Defeating DNS Based Filtering (Sky, BT etc) with DNSCrypt

13. Sep. 2014
/
Censorship Evasion Filter bypass Filter Evasion Technical Implementation
/
No Comments

Several of the “Big Five” ISPs utilise a form of filtering that intercepts DNS requests and spoof replies for sites that are on the block list, in certain cases if you are able to resolve the IP address out-of-band (e.g. a hosts file) then you can browse uninterrupted.

We already know that most ISP implementations of filtering cannot intercept and block SSL protected HTTP traffic and in the same way DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.

It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between people and our OpenDNS’ servers.

The DNSCrypt code base is open source and it’s available on GitHub.

Download for Mac
Download for Windows
Linux can be installed via your favourite package manager

Once installed just set your DNS server to be 127.0.0.2 and you should be set to go.

If you have any issues or need more help with installation check out; http://dnscrypt.org/

More Laws Proposed To Enforce Censorship – Now At A Device Level

12. Sep. 2014
/
Censorship Reporting
/
No Comments

Earlier in the year we saw Internet censorship try and creep in through the Children and Families Bill and now our MPs are at it again.

Geraint Davies MP has proposed a bill that whilst sounding noble on the surface (the prevention of revenge porn in essence) also includes a requirement that manufacturers add a magic “no porn” feature to any new Internet capable device.

The bill isn’t currently available to read but is likely to be published closer to the 2nd reading date which is set for the 7th of November, in the mean time you can check its progress here.

The record of the first reading has been published on Hansard.

Mr Davies was supported by Jessica Morden, Mrs Siân C. James, Chris Evans, Mr Mark Williams and Nia Griffith but no other information appears to be available at the moment.

The Bills website encourages you to contact Geraint Davies directly to discuss the bill, I would encourage everyone to contact both him and your local MP.

Make no mistake, we let CleanFeed take control of the Internet for noble reasons and now it strangles access to anything the Government or lawyers deem unfit for you.

Your hardware should be as free (as in speech) as your software;

The freedom to run the program (use the hardware) as you wish, for any purpose (freedom 0).
The freedom to study how the program (hardware) works, and change it so it does your computing as you wish (freedom 1). Access to the source code (schematics) is a precondition for this.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

Be wary of the fact that this is included in a bill designed to protect people and children so making any arguments against individual clauses may be perceived as an attack on the bill itself.

During a discussion about a different bill Geraint Davies said this;

I welcome the measure, but the question is whether it goes far enough. The average age at which children now have access to pornography is 11 years old, because smartphones, which parents normally buy, are not sold with a default position of non-porn. What does the Minister think about the proposition of making that the default? I will be introducing it as a Bill next Monday. The National Society for the Prevention of Cruelty to Children has found that one in two boys and one in three girls believe that there are circumstances in which forced sex is acceptable. Again, that is the result of the epidemic of violent and explicit sex, which children are viewing in classrooms on phones. Does the measure go far enough?

Even in video gaming, the most successful video game of all time—“Grand Theft Auto”, which was made in Scotland—has, apart from the violence one would expect, point-scoring for a player murdering prostitutes having had sex with them. Evidence increasingly suggests that such things incite violence, particularly towards women. Given that we have legislation against inciting racial hatred, should we consider having legislation against inciting hatred and violence against women in particular? Although the regulations take one step forward, the challenges facing us are racing ahead at a much faster pace. We are plodding behind, and we need to take some tough action if we are going to turn the corner. The regulations are not tough enough.
Geraint Davies (Swansea West)

He went on propsoing that current safeguards are not adequate and that the Government should entertain fining manufacturers;

It is very generous of the Minister to give way again. He is asserting that selling devices with a default position of no access to pornography is already happening. My understanding is that it is not. If he thinks it is happening, will he consider possible legislation whereby if mobile phones, computers and other devices that have access to the internet are not sold in a default position without that access—that is, if the user has to switch it on or contact the supplier—we could fine the manufacturers?
Geraint Davies (Swansea West)

I will leave you with a quote;

There will come a time when it isn’t ‘They’re spying on me through my phone’ anymore.
Eventually, it will be ‘My phone is spying on me’
Philip K. Dick

The Laws PIPCU used to intimidate Immunicity

10. Sep. 2014
/
Censorship Reporting Filter bypass Guest Post
/
No Comments

Following the announcement of the City of London Police’s arrest of the operator of Immunicity.co.uk I issued a Freedom of Information request to ascertain which laws were used.

