Peter Keel schrieb:
- on the Wed, Dec 10, 2008 at 09:54:11AM +0100, Marc Hauswirth wrote:
After the presentation of "Netclean whitebox" at last Swinog meeting from Pascal Seeger and Grégoire Galland, we are pleased to announce that now two ISP in Switzerland are using it to filter their Internet access to block pedophile content.
The opposite of "good" is "good intent".
As said earlier, IMHO the authorities should purchase the system for all serviceproviders. This is not a matter of marketing, this is too serious.
http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
F.
Hi
Fredy Kuenzler schrieb:
Peter Keel schrieb:
- on the Wed, Dec 10, 2008 at 09:54:11AM +0100, Marc Hauswirth wrote:
block their Internet access to block pedophile content.
The opposite of "good" is "good intent".
As said earlier, IMHO the authorities should purchase the system for all serviceproviders. This is not a matter of marketing, this is too serious.
And a matter of responsibility. Everybody using it is responsible if it blocks the wrong content while everybody not using it is blamed for not doing anything.
And then there's that other question: Who is supervising the ones who write the filter lists? What can a small Swiss ISP do if some NGO in another part of the world isn't working carefully?
Regards Peter
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
Cheers, Markus
On Wednesday 10 December 2008, Markus Wild wrote:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
As far as I understand it from my desk, the box routes traffic for listed IP to itself and screens the contents on application level. "good" traffic it left and passed on, "bad" traffic is treated in an unknown manor (dorped, rerouted *don't know*). This is why it's an absoltely moronic idea to blacklist large sites like wikipedia...
One can clearly see what hapens is you route traffic for a website hosted on several hundreds of webservers through a tiny little screening frirewall sitting on a tiny little box. *lol*
have fun, Michi
Markus Wild schrieb:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
From http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Netclean Whitebox funktioniert zweistufig: 1. wird via BGP4 die Liste der verdächtigen IP Adressen in die Routingtabelle eingepflegt. Derzeit sind das um die 450 IP Adressen. Traffic von diesen Websites wird auf die Whitebox umgeleitet. Auf dieser erfolgt 2. die DNS resp. HTTP Inspection, und die Whitebox ist damit in der Lage, zwischen illegalem und harmlosen Inhalt zu unterscheiden, der sich zufällig an der selben IP Adresse befindet.
F.
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
----- Original Message ----
From: Fredy Kuenzler kuenzler@init7.net Cc: swinog@swinog.ch Sent: Wednesday, December 10, 2008 2:05:53 PM Subject: Re: [swinog] Netclean - news
Markus Wild schrieb:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
From http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Netclean Whitebox funktioniert zweistufig: 1. wird via BGP4 die Liste der verdächtigen IP Adressen in die Routingtabelle eingepflegt. Derzeit sind das um die 450 IP Adressen. Traffic von diesen Websites wird auf die Whitebox umgeleitet. Auf dieser erfolgt 2. die DNS resp. HTTP Inspection, und die Whitebox ist damit in der Lage, zwischen illegalem und harmlosen Inhalt zu unterscheiden, der sich zufällig an der selben IP Adresse befindet.
F.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
* on the Wed, Dec 10, 2008 at 05:17:54AM -0800, Stanislav Sinyagin wrote:
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
What a nice way to implement drive-by-injections.
Cheers Seegras
thought the same ... imagine someone hijacking the net of the blacklist server .... maybe listing then the unloved concuring company on the server ... or ddosing the server, in my oppinion with that we lessen the security of the internet.
Roger
- on the Wed, Dec 10, 2008 at 05:17:54AM -0800, Stanislav Sinyagin wrote:
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
What a nice way to implement drive-by-injections.
Cheers Seegras -- "Those who give up essential liberties for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin "It's also true that those who would give up privacy for security are likely to end up with neither." -- Bruce Schneier _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On Wed, Dec 10, 2008 at 2:17 PM, Stanislav Sinyagin ssinyagin@yahoo.comwrote:
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
Like economical/business "intelligence" (or lack of intelligence).
That's a bit the same problem with having that kind of development done in a private firm.
The private firm needs money. It may accept to built some backdoor way to inject some IP's in the BGP mesh for short duration to "tcp reassembly"/parse it etc. in the layer7 box (which is a linux box).
