Sunday, January 25. 2009Conroy's "Internet Filtering" - Australia's Best HopeJohn Linton I am 100% in favour of conducting trials that prove there is no technical problem in banning access to a list of sites provided by the Federal Government. I can't imagine anything more valuable being done in Australia at this time. I have, vaguely, followed the various outpourings of choleric drivel regurgitated by almost every section of the press since Krudd instructed Stupid Stephen to actually scrap the previous government's 'free content filter' and push on in to the brave new world of Labor internet censorship. Where even people as stupid as Krudd and co came up with this ludicrous view (other than as a quid pro quo with the religious loony in the Senate) defies rational explanation but, they continue to 'press on regardless' despite what appears to be almost unanimous condemnation from every person who puts fingers to keyboard. So I thought I'd add my less than valuable insights as, personally, I think it's a very, very good idea for Stupid Stephen/Krudd to not ony pursue their trials but then proceed to implement their censorship and they shouldn't be prevented from going ahead by lying technical assertions from some ISPs. Firstly let me debunk the stupid assertions by so many people from BigPond downwards who claim that the cost of blocking some finite number of web sites is somehow expensive or will slow the overall internet by some significant (I think I read somewhere some moron was suggesting 85%) amount. Such assertions are dishonest (anyone with a smidgeon of technical knowledge would know that is not the case) at best and just plain criminally wrong at worst. The most obvious reasons why the people from ISPs making these statements are so dishonest is that they all run caching of various sorts which involves 'packet inspection' to determine where to source the requested data from. Are they therefore saying that the internet services they are currently providing are being slowed by "up to 85%? I dooooon't thhhiiiinnnnk soooo. Similarly these same ISPs all use 'lists' to ban certain sites for various reasons (spam/phishing/abuse) and, again, are they saying that running 'ban lists' slows their services by up to 85%? Again - I dooooont thiiiinnnnkkk sooo. Thirdly, and most cogently and despite various denials, many/most Australian ISPs operate some sort of P2P access control hardware that detects encrypted P2P traffic for the purpose of controlling the bandwidth available to P2P traffic - Exetel has been doing that for over two years as has much of the rest of the world. Are those ISPs that use P2P control hardware saying that they are slowing the overall traffic though their networks by up to 85% - same answer.....of course it doesn't. Sooooo....where does this leave the "technical" argument against the Federal Government implementing "ban lists"? It leaves any suggestion that implementing a ban list would degrade the overall operation of the internet in any way as total nonsense put out by people who are either being deliberately dishonest or technically stupid (or by people who personally know nothing and are being 'advised' by other people who are either totally dishonest or technically stupid). Exetel operates both ban lists and the latest versions of Allot's Net Enforcer hardware/software and does so without impacting any user of the Exetel internet service. Of course the Allot and PeerApp boxes and software cost a lot of money (in terms of our tiny ISP) but then the Federal Government is offering to fund the purchase of such boxes so there is no problem for any ISP in terms of expense if, and only if, the requirement was to deal with encrypted data and/or specific protocols. A ban list could be implemented without any additional hardware to that already in use on any ISP's network. So, there are no technical problems to implementing any 'ban list' the elected government of the day (and remember over 50% of voters elected this particular government of the day) and if there was no need for 'encryption busting' then the cost to any ISP would be trivial. If there is a need to use DPI then the cost would be around $1.00 per internet user in Australia which the government of the day is offering to fund. So I enthusiastically support running trials on behalf of Stupid Stephen and Krudd and demonstrating, without a shadow of a doubt, that their loony aspirations of internet censorship can be achieved quickly and inexpensively. My only fear is that they won't proceed with this "election promise" before the next election. Why? Because by those morons doing such a thing we would be guaranteed that they would lose the next election in a landslide which is an essential solution to the current situation where the current lunatics will totally bankrupt Australia because of their stupidity. The new government will then immediately repeal the legislation and there will be no more talk of government imposed censorship. Although by that time they will have bankrupted the country and f***ed the future for the following 20 years (just as Whitlam did) at least they won't get another term to ensure that Australia never recovers. Trackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I don't think what you describe is practical in the real world. Even if the filters don't significantly slow web browsing, the real problem with banning certain sites is the enormous collateral damage that comes with it. The Internet Watch Foundation demonstrated this recently when they inadvertently took down the whole Wikipedia site and Way Back Machine...