Yesterday I received a reply;

Classification: NOT PROTECTIVELY MARKED

Dear Mr Llewellyn,

REQUEST FOR INFORMATION REF: COL/14/672

I write in connection with your request for information dated 21 August 2014 in which you seek access to the following information:

I’d like to know what specific laws were broken by the person who was running immunicity.org and what powers the City of London Police used to arrest the person in question.

Running an “umbrella” website, running a Tor relay or just generally maintaining a Cisco router that routes packets is not a crime so I’m at a loss as to what grounds the City of London Police had.

The male was arrested on suspicion of committing the following offences;

Intentionally encouraging or assisting an offence contrary to section 44 of the Serious Crime Act 2007

Possession of Articles for Use in Fraud contrary to section 6 of the Fraud Act 2006

Making or Supplying Articles for use in Frauds contrary to section 7 of the Fraud Act 2006

Money Laundering contrary to section 327 & 329 Proceeds of Crime Act 2002.

Should you have any further questions regarding your request, please contact me via e-mail, letter or telephone, quoting the reference number above.

Yours sincerely

Katy Grunblat

Senior Information Access Officer
Intelligence and Information Directorate
City of London Police | 182 Bishopsgate | London EC2M 4NP
T: +44 20 7601 2287| F: +44 20 7601 2088
Email: Kathryn.Grunblat@city-of-london.pnn.police.uk

Katy Grunblat – Senior Information Access Officer

The laws in question can be found on legislation.gov.uk but are copied below for convenience;

Serious Crime Act 2007

44 Intentionally encouraging or assisting an offence

(1) A person commits an offence if—

(a) he does an act capable of encouraging or assisting the commission of an offence; and

(b) he intends to encourage or assist its commission.

(2) But he is not to be taken to have intended to encourage or assist the commission of an offence merely because such encouragement or assistance was a foreseeable consequence of his act.

Fraud Act 2006

7 Making or supplying articles for use in frauds

(1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article—

(a) knowing that it is designed or adapted for use in the course of or in connection with fraud, or

(b) intending it to be used to commit, or assist in the commission of, fraud.

(2) A person guilty of an offence under this section is liable—

(a) on summary conviction, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum (or to both);

(b) on conviction on indictment, to imprisonment for a term not exceeding 10 years or to a fine (or to both).

(3) Subsection (2)(a) applies in relation to Northern Ireland as if the reference to 12 months were a reference to 6 months.

6 Possession etc. of articles for use in frauds

(1) A person is guilty of an offence if he has in his possession or under his control any article for use in the course of or in connection with any fraud.

(2) A person guilty of an offence under this section is liable—

(a) on summary conviction, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum (or to both);

(b) on conviction on indictment, to imprisonment for a term not exceeding 5 years or to a fine (or to both).

(3) Subsection (2)(a) applies in relation to Northern Ireland as if the reference to 12 months were a reference to 6 months.

Proceeds of Crime Act

327 Concealing etc

(1) A person commits an offence if he—

(a) conceals criminal property;

(b) disguises criminal property;

(d) transfers criminal property;

(e) removes criminal property from England and Wales or from Scotland or from Northern Ireland.

(2) But a person does not commit such an offence if—

(a) he makes an authorised disclosure under section 338 and (if the disclosure is made before he does the act mentioned in subsection (1)) he has the appropriate consent;

(b) he intended to make such a disclosure but had a reasonable excuse for not doing so;

(c) the act he does is done in carrying out a function he has relating to the enforcement of any provision of this Act or of any other enactment relating to criminal conduct or benefit from criminal conduct.

