Archive for the ‘Internet Blocking’ Category

Read more eu.htm at MelonFarmers.co.uk

ireland government logo The Irish Communications Minister Richard Bruton has scrapped plans to introduce restrictions on access to porn in a new online safety bill, saying they are not a priority.The Government said in June it would consider following a UK plan to block pornographic material until an internet user proves they are over 18. However, the British block has run into administrative problems and been delayed until later this year.

Bruton said such a measure in Ireland is not a priority in the Online Safety Bill, a draft of which he said would be published before the end of the year.

It’s not the top priority. We want to do what we committed to do, we want to have the codes of practice, he said at the Fine Gael parliamentary party think-in. We want to have the online commissioner – those are the priorities we are committed to.

An online safety commissioner will have the power to enforce the online safety code and may in some cases be able to force social media companies to remove or restrict access. The commissioner will have responsibility for ensuring that large digital media companies play their part in ensuring the code is complied with. It will also be regularly reviewed and updated.

Bruton’s bill will allow for a more comprehensive complaint procedure for users and alert the commissioner to any alleged dereliction of duty. The Government has been looking at Australia’s pursuit of improved internet safety.

Advertisements
Read more inau.htm at MelonFarmers.co.uk

parliament house logo A parliamentary committee initiated by the Australian government will investigate how porn websites can verify Australians visiting their websites are over 18, in a move based on the troubled UK age verification system.

The family and social services minister, Anne Ruston, and the minister for communications, Paul Fletcher, referred the matter for inquiry to the House of Representatives standing committee on social policy and legal affairs.

The committee will examine how age verification works for online gambling websites, and see if that can be applied to porn sites. According to the inquiry’s terms of reference, the committee will examine whether such a system would push adults into unregulated markets, whether it would potentially lead to privacy breaches, and impact freedom of expression.

The committee has specifically been tasked to examine the UK’s version of this system, in the UK Digital Economy Act 2017.

Hopefully they will understand better than UK lawmakers that it is paramount importance that legislation is enacted to keep people’s porn browsing information totally safe from snoopers, hackers and those that want to make money selling it.

Read more sstech.htm at MelonFarmers.co.uk

firefox logo DNS over HTTPS (DoH) is an encrypted internet protocol that makes it more difficult for ISPs and government censors to block users from being able to access banned websites It also makes it more difficult for state snoopers like GCHQ to keep tabs on users’ internet browsing history.Of course this protection from external interference also makes it much internet browsing more safe from the threat of scammers, identity thieves and malware.

Google were once considering introducing DoH for its Chrome browser but have recently announced that they will not allow it to be used to bypass state censors.

Mozilla meanwhile have been a bit more reasonable about it and allow users to opt in to using DoH. Now Mozilla is considering using DoH by default in the US, but still with the proviso of implementing DoH only if the user is not using parental control or maybe corporate website blocking.

Mozilla explains in a blog post:

What’s next in making Encrypted DNS-over-HTTPS the Default

By Selena Deckelmann,

In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol, and since June 2018 we’ve been running experiments in Firefox to ensure the performance and user experience are great. We’ve also been surprised and excited by the more than 70,000 users who have already chosen on their own to explicitly enable DoH in Firefox Release edition. We are close to releasing DoH in the USA, and we have a few updates to share.

After many experiments, we’ve demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic. We feel confident that enabling DoH by default is the right next step. When DoH is enabled, users will be notified and given the opportunity to opt out.

Results of our Latest Experiment

Our latest DoH experiment was designed to help us determine how we could deploy DoH, honor enterprise configuration and respect user choice about parental controls.

We had a few key learnings from the experiment.

  • We found that OpenDNS’ parental controls and Google’s safe-search feature were rarely configured by Firefox users in the USA. In total, 4.3% of users in the study used OpenDNS’ parental controls or safe-search. Surprisingly, there was little overlap between users of safe-search and OpenDNS’ parental controls. As a result, we’re reaching out to parental controls operators to find out more about why this might be happening.

  • We found 9.2% of users triggered one of our split-horizon heuristics. The heuristics were triggered in two situations: when websites were accessed whose domains had non-public suffixes, and when domain lookups returned both public and private (RFC 1918) IP addresses. There was also little overlap between users of our split-horizon heuristics, with only 1% of clients triggering both heuristics.

Moving Forward

Now that we have these results, we want to tell you about the approach we have settled on to address managed networks and parental controls. At a high level, our plan is to:

  • Respect user choice for opt-in parental controls and disable DoH if we detect them;

  • Respect enterprise configuration and disable DoH unless explicitly enabled by enterprise configuration; and

  • Fall back to operating system defaults for DNS when split horizon configuration or other DNS issues cause lookup failures.