http://www.theregister.co.uk/2009/01/14/demon_muzzles_wayback_machine/ Not to mention the damage caused when the blacklists get leaked, acting like a kind of perverted whitepages to all the sickos out there. For what it's worth I tried to summarise my objections to Cleanfeed here: http://thebernoullitrial.wordpress.com/2009/01/06/saying-no-to-internet-censorship-in-australia/ Although many other authors have done so much more eloquently than me. Comment (1)
I agree that the implementation of an Internet filter isn't necessarily the hardest thing in the world, and I think the bigger ISPs are using the 'technical' excuse, because it is one of the only 'reasonable' excuses to have against a plan that (at least for now) is to block access to 'illegal' material (for everyone) and 'immoral' material (for children).
I have, unfortunately, found a large percentage of the population that, through lack of education on politics and/or technology, feel that this type of protection (re: censorship) is OK because all the Government is proposing is to block access to illegal material, material that no one should be allowed access to in the first place. The trouble is, who decides on that list and is there any kind of oversight? When does a website talking about drug manufacture go from being information (to actual pharmaceutical researchers) to being illegal material? Because of this lack of education, the responsibility to prevent the Government from implementing this plan stands to the people who 'know better.' The ISPs may be using a lame excuse regarding their ability to block access to the Internet, but they are doing so because it is one of the only excuses in their arsenal to prevent the Government from turning us into China. The other, more technical reason for not implementing this filter is that anyone who wants to get around it (the people who the Government is trying to stop accessing this information), can get around it. Simplest solution, set up a VPN through a foreign country. If all traffic is encrypted, ISPs won't be able to ban it (especially if something like OpenVPN is used which uses plain-old SSL encryption, something which no ISP would ever block). In my opinion, the casual observer (the only people this 'censorship' would affect) are at very low risk of being affected by 'illegal' content on the Internet in the first place. Comments (2)
Filtering web sites by IP address, is of course, relatively straightforward. Of course that ignores the fact that a single IP address may be hosting thousands of web sites, so the potential for collateral damage is very high.
Filtering by URL can also be achieved - but that's nowhere near as straightforward and would indeed incur some processing overhead. Shaping encrypted P2P is of course dramatically different from filtering it. Your NetEnforcer doesn't de-crypt the P2P - it just looks for the patterns and assumes it's P2P because the traffic behaves like it. Of course you could use the NetEnforcer to, for all intents and purposes, block all P2P. But again, collateral damage. There are of course real, legitimate uses for P2P technology. I challenge you to use the NetEnforcer to block only copyrighted content that's being distributed without permission. On another note, I have to wonder how long it'll be before the 3G carriers start using NetEnforcers or similar technology for killing off VoIP over 3G? ...or charging a flat monthly fee to allow VoIP for specific users (to replace the revenue they otherwise lose to VoIP). Comment (1)
I guess my 'tongue in cheek' reverse psychology was badly expressed.
The argument that "filtering" will "slow the internet" is blatantly fallacious and should never have been raised as an issue. The only reason I want those d***heads to go ahead with net censorship is so that they don't get re-elected and the new government repeals their act and scraps it. Comments (6)
I disagree on the slow down issue.
