adr

Increase the Cost of Filtering to ISPs by Raising ADR Complaints

OFCOM has a lot of rules for ISPs to follow and under General Condition 14 (GC14.5 – Dispute Resolution) – all ISPs in the United Kingdom are required to be members of an approved ADR scheme like CISAS or Ombudsman Services, which are designed to supplement (not replace) the ISPs own internal complaints procedures and are only used after a dispute has gone unresolved for 8 weeks (the “Deadlock Letter” stage).

The ADR process is a very useful tool for consumers, albeit an unpopular one among ISPs (i.e. they still have to pay up to around £350 +vat in fees to the ADR regardless of whether or not they win), but some smaller providers continue to flout the rules by wrongly assuming that they don’t have to offer an ADR or by failing to make customers aware that one is available.

The key here is that if one were to make a request to unblock a website and the ISP doesn’t co-operate then you can start the ADR process.

Upon being told that the ISP won’t unblock the website request a deadlock letter in accordance with the Alternative Dispute Resolution process.

At this point the ISP representative will probably try and convince you that you cannot make an ADR complaint about this as they are scared of costing the company ~£350. Insist on your deadlock

Imagine if everyone with a censored Internet connection raised an ADR complaint for every blocked website.

Choose.net has an excellent guide on how to go about raising an ADR.

thankyou_img

Building a PIPCU Resistant Immunicity Style Proxy Using Tor

A Little History

In June 2004 BT took the step of putting technical measures in place that allowed them to censor the Internet.

At the time there was muffled dissent at the idea of creating and deploying such technology but those voices were silenced by accusations that opposition to CleanFeed was to support the abuse of children.

We warned that this was the start of a slippery slope.

In 2011 the MPA took BT to court in an attempt to block Newzbin, when the Honourable Justice Arnold understood that BT already had an Internet censorship system in place he ordered it to be used to block Newzbin

In respect of its customers to whose internet service the system known as Cleanfeed is applied whether optionally or otherwise, [BT] shall within 14 days adopt the following technical means to block or attempt to block access by its customers to the website known as Newzbin2 currently accessible at www.newzbin.com, its domains and sub-domains and including payments.newzbin.com and any other IP address or URL whose sole or predominant purpose is to enable or facilitate access to the Newzbin2 websiteHon Justice Arnold

On the back of the Newzbin success various other private entities took to the High Court to chase more ISPs and in February 2012 the Honourable Justice Arnold ruled

… that both users and the operators of TPB infringe the copyrights of the Claimants (and those they represent) in the UK.Hon Justice Arnold

The result of this ruling was that BT, TalkTalk, Sky and others were required to take measures to block or at least impede access by their customers to a peer-to-peer (“P2P”) file-sharing website called The Pirate Bay (“TPB”).

At the time the OpenRightsGroup issued the following statement;

Blocking the Pirate Bay is pointless and dangerous. It will fuel calls for further, wider and even more drastic calls for internet censorship of many kinds, from pornography to extremism.Jim Killock, Executive Director of the Open Rights Group

So here we are in 2014, a decade after we originally predicted the slippery slope of Internet censorship and we have Court ordered censorship at the behest of foreign private entities, secret URL blocklists courtesy of the IWF, varying levels of Internet Filtering in homes, Internet filtering in coffee shops etc and now the City of London Police appear to be using organised Crime Legislation to intimidate and shut down proxies.

How a PAC Proxy Works

The PAC (Proxy auto-config) file format was originally designed by Netscape in 1996 for the Netscape Navigator 2.0 and is a text file that defines which URLs are to be routed over a proxy and optionally which proxy to use on a per URL basis.

A very basic PAC file could look like this;

function FindProxyForURL(url, host) 
{    
    var list = new Array("wtfismyip.com","www.ipchicken.com");
    for(var i=0; i < list .length; i++)
    {
        if (shExpMatch(host, list[i]))
        {
           return "SOCKS socks.survivetheclaireperryinter.net:9050";
        }
    }
    return "DIRECT";
}

This PAC file defines two URLs (wtfismyip.com and www.ipchicken.com) and tells the browser that these URLs should be routed via the SOCKS proxy socks.survivetheclaireperryinter.net using port 9050. Any other URLs are routed directly (as in not using a proxy).

The Tor Project is one of the most powerful tools we have against Internet censorship and one of the features of a Tor relay is the ability to be used as a SOCKS proxy.

There are lots of Tor relays on the Internet that are configured not only as Bridges, pluggable transports, Exits & relays but also as SOCKS servers. We will create a Tor relay to be coupled with a PAC file to selectively route certain URLs over The Onion Routing network to bypass censorship.

Using the Tor PAC Proxy

To test a Tor powered PAC proxy simply set your Browser Proxy settings to; https://RoutingPacketsIsNotACrime.uk/pac.config?id=piratebay this will allow you to browse to thepiratebay.se via a Tor proxy in Russia.

To create your own list of URLs to route via your Tor proxy start by navigating to https://RoutingPacketsIsNotACrime.uk and identify which URLs you would like to route.

Note that the only URL selected by default is wtfismyip.com. To re-iterate, this is a technical demonstration of Censorship evasion and bypassing censorship is NOT illegal.

Add all of your URLs separated by a comma e.g. “google.com, yahoo.com, bing.com” then click “Save PAC File”.

Make note of your unique PAC file URL e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890

Configure your browser to use your unique PAC file


Configure Internet Explorer

  1. Go to Start then Control Panel. (Windows 8 users hover your mouse to the bottom right, click Settings, then click Control Panel)
  2. Find Internet Options (sometimes under Network and Internet), then go to the Connections tab.
  3. At the bottom, click the LAN settings button.
  4. A new dialog will appear. Tick the box that says Use automatic configuration script.
  5. In the address field, paste in your unique PAC file ID e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890
  6. Press OK, then OK on the Internet Options dialog.

Configure Mozilla Firefox

  1. In Mozilla Firefox, go to Options. In Windows, click the Firefox button then choose Options, or go to Tools, then Options. In Mac OS X, go to Firefox, then Preferences. In Linux, go to Tools, Options.
  2. Go to the Advanced tab, then go to the Network tab.
  3. Click Settings next to Configure how Firefox connects to the Internet.
  4. Select Automatic proxy configuration URL.
  5. In the text field, paste in your unique PAC file ID e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890
  6. Press OK, then OK on the Options dialog.

Configure Google Chrome

  1. In Google Chrome, click the menu button to the right of the URL bar, and choose Settings.
  2. At the bottom, click the Show advanced settings
  3. Under Network, click Change proxy settings.
    1. On Windows, at the bottom click the LAN settings button. A new dialog will appear. Tick the box that says Use automatic configuration script.
    2. On Mac OS X, tick Automatic Proxy Configuration.
    3. On Linux, click Network proxy, select Automatic from the Method drop down menu.
  4. In the address field, paste in your unique PAC file ID e.g. https://RoutingPacketsIsNotACrime.uk/pac.config?id=ABCDEF1234567890
  5. Close the dialogs to save the settings. On Mac OS X, press Apply first.

You’ll note that the PAC file specifies the proxy as localhost:9050, trying to visit the URLs in question won’t work until we setup the local Tor relay.

Creating Your Local Tor Proxy

If you want to help the Tor network grow and create your own proxy to use with the RoutingPacketsIsNotACrime PAC files then these instructions should get you started.

If you don’t already have a dedicated server consider visiting DigitalOcean, Amazon EC2 or for some really good deals check LowEndBox.com.

For various reasons I would suggest hosting the server outside of the UK but that is a choice for you to make.

CentOS 6

Install EPEL

wget http://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install epel-release-6-8.noarch.rpm

Edit iptables

vim /etc/sysconfig/iptables

Allow the ORPort and the proxy port (in this case 9001 and 9150)

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9001 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9150 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Save and quit

/etc/init.d/iptables restart

If your server has IPv6 then make similar changes to ip6tables

Editing torrc

vim /etc/tor/torrc

A minimal torrc for use with a PAC file style proxy would look similar to the below (although you should read all the options to understand what you are doing);

SocksPort xx.xx.xx.xx:9150
ORPort 9001
Nickname TheNameOfYourRelay
ContactInfo YourContactDetails
ExitPolicy reject *:*

xx.xx.xx.xx should be a routeable IP (e.g. not 127.0.0.1) of your server, if you want to keep your relay server partially private you might want to add PublishServerDescriptor 0 to your config too.

