{"id":1218,"date":"1998-08-03T00:00:00","date_gmt":"1998-08-02T23:00:00","guid":{"rendered":"https:\/\/seegras.discordia.ch\/Blog\/?p=1218"},"modified":"2019-01-18T13:13:46","modified_gmt":"2019-01-18T12:13:46","slug":"considerations-concerning-blockades","status":"publish","type":"post","link":"https:\/\/seegras.discordia.ch\/Blog\/considerations-concerning-blockades\/","title":{"rendered":"Considerations Concerning Blockades"},"content":{"rendered":"<h1>Considerations Concerning Blockades<\/h1>\n<div id=\"fortune\"><i><br \/>\nWhat happens if you try to break a bomb-proof network<\/i><\/div>\n<p>On July 23, 1998, the swiss Federal Police (Bundespolizei, commonly reffered to by its abbreviation &#8220;BUPO&#8221;) has sent a letter to about 100 swiss Internet-Service Providers demanding blockage of ten Webpages containing revisionist, reactionist material from Neonazis, Antisemits and so on. This letter is available <a href=\"\/Blog\/content\/BUPO-Brief.txt\">here<\/a>. I will not go into a political or juridical discussion here whether these sites need to be censored or not, but simply take a look whether it is actually possible to block sites which contain &#8220;unpleasant&#8221; material.<\/p>\n<p>Well then, let&#8217;s take a look at possible methods of blocking.<\/p>\n<ul>\n<li><b>DNS-Relocating<\/b><br \/>\nThe Service which maps domains (e.g. discordia.ch) to IP-numbers<br \/>\n(e.g. 192.168.1.14) can easiliy be used to block the lookup of<br \/>\nsuch domains and relocate the user to some other page. This only<br \/>\naffects the users which use the respective DNS. Normally, users<br \/>\nuse the DNS of their respective ISP because of speed, but are in<br \/>\nno way obliged to. Any user can use any DNS in the world. Furtheron,<br \/>\nany user can bypass the DNS if he knows the IP-address already.<br \/>\nTime needed to block is about 5-15 minutes per domain.<\/li>\n<li><b>IP-Blocking<\/b><br \/>\nDepending on equipment, in most places IP-Blocking should be no<br \/>\nproblem either. In this case not only the lookup but the actual<br \/>\nsite really gets blocked. Any attempt to transfer data directly<br \/>\nto or from the blocked site will fail. The Point here is &#8220;directly&#8221;.<br \/>\nA heavily used method to avoid traffic in the internet is called<br \/>\nproxy. As soon as a page is requested by proxy it is cached within<br \/>\nand remains there for further reference or until it expires. So<br \/>\nif a page is accessed via proxy, the proxy actually gets the page,<br \/>\ncaches it and gives a copy to the user. So a user can use a proxy<br \/>\nsomewhere else to surpass the block. Most proxys are private or<br \/>\nsemiprivate, but there are a lot of public proxys out there, like<br \/>\n<a href=\"https:\/\/www.anonymizer.com\">Anonymizer<\/a>. Further problems<br \/>\ninclude the fact, that there are Sites which host thousands of<br \/>\nSites on one address, which cannot be blocked selectively, thus<br \/>\na denial of service. Time needed to block a site is about 5-15 minutes.<\/li>\n<li><b>Filtering Proxys<\/b><br \/>\nThe most restrictive method of blocking a site includes access<br \/>\nto the internet through a proxying firewall, common in some<br \/>\nbigger companies. This makes it impossible to get pages directly,<br \/>\ninstead a proxy has to get the file first before the user may get<br \/>\nit. In most environments (especially ISPs) this is not feasible,<br \/>\nsince a lot of services won&#8217;t work anymore (like IRC, CuSeeMe,<br \/>\nNetmeeting, RealAudio, telnet and many more), due to the inability<br \/>\nof proxying realtime-connections. However, talking only of webpages,<br \/>\nthis as been proven as surpassable as well, the<br \/>\n<a href=\"https:\/\/web.archive.org\/web\/19970418045138\/http:\/\/www.osiris.ml.org\/\">Anti-Filtering-Proxy-Proxy<\/a><br \/>\ndefeats this. This method of blocking isn&#8217;t trivial to implement<br \/>\nwill need some month time, a firewall and has such severe drawbacks<br \/>\nthat nobody except high-security environments (which actually want<br \/>\nto monitor their users) will want to implement it.<\/li>\n<\/ul>\n<p>Not surprising the whole issue has given rise to several methods of<br \/>\ncountermeasures against such blockades.<\/p>\n<ul>\n<li><b>Mirroring<\/b><br \/>\nDownload the whole site, put it up elsewhere as well. This has happened<br \/>\nas the german zine &#8220;Radikal&#8221; was to be blocked (including its<br \/>\nprovider xs4all). Hundreds of mirrors of Radikal spread everywhere.<br \/>\nThe whole issue had to be dropped due to too much sites which had the<br \/>\nInformation readily available. This is a matter of hours.<\/li>\n<li><b>Relocating<\/b><br \/>\nChange of address and\/or provider. This can be done within a week<br \/>\nor two if the provider of the DNS has to be changed. Otherwise this<br \/>\ncan be accomplished in hours. A change of the actual address represents<br \/>\na nuisance for blockers as well as for people wanting the<br \/>\ninformation on the site.