Worse, in every software shop I've been, adding a backdoor to a new development has always a "cool" (even if childish in reality) effects. Getting money in the pocket, too. (Solving the rest of this equation is left as an exercise to the reader :-)
So if the government want to push such a filtering, they will need to propose a completely open implementation to peer reviews, compiled, packaged and signed by a team of 5 - 10 peoples taken out of the community of network operators and end users.
cheers
Stanislav Sinyagin wrote:
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
if it's your box, no problem. "hacking" the box will be as difficult as hacking one of your BGP speaking routers. But, it won't be your box. I think it will be one from another "anti cyber crime" company with a lot of security holes and bugs :D
----- Original Message ----
From: Fredy Kuenzler kuenzler@init7.net Cc: swinog@swinog.ch Sent: Wednesday, December 10, 2008 2:05:53 PM Subject: Re: [swinog] Netclean - news
Markus Wild schrieb:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
From http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Netclean Whitebox funktioniert zweistufig: 1. wird via BGP4 die Liste der verdächtigen IP Adressen in die Routingtabelle eingepflegt. Derzeit sind das um die 450 IP Adressen. Traffic von diesen Websites wird auf die Whitebox umgeleitet. Auf dieser erfolgt 2. die DNS resp. HTTP Inspection, und die Whitebox ist damit in der Lage, zwischen illegalem und harmlosen Inhalt zu unterscheiden, der sich zufällig an der selben IP Adresse befindet.
F.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Anyone care to share their opinion on the following article about the McColo affair and the regulating of ISPs?
http://www.securityfocus.com/columnists/487
Regards, Michael -----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Marco Fretz Sent: 11 December 2008 09:01 To: Stanislav Sinyagin Cc: swinog@swinog.ch Subject: Re: [swinog] Netclean - news
Stanislav Sinyagin wrote:
What if a whitebox is hacked, and the intruder can inject new IP addresses and get the hold of traffic content? There's a lot of things one could do with that...
if it's your box, no problem. "hacking" the box will be as difficult as hacking one of your BGP speaking routers. But, it won't be your box. I think it will be one from another "anti cyber crime" company with a lot of security holes and bugs :D
----- Original Message ----
From: Fredy Kuenzler kuenzler@init7.net Cc: swinog@swinog.ch Sent: Wednesday, December 10, 2008 2:05:53 PM Subject: Re: [swinog] Netclean - news
Markus Wild schrieb:
Excuse my ignorance, since I didn't make it to last SWINOG... the description on their web site implies the system is using BGP to distribute the black list. Assuming this just distributes IP addresses of web servers hosting questionable content, by blocking those, will that not block content of ALL hostings hosted on that IP address? What about hosters who also host other services on that IP address, like perhaps DNS and mail services? I recall a time where an email RBL was implemented using BGP blackholing, and we can into exactly those problems...
From http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Netclean Whitebox funktioniert zweistufig: 1. wird via BGP4 die Liste der verdächtigen IP Adressen in die Routingtabelle eingepflegt. Derzeit sind das um die 450 IP Adressen. Traffic von diesen Websites wird auf die Whitebox umgeleitet. Auf dieser erfolgt 2. die DNS resp. HTTP Inspection, und die Whitebox ist damit in der Lage, zwischen illegalem und harmlosen Inhalt zu unterscheiden, der sich zufällig an der selben IP Adresse befindet.
F.
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
* on the Thu, Dec 11, 2008 at 01:48:39PM +0100, Michael Krygier wrote:
Anyone care to share their opinion on the following article about the McColo affair and the regulating of ISPs?
He's underestimating the level of cooperation ISPs already exert. McColo precisely got hung up upon because of that sort of cooperation.
And whereas the CNC-infrastructure of a botnet is clearly the easiest point to attack, it won't really destroy the botnet, it only will make the botnet-herders loose control over their botnet. The real problem lies elsewhere, not in ISP-space.
Cheers Seegras
However, as one the problem is the end-user out there, that's also something quite hard to deal with. We have not been able to " fix " every user, and I guess we won't be able to do that.
So affecting where we can isn't that bad, even if it's not the best way to do it.
Will
Peter Keel wrote:
And whereas the CNC-infrastructure of a botnet is clearly the easiest point to attack, it won't really destroy the botnet, it only will make the botnet-herders loose control over their botnet. The real problem lies elsewhere, not in ISP-space.
Cheers Seegras
Let me see... so I'm building a resiliant network with resiliant upstreams, just to have a single box as a bottleneck for a list of addresses that is not maintained by me or at least a Swiss authority following Swiss laws (and includes a country such as the UK that is infamous for being extremely conservative in all "moral" issues, and just loves to watch over its citicens with a mentality that would just create a public outcry if the government tried to do that over here, see full-scale cctv-covering of major cities). Homeland security here we come...
