[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: [IP] ] France blocks online c-porn, terrorism, racism
________________________________________
From: Steven M. Bellovin [smb@cs.columbia.edu]
Sent: Tuesday, June 10, 2008 4:44 PM
To: David Farber
Subject: Re: [IP] France blocks online c-porn, terrorism, racism
Ironically, attempts by providers to block access to a class of sites
can backfire. Richard Clayton showed how to use one ISP's blocker as
an oracle to compile lists of banned sites. The paper is at
http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf; here's the abstract:
Three main methods of content blocking are used on the In-
ternet: blocking routes to particular IP addresses, blocking
specific URLs in a proxy cache or firewall, and providing
invalid data for DNS lookups. The mechanisms have different
accuracy/cost trade-offs. This paper ex- amines a hybrid,
two-stage system that redirects traffic that might need to
be blocked to a proxy cache, which then takes the final
decision. This promises an accurate system at a relatively
low cost. A British ISP has deployed such a system to
prevent access to child pornography. However, circumvention
techniques can now be employed at both system stages to
reduce effectiveness; there are risks from relying on DNS
data supplied by the blocked sites; and unhappily, the
system can be used as an oracle to determine what is being
blocked. Experimental results show that it is straightforward
to use the system to compile a list of illegal websites.
-------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC