changed parties a number of times, including registering as an independent for a couple of years. And as for being "friends" with the Clintons? Well, Hillary herself said in a People magazine interview that "We were not friends."
Blocking 'unauthorized' encryption is trivial by fustakrakich · 2016-02-23 05:28 · Score: 1

And https? Please!

--
“He’s not deformed, he’s just drunk!”
1. Re:Blocking 'unauthorized' encryption is trivial by Anonymous Coward · 2016-02-23 22:05 · Score: 0
  
  That attack is from 2013 and has quite a few prerequisites, one of them being that the site must be using an older cypher. (Because newer block cyphers don't reveal enough about the length of the plaintext.) This isn't going to work today, and even when it worked it couldn't have been used to figure out if the cyphertext is a torrent site or not.
Re: Um https-everywhere by Nunya666 · 2016-02-23 05:42 · Score: 0

https://www.eff.org/https-everywhere, but everyone here new that, you might like to raise the bar of article quality, leave this level for the daily mail crowd
We also knew that, and assume that spelling might be new to you.
Media companies + security ... by gstoddart · 2016-02-23 05:52 · Score: 1

Basically the media companies are going to say encryption is evil because people could use it for piracy, and the security assholes are going to claim encryption is bad because they can't spy on everybody.
Between the two of them they're probably going to convince idiot politicians to undermine all security to give them what they need.
Welcome to a work in which your rights and security are undermined by corporate rights, and people who are lying through their fucking teeth claiming to protect your rights and security. Sorry, but bypassing our rights and security isn't defending them, it's undermining them.

--
Lost at C:>. Found at C.
Fuck UK, who cares about these inbred idiots by Anonymous Coward · 2016-02-23 05:58 · Score: 0

Fuck UK.
Who cares about these inbred idiots anyway.
DNS by phorm · 2016-02-23 08:14 · Score: 1

Do you control the DNS server? assuming you don't let your desktop zone connect to external DNS (or at the very least users don't have local admin and can't change DNS/hosts files), just have your DNS resolved override all facebook.com domains and point them at another IP. For shits and giggles you could even have an internal facebook-look-alike page that has some obscure maintenance message making it look like the issue is on FB's end, or just redirect them to hellokitty.com etc etc
1. Re:DNS by phorm · 2016-02-23 08:18 · Score: 1
  
  To add to that:
  While torrent sites might not care about such things, Facebook still requires a login. Assuredly they're not going to process cross-site POST requests from non-facebook domains (and their cookie policy should similarly reject such) so even if they find some alternate URL for facebook it's not going to let them actually log in and post anything.
  That said, why even both with Facebook whack-a-mole? I remember in one case parents got upset because some kid posted mean stuff about another kid on FB while at school, but it was done with his phone so short of banning all mobile devices you're not really getting very far with an Intranet-based block. I suppose you could at least disclaim some liability but that should be part of whatever permission forms etc students submit for access anyhow.
2. Re:DNS by Anonymous Coward · 2016-02-23 17:38 · Score: 0
  
  Or use a hosts file. Seriously. (I'm not even APK)
Re:Bob Dole by TheCarp · 2016-02-23 09:20 · Score: 1

Interesting, so basically, he plays whatever part is most convenient at the time. Sounds like someone the politicians must love.

--
"I opened my eyes, and everything went dark again"
Re:Bob Dole by Anonymous Coward · 2016-02-23 09:51 · Score: 0

People change and parties change. It's better to float between than to get stuck on one forever.
Re:Bob Dole by Bloke+down+the+pub · 2016-02-25 08:59 · Score: 1

Ouija board, or knock twice for yes?
(goes to Google)
Shit, really?

--
It's true I tell you, feller at work's next door neighbour read it in the paper.