<\/li>\n<li><b>Other Protocols<\/b><br \/>\nEverything that can be put on a webpage can be posted on Usenet (News)<br \/>\nor be made downloadable on IRC (Internet Relay Chat). And of course,<br \/>\nprobably many more. While in the Usenet, only groups which are wanted<br \/>\nmay be gotten, this doesn&#8217;t help against material published in the<br \/>\nwrong group. It is common that people who don&#8217;t like each other<br \/>\ncrosspost to the opposite groups (i.e. rec.startrek and rec.sf-lovers<br \/>\nwhich can&#8217;t stand each other). The IRC on the other hand is realtime<br \/>\nand can&#8217;t be controlled with technical measures. The same applies to<br \/>\nother similar services like ICQ and Hotline.<\/li>\n<li><b>Eternity Device<\/b><br \/>\nPublished in <a href=\"http:\/\/phrack.org\/issues\/51\/1.html\">Phrack #51<\/a>, the<br \/>\neternity device is a distributed data haven, where all data can<br \/>\ncome in, but nothing ever can be deleted. Access to the device is<br \/>\ngranted through a <a href=\"https:\/\/web.archive.org\/web\/19990508122453\/https:\/\/www.dcs.ex.ac.uk\/~aba\/eternity\/\"><br \/>\nEternity Service<\/a><\/li>\n<li><b>Anti-Filtering-Proxy-Proxy<\/b><br \/>\nAs mentionned above. This can be used to defeat Filtering proxies,<br \/>\nby setting up a reachable proxy-gateway on another webserver. Anyone<br \/>\nwith a bit unix-experience can set up one. It&#8217;s available<br \/>\n<a href=\"https:\/\/web.archive.org\/web\/19970418045138\/http:\/\/www.osiris.ml.org\/\">here<\/a><\/li>\n<li><b>Public Proxies<\/b><br \/>\nSeveral services all over the internet already offer free proxying<br \/>\nfor anyone. This is mostly used in order to be able to surf anonymous,<br \/>\nbut these proxies also circumvent IP-Blocks. Well known services include<br \/>\n<a href=\"https:\/\/www.anonymizer.com\">Anonymizer<\/a>,<br \/>\n<a href=\"https:\/\/www.academia.edu\/3215701\/Design_and_implementation_of_the_Lucent_Personalized_Web_Assistant_LPWA_\">LPWA<\/a> (Lucent<br \/>\nPersonalized Web Assistant),<br \/>\n<a href=\"https:\/\/web.archive.org\/web\/19990824224056\/https:\/\/aixs.net\/aixs\/\">Aixs<\/a> and the<br \/>\n<a href=\"https:\/\/www.onion-router.net\">Onion Router<\/a>. To these<br \/>\ncome hundreds of proxy-servers (caching-proxies like squid and webfilters<br \/>\nlike junkbuster) which are not intentionally open to the public, but can<br \/>\nbe used anyway.<\/li>\n<li><b>Tunnels<\/b><br \/>\nUsed sometimes for piercing filtering firewalls<br \/>\nare tunnels which tunnel information through another protocol.<br \/>\nThis needs some nifty technical knowledge. In won&#8217;t go into details<br \/>\nhere since I can&#8217;t imagine anyone tunneling just to get some information.<\/li>\n<\/ul>\n<p>Of course, there are other, non-technical implications of attempts to<br \/>\ncensor, most noteably relocating the server out of jurisdiction to a place<br \/>\nwith &#8220;friendlier&#8221; law. But this won&#8217;t be covered here, we solely took<br \/>\na look at technical possibilities. In the end we have to admit that<br \/>\nblocking sites is of no use and very costly. To block a dozen sites,<br \/>\na system administrator will surely need at least an hour, which is<br \/>\ngoing to be very costly if hundreds of sites should be blocked. On the<br \/>\nother hand, defeating the blocks is a matter of seconds, and in case<br \/>\nof heavy mirroring being done, not only a circumvention but also increases<br \/>\ncost on side of the censor (the BUPO in above case) and on side of the<br \/>\nISPs which have to do the blocking. In the end, nothing is done against<br \/>\nthe sites containing the to be censored material, but instead a lot of<br \/>\nmoney will be wasted, the hate-groups will still flourish (or alternatively<br \/>\nthe child-pornography traders) and we all loose.<\/p>\n<p>Peter Keel,<\/p>\n<div id=\"date\">1998-08-03<\/div>\n<p>Updated April 14, 1999<\/p>\n<div class=\"center\">\n<p>&#8220;The more prohibitions there are, The poorer the people will be&#8221;<br \/>\n&#8212; Lao Tse<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Considerations Concerning Blockades What happens if you try to break a bomb-proof network On July 23, 1998, the swiss Federal Police (Bundespolizei, commonly reffered to by its abbreviation &#8220;BUPO&#8221;) has sent a letter to about 100 swiss Internet-Service Providers demanding blockage of ten Webpages containing revisionist, reactionist material from Neonazis, Antisemits and so on. This [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[104,6],"tags":[],"class_list":["post-1218","post","type-post","status-publish","format-standard","hentry","category-censorship","category-politics"],"_links":{"self":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/1218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/comments?post=1218"}],"version-history":[{"count":3,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/1218\/revisions"}],"predecessor-version":[{"id":1297,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/posts\/1218\/revisions\/1297"}],"wp:attachment":[{"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/media?parent=1218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/categories?post=1218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seegras.discordia.ch\/Blog\/wp-json\/wp\/v2\/tags?post=1218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}