Also, attracting external traffic to an internal server will require some ugly hacks to actually then pass the traffic on to the real site, probably involving some odd tunneling to one of the gateways (resiliance?), reducing MTU and increasing latency. I am not thrilled...
Cheers, Markus
My Opinion:
Censuring is dangerous and legally challenging. You either do it all and take responsibility for all your decisions or you do nothing and say you are not in control. Censuring under control of someone else basically means you can be blamed for results you don't have under your control. This sounds like a ticking time bomb.
Just as an example: UK Government has confiscated assets from Icelandic banks (to protect the investment UK people have done in Icelandic savings funds which went belly up) by using the AntiTerror law as the ground of the claim! What if one day, they decide to block www.ubs.com because too many UK customers use it for money laundry as example? It could be totally legal from a UK perspective and totally illegal from a swiss perspective and would have a severe effect for your customers.
You're playing with fire here...
On 10.12.2008, at 15:17, Markus Wild wrote:
Let me see... so I'm building a resiliant network with resiliant upstreams, just to have a single box as a bottleneck for a list of addresses that is not maintained by me or at least a Swiss authority following Swiss laws (and includes a country such as the UK that is infamous for being extremely conservative in all "moral" issues, and just loves to watch over its citicens with a mentality that would just create a public outcry if the government tried to do that over here, see full-scale cctv-covering of major cities). Homeland security here we come...
Also, attracting external traffic to an internal server will require some ugly hacks to actually then pass the traffic on to the real site, probably involving some odd tunneling to one of the gateways (resiliance?), reducing MTU and increasing latency. I am not thrilled...
Cheers, Markus
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Andreas Fink
Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf
--------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333
http://a-fink.blogspot.com/ A developers view about iPhone SDK
Zusammen,
I quote:
@ Andreas
...by using the AntiTerror law...
Please Pony up the clause invoked in this piece of legislation so that we can observe the context of it - if any. Whatever legislation they used is not important, it protected a large amount of municipal UK assets. I wouldn¹t want my money gone with the wind just because you don¹t think it¹s right and proper!
What if one day, they decide to block www.ubs.com http://www.ubs.com
because too many UK customers use it for money laundry as example?
Sounds perfectly reasonable. This is not censorship of ones¹ right to be. This is an example of criminality and the onus would be on UBS et al to negate it. And the Swiss Government would take action in all probability long before that came about.
@ Markus
...Homeland security here we come...
The social ill¹s seen as endemic in many cities across it (UK) are brought about by weakened schooling, a distinct lack of self-discipline and a propensity for binge-drinking, wanton vandalism, bodily harm and kebabs each and every Friday through Sunday. But recent Government (last 20 years or so) have been unable to deal with it effectively for many, many reasons.
The direct consequence of this has seen CCTV attempt to tackle the problem, rightly or wrongly. The Egg came before the Chicken in this case. But, of course, the camera¹s shall stay no matter what.
We discussed this for a while this afternoon in the SP NOC and the understanding was that many casual users of paedophilia, though not the tech-savvy harder-core, would, in all probability, be deterred by DNS re-direction to local-host or another site stating ³SRC IP logged² etc. Simple to implement and probably largely effective.
I don¹t have a problem with any technology that blocks objectionable material that is non-consensual to the overriding majority. It serves no useful purpose and does not infringe my right to be.
On 10/12/2008 15:54, "Andreas Fink" afink@list.fink.org wrote:
My Opinion:
Censuring is dangerous and legally challenging. You either do it all and take responsibility for all your decisions or you do nothing and say you are not in control. Censuring under control of someone else basically means you can be blamed for results you don't have under your control. This sounds like a ticking time bomb.
Just as an example: UK Government has confiscated assets from Icelandic banks (to protect the investment UK people have done in Icelandic savings funds which went belly up) by using the AntiTerror law as the ground of the claim! What if one day, they decide to block www.ubs.com http://www.ubs.com because too many UK customers use it for money laundry as example? It could be totally legal from a UK perspective and totally illegal from a swiss perspective and would have a severe effect for your customers.
You're playing with fire here...
On 10.12.2008, at 15:17, Markus Wild wrote:
Let me see... so I'm building a resiliant network with resiliant upstreams, just to have a single box as a bottleneck for a list of addresses that is not maintained by me or at least a Swiss authority following Swiss laws (and includes a country such as the UK that is infamous for being extremely conservative in all "moral" issues, and just loves to watch over its citicens with a mentality that would just create a public outcry if the government tried to do that over here, see full-scale cctv-covering of major cities). Homeland security here we come...