(3) Concealing or disguising criminal property includes concealing or disguising its nature, source, location, disposition, movement or ownership or any rights with respect to it.

329 Acquisition, use and possession

(1) A person commits an offence if he—

(a) acquires criminal property;

(b) uses criminal property;

(2) But a person does not commit such an offence if—

(a) he makes an authorised disclosure under section 338 and (if the disclosure is made before he does the act mentioned in subsection (1)) he has the appropriate consent;

(b) he intended to make such a disclosure but had a reasonable excuse for not doing so;

(d) the act he does is done in carrying out a function he has relating to the enforcement of any provision of this Act or of any other enactment relating to criminal conduct or benefit from criminal conduct.

(3) For the purposes of this section—

(a) a person acquires property for inadequate consideration if the value of the consideration is significantly less than the value of the property;

(b) a person uses or has possession of property for inadequate consideration if the value of the consideration is significantly less than the value of the use or possession;

(c) the provision by a person of goods or services which he knows or suspects may help another to carry out criminal conduct is not consideration.

I’m not a lawyer but let’s try and break these down.

Intentionally encouraging or assisting an offence

Whilst the PAC file explicitly listed websites that have been found to facilitate the infringement of copyright looking through the Archive.org backup of immunicity.org doesn’t explicitly encourage people to pirate material.

The PAC does however assist in the infringement but simply providing access to a website doesn’t mean that a person will then go on to commit a crime so paragraph 2 may come into play.

Possession of Articles for Use in Fraud and Making or Supplying Articles for use in Frauds

Unless routing packets is in and of itself considered a connection to or commission of fraud I can’t see how the City of London Police have applied this to running a Proxy.

I would expect however that this could be related to the request for Bitcoin donations or something that the operator was doing unrelated to immunicity.org itself.

Money Laundering

This is most likely related to Bitcoin or something that the operator was doing unrelated to immunicity.org itself.

So, assuming that only the inchoate offence of encouraging or assisting an offence was related to the actual operation of a proxy we need to consult section 50 of the Serious Crime Act 2007 for the defences;

50 Defence of acting reasonably

(1) A person is not guilty of an offence under this Part if he proves—

(a) that he knew certain circumstances existed; and

(b) that it was reasonable for him to act as he did in those circumstances.

(2) A person is not guilty of an offence under this Part if he proves—

(a) that he believed certain circumstances to exist;

(b) that his belief was reasonable; and

(3) Factors to be considered in determining whether it was reasonable for a person to act as he did include—

(a) the seriousness of the anticipated offence (or, in the case of an offence under section 46, the offences specified in the indictment);

(b) any purpose for which he claims to have been acting;

In light of the defence of acting reasonably in the knowledge of the circumstances that the current state of Internet filtering being that there are competing ISPs who do not filter coupled with the fact that the honourable Justice Arnold only ordered Sky, BT, TalkTalk et al to block or at least impede access to certain sites but has not made accessing (or providing access) to those sites a crime I have rewritten RoutingPacketsIsNotACrime.uk to be a general purpose selective routing PAC platform for UK users on filtered Internet connections.

Building a PIPCU Resistant Immunicity Style Proxy Using Tor

23. Aug. 2014
/
Censorship Evasion Censorship Reporting Filter bypass Filter Evasion Technical Implementation
/
No Comments

- A Little History

- How a PAC Proxy Works

- Using the Tor PAC Proxy

- Creating Your Local Tor Proxy

- Some Final Thoughts

A Little History

In June 2004 BT took the step of putting technical measures in place that allowed them to censor the Internet.

At the time there was muffled dissent at the idea of creating and deploying such technology but those voices were silenced by accusations that opposition to CleanFeed was to support the abuse of children.

