Slashdot Mirror
Comcast 'Blocks' an Encrypted Email Service: Yet Another Reminder Why Net Neutrality Matters (zdnet.com)
Zack Whittaker, writing for ZDNet: For about twelve hours earlier this month, encrypted email service Tutanota seemed to fall off the face of the internet for Comcast customers. Starting in the afternoon on March 1, people weren't sure if the site was offline or if it had been attacked. Reddit threads speculated about the outage. Some said that Comcast was actively blocking the site, while others dismissed the claims altogether. Several tweets alerted the Hanover, Germany-based encrypted messaging provider to the alleged blockade, which showed a "connection timed out" message to Comcast users. It was as if to hundreds of Comcast customers, Tutanota didn't exist. But as soon as users switched to another non-Comcast internet connection, the site appeared as normal. "To us, this came as a total surprise," said Matthias Pfau, co-founder of Tutanota, in an email. "It was quite a shock as such an outage shows the immense power [internet providers] are having over our Internet when they can block sites...without having to justify their action in any way," he said.
By March 2, the site was back, but the encrypted email provider was none the wiser to the apparent blockade. The company contacted Comcast for answers, but did not receive a reply. When contacted, a Comcast spokesperson couldn't say why the site was blocked -- or even if the internet and cable giant was behind it. According to a spokesperson, engineers investigated the apparent outage but found there was no evidence of a connection breakage between Comcast and Tutanota. The company keeps records of issues that trigger incidents -- but found nothing to suggest an issue. It's not the first time Comcast customers have been blocked from accessing popular sites. Last year, the company purposefully blocked access to internet behemoth Archive.org for more than 13 hours.
By March 2, the site was back, but the encrypted email provider was none the wiser to the apparent blockade. The company contacted Comcast for answers, but did not receive a reply. When contacted, a Comcast spokesperson couldn't say why the site was blocked -- or even if the internet and cable giant was behind it. According to a spokesperson, engineers investigated the apparent outage but found there was no evidence of a connection breakage between Comcast and Tutanota. The company keeps records of issues that trigger incidents -- but found nothing to suggest an issue. It's not the first time Comcast customers have been blocked from accessing popular sites. Last year, the company purposefully blocked access to internet behemoth Archive.org for more than 13 hours.
Never attribute to malice that which is adequately explained by stupidity.
Except that when they happen, rather than working hard to fix the issue, they can just say "We don't care. We don't have to".
Then why wouldn’t Comcast have just said that? The fact that they denied that anything happened shows that it couldn’t be an accident.
Routing issues happen. Frankly it's a wonder that they don't happen more often than they do. Could have even been a DNS problem; did anyone, anywhere, try using a different set of DNS servers than what Comcast provides?
Who better to block than small, niche sites that have no power? Blocking a Google would cause a huge shit storm.
When contacted, a Comcast spokesperson couldn't say why the site was blocked ...
Everyone knows you call Comcast Customer Support to get answers.
It must have been something you assimilated. . . .
One possible explanation is that it wasn't on Comcast's end. The affected site's service provider may have blocked all of Comcast's IP addresses if one of them was sending out a DOS attack for example. Or it could have been the affected site's own firewall if it detected a DOS or a DDOS coming from a range of Comcast IPs. Dumb stuff like that would happen all the time when I was in college. Some idiot would be bitorrenting movies or just had an unsecured machine spewing ddos packets plugged into the wall and the whole university would find itself cut off from (for example) JStor or Elsevier for a few hours until our IT contacted their IT and assured them that the problem was dealt with on our end.
That's one reason Net Neutrality matters so much. It's hard enough to offer competition against the behemoths. Once Google or any huge service provider can pay their way out of the slow lane, small businesses looking to compete might as well give up.
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
When I use Comcast, I use a VPN.
An ISP has to disclose any traffic shaping. The fact that Comcast would not comment shows to me that it was a mistake. Net neutrality hasn't even expired yet but even if it did, this still would be illegal without disclosure if done intentionally.