There is no security here, if someone port scanned your server then they would see that it is an open proxy and could use it to do nasty things that people will blame you for!
If your Tor relay is on a public IP (e.g. not 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16) then you may want to restrict the IPTables allow rule to only allow your source IP addresses

Start Tor & Confirm it is working

/etc/init.d/tor start
tail -f /var/log/messages

You should see something along the lines of;

socks Tor[31452]: Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
socks Tor[31452]: Bootstrapped 85%: Finishing handshake with first hop.
socks Tor[31452]: Bootstrapped 90%: Establishing a Tor circuit.
socks Tor[31452]: Tor has successfully opened a circuit. Looks like client functionality is working.
socks Tor[31452]: Bootstrapped 100%: Done.
socks Tor[31452]: Performing bandwidth self-test...done.

Done!

Assuming you have chosen the URLs you wanted in the previous section (Using the Tor PAC Proxy) you can now browse to the URLs that were previously censored as they are now being routed over Tor. Any non-restricted URLs will route over your normal Internet connection.

Windows

Follow our tutorial on Securely Installing Tor on Windows to get the full Tor Browser bundle up and running.

Once installed and started Tor will be running on localhost:9150 (do not close the Tor Browser as this will also close the relay)

Done!

Assuming you have chosen the URLs you wanted in the previous section (Using the Tor PAC Proxy) you can now browse to the URLs that were previously censored as they are now being routed over Tor. Any non-restricted URLs will route over your normal Internet connection.

Some Final Thoughts (and quotes)

Internet Censorship is abhorrent, we shouldn’t stand by and let the Government, Police or lawyers dictate what we can read. The slippery slope is getting steeper every day so we all need to help stop it.

When bad men combine, the good must associate; else they will fall, one by one, an unpitied sacrifice in a contemptible struggle.Edmund Burke

I always wondered why somebody doesn’t do something about that. Then I realized I was somebody.Lily Tomlin

Withholding information is the essence of tyranny. Control of the flow of information is the tool of the dictatorship.Bruce Coville

Who is more to be pitied, a writer bound and gagged by policemen or one living in perfect freedom who has nothing more to say?Kurt Vonnegut

Once a government is committed to the principle of silencing the voice of opposition, it has only one way to go, and that is down the path of increasingly repressive measures, until it becomes a source of terror to all its citizens and creates a country where everyone lives in fear.Harry S. Truman

Free societies…are societies in motion, and with motion comes tension, dissent, friction. Free people strike sparks, and those sparks are the best evidence of freedom’s existence.Salman Rushdie

All men dream: but not equally. Those who dream by night in the dusty recesses of their minds wake in the day to find that it was vanity: but the dreamers of the day are dangerous men, for they may act their dreams with open eyes, to make it possible.T.E. Lawrence

jquery

Sky Overblocks and takes out JQuery

ThinkBroadband (amongst others) has reported that Sky has yet again overblocked a website.

This time it was code.jquery.com which a lot of other websites rely on to serve the well know Javascript frameworks core files from.

Things like this are bound to happen, were predicted to happen and will continue to happen, causing untold damage to businesses and people.

JQuery was temporary blocked this morning having been misclassified. Our review process kicked in shortly afterwards and the site was unblocked just over an hour later.Sky

Phorm_282

Are BT & Sky Adopting Filters to Reboot Phorm?

Several years ago the UK Internet was tied up in an opt-in / opt-out battle about ISP proxies tracking your movements on-line to monetize advertising.

Now we have a new opt-in/opt-out battle but this time it is about ISP proxies tracking your movements on-line to prevent you seeing things you’re not allowed to see.

Could it be that the reasons the big ISPs rolled over so easily and implemented filters is that it provides them with a treasure trove of information about your browsing habits?

Notice how Phorm sit’s within the ISP network, masquerades as target domains and presents different content.
phorm

ISP filtering does similar things, they either spoof DNS responses to force you to goto their static block page or they manipulate routing within their network to route traffic destined for a remote host to a host within their network.

Technically there is nothing stopping them from doing other things with your traffic at this point. Are we to believe that having already silently tested Phorm on unsuspecting customers are they not capable of using this new found, Government instigated power to make some more money at the cost of your freedom and privacy?