We warned that this was the start of a slippery slope.

In 2011 the MPA took BT to court in an attempt to block Newzbin, when the Honourable Justice Arnold understood that BT already had an Internet censorship system in place he ordered it to be used to block Newzbin

In respect of its customers to whose internet service the system known as Cleanfeed is applied whether optionally or otherwise, [BT] shall within 14 days adopt the following technical means to block or attempt to block access by its customers to the website known as Newzbin2 currently accessible at www.newzbin.com, its domains and sub-domains and including payments.newzbin.com and any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin2 websiteHon Justice Arnold

On the back of the Newzbin success various other private entities took to the High Court to chase more ISPs and in February 2012 the Honourable Justice Arnold ruled

… that both users and the operators of TPB infringe the copyrights of the Claimants (and those they represent) in the UK.Hon Justice Arnold

The result of this ruling was that BT, TalkTalk, Sky and others were required to take measures to block or at least impede access by their customers to a peer-to-peer (“P2P”) file-sharing website called The Pirate Bay (“TPB”).

At the time the OpenRightsGroup issued the following statement;

Blocking the Pirate Bay is pointless and dangerous. It will fuel calls for further, wider and even more drastic calls for internet censorship of many kinds, from pornography to extremism.Jim Killock, Executive Director of the Open Rights Group

So here we are in 2014, a decade after we originally predicted the slippery slope of Internet censorship and we have Court ordered censorship at the behest of foreign private entities, secret URL blocklists courtesy of the IWF, varying levels of Internet Filtering in homes, Internet filtering in coffee shops etc and now the City of London Police appear to be using organised Crime Legislation to intimidate and shut down proxies.

How a PAC Proxy Works

The PAC (Proxy auto-config) file format was originally designed by Netscape in 1996 for the Netscape Navigator 2.0 and is a text file that defines which URLs are to be routed over a proxy and optionally which proxy to use on a per URL basis.

A very basic PAC file could look like this;

function FindProxyForURL(url, host) 
{    
    var list = new Array("wtfismyip.com","www.ipchicken.com");
    for(var i=0; i < list .length; i++)
    {
        if (shExpMatch(host, list[i]))
        {
           return "SOCKS socks.survivetheclaireperryinter.net:9050";
        }
    }
    return "DIRECT";
}

This PAC file defines two URLs (wtfismyip.com and www.ipchicken.com) and tells the browser that these URLs should be routed via the SOCKS proxy socks.survivetheclaireperryinter.net using port 9050. Any other URLs are routed directly (as in not using a proxy).

The Tor Project is one of the most powerful tools we have against Internet censorship and one of the features of a Tor relay is the ability to be used as a SOCKS proxy.

There are lots of Tor relays on the Internet that are configured not only as Bridges, pluggable transports, Exits & relays but also as SOCKS servers. We will create a Tor relay to be coupled with a PAC file to selectively route certain URLs over The Onion Routing network to bypass censorship.

Using the Tor PAC Proxy

To test a Tor powered PAC proxy simply set your Browser Proxy settings to; https://RoutingPacketsIsNotACrime.uk/pac.config?id=piratebay this will allow you to browse to thepiratebay.se via a Tor proxy in Russia.

To create your own list of URLs to route via your Tor proxy start by navigating to https://RoutingPacketsIsNotACrime.uk and identify which URLs you would like to route.

Note that the only URL selected by default is wtfismyip.com. To re-iterate, this is a technical demonstration of Censorship evasion and bypassing censorship is NOT illegal.

Add all of your URLs separated by a comma e.g. “google.com, yahoo.com, bing.com” then click “Save PAC File”.

Make note of your unique PAC file URL e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890

Configure your browser to use your unique PAC file

Configure Internet Explorer

Go to Start then Control Panel. (Windows 8 users hover your mouse to the bottom right, click Settings, then click Control Panel)
Find Internet Options (sometimes under Network and Internet), then go to the Connections tab.
At the bottom, click the LAN settings button.
A new dialog will appear. Tick the box that says Use automatic configuration script.
In the address field, paste in your unique PAC file ID e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890
Press OK, then OK on the Internet Options dialog.

