_68281949_68281947

Slippery Slope Part II – They make it law anyway

The ISPs tried pacifying opponents of UK Web Filtering by telling them they had to do it or David Cameron would legislate it anyway.

They backed down and co-operated. Only a few weeks after a Lord suggested it be mandatory an amendment has already been proposed to the Children and Families Bill;

Duty to provide an internet service that protects children

(1) Internet service providers must provide to subscribers an internet access service which excludes adult content unless all the conditions of subsection (3) have been fulfilled.

(2) Where mobile telephone operators provide a telephone service to subscribers which includes an internet access service, they must ensure this service excludes adult content unless all the conditions of subsection (3) have been fulfilled.

(3) The conditions are–
(a) the subscriber “opts-in” to subscribe to a service that includes adult content;
(b) the subscriber is aged 18 or over; and
(c) the provider of the service has an age verification policy which meets the standards set out by OFCOM in subsection (4) and which has been used to confirm that the subscriber is aged 18 or over before a user is able to access adult content.

(4) It shall be the duty of OFCOM to set, and from time to time to review and revise, standards for the–
(a) filtering of adult content in line with the standards set out in section 319 of the Communications Act 2003; and
(b) age verification policies to be used under subsection (3) before a user is able to access adult content.

(5) The standards set out by OFCOM under subsection (4) must be contained in one or more codes.

(6) It shall be the duty of OFCOM to establish procedures for the handling and resolution of complaints in a timely manner about the observance of standards set under subsection (4).

(7) In this section, internet service providers and mobile telephone operators shall at all times be held harmless of any claims or proceedings, whether civil or criminal, providing that at the relevant time, the internet access provider or the mobile telephone operator–
(a) was following the standards and code set out by OFCOM in subsection (4); and
(b) acting in good faith.

(8) In this section–

“adult content” means material which might seriously impair the physical, mental or moral development of persons under the age of eighteen;

“opts-in” means a subscriber notifies the service provider of his or her consent to subscribe to a service that includes adult content.”

BARONESS HOWE OF IDLICOTE

You can read the full list of amendments here.

jquery

Sky Overblocks and takes out JQuery

ThinkBroadband (amongst others) has reported that Sky has yet again overblocked a website.

This time it was code.jquery.com which a lot of other websites rely on to serve the well know Javascript frameworks core files from.

Things like this are bound to happen, were predicted to happen and will continue to happen, causing untold damage to businesses and people.

JQuery was temporary blocked this morning having been misclassified. Our review process kicked in shortly afterwards and the site was unblocked just over an hour later.Sky

burning-book

From Mary Whitehouse to Book Burning in just one Year

A year ago today The Spectator ran an article in which Claire Perry said, in reference to online filters, that 

I’m in no way the Mary Whitehouse of thisClaire Perry

Well a year later and people are not only referring to her as that but putting her in the same category as the Stasi and book burners;


 

At one point the plan was for a filter that checks the age of the child browsing, rather than her original call for all users to opt-in to accessing adult content on their computer, which a government consultation rejected. Somehow, 12 months later, we have exactly that.

Despite criticism from the ISPs, celebrity advisors and the Internet at large Claire Perry is proud that the government is pushing ahead with these plans.

Regardless of what people tweet, history will look back at sources such as the BBC and Wikipedia where her name sits side by side with the words Internet Censorship.

Claire Perry, you’ve made the world slightly worse.

nouveau-logo-league-of-legends

League of Legends patches intercepted by DPI / URL Filters

LazyGamer.net has reported that patches being rolled out for League Of Legends has been blocked due to incidental filenames.

If your patcher logs show many lines like this:

RADS::Common::HTTPConnection::GetFile: File not found

And that happens with files with a name similar to this:

VarusExpirationTimer.luaobj

XerathMageChainsExtended.luaobj

The cause is that your provider is blocking any URLs that contain any pornographic content. Apparently that includes cases like this. An other cause are Router protection settings, which may also block the word sex.