Learning how to avoid Filters using tactics such as SSH Tunnels will render their filtering and monitoring moot.

Fight back.

digital_ocean

Building a SOCKS5 Proxy with a Digital Ocean Server to Bypass UK Internet Filters

This article is for use on a Linux/Mac computer (desktop / laptop etc). A Windows guide will be available at a later date.

If you don’t currently run Linux on your desktop I would strongly suggest it. Try Fedora or Ubuntu. If you don’t want to run Linux permanently but do want to try this method then a Live Boot CD of Fedora or Ubuntu (or any other Linux OS of your choice)  would be an ideal method.

Servers in datacenters are extremely unlikely to experience filtering so by tunnelling your connection through to a server you can browse the Internet without worrying if your connection is being restricted or surveilled.

IMAGE

Signing up with Digital Ocean

Navigate to www.DigitalOcean.com and click the Signup button at the top of the page. Enter an email address and a password. You may want to use an anonymous email provider such as Hushmail.com to protect your privacy and a strong password you’ve not used anywhere else. Important: The email address must be real as your server password will be emailed to you.

signupOnce logged in you’ll have access to the initial control panel;logged_in

Click get started which will take you to the billing page, you can either use a credit card (you may want to use an anonymous Visa / Mastercard, search online for keywords such as prepaid, anonymous etc) or PayPal.

Once your payment is processed and cleared (check billing for tracking your pre-paid balance if using PayPal) or refresh the droplets page to see the below;paid

Click Create Droplet!

Choose a friendly name for the server (aka Droplet), this name is not important feel free to use how-to.survivetheclaireperryinter.net if you want to. Leave the Size option alone (or if a larger size is selected change to to 512Mb/20Gb/1Tb as this is only $5 / £3 a month). For lower latency and a reduced chance of NSA eavesdropping choose an Amsterdam datacenter (not necessary but recommended).details1

Scroll down for more settings. For the purposes of this tutorial choose CentOS and then the latest CentOS version (currently 6.4) then click Create Dropletdetails2

After a few seconds of watching the following screen your server will be created and you should have received an email with your root password.building

Behold your new server, make note of the IP address at the top near the word active. In this case the IP address is 95.85.54.190completeCheck your inbox and you should have an email with the IP address, the user name (root) and your password. It’s very important you don’t write a blog post and publish your username and password because bad things will happen to your serveremail

 

Now we’re ready to create a proxy.

Testing the Proxy / Tunnel

Assuming you are logged into your Linux computer load up a terminal.terminal_1Type the following;

ssh -D 8080 root@95.85.54.190

Replace the IP address with your own. You’ll be informed that the authenticity of the host can’t be established which is true because you don’t know what the RSA key fingerprint is. You can choose to accept it and continue or be paranoid and bail. If you chose to continue you will be prompted for you password that was sent by email.terminal_2

Load up another terminal (or a tab) and type the following;

curl --socks5-hostname 127.0.0.1:8080 http://wtfismyip.com/json

You should see the following output indicating that your ISP is Digital Ocean.terminal_3

 

You could immediately configure your browser etc to use these settings but you should try and be a bit more thorough.

Configuring the Proxy / Tunnel for long term use

Exit all of the terminals opened in the previous step which will close all tunnels and SSH sessions and we’ll get started on making this a little more secure.

First things first is to change the root password from the one that was emailed to you. Load up a terminal and ssh in;

ssh root@95.85.54.190

Once logged in change the password with the passwd command. Ensure you use a different password to anything else you have.terminal_4The root user is the most powerful user on a Linux server and can delete anything and everything so you really don’t want to be using it for everyday tasks. For creating the tunnel we want to use a non-privileged user. To do this simply type the following (feel free to replace the name tunnel with your name or anything, it’s just a username and isn’t important);

useradd tunnel

Now change the password for this user by passing the username to the passwd command used earlier, make sure you use a strong password and one that isn’t that same as any of your others;

passwd tunnel

terminal_5

Load up a new tab on your local machine and try logging in as your new user;

ssh tunnel@95.85.54.190

terminal_6

 

You’re now ready to setup a tunnel/SOCKS proxy you can use with your browser.

