[LINK] Fw: Fwd: [ PRIVACY Forum ] Brits' Failed Heavy Metal Censorship Attempt Disrupts Wikipedia Edits

Richard Chirgwin rchirgwin at ozemail.com.au
Tue Dec 9 07:54:24 AEDT 2008 

David Goldstein wrote:
> Danny,
>
> You are probably right that Conroy's utterances are what he'd like to do, but I also know there are discussions happening about how to implement a plan and what can be implemented.
>
> I've no idea what these discussions entail, nor much of an idea as to who is involved. And who knows what will come out of it?
>
> Yes, all that is very vague, but at least I'm waiting to see what is announced as to what will actually be implemented before I jump to too many conclusions.
>
> As for those on this list who are horrified at the prospects, I'm waiting for a plan on an alternative that can at least meet some of what Conroy wants. Be realistic - if you just oppose everything in toto, you'll be ignored.
>
> But if you come up with a plan that achieves a lot of what Conroy wants, you may get somewhere.
>
> The strategic thinking on this issue, and others, on this list is appalling.
>
> David
>   

>
>
> ----- Original Message ----
> From: Danny Yee <danny at anatomy.usyd.edu.au>
> To: link at mailman1.anu.edu.au
> Sent: Monday, 8 December, 2008 8:43:24 PM
> Subject: Re: [LINK] Fwd: [ PRIVACY Forum ] Brits' Failed Heavy Metal Censorship Attempt Disrupts Wikipedia Edits
>
> David Goldstein wrote:
>   
>> And Danny, just because someone says something doesn't make it true. 
>> Especially a politician.
>>     
>
> I think we have to be able to use Conroy's statements as evidence
> _for what he is proposing_!!!  At least until we get something more
> concrete, like some legislation or a new IIA code.
>
> Danny.
>
> _______________________________________________
>
>   
OK. Picking up something that got washed away in the other discussions:
in the UK case, the filtering caused all traffic to come from a single
apparent IP address.

This seems to me to pose several "break the Internet"-style problems
that are worth understanding.

1) With a large user base sharing a single IP address, regardless of
whether or not it "slows down the Internet", at the very least a single
point of failure is created. This is bad for users.

2) The concentration of user traffic would seem to me to also create
vulnerabilities we don't want. For example, does the "single proxy"
create an opportunity for DNS-based attacks on one side or the other of
the firewall?

3) The filter breaks end-to-end communications for everybody. We can
only assume this is a good thing if we also assume that most users, not
merely a minority, wish to break the law. Otherwise, the broken model is
an imposition on the entire user base as a means of restricting the
activities of a few.

4) The filter, paradoxically, helps hide user activities. Were it to
happen that an entire country were hidden behind a single IP address, it
would be very difficult from anywhere outside the filter to discover the
source of malicious traffic. So I submit that the filtering works
against one of its own aims.

5) Interference with the DNS is one of the government's proposed
approaches to filtering (this is contained in the RFP for filtering
trials:
http://www.dbcde.gov.au/__data/assets/pdf_file/0006/89160/technical-testing-framework.pdf).
There is a serious problem here, since trust in addresses is a
fundamental part of successfully operating the Internet.

6) Finally, the matter of privacy. The intrusion is far more than the
old "nothing to hide, nothing to fear" argument. User communications on
the Internet are by nature private: Bob seeks to establish a connection
to Alice, and the infrastructure provides Alice's address. Filtering
assumes that all users commence their communication with evil intent,
captures the attempt to establish a connection, and only allows those
connections to pass that the filter deems acceptable. This is an
intrusion on the majority of users, whose intent is nothing more than to
look at YouTube or buy something or pay a bill. It is also capturable;
the attempt to find something in the DNS, via the filter, means the
filter is now a snoop-point not just for "evil" connections, but for all
connections.

I would, of course, welcome correction on any of these from those who
are better technologists than I am.

The point is, the more I think about filtering, the less I like it. I
have come around from a much more ambivalent stance some years ago to an
increasing feeling that filtering is bad, full stop.

RC

More information about the Link mailing list