If you are experiencing this problem, you can try to get the whole LoL folder zipped from a friend every time you patch, or just call your ISP to lift the blockade.

Edit: This should only happen to people who switch or signup with new ISPs after a certain date (I’m assuming 1st Jan). The filter won’t be on by default to any existing customers, at least it won’t on BT, so most people will be unaffected. If the filter is on, all it takes is a call to your ISP and it’s off. (thanks to /u/mejti )

Edit2: Read this: http://www.huffingtonpost.com/2013/07/29/uk-internet-filter-block-more-than-porn_n_3670771.htmlhttp://www.reddit.com/user/LoLBoompje

What is obviously quite scary about this revelation is that it means that this might not just be a simple URL or DNS based block but could be indicative of the far more intrusive Deep Packet Inspection technology rolled out by China and TalkTalk.

It’s not a long shot to fear that games will start breaking or gamers will get accused of cheating by software such as Steams VAC if ISPs start blocking data (e.g. chat messages or server instructions) that contain naughty words.

Lord-Clement-Jones-_244642k

Lord asks “Shouldn’t Filters (that don’t work) be compulsory?”

On the same day that the BBC reports that “Children can turn off Net Filters” a LibDem Lord has asked whether the choice of filtering should be taken out of parents (read everyone’s) hands and be made compulsory

I also welcome the recognition by the Prime Minister and the Secretary of State for Culture, Media and Sport of the need for adequate filtering to protect young people from online abuse. However, as was discussed in this House only recently with the Online Safety Bill of the noble Baroness, Lady Howe, should we not be making filtering compulsory? Is it enough simply to leave it up to parents to make the choice about appropriate safety features?Lord Clement-Jones

Within weeks of the filters that everyone predicted would herald a slippery slope to mandatory filtering with ever encroaching levels of censorship going online we’ve already started to slide.

Now more than ever you need to start teaching your friends and family how to survive the Claire Perry Internet.

Phorm_282

Are BT & Sky Adopting Filters to Reboot Phorm?

Several years ago the UK Internet was tied up in an opt-in / opt-out battle about ISP proxies tracking your movements on-line to monetize advertising.

Now we have a new opt-in/opt-out battle but this time it is about ISP proxies tracking your movements on-line to prevent you seeing things you’re not allowed to see.

Could it be that the reasons the big ISPs rolled over so easily and implemented filters is that it provides them with a treasure trove of information about your browsing habits?

Notice how Phorm sit’s within the ISP network, masquerades as target domains and presents different content.
phorm

ISP filtering does similar things, they either spoof DNS responses to force you to goto their static block page or they manipulate routing within their network to route traffic destined for a remote host to a host within their network.

Technically there is nothing stopping them from doing other things with your traffic at this point. Are we to believe that having already silently tested Phorm on unsuspecting customers are they not capable of using this new found, Government instigated power to make some more money at the cost of your freedom and privacy?

Learning how to avoid Filters using tactics such as SSH Tunnels will render their filtering and monitoring moot.

Fight back.

image002

More smackdowns for the UK Police / Government

TechDirt have reported that EasyDNS have been victorious in their pursuit of due process when it comes to seizure of Domains by the City of London Police.

As you may be aware, the City of London Police’s new intellectual property crime unit took it upon themselves to seize domains they believed were involved in copyright infringement and some registrars co-operated without even asking for a warrant or court order.

Thankfully EasyDNS had this to say;

Who decides what is illegal? What makes somebody a criminal?  Given that the subtext of the request contains a threat to refer the matter to ICANN if we don’t play along, this is a non-trivial question. Correct me if I’m wrong, but I always thought it was something that gets decided in a court of law, as opposed to “some guy on the internet” sending emails. While that’s plenty reason enough for some registrars to take down domain names, it doesn’t fly here.