We’re planning to deploy DoH in “fallback” mode; that is, if domain name lookups using DoH fail or if our heuristics are triggered, Firefox will fall back and use the default operating system DNS. This means that for the minority of users whose DNS lookups might fail because of split horizon configuration, Firefox will attempt to find the correct address through the operating system DNS.

In addition, Firefox already detects that parental controls are enabled in the operating system, and if they are in effect, Firefox will disable DoH. Similarly, Firefox will detect whether enterprise policies have been set on the device and will disable DoH in those circumstances. If an enterprise policy explicitly enables DoH, which we think would be awesome, we will also respect that. If you’re a system administrator interested in how to configure enterprise policies, please find documentation here.

Options for Providers of Parental Controls

We’re also working with providers of parental controls, including ISPs, to add a canary domain to their blocklists. This helps us in situations where the parental controls operate on the network rather than an individual computer. If Firefox determines that our canary domain is blocked, this will indicate that opt-in parental controls are in effect on the network, and Firefox will disable DoH automatically.

This canary domain is intended for use in cases where users have opted in to parental controls. We plan to revisit the use of this heuristic over time, and we will be paying close attention to how the canary domain is adopted. If we find that it is being abused to disable DoH in situations where users have not explicitly opted in, we will revisit our approach.

Plans for Enabling DoH Protections by Default

We plan to gradually roll out DoH in the USA starting in late September. Our plan is to start slowly enabling DoH for a small percentage of users while monitoring for any issues before enabling for a larger audience. If this goes well, we will let you know when we’re ready for 100% deployment.

Read more inap.htm at MelonFarmers.co.uk

stop button New Zealand’s Children’s Minister Tracey Martin has been calling for ideas to modernise internet censorship laws to protect kids from porn.So the country’s Chief Censor David Shanks has been on the campaign trail seeking to grab some of those powers to censor internet porn.

Shank’s made an interesting pitch when invited on to the AM Show on breakfast TV. Speaking of ideas for porn censorship he noted:

Tracey Martin says all options are on the table. There are ethical dilemmas involved in cutting the supply, however. Are we going to become like China, in terms of state-imposed restrictions? And who decides where the limits to those are? These are difficult questions.

He said he once stood in front of a room full of people at a conference and outlined a scenario and said:

‘I’m the chief censor. Imagine I’ve got a box with a button on it – a big red button – and if I push that button, I’ve terminated all access to pornography for everyone in this country. Should I push the button?’

There was a stunned silence from the room, then someone said, ‘Who gets to decide what pornography is?’ I said, ‘I am! I’m the Chief Censor.’ But I think that highlights some of the issues underpinning these questions.

No one in the audience urged him to push the button.

A working party has been set up to investigate what can be done, involving the Office of Film and Literature Classification leads the group, and other agencies involved are Netsafe, the Ministry of Health, Internal Affairs, the Ministry for Women, the Ministry of Social Development, ACC and the Ministry of Education.

Read more uk_internet_censors.htm at MelonFarmers.co.uk

Houses of Parliament Web browser risk to child safety

We are deeply concerned that a new form of encryption being introduced to our web browsers will have terrible consequences for child protection.

The new system 204 known as DNS over HTTPS — would have the effect of undermining the work of the Internet Watch Foundation (IWF); yet Mozilla, provider of the Firefox browser, has decided to introduce it, and others may follow.

The amount of abusive content online is huge and not declining. Last year, the IWF removed more than 105,000 web pages showing the sexual abuse of children. While the UK has an excellent record in eliminating the hosting of such illegal content, there is still a significant demand from UK internet users: the National Crime Agency estimates there are 144,000 internet users on some of the worst dark-web child sexual abuse sites.

To fight this, the IWF provides a URL block list that allows internet service providers to block internet users from accessing known child sexual abuse content until it is taken down by the host country. The deployment of the new encryption system in its proposed form could render this service obsolete, exposing millions of people to the worst imagery of children being sexually abused, and the victims of said abuse to countless sets of eyes.

Advances in protecting users’ data must not come at the expense of children. We urge the secretary of state for digital, culture, media and sport to address this issue in the government’s upcoming legislation on online harms.