Exit all your terminals again and this time issue the command;

ssh -D 8080 tunnel@95.85.54.190

In a new terminal check that the proxy is working by issuing the CURL command again;

curl --socks5-hostname 127.0.0.1:8080 http://wtfismyip.com/json

For this example I’m going to use Firefox but feel free to try it out with others. In the address bar type about:config, you’ll be presented with the following screen;

firefox_dragons

 

Assuming you are going to be careful click the button.

In the Search bar at the top type proxy, then look for the strings network.proxy.socks and network.proxy.socks_port, type in the values from the command above (127.0.0.1 and 8080). If your ISP filters DNS then you may want to toggle network.proxy.socks_remote_dns too (don’t forget to change your name servers!).

Finally change network.proxy.type to 1.

firefox_about_configTo test, simply load up a new Firefox tab and attempt to access a blocked page.

So there you have it, an easy way to get past any Web filtering and as an added bonus since your traffic is encrypted between your computer and your server in Amsterdam neither your ISP nor the UK Government can monitor it.

Traffic egressing the server can still be tracked and recorded. With the right combination of warrants and traffic capture at the Digital Ocean datacenter coupled with your home ISP logs illegal activity can still be traced back to you! Only use this to method to bypass filters,

Upcoming articles include creating a dedicated Raspberry PI proxy for use with multiple devices (phones, tablets, Windows PCs etc) and setup guides for other server providers. Make sure you follow @STCPI on Twitter for updates!

dns

Basic DNS Filter Evasion: HOSTS file

Background:

Various ISPs such as Sky and BT use DNS manipulation to spoof responses that forwards requests to their proxy server instead of the correct response.

Taking BT as an example a request for a blocked site has been seen to return an IP from within this netblock instead;

inetnum: 213.120.234.0 - 213.120.235.255
netname: BT-UKIP-IPV4-INFRASTRUCTURE
descr: POP
country: GB
admin-c: BS1474-RIPE
tech-c: BS1474-RIPE
status: ASSIGNED PA
remarks: Please send abuse notification to abuse@bt.net
remarks: New netname
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered

Sky commonly reports back with IPs from;

inetnum: 90.207.238.128 - 90.207.238.191
netname: SKY-IRONMAN-VIRTUALISATION-LAN
descr: Sky Network Services
country: GB
admin-c: BBH-RIPE
tech-c: BBH-RIPE
status: ASSIGNED PA
mnt-by: BSKYB-BROADBAND-MNT
source: RIPE # Filtered

Initial research indicates that even attempting to use 3rd Party DNS servers on some ISPs elicits a spoofed response which indicates that these ISPs are intercepting and monitoring ALL DNS queries you make. This presents a variety of concerns such as the accuracy of SPF, DNS-SEC or TXT responses but that’s a topic for another time.

Circumnavigation:

If you discover that you are getting faked responses and are unable to reach the correct webserver follow the steps below.

  • Get the A Record
    • Navigate to a website such as http://www.dnsstuff.com/tools
    • Look for the DNS Lookup tool
      dns_lookup
    • In the text box enter the URL you are trying to reach (e.g. www.google.com)
    • Select A from the record type
    • Submit the request and make a note of the IP address returned.
  • Edit the Hosts file
    • Windows
      • Start notepad.exe as an Administrator
      • Open C:\Widnows\System32\drivers\etc\hosts
      • Add the URL and the IP address in the format shown below;
        173.194.34.67 www.google.com
      • Save the file ensuring that a file suffix isn’t appended
    • Linux / Mac
      • Open /etc/hosts as the superuser with your editor of choice (vim!)
      • Add the URL and the IP address in the format shown below;
        173.194.34.67 www.google.com
      • Save the file ensuring that a file suffix isn’t appended
  • Testing
    • Load up a cmd prompt (Ctrl + R, type cmd, press return)
    • Type nslookup www.google.com
    • Ensure you receive the IP address you entered in the hosts file

 

If the ISP is using BGP filtering methods, Deep Packet Inspection (DPI) or a transparent proxy then this still may not work as they’ll detect traffic going to the blocked IP subnet and act accordingly.

Keep an eye on our How to Evade Blocks page and follow @STCPI on Twitter for more methods to discover and evade Internet censorship.

sky_block_torrent_freak

Publicity Leads to an unblock for TorrentFreak

2 days after TorrentFreak posted about Web filtering in the UK Sky has caved and admitted to yet another over blocking mistake and has recategorized torrentfreak.com so it is now reachable.