We have an obligation to our customers and we are bound by our Registrar Accreditation Agreements not to make arbitrary changes to our customers settings without a valid FOA (Form of Authorization). To supersede that we need a legal basis. To get a legal basis something has to happen in court.

The request also suggests we look at the whois contact information for the domain (which looks perfectly valid) and go ahead and suspend the domain based on invalid whois data. Again, there’s a process for that, you have to go through the ICANN Whois Inaccuracy Complaint process and most of the time that doesn’t result in a takedown anyway.

What gets me about all of this is that the largest, most egregious perpetrators of online criminal activity right now are our own governments, spying on their own citizens, illegally wiretapping our own private communications and nobody cares, nobody will answer for it, it’s just an out-of-scope conversation that is expected to blend into the overall background malaise of our ever increasing serfdom.

If I can’t make various governments and law enforcement agencies get warrants or court orders before they crack my private communications then I can at least  require a court order before I takedown my own customer.EasyDNS

Sounds interestingly similar to Andrews & Arnold’s reasons as to why they don’t like blocks doesn’t it?

Backlash’s Moral Panic Film Club

Backlash’s Moral Panic Film Club

The guys and gals over at Backlash are holding a fundraiser to ensure they can continue to provide legal advice and specialist solicitors to the people that are turning to them for help.

Backlash is an umbrella organisation providing academic, legal and campaigning resources defending freedom of sexual expression. We support the rights of adults to participate in all consensual sexual activities and to watch, read and create any fictional interpretation of such in any mediaFrom the Backlash Website

The evening will consist of film, talks and round table discussions by specialists including our solicitors, external campaigners and academics, then music and drinks until closing time!

Click the link above or here to visit their website for more details.

Whilst not directly linked to the technical issues of ISP Filtering they are certainly caught up in the morale furore that MPs & the media keep inciting around sex, sexuality and the Internet.

gandi

The Possibility of a Legislative ban on Internet Filtering!

Oliver Wright at the Independent has just broken the news that Liberal Democrat President Tim Farron is going to propose legislation that enshrines the “digital rights of the citizen” which would include stopping “any requirement for opt-ins, opt-outs, filters, lists or controls on legal material”.

DigitalRightsOfTheCitizen.co.uk has been registered and we’re about to start a campaign to get people to write to their MP to help define the Digital Rights we as citizens deserve.

In the meantime give Mr Farron a shout on Twitter to say thank you!

digital_ocean

Building a SOCKS5 Proxy with a Digital Ocean Server to Bypass UK Internet Filters

This article is for use on a Linux/Mac computer (desktop / laptop etc). A Windows guide will be available at a later date.

If you don’t currently run Linux on your desktop I would strongly suggest it. Try Fedora or Ubuntu. If you don’t want to run Linux permanently but do want to try this method then a Live Boot CD of Fedora or Ubuntu (or any other Linux OS of your choice)  would be an ideal method.

Servers in datacenters are extremely unlikely to experience filtering so by tunnelling your connection through to a server you can browse the Internet without worrying if your connection is being restricted or surveilled.

IMAGE

Signing up with Digital Ocean

Navigate to www.DigitalOcean.com and click the Signup button at the top of the page. Enter an email address and a password. You may want to use an anonymous email provider such as Hushmail.com to protect your privacy and a strong password you’ve not used anywhere else. Important: The email address must be real as your server password will be emailed to you.

signupOnce logged in you’ll have access to the initial control panel;logged_in

Click get started which will take you to the billing page, you can either use a credit card (you may want to use an anonymous Visa / Mastercard, search online for keywords such as prepaid, anonymous etc) or PayPal.

Once your payment is processed and cleared (check billing for tracking your pre-paid balance if using PayPal) or refresh the droplets page to see the below;paid

Click Create Droplet!

