how pointless is DIA's filter?

By Shiny October 17, 2009

New Zealand's Department of Internal Affairs has a "filter" that is intended to block access to pedophilic content.

It's currently optional -- meaning your ISP can choose to use it. I'm on cable and every single cable provider has opted in, so it's barely optional at all unless I switch to inferior more expensive DSL technology... but that's irrelevant as I have no doubt the end game is to make it compulsory.

What's the problem then?

1) This makes it trivial for future governments, or even public servants with a crusade, to start blocking / tracking other things. The Australian version is already blocking abortion info, and even a dentist's website.

2) it's trivial to circumvent for those that spend the time

I'm already needing to circumvent this filter - i need to connect to servers directly, not via a filter, in order to do my job. Also, at times the filter is unreliable and I can't connect.

Here's a simplified version of how these things work

Picture one: a normal internet connection, your computer talks to servers that contain the website you want to view. Website normally appear on port 80 (hence the :80 in the picture)

Picture two: The DIA filter in the way. Because websites are normally on port 80, your isp just redirects all port 80 traffic from your computer to a "transparent proxy" which then implements the filter.

Picture three: You reconfigure youre browser to not use port80. Instead it goes to a ultra cheap vserver you bought for a meesly $10, running in USA or russia or somewhere. It's no longer using port 80, so the filter doesn't appy.

Other ways to get around this: The website uses SSL - this is the same technology used when acessing internet banking. It's encrypted. It cannot be (easily) read by DIA, so no filter is applied
Another way is for the website to run on any port other than 80.

It's so trivial -- the DIA's filter is ludicous. It's not going to stop any but the stupidest of criminals, it's has very large potential for abuse by governments, and adds one more point of failure in your internet access.

Alas this is something very hard to talk about - because it involves an attempt to catch pedophiles - the worst scum in the universe - it is difficult for various techies who understand this to come out explaining why it doesn't work. This hampers the protest against this. Please think beyond that and consider how little this filter will actually do to stop actual criminals.

Trackback URL for "how pointless is DIA's filter?"

http://www.coffee.geek.nz/trackback/23134

5 comments

By Simon Welsh (not verified)
21 weeks 2 days ago

This proxy is really annoying

This proxy is really annoying me at the moment. Without setting up a SSH session to a US server as a SOCKS proxy, I can't browse the web. Safari keeps displaying "Server not responding" error messages. After switching to the SOCKS proxy, I get the same speed I normal expect, though some things don't like my different IP.

Is there someone/people that we can petition to drop this senseless filter?

By Shiny
21 weeks 2 days ago

Yes, Telsta's proxy has been

Yes, Telsta's proxy has been b0rked yesterday evening and most of today. It appears working again now (*touch wood*)

Hence I had to circumvent it just to get to burger fuel's online menu tonight to order dinner.

By Anonymous (not verified)
21 weeks 1 day ago

I was under the impression

I was under the impression that the filter was implemented with a BGP feed that your ISP subscribes to. The BGP feed black holes routes to "objectionable" networks and is based on IP address, so the port doesn't come in to it.

Thomas Beagle's Technical FAQ

The workaround of proxying your traffic through a vserver (or VPS) still works and is a good plan.

By Shiny
21 weeks 12 hours ago

@anon yes, does seem that way

@anon yes, does seem that way - but same objections and problems exist for the BGP/routing method... and as you say, the same work arounds will work against that method.

By karit (not verified)
21 weeks 6 hours ago

Is the the Great Firewall of

Is the the Great Firewall of NZ the reason the internet was rubbish on Telstra all weekend?

I have mentioned in >a href="http://blog.karit.geek.nz/2009/08/great-firewall-of-new-zealand.html">my blog about this and well how much is actually over HTTP? I would assume like music and movies that most of it is over something other than HTTP like BIttorrent so will it just mess with HTTP traffic and not actually provide any help?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <p> <img> <br>
  • Lines and paragraphs break automatically.
  • Twitter-style @usersnames are linked to their Twitter account pages.
  • Twitter-style #hashtags are linked to search.twitter.com.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
5 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.