Also, attracting external traffic to an internal server will require some ugly hacks to actually then pass the traffic on to the real site, probably involving some odd tunneling to one of the gateways (resiliance?), reducing MTU and increasing latency. I am not thrilled...
Cheers, Markus
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Andreas Fink
Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf
Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org www.finkconsulting.com http://www.finkconsulting.com www.global-networks.ch www.bebbicell.ch
ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333
http://a-fink.blogspot.com/ A developers view about iPhone SDK
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On Wednesday 10. December 2008, Chris Gravell wrote:
Sounds perfectly reasonable. This is not censorship of ones¹ right to be. This is an example of criminality and the onus would be on UBS et al to negate it.
What a new way of interpreting "justice". The acused has to proove its innocence...
.oO(isn't that the general appearance of censorship and totalitarian regimes?)
No further comments...
Michi
i remember 25 years agow i asked an ptt guy, in front of 100 listeners .. why the hell the cellphone net (a +b) is not at least a bit encrypted ? this way everyone could follow the conversation... his answer was: there is a simple solution ... its forbidden to use an receiver on those frequency, he should teach us law and regulation...
... it just came to my mind .. sorry to been offtopic
On Wednesday 10. December 2008, Chris Gravell wrote:
Sounds perfectly reasonable. This is not censorship of ones¹ right to be. This is an example of criminality and the onus would be on UBS et al to negate it.
What a new way of interpreting "justice". The acused has to proove its innocence...
.oO(isn't that the general appearance of censorship and totalitarian regimes?)
No further comments...
Michi
George Orwell was an optimist. _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On Wed, Dec 10, 2008 at 20:00, Chris Gravell cgravell@hotmail.com wrote:
I don't have a problem with any technology that blocks objectionable material that is non-consensual to the overriding majority. It serves no useful purpose and does not infringe my right to be.
First, there's a right to free speech (http://www.un.org/Overview/rights.html, Nr. 19). Because the block list is not public, it impossible to identify whether the problem is a server that is down and/or misconfigured, or if there is censorship going on.
The road to hell is paved with good intentions, and this is one of them.
Another part is that they aren't solving the problem, much less even trying to do so. Why block access to child porn sites?
You can just take them down, have the people responsible arrested and there's no need for complicated technical solutions to a social problem. Of course that'd probably mean that they'd actually have to do some work, instead of giving the work to someone else.
Of course, people like you really like to focus on the child porn aspect, mostly because it marks everyone who disagrees with you as a potential rapist. Fact is that this technical solution can't even begin to fix that problem, but creates many others - like the oppression of opinions not liked by the Internet Watch Foundation or similar organizations.
Fredy Kuenzler schrieb:
From http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Netclean Whitebox funktioniert zweistufig: 1. wird via BGP4 die Liste der verdächtigen IP Adressen in die Routingtabelle eingepflegt. Derzeit sind das um die 450 IP Adressen. Traffic von diesen Websites wird auf die Whitebox umgeleitet. Auf dieser erfolgt 2. die DNS resp. HTTP Inspection, und die Whitebox ist damit in der Lage, zwischen illegalem und harmlosen Inhalt zu unterscheiden, der sich zufällig an der selben IP Adresse befindet.
So it works kind of like eg Arbor Networks' DDoS protection mechanism (redirect some traffic using BGP, deep packet inspection after packet reassembly), coupled with data from an "uncontrollable" source (which is generally believed to be some sinister government agency infiltrated by oppressive political regimes).
It's interesting it took so long for commercial products to appear for the technically obvious solution.
It will be interesting to see how fast well-meaning politicians and paranoid pseudo police-men will want to filter all that nasty illegal music from the net. And how long it will be before such machinery is mandatory for all ISPs.
The excuse that there is no technical solution is gone - it was a lie all along the way, and most techies knew. Now it's time to face the consequences.
-- Matthias
On Wed, Dec 10, 2008 at 10:36 PM, Matthias Leisi matthias@leisi.net wrote:
It will be interesting to see how fast well-meaning politicians and paranoid pseudo police-men will want to filter all that nasty illegal music from the net.
Fully agree.
And how long it will be before such machinery is mandatory for all ISPs.
The excuse that there is no technical solution is gone - it was a lie all along the way, and most techies knew.
Hmm it's not a lightly engineered solution. it was not an obvious one.
And how long it will be before such machinery is mandatory for all ISPs.
The excuse that there is no technical solution is gone - it was a lie all along the way, and most techies knew.
Hmm it's not a lightly engineered solution. it was not an obvious one.