Each packet needs to be scanned for inappropriate content - such as a page containing a phrase or keyword, each packet received needs to be checked for such keywords. To ensure that you catch all, every single packet needs to be scanned, even SSL, VPN, ICMP - every packet, to ensure the user isn't changing the port they access traffic on. DPI inspection works by scanning the packet, against a list to search on - such as IP, port - these are quick to scan, but also content. You have to check each packet, and scan the content of each packet to see if it matches any of the terms / phrases on a list of potentially thousands. So, for each keyword, each packet, needs to be checked, the larger the list, the more testing that needs to be performed to see if it's a match. It may not be true that an 85% slow down would occur, probably not - but a slow down is very possible. Scanning those packets delays the routing and delivery of them. CPUs have advanced, so that the task of doing the scanning quickly is possible, but in an ISP network there's millions, if not trillions of packets to scan, ISPs would need large numbers (possibly racks full) of DPI scanning hardware to ensure the users aren't slowed down significantly. The more rules DPI boxes need to scan for, the more time it takes, the slower the routing of the packets. For gaming, DPI could easily add 20ms to 300ms. Comments (2)
In this you imply that the average citizen is against censorship and, given some of the recent comments I've heard from the general society, I think that this might be incorrect.
On the plus side, one of the primary demographics that won this election for Labor (the youth vote) is vehemently against censorship in any of its forms. Internet censorship is one true-fire way of pissing off a whole generation (or 2) who, the Government is just starting to realise, does have the right to vote now! Comments (2)
The NetEnforcer doesn't need to decrypt P2P traffic to do what it does (strictly speaking).
However, Exetel's PeerApp device does indeed decrypt P2P traffic, so it is possible to decrypt and block if need be. As soon as you have a transparent caching-style device in your network, filtering on URL for HTTP requests isn't that hard. JL mentioned the potential generated bandwidth improvement that turning on HTTP caching on the PeerApp gear would bring, and to his credit he went to great lengths to indicate that it's something Exetel wouldn't do lightly given the stigma and problems associated with transparent proxying of web requests (ala TPG). Comment (1)
@DW On another note, I have to wonder how long it'll be before the 3G carriers start using NetEnforcers or similar technology for killing off VoIP over 3G? ...or charging a flat monthly fee to allow VoIP for specific users (to replace the revenue they otherwise lose to VoIP).
In Hong Kong Vodafone went the opposite way, they were selling their 3G service with an optional priority for VoIP protocols for an extra fee each month, they have now dropped that and allow the same VoIP access on all their 3G broadband plans, maybe they have worked out it is better to give customers what they want rather than trying to block them out Comment (1)
"Youth Votes" are invariably stupid.
John Stuart Mill, the ultimate universal suffragist, was forced to admit that such people are not able to exercise the privilege they are given in any meaningful way. Giving 18 year olds the vote is as stupid as giving them a driving license which most obviously demonstrates the lethal results. Comments (6)
I'm not sure how I could be wrong on the slow down?
How can a packet pass through a packet inspection device without any delay at all (even so much as 1ms)? Comments (2)
You're completely wrong in making statements "30 ms to 300 ms" that are baseless and stupid.
Subsequently amending them to "1 ms" is equaly pointless. However this is blog not a technical discussion so forget it - take it up with someone who cares. Comments (6)
The only thing that I don't like about the whole plan is that these filters will be introducing an additional point of failure into the comms system in Oz. I really dont know if it is just a simple case of adding an entry into a "host.deny" file ... but from the budget figures i am guessing its a little more complex that this.
Personally i just don't like that idea that someone can control what I see, hear or read .... and inevitably tell me what to think. I know they say its not censorship, but to me it feels like there is something "larger" going about that we are all missing... But that might just be my paranoid-delusional self. Comment (1)
I see it as a pita for a few months and then it gets rid of Krudd and co and the whole joje is withdrawn and forgotten.
Comments (6)
Hi John, just wondering what you think about www.opendns.com? I've been using this for content filtering for about 12 months and find it very effective.
On another subject, thanks for your daily comments. I find them very insightful. From a 'pioneer' customer. Comment (1)
NQR
The following refers to eMail and the mpact doesn't show to the user... "Similarly these same ISPs all use 'lists' to ban certain sites for various reasons (spam/phishing/abuse) and, again, are they saying that running 'ban lists' slows their services by up to 85%?" Comment (1)
|
Calendar
QuicksearchArchivesCategoriesBlog AdministrationExternal PHP Application |