THIS PARTICULAR outage might not be Comcast's direct fault, but if not, it was the other side of a peering point. The more Comcast is worried about getting in trouble for NN violations, the more likely they are to pressure that operator to get it fixed. Or, Comcast drops the static route and let's BGP route around the damage.
I am quite familiar with large scale routing issues. In general, something like you propose will either affect only part of a national network (and then find an alternate route) or it will affect more than one provider (for example, if someone null routes the subnet)
It should be easy to use "traceroute" to find the route between a Comcast customer IP address and Tutanota's servers. Wherever it happens, the guilty party could have been dropping the received or transmitted packets from the servers. Traffic seems to go out to the USA via Hurricane Electric and then to Tutanota.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
The headline "Comcast 'blocks' an encrypted email service: Yet another reminder why net neutrality matters"
followed by "Now imagine your favorite websites getting blocked by your internet provider in the name of net neutrality."
Does TFA present substantive information supporting this conclusion?
Does TFA itself make the leap of asserting Comcast blocked Tutanota?
Yet there is the headline and intentional smearing and weasel conflation of Comcast and Net Neutrality to fit pre-ordained narratives and stoke outrage.
Absolute favorite part in context of TFA is this amazing snippet:
"It doesn't really matter if it was a purposeful block or a technical glitch," said Pfau. He argued that the net neutrality repeal will "harm competition immensely"
What if I wrote an article with the headline:
Zack Whittaker committed burglary and punched a small child in the face.
In the body of my article stated Zack Whittaker was in the neighborhood when the crime occurred and random people on reddit think he might be responsible.
How would Zack Whittaker feel about that?
NN rules haven't expired yet. Also, given the number of state legislatures and attorneys general rumbling about both suing the FCC and implementing state level NN laws, this would not be a good time (politically speaking) to provide them ammunition.
...what can be explained by incompetence.
I didn't know that Ernestine worked for Comcast!
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
How do you know its not the incompetence of tutanota's ISP, or a transit peer? Given that Comcast users said that the site seemed to drop off the internet, it sounds like a DNS issue which could be Comcast's or whoever provides tutanota's domain service. Outages happen on the Internet all the fucking time but that doesn't mean it was the result of a "blockade" like the morons in the TFA allege.
Maybe the site was only partially blocked. Which raises the question when can we know a site is actually wholly blocked...
I'm not an apologist for Comcast, at all.
However, remember they run their own DNS so they can mine where you're going with that so-called stealth browser of yours. When it does a DNS lookup, you get the correct IP address to do the https page pull.
If a DNS address becomes black-holed (there are a number of ways to accidentally do this, including being stupid), then you loose a site.
I'm guessing it got screwed up in cache, and when the cache flushed, it came back again. No huge subterfuge, no DDoS attack, just normal screw up. Even Slashdot was pretty stupid about how they did their infrastructure change-over. Happens all too frequently, but it happens. An alarmist charge towards the fate of net neutrality violations is a bit hyperbolic to me.
---- Teach Peace. It's Cheaper Than War.
This will be an interesting situation. I've worked in networking for more years than I would like to say. And the mantra is: The network is broken. There is a number of reasons this connection could have had an issue and it has nothing to do with blocking traffic. DNS services, multiple routes converging, new hard installed, there is a number links in this chain. I just want to see now how many times this will come up. What will an ISP have to do to "prove" there is no blocking? Would you trust what they say anyway? Maybe a new (or old) engineer just pulled off a stupid, cause that never happens. Looks like some serious finger pointing and maybe some finger wagging. Maybe some always lawyer enriching class action lawsuits!! The possibilities are endless.
Sooooo, I'm not defending Comcast or whatever ISP will be put in the spotlight, but the internet is a big place and ISPs don't own all the services out there to get from a home connection to a single website.
It should be easy to use "traceroute" to find the route between a Comcast customer IP address and Tutanota's servers.
With the growing number of carriers who block ICMP, while it SHOULD be easy to use traceroute to learn interesting things, in many cases it is worthless.