Choose a friendly name for the server (aka Droplet), this name is not important feel free to use how-to.survivetheclaireperryinter.net if you want to. Leave the Size option alone (or if a larger size is selected change to to 512Mb/20Gb/1Tb as this is only $5 / £3 a month). For lower latency and a reduced chance of NSA eavesdropping choose an Amsterdam datacenter (not necessary but recommended).details1

Scroll down for more settings. For the purposes of this tutorial choose CentOS and then the latest CentOS version (currently 6.4) then click Create Dropletdetails2

After a few seconds of watching the following screen your server will be created and you should have received an email with your root password.building

Behold your new server, make note of the IP address at the top near the word active. In this case the IP address is 95.85.54.190completeCheck your inbox and you should have an email with the IP address, the user name (root) and your password. It’s very important you don’t write a blog post and publish your username and password because bad things will happen to your serveremail

 

Now we’re ready to create a proxy.

Testing the Proxy / Tunnel

Assuming you are logged into your Linux computer load up a terminal.terminal_1Type the following;

ssh -D 8080 [email protected]

Replace the IP address with your own. You’ll be informed that the authenticity of the host can’t be established which is true because you don’t know what the RSA key fingerprint is. You can choose to accept it and continue or be paranoid and bail. If you chose to continue you will be prompted for you password that was sent by email.terminal_2

Load up another terminal (or a tab) and type the following;

curl --socks5-hostname 127.0.0.1:8080 http://wtfismyip.com/json

You should see the following output indicating that your ISP is Digital Ocean.terminal_3

 

You could immediately configure your browser etc to use these settings but you should try and be a bit more thorough.

Configuring the Proxy / Tunnel for long term use

Exit all of the terminals opened in the previous step which will close all tunnels and SSH sessions and we’ll get started on making this a little more secure.

First things first is to change the root password from the one that was emailed to you. Load up a terminal and ssh in;

ssh [email protected]

Once logged in change the password with the passwd command. Ensure you use a different password to anything else you have.terminal_4The root user is the most powerful user on a Linux server and can delete anything and everything so you really don’t want to be using it for everyday tasks. For creating the tunnel we want to use a non-privileged user. To do this simply type the following (feel free to replace the name tunnel with your name or anything, it’s just a username and isn’t important);

useradd tunnel

Now change the password for this user by passing the username to the passwd command used earlier, make sure you use a strong password and one that isn’t that same as any of your others;

passwd tunnel

terminal_5

Load up a new tab on your local machine and try logging in as your new user;

ssh [email protected]

terminal_6

 

You’re now ready to setup a tunnel/SOCKS proxy you can use with your browser.

Exit all your terminals again and this time issue the command;

ssh -D 8080 [email protected]

In a new terminal check that the proxy is working by issuing the CURL command again;

curl --socks5-hostname 127.0.0.1:8080 http://wtfismyip.com/json

For this example I’m going to use Firefox but feel free to try it out with others. In the address bar type about:config, you’ll be presented with the following screen;

firefox_dragons

 

Assuming you are going to be careful click the button.

In the Search bar at the top type proxy, then look for the strings network.proxy.socks and network.proxy.socks_port, type in the values from the command above (127.0.0.1 and 8080). If your ISP filters DNS then you may want to toggle network.proxy.socks_remote_dns too (don’t forget to change your name servers!).

Finally change network.proxy.type to 1.

firefox_about_configTo test, simply load up a new Firefox tab and attempt to access a blocked page.

So there you have it, an easy way to get past any Web filtering and as an added bonus since your traffic is encrypted between your computer and your server in Amsterdam neither your ISP nor the UK Government can monitor it.

Traffic egressing the server can still be tracked and recorded. With the right combination of warrants and traffic capture at the Digital Ocean datacenter coupled with your home ISP logs illegal activity can still be traced back to you! Only use this to method to bypass filters,

Upcoming articles include creating a dedicated Raspberry PI proxy for use with multiple devices (phones, tablets, Windows PCs etc) and setup guides for other server providers. Make sure you follow @STCPI on Twitter for updates!