  • Sarah Champion MP;
  • Tom Watson MP;
  • Carolyn Harris MP;
  • Tom Brake MP;
  • Stephen Timms MP;
  • Ian Lucas MP;
  • Tim Loughton MP;
  • Giles Watling MP;
  • Madeleine Moon MP;
  • Vicky Ford MP;
  • Rosie Cooper MP;
  • Baroness Howe;
  • Lord Knight;
  • Baroness Thornton;
  • Baroness Walmsley;
  • Lord Maginnis;
  • Baroness Benjamin;
  • Lord Harris of Haringey

The IWF service is continually being rolled out as an argument against DoH but I am starting to wonder if it is still relevant. Given the universal revulsion against child sex abuse then I’d suspect that little of it would now be located on the open internet. Surely it would be hiding away in hard to find places like the dark web, that are unlikely to stumbled on by normal people. And of course those using the dark web aren’t using ISP DNS servers anyway.

In reality the point of using DoH is to evade government attempts to block legal porn sites. If they weren’t intending to block legal sites then surely people would be happy to use the ISP DNS including the IWF service.

Read more sstech.htm at MelonFarmers.co.uk

Russell Haworth, CEO of Nominet, Britain’s domain name authority has outlined the UK’s stance on maintaining UK censorship and surveillance capabilities as the introduction of encrypted DNS over HTTPS (DoH) will make their job a bit more difficult.The authorities’ basic idea is that UK ISPs will provide their own servers for DNS over HTTPS so that they can still use this DNS traffic to block websites and keep a log of everyone’s internet use. Browser companies will then be expected to enforce using the governments preferred DoH server.

And Google duly announced that it will comply with this censorship request. Google Chrome will only allow DoH servers that are government or corporate approved.

Note that this decision is more nuanced than just banning internet users from sidestepping state censors. It also applies to users being prevented from sidestepping corporate controls on company networks, perhaps a necessary commercial consideration that simply can’t be ignored.

Russell Haworth, CEO of Nominet explains:

Nominet Firefox and Google Chrome — the two biggest web browsers with a combined market share of over 70% — are both looking to implement DoH in the coming months, alongside other operators. The big question now is how they implement it, who they offer to be the resolvers, and what policies they use. The benefit offered by DoH is encryption, which prevents eavesdropping or interception of DNS communication. However, DoH raises a number of issues which deserve careful consideration as we move towards it.

Some of the internet safety and security measures that have been built over the years involve the DNS. Parental controls, for example, generally rely on the ISP blocking particular domains for their customers. The Internet Watch Foundation (IWF) also ask ISPs to block certain domains because they are hosting child sexual abuse material. There may also be issues for law enforcement using DNS data to track criminals. In terms of cyber security, many organisations currently use the DNS to secure their networks, by blocking domains known to contain malware. All of these measures could be impacted by the introduction of DoH.

Sitting above all of these is one question: Will users know any of this is happening? It is important that people understand how and where their data is being used. It is crucial that DoH is not simply turned on by default and DNS traffic disappears off to a server somewhere without people understanding and signing up to the privacy implications. This is the reason what we have produced a simple explainer and will be doing more to communicate about DoH in the coming weeks.

Nominet DoH demands

DoH can bring positive changes, but only if it is accompanied by understanding, informed consent, and attention to some key principles, as detailed below:

Informed user choice:

users will need to be educated on the way in which their data use is changing so they can give their informed consent to this new approach. We also need some clarity on who would see the data, who can access the data and under what circumstances, how it is being protected and how long it will be available for.

Equal or better safety:

DoH disrupts and potentially breaks safety measures that have built over many years. It must therefore be the responsibility of the browsers and DoH resolvers who implement DoH to take up these responsibilities. It will also be important for current protections to be maintained.

Local jurisdiction and governance:

Local DoH resolvers will be needed in individual countries to allow for application of local law, regulators and safety bodies (like the IWF). This is also important to encourage innovation globally, rather than having just a handful of operators running a pivotal service. Indeed, the internet was designed to be highly distributed to improve its resilience.

Security:

Many organisations use the DNS for security by keeping suspicious domains that could include malware out of networks. It will be important for DoH to allow enterprises to continue to use these methods — at Nominet we are embracing this in a scalable and secure way for the benefit of customers through our cyber security offering.

Change is a constant in our digital age, and I for one would not stand in the way of innovation and development. This new approach to resolving requests could be a real improvement for our digital world, but it must be implemented carefully and with the full involvement of Government and law enforcement, as well as the wider internet governance community and the third sector.

A Google developer has outlined tentative short term plans for DoH in Chrome. It suggest that Chrome will only allow the selection of DoH servers that are equivalent to approved non encrypted servers.

google chrome logo This is a complex space and our short term plans won’t necessarily solve or mitigate all these issues but are nevertheless steps in the right direction.