In the opening of their article the BBC clearly state that overblocking is affecting lots of other legitimate websites;

filters are intended to allow parents to ensure children cannot view adult content.

But the automatic blocking of all file-sharing sites meant that news site TorrentFreak and other legitimate sites were also blocked.

BBC

Whilst this is a victory for TorrentFreak.com there are still plenty of other site owners that may not know if they have been blocked and are losing revenue or being blocked from providing the help they are trying to provide.

Read the full story here: http://www.bbc.co.uk/news/technology-25638872

Censor Pages Allow Injection Attacks & Arbitrary URLs

Censor Pages Allow Injection Attacks & Arbitrary URLs

BT, Sky Broadband and Talk Talk have implemented opt-out Network level filtering for their customers.

The thing is, as well as overblocking websites that should not be filtered the ISPs have poorly implementated their block pages.

http://makeyourispblock.me/ was registered at 2am on the 22nd of December but due to the badly designed block pages it can be made to be shown as blocked.

Sky Broadband Block Page
BT Broadband Block Page
Talk Talk Broadband Block Page

newsnight_BBC

BBC Newsnight exposes Filter Overblocking

As the four ISPs who are spearheading the ill-fated UK Internet filters are on the eve of rolling out their solutions the BBCs Newsnight program experimented the filters and unsurprisingly encountered distressing overblocking.

BT blocked sites including Sexual Health ScotlandDoncaster Domestic Abuse Helpline, and Reducing The Risk, a site which tackles domestic abuse.BBC

Let’s not forget that back in June Ms Perry dismissed concerns about overblocking as a “load of cock” and yet here is the BBC telling the world that at the behest of the UK Government our ISPs are preventing people from accessing help after being raped or having suffered from domestic abuse.

After being confronted by the errors the ISPs had the following to say for themselves;

Sadly there is no silver bullet when it comes to internet safety and we have always been clear that no solution can ever be 100%. We continue to develop HomeSafe and welcome feedback to help us continually improve the service.TalkTalk

We know that no one single technology currently provides all the answers. That’s why we have a quick and easy way for misclassified sites to be unblocked. Any Sky home has the ability to fully customise their filters.Sky

Categorisations are constantly updated to keep pace with changing content on the internet and we will investigate any concerns and make changes as necessary. BT Parental Controls can be customised to suit each individual family’s needs.BT

You can read the full article here.

sex_and_censorship

#CensoredUK Day of Action

The Sex and Censorship campaign put out a call to arms earlier this week for December 12th to be a day of action for calling attention to UK Internet Censorship.

As one of the technical volunteers to the Open Rights Group Censorship Monitoring Project I decided to track how the campaign went on Twitter using the DataSift platform.

Tweets by Time of Day

Message Reach

Whenever someone sends a tweet it is seen by all their followers. Over the course of the day a minimum of 2,985,023 people saw the #CensoredUK hash tag.

If we allow for duplicate tweets (same hashtag but different content) then the #CensoredUK message was seen a minimum of 3,959,409 times by followers alone.

Everyone cares about Internet Filters

Not that it was a surprise but it was interesting to see the rich mix of people (and reasons) for opposing ISP Filters.

By using profile names one can extrapolate gender and see that a significant number of woman also took part in the discussion.

Campaign Differences

The Protecting our Children website has only inspired 1,391 tweets in the 5 months it has been online whereas the #CensoredUK Day of Action involved a minimum of 4079 people with only 1 day notice and 38,276 people have signed the petition to stop Internet Filtering

Common Themes

Worst ISPs?

83% of tweets about ISP censorship mentioned the ISP O2 with BSkyB, ThreeUK, BT, EE and Plusnet also getting mentioned negatively.

The only ISP to be mentioned in a positive light was Andrews and Arnold thanks to their strong stance against filtering.

Does this make O2 the worst ISP for over blocking the UK Internet? Well once the Censorship Monitoring Project Probes start rolling out we’ll find out!

Keep up the good fight everyone and if you want to know more about Internet Censorship or want to help fight it then look at donating / volunteering to the Open Rights Group.