Configure Mozilla Firefox

In Mozilla Firefox, go to Options. In Windows, click the Firefox button then choose Options, or go to Tools, then Options. In Mac OS X, go to Firefox, then Preferences. In Linux, go to Tools, Options.
Go to the Advanced tab, then go to the Network tab.
Click Settings next to Configure how Firefox connects to the Internet.
Select Automatic proxy configuration URL.
In the text field, paste in your unique PAC file ID e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890
Press OK, then OK on the Options dialog.

Configure Google Chrome

In Google Chrome, click the menu button to the right of the URL bar, and choose Settings.
At the bottom, click the Show advanced settings
Under Network, click Change proxy settings.
1. On Windows, at the bottom click the LAN settings button. A new dialog will appear. Tick the box that says Use automatic configuration script.
2. On Mac OS X, tick Automatic Proxy Configuration.
3. On Linux, click Network proxy, select Automatic from the Method drop down menu.
In the address field, paste in your unique PAC file ID e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890
Close the dialogs to save the settings. On Mac OS X, press Apply first.

You’ll note that the PAC file specifies the proxy as localhost:9050, trying to visit the URLs in question won’t work until we setup the local Tor relay.

Creating Your Local Tor Proxy

If you want to help the Tor network grow and create your own proxy to use with the RoutingPacketsIsNotACrime PAC files then these instructions should get you started.

If you don’t already have a dedicated server consider visiting DigitalOcean, Amazon EC2 or for some really good deals check LowEndBox.com.

For various reasons I would suggest hosting the server outside of the UK but that is a choice for you to make.

CentOS 6

Install EPEL

wget http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install epel-release-6-8.noarch.rpm

Edit iptables

vim /etc/sysconfig/iptables

Allow the ORPort and the proxy port (in this case 9001 and 9150)

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9150 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Save and quit

/etc/init.d/iptables restart

If your server has IPv6 then make similar changes to ip6tables

Editing torrc

vim /etc/tor/torrc

A minimal torrc for use with a PAC file style proxy would look similar to the below (although you should read all the options to understand what you are doing);

SocksPort xx.xx.xx.xx:9150
ORPort 9001
Nickname TheNameOfYourRelay
ContactInfo YourContactDetails
ExitPolicy reject *:*

xx.xx.xx.xx should be a routeable IP (e.g. not 127.0.0.1) of your server, if you want to keep your relay server partially private you might want to add PublishServerDescriptor 0 to your config too.

There is no security here, if someone port scanned your server then they would see that it is an open proxy and could use it to do nasty things that people will blame you for!
If your Tor relay is on a public IP (e.g. not 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16) then you may want to restrict the IPTables allow rule to only allow your source IP addresses

Start Tor & Confirm it is working

/etc/init.d/tor start
tail -f /var/log/messages

You should see something along the lines of;

socks Tor[31452]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
socks Tor[31452]: Bootstrapped 85%: Finishing handshake with first hop.
socks Tor[31452]: Bootstrapped 90%: Establishing a Tor circuit.
socks Tor[31452]: Tor has successfully opened a circuit. Looks like client functionality is working.
socks Tor[31452]: Bootstrapped 100%: Done.
socks Tor[31452]: Performing bandwidth self-test...done.

Done!

Assuming you have chosen the URLs you wanted in the previous section (Using the Tor PAC Proxy) you can now browse to the URLs that were previously censored as they are now being routed over Tor. Any non-restricted URLs will route over your normal Internet connection.

Windows

Follow our tutorial on Securely Installing Tor on Windows to get the full Tor Browser bundle up and running.

Once installed and started Tor will be running on localhost:9150 (do not close the Tor Browser as this will also close the relay)

Done!