For the first milestone, we are considering an auto-upgrade approach. At a high level, here is how this would work:

  • Chrome will have a small (i.e. non-exhaustive) table to map non-DoH DNS servers to their equivalent DoH DNS servers. Note: this table is not finalized yet.

  • Per this table, if the system’s recursive resolver is known to support DoH, Chrome will upgrade to the DoH version of that resolver. On some platforms, this may mean that where Chrome previously used the OS DNS resolution APIs, it now uses its own DNS implementation in order to implement DoH.

  • A group policy will be available so that Administrators can disable the feature as needed.

  • Ability to opt-out of the experiment via chrome://flags.

In other words, this would upgrade the protocol used for DNS resolution while keeping the user’s DNS provider unchanged. It’s also important to note that DNS over HTTPS does not preclude its operator from offering features such as family-safe filtering.

Read more uk_internet_censors.htm at MelonFarmers.co.uk
ICO’s Data Protection Training
The Pavlov Method
nodding dog
 ☑  Yes I won’t read this message. and yes you can do what the fuck you like with my porn browsing data
 ☑  Yes please do, I waiver all my GDPR rights
 ☑  Yes I won’t read this message. and yes, feel free to blackmail me
 ☑  Yes you can do anything you like ‘to make my viewing experience better’
 ☑  Yes, no need to ask, I’ll tick anything

With callous disregard for the safety of porn users, negligent lawmakers devised an age verification scheme with no effective protection of porn users’ identity and porn browsing history.The Government considered that GDPR requirements, where internet users are trainer to blindly tick a box to give consent to the internet companies doing what the fuck they like with your data. Now internet users are well conditioned like Pavlov’s dog to tick the hundreds of tick boxes they are presented with daily. And of course nobody ever reads what they are consenting to, life’s too short.

After a while the government realised that the total lack of data protection for porn users may actually prevent their scheme form getting off the ground, as porn users simply would refuse to get age verified. This would result in bankrupt AV companies and perverse disinsentives for porn websites. Those that implement AV would then experience a devastating drop off in traffic and those that refuse age verification would be advantaged.

So the government commissioned a voluntary kitemark scheme for AV companies to try and demonstrate to auditors that they keep porn identity and browsing history safely. But really the government couldn’t let go of its own surveillance requirements to keep the browsing history of porn users. Eventually some AV companies won the right to have a scheme that did not log people’s browsing history, but most still do maintain a log (justified as ‘fraud protection’ in the BBFC kitemark scheme description).

well Now it appears that those that try to avoid the dangers of AV via VPNs may be not s safe as they would hope. The Henry Jackson Society has been researching the VPN industry and has found that 30% of VPNs are owned by Chinese companies that have direct data paths to the Chinese government.

Surely this will have extreme security issues as privately porn using people could then be set up for blackmail or pressure from the Chinese authorities.

The government needs to put an end to the current AV scheme and go back to the drawing board. It needs to try again, this time with absolute legal requirements to immediately delete porn users identity data and to totally ban the retention of browsing logs.

Anyway, the Henry Jackson Society explains its latest revelations:

henry jackson society logo Chinese spies could exploit Government’s new porn laws to gather compromising material on businessmen, civil servants and public figures, say think tanks.

They say Chinese firms have quietly cornered the market in technology that enables people to access porn sites without having to register their personal details with age verification firms or buy an age ID card in a newsagent.

The new law require those accessing porn sites to prove they are 18 but the checks and registration can be by-passed by signing up to a Virtual Private Network (VPNs). These anonymise the location of a computer by routing its traffic through a server based at remote locations.

It has now emerged through an investigation by security experts that many of the VPNs are secretly controlled by Chinese owned firms 203 as many as 30% of the networks worldwide.

It means that a VPN users’ viewing habits and data can not only be legally requested by the Chinese Government under its lax privacy laws but the VPNs could themselves also be state-controlled, according to the Adam Smith Institute and Henry Jackson Society.

Sam Armstrong, spokesman for the Henry Jackson Society, said:

A list of billions of late-night website visits of civil servants, diplomats, and politicians could 203 in the wrong hands — amount to the largest-ever kompromat file compiled on British individuals.

Those in sensitive jobs are precisely the types of individuals who would seek to use a VPN to circumvent the trip to the newsagent to buy a porn pass.

Yet, the opaque ownership of these VPNs by Chinese firms means there is a real likelihood any browsing going through them could fall into the hands of Chinese intelligence.