From this month following repeated nudges from the Government Britain no longer has an uncensored internet by default. As of this month BT will be asking all new customers what level of internet censorship they want. Whilst this is being described as a porn filter, it’s quite clear that even at the “light” level it’s not just “porn” that’s being blocked. The details of the other categories are really worryingly vague, from BT’s control panel it’s revealed what those categories refer to:
- Obscene and tasteless
Sites where content is offensive or tasteless such as criminal activity, bathroom humour, or gruesome or frightening content such as cruel animal treatment. - Hate and self harm
Sites that promote self-harm or encourage the oppression of people or groups - Drugs
Sites where content refers to information on illegal drugs or misuse of prescription drugs. - Alcohol and tobacco
Sites promoting or selling alcohol or tobacco related products. - Dating
Sites which promote/facilitate interpersonal relationships – match making, online dating, spousal introduction and escort services.
The hate and obscene and tasteless categories are obviously really quite widely subject to all manner of interpretation. But consider “Alcohol and tobacco” allegedly to block sites promoting or selling booze, but not places like Tesco, Waitrose or other online supermarkets all of whom will quite happily sell booze on line, so just who gets included in that filter and who decides which retailers get a free pass? From the marketing these are “parental controls” so why should they be on by default, rather than just educating parents that these and other tools exist and they can turn them on to help with their parenting of their children. On the bright side it does seem that what will actually happen is you’ll be forced to choose if the filters should be on or not and at what level – though depending on how this is presented a lot of people may be getting a filtered internet by not paying attention. It is also worth noting that one of the per-configured groups that people can block is “sex education” and what that covers is rather surprising:
” Sites relating to sex education, including subjects such as respect for partner, abortion, gay and lesbian lifestyle, contraceptives, sexually transmitted diseases, and pregnancy.”
Amazingly learning about “respect for partner” is something we want children to be protected from, and quite how the gay and lesbian blocking will stand up to our equalities legislation is anyone guess.
From reading their help notes and a brief bit of experimentation they’re using fairly normal DNS “firewall” technology, so once it’s turned on they’ll intercept all of your DNS look ups and decide if the address you want to go to is suitable or not. DNS is just an address book, so every time your browser asks for an address you go to the BT address book and it decides if for that address it should tell you the truth or say “nope not allowed” . Although of course if the Government or someone else with the right access and malevolent intent decided instead of getting a “not allowed” page you could go through an invisible server that recorded everything you did, or you could go to a fake site that they controlled or all sorts of other devious things. This in malevolent hands is called “cache poisoning” and is used to carry out all sorts of nefarious things. Of course I’m sure the state will only use this functionality to protect us from bad and evil things, they won’t accidentally put UKIP or any legitimate political party in the “hate” category or anything like that. After all the other countries that enjoy state mandated internet censorship like North Korea and China don’t do that sort of thing do they?
One you enable “parental controls” (Which as a non-parent annoys me more every time I type it if it’s just for parents why do we all get it?) if you try to use a different DNS server then you get redirected to a page saying “Your DNS is misconfigured here’s how to fix it”. This is quite sensible and it would be fair to trivial for a child to work round if they could just use change their DNS settings and get round the block. However there’s a detail worth noting here you get that page because they have intercepted your DNS request and given you an answer of their choosing they’re not just blocking that rogue DNS traffic. This is again quite sensible it’ll save BT a load of help desk tickets and customer issues -however it also means that they have in place on their network the capacity to intercept and redirect any DNS query. I would note that setting this sort of thing up is really trivial to do, but until the Government insisted that an ISP did this they’d have little cause to do so. Once in place this technology is very adaptable, easy to add addresses to and has some really quite felixble and imaginative uses (I’ve deployed similar things in corporate environments). So given how well our spooks behave how long before this technology now it’s in place will be seen as another point to collect information about us or to hide sites the state objects to for everyone, or to send people to state versions of sites, or well you get the picture it’s really quite flexible technology. The interface once you opt in does provide reporting on how many sites have been blocked so it’s designed with data collection in mind.
If you’re wondering how well this technology will actually stop a reasonably smart child from getting to things they shouldn’t, using a proxy server or any sort of VPN service will by pass the filters like a neutron through gossamer – so not very. At which point obviously more controls will be needed, and the government will have to get the ISPs to put even more invasive filters in place “for the children”. This sort of technology is also not going to block everything and will catch innocent content, as new content is constantly appearing and the block is site based. So if the filter says there’s bad stuff on www.example.com/badstuff then as it can only block www.example.com everything else there is also blocked including www.example.com/goodstuff. To use our address book analogy it’s doesn’t say “You can’t talk to Nick at Number 10, but you can talk to Dave” it can merely say “You can’t talk to Number 10. In fact Number 10 doesn’t even exist”
As one final thought on the matter, I can’t find anywhere on BT’s help pages which tells me who decides what gets on the filter lists, gives any hint at the policy behind those decisions and certainly there’s no where you can down load the list of filtered addresses to actual check them. If they decide to just collect everyone’s address look ups there’s no way to detect this, and if they decide to filter everyone this way unless you suspect something is blocked and check that from else where it’s really quite hard to detect that anything is being done.
Like this:
Like Loading...