Some Final Thoughts (and quotes)

Internet Censorship is abhorrent, we shouldn’t stand by and let the Government, Police or lawyers dictate what we can read. The slippery slope is getting steeper every day so we all need to help stop it.

When bad men combine, the good must associate; else they will fall, one by one, an unpitied sacrifice in a contemptible struggle.Edmund Burke

I always wondered why somebody doesn’t do something about that. Then I realized I was somebody.Lily Tomlin

Withholding information is the essence of tyranny. Control of the flow of information is the tool of the dictatorship.Bruce Coville

Who is more to be pitied, a writer bound and gagged by policemen or one living in perfect freedom who has nothing more to say?Kurt Vonnegut

Once a government is committed to the principle of silencing the voice of opposition, it has only one way to go, and that is down the path of increasingly repressive measures, until it becomes a source of terror to all its citizens and creates a country where everyone lives in fear.Harry S. Truman

Free societies…are societies in motion, and with motion comes tension, dissent, friction. Free people strike sparks, and those sparks are the best evidence of freedom’s existence.Salman Rushdie

All men dream: but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity: but the dreamers of the day are dangerous men, for they may act their dreams with open eyes, to make it possible.T.E. Lawrence

The City of London PIPCU attempts to Block Proxies (and fails)

The City of London Police Police Intellectual Property Crime Unit (PIPCU) arrested the operator of immunicity.org “on suspicion of running an ‘umbrella’ website providing access to other websites which have been subject to legal blocking orders.”

So some private entities sued some other private entities to prevent their customers from accessing certain websites. This, as far as I understand it, was a civil matter. How does the City of London Police gain the ability to arrest someone how was not party to either side of the civil matter.

An arrest is the act of depriving a person of his or her liberty usually in relation to the purported investigation or prevention of crime.Wikipedia

Routing packets is NOT A CRIME. What the fuck do they think they are up to?

@darkmobius suspected that the proxy server was providing access to sites subject to blocking orders for carrying illegal content.

— City Police PIPCU (@CityPolicePIPCU) August 8, 2014

Thankfully http://immunicity.co.uk/ and http://immun.es/ have already launched to help fill the space and more Tor Project relays are spinning up every day but let’s not stop there, if we don’t complain then they will continue to arrest and harass operators of these servers.

I would encourage people to complain to the City of London Police directly by tweeting at @CityPolice, by phone at 020 7601 2222, directly on their website with either this form (Public Complaints) or this form (Expression of Dissatisfaction) or by email; [email protected]

If you have time then also make a complaint to the Independent Police Complaints Commission by calling on 0300 020 0096 or via the website: http://www.ipcc.gov.uk/complaints (it probably wouldn’t hurt to tweet @IPCCNews as well).

As always check our Top Ways to Avoid Filters page for the latest information on the best way to avoid Internet filtering be it performed by the state, ISPs, special interest groups or because your current method was illegally shutdown by a police force overstepping the mark.

Update: September – Immunicity,co.uk has shutdown and immun.es is very unreliable.

Introducing the Department of Dirty

23. Jul. 2014
/
Censorship Reporting
/
No Comments

Open Rights Group Launches Blocked.org.uk to track UK Net Censorship & Is Immediately Censored

02. Jul. 2014
/
Censorship Reporting
/
No Comments

At midnight this morning (July 2nd 2014) the Open Rights Group (re)launched their Censorship Monitoring Project at https://www.blocked.org.uk.

Within hours it had hit the front pages of reddit, Hacker News and BoingBoing, it was also featured on the Telegraph and exploded on Twitter.

How did the ISPs respond to this new found exposure of their over-blocking?

By shooting the reporter of course; https://www.blocked.org.uk/results?url=http%3A%2F%2Fblocked.org.uk%2F

I’d say this behaviour is disgusting but when the Government creates the power to enforce who can see what is it any surprise that it gets abused?

Claire Perry – Ostrich or Hypocrite?

