[LINK] ACS new? submission on ISP filtering

Kim Holburn kim at holburn.net
Thu Mar 18 10:22:52 AEDT 2010 

On 2010/Mar/18, at 9:43 AM, Jan Whitaker wrote:

> At 09:25 AM 18/03/2010, Kim Holburn wrote:
>
>> http://www.arnnet.com.au/article/339394/filter_trial_vendor_sceptical_over_internet_clean-feed/?fp=4194304&fpid=1
>> Filter trial vendor sceptical over Internet clean-feed
>>
>>> Internet filtering won't prevent people deliberately looking for
>>> inappropriate material from accessing blocked content, according to
>>> security vendor, M86 Security
>
> There is a comment to that article by a Doug Wilson that says:
> "If you come across a website that includes these things you can
> already report it to the ACMA and if they determine that it is
> illegal in Australia the ACMA will block Australians from getting to
> it through a Blacklist that Every ISP runs. "

I don't believe there is any such infrastructure in place at the moment.

> Then someone said no they can't. Then another said:
> "Wow, you've never heard of "trans proxies" (Transparent Proxies)  
> have you?
> Your ISP is probably already running all of their users, including
> you, through a trans proxy: any outbound traffic on tcp/80 (i.e.: web
> traffic) gets intercepted at the ISP's border routers and flicked
> back to a Squid (or other) proxy server to service the requests. This
> saves the ISP big dollars on traffic bills to their upstream peers as
> all the regularly hit traffic (like stylesheets, images, videos, etc.
> on Facebook, GooTube, etc.) will be in the Squid cache and can be
> served up locally instead of downloaded across the internet again.
> Once you've got that kind of infrastructure in place it's literally
> "trivial" to add a blacklist-style content filter. Of course, it's
> also trivial to bypass such a system, too. "
>
> That isn't true, is it? I mean, if every ISP is running a blacklist,
> that would mean that we already *have* ISP level filtering. Is this
> guy just making things up? Or is there already blocking going on?

Some ISPs run transparent proxies.  It is really annoying if you are  
trying to manage a website on the other side of a transparent proxy.   
You know about it.  Most ISPs don't run them I think.  I'm not really  
sure how much they would really save verses the pain and hassle of  
keeping the thing running reasonably.  People notice when they break.

An updateable blacklist would be an addition to the proxy.

> Then this, which I think is the crux of the matter:
> "My only concern is Abbott taking over when the filter is already
> implemented. God know what he will be filtering... "


Won't there be an election between now and whenever the great  
Australian firewall is actually implemented?  Has the legislation even  
passed yet?


-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list