Here's a flash: is anyone going to sue Comcast for blocking outgoing access to port 25 as an anti-spam measure? It's blocking email. Was this "block" which nobody knows was actually a block but is good to bash Comcast anyway over a case of blocking an outgoing port for spam reasons?
Then why wouldnâ(TM)t Comcast have just said that? The fact that they denied that anything happened shows that it couldnâ(TM)t be an accident.
They didn't deny that anything happened.
But then if the evidence is gathered and they are proven liars, it wouldn't go well for them.
Equipment failure is a well understood probllem, including about how long it should take to fix or work around.
Call their tech support some time. She may have an Indian accent now, but she definitely works there.
Either that or your diagnostic abilities suck monkey balls.
Step one, narrow the diagnosis based on where the outages are. Work out from there.
Jut ran into an issue today with accessing state.gov web sites. Determined it was a DNS issue. When I switched my DNS server to 8.8.8.8 (google), the site was available from my browser.
Ended up on the phone with support for two hours trying to convince them it was their DNS server issue, and not my browser, router or modem issue.
Well, let's see. The problem was connection timed out, not DNS resolution failure, so your diagnostic skills DEFINITELY suck monkey balls. A quick sampling of whois suggests the others you listed are not owned by the same people, BTW.
Apparently nobody but Comcast customers had an issue on those days. If the issue was upstream to Comcast, others would likely be affected.
This theory could have been easily tested by switching DNS to 8.8.8.8.
That's why you suck them. Don't swallow them.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
The result would be different. A missing DNS entry does not result in a timeout, you get a site not found.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Read up on how Comcast configures its servers to understand how you can get a browser hang as the re-direct goes infinite-loop. It's not a missing entry error. I'm trying to find the site that explains their info vacuuming architecture.
---- Teach Peace. It's Cheaper Than War.
Huge companies already pay their way out of the "slow lane" by having more servers, larger pipes, and more CDNs.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
This is shoddy reporting at best. Hiding behind the quotes on "block" is below cheap shot level. Where are the useful questions? Were any other sites affected? Did anyone take a traceroute anywhere? Why do any work when you can pull in clicks with a sensationalist headline and spurious conclusions?
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
to point out the obvious. Whatever the problem was, it wasn't because of "Net Neutrality" legislation. Or if Comcast weighs more than a duck - then Net Neutrality matters!
It ain't what they call you. It's what you answer to. http://mylyceum.us/
They can show us the BGP error if it was an accident.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Except that when they happen, rather than working hard to fix the issue, they can just say "We don't care. We don't have to".
"So, the next time you complain about your phone service, why don't you try using two Dixie cups with a string? We don't care. We don't have to. We're the Phone Company." - Lily Tomlin
His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
That's stated by James Bond the 1964 Goldfinger film. I see no indication of it being named "Fleming's Razor" or that the original author (Ian Fleming) wrote the line, though it has been quite some time since I read that book.
Use my userscript to add story images to Slashdot. There's no going back.
Yep. Same issue.
It is unreasonable, and deeply unethical, for a too-big behemoth like Comcast to get away with things.
IF it were a mistake, OWN UP!
IF it were incompetence or faulty equipment or "maintenance", PUBLISH THE FACTS!
IF it were a covered-up intention, GET EXPOSED AND SUFFER!
IF Comcast is "too big to fail" (i.e. hurts society too much to be punished), then Comcast needs to be broken up.
ALL non-human entities like behemoth corporations need to fully answer to the public.
ESPECIALLY to their patrons and constituents.
Self-importance and self-indulgence is the root of ALL evil.
Never happen! Ask Ajit Pai! ;-O
Self-importance and self-indulgence is the root of ALL evil.
Sure seems quite unlikely that ALL intercontinental paths went down all at once. Yes?
Self-importance and self-indulgence is the root of ALL evil.
Yeah, I know. I coined the term. I've heard it referred to elsewhere as "Goldfinger's Law".
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
For 12 hours, Comcast gave itself a black eye. Then it stopped.
No thumb-fingered bureaucrats necessary.
There's no time like the present. Well, the past used to be.