11. Jun. 2014
/
Overblocking
/
No Comments

Claire Perry recently attended an event about tackling domestic violence

So glad @claire4devizes could join us at our #Footballunited event this afternoon!

— Women's Aid (@womensaid) June 10, 2014

Despite numerous reports of Internet filters causing overblocking of domestic abuse help websites including a warning from Woman’s Aid Chief Executive Polly Neate;

Women’s Aid is warning that the new ‘porn filters’ used by most major internet service providers may be putting women experiencing domestic violence and others at risk.
It has been revealed that filters used by all four major providers are blocking access to lifesaving websites providing information on domestic violence and sexual health.
The charity is highlighting that it could be very dangerous for a woman experiencing domestic violence to ‘opt-in’ to domestic violence information sites, as her partner may check her computer and see she’s been accessing the information.Polly Neate Dec 2013

Claire Perry is insisting that such concerns and warnings are “peddling dangerous rubbish”

@NetworkString- as you know that is total fantasy but if it makes you happy to peddle that dangerous rubbish then hey, have a great day.

— Claire Perry (@claire4devizes) June 10, 2014

Is this MP simply sticking their head in the sand so as not to accept the damage they’ve caused or do they want to appear to be doing one thing regardless of what their actions actually cause?

How many children have been unable to reach the NSPCC or Childline website and how many woman have been unable to reach rape or domestic abuse help websites now that the filters are in place?

Bypassing EE’s Content Lock system without a credit card or identifying yourself

20. May. 2014
/
Censorship Evasion Filter bypass Overblocking
/
4 Comments

When you buy a service from EE it will be filtered at their moderate level by default, the other options are Strict and Off.
Strict is designed to be safe for children and Off is for Adults.

Of course even if you were to request that all filtering to be turned off it is still possible that you’ll fall foul of an incorrect IWF filter and be presented with the following page;

Putting the IWF and their secret blocklists aside there are many reasons you may not want to disclose information to EE or handover a credit card (you might not have one for instance) but still need to get past their filters that will block a female centric “adult” site that blogs about Censorship due to the content of the copy but will quite happily let you visit LiveLeak.com and watch people get killed.

The good news is that the EE Content Lock is quite easy to circumnavigate.

DNS Spoofing: No
MiTM SSL: No
Deep Packet Inspection: Yes
Destination IP Transit Interference: No
-
Unique Reason for Block: No
Categorised Block: No
Ability to report incorrect block: No

The goto advice is always to download Tor as it will not only bypass all filtering but it will also help mask those who need to use Tor to aid in protecting their privacy.

If you aren’t comfortable with installing software such as Tor then you could follow our guide on Creating a SOCKS5 Proxy which also works perfectly.

Finally the EE Content Lock system cannot MiTM SSL so even for blocked URLs such as http://reddit.com/r/nsfw (note that reddit.com isn’t blocked but /r/nsfw is!) can be accessed by using SSL.
Unfortunately reddit relies heavily on Akamai so the SSL certificate will be incorrect and you really shouldn’t get in the habit of accepting incorrect SSL.

Whilst this post proves it is trivial to bypass Government co-erced filtering it is likely that there will soon be a call to make filtering mandatory and criminalising attempts at bypassing them.

The best way to prevent this is to write to your MP and tell them that you don’t believe that any form of filtering has any place on the Internet.

More Overblocking for reasons of “Sexual Orientation” – This time at Costa Coffee

It didn’t take long for more high profile websites to get overblocked by overzealous filters.

PinkNews.co.uk reported today that it is blocked at Costa Coffee locations due to “Sexual Orientation”.

Yes, we’ve got to protect those kids from the childhood corrupting influence of Gay news.

But don’t worry, in the event that someone then planned on browsing to Stonewall to report what they may feel is an inappropriate block bordering on discrimination they’d find that Stonewall is blocked too.

Things are only going to get worse…

Previous Page 123 4 5 Next Page