One thing to consider is that there are people out there who are ISP's just for a bunch of people or for people outside Switzerland. So I'm not too sure what the solution costs but I'm sure its not available for free. I assume its around 10k at least. Today this solution is easily "affordable" for the big guys but still expensive for the smaller ones (but I assume not out of reach as it was assumed).
Tomorrow they want to filter google for the search keyword "child porn" etc. Now go figure how many requests then will go through the box...!
The day after, the government thinks its smart and we should go one step further and start filtering videostreams by using a box which looks at the content. Then such a solution will start to cost 100'000's of francs (at least once its invented). And down goes the deadly spiral. Someone pays the bill. Always.
If we give in to such matters, it means we will be asked more and more because everyone thinks its so easy to do technically. But that's not the point.
Blocking the sites won't bring the effect compared to the cost to the economy. Think of this: we sure have more than 40 ISP's in Switzerland. Assuming the box costs 10'000 CHF (and thats a pure guess), the cost to the swiss economy is 400'000 CHF (someone pays for it and I believe its going to be the end user at the end). Not even including the cost of maintaining it. For that amount you can send out quite a few policemen to take down child porn sites at the other end of the world which would be way more effective.
The law doesn't allow us to wiretap and intercept. So lets not start burning our fingers with something which does exactly that . The human rights of free speech should be hold high even in the fact that "someone" might stumble on.
One thing which would be interesting to hear is how many requests do such site actively block today? How many people have been prevented from seeing nasty content? What has this saved Switzerland that those people did not see the content? Is this bigger than the cost?
Frankly, since the 15 years I'm using the internet, there has not been a single time where I stumbled on to child porn, and if I would, it would take me 0.5 seconds to realize and go away. This was probably because I was not actively looking for it. So for me (taking the hat of a a normal typical user now), such a solution would bring zero value. The value might more be negative because there's the danger that something might get blocked by mistake.
The key question is who do you want to protect and from what?
The child porn lover wont be "protected". You might make him more angry maybe, but it wont change his intention. He might even go and rape real children instead because he can't do it in virtuality. Everybody else with a normal moral sense who would see such content would either close the window immediately and/or call the police to take down the publisher.
Closing your eyes in front of a problem wont solve the problem. Its like selling sunglasses to protect your skin at the beach.
Andreas Fink
Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG IceCell ehf
--------------------------------------------------------------- Tel: +41-61-6666330 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: andreas@fink.org www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --------------------------------------------------------------- ICQ: 8239353 MSN: msn1@gni.ch AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333
http://a-fink.blogspot.com/ A developers view about iPhone SDK
On Wed, Dec 10, 2008 at 11:17 AM, Fredy Kuenzler kuenzler@init7.net wrote:
Peter Keel schrieb:
- on the Wed, Dec 10, 2008 at 09:54:11AM +0100, Marc Hauswirth wrote:
After the presentation of "Netclean whitebox" at last Swinog meeting from Pascal Seeger and Grégoire Galland, we are pleased to announce that now two ISP in Switzerland are using it to filter their Internet access to block pedophile content.
The opposite of "good" is "good intent".
As said earlier, IMHO the authorities should purchase the system for all serviceproviders. This is not a matter of marketing, this is too serious.
http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
F.
Also, make available a 100% open implementation that ISP may look into and then trust.
(You have quiet a lot of power when biasing the flow of traffic in your routing mesh to go thru a layer7 box - potentially dangerous if it falls in the wrong hands).
Z.
Am Mittwoch, 10. Dezember 2008 11:17 schrieb Fredy Kuenzler:
Peter Keel schrieb:
- on the Wed, Dec 10, 2008 at 09:54:11AM +0100, Marc Hauswirth
wrote:
After the presentation of "Netclean whitebox" at last Swinog meeting from Pascal Seeger and Grégoire Galland, we are pleased to announce that now two ISP in Switzerland are using it to filter their Internet access to block pedophile content.
The opposite of "good" is "good intent".
As said earlier, IMHO the authorities should purchase the system for all serviceproviders.
Why should they? They better invest that money into something usefull, like education, or they could lower the taxes.
This is not a matter of marketing, this is too serious.
Too serious? Everybody really interested in that stuff will still be able to get it using p2p filesharing (freenet for example supports a darknet mode which allows you to create closed groups with encrypted connections and encrpyted data storage). Everybody else will never see such content. I've seen a lot of legal porn advertisement when searching for technical information on the net, but never any single illegal picture.
Like others have mentioned, there are the usual problems of zensorship: You can't check if only bad stuff is being zensored (well, I think nobody of us would want to see that content anyway), it could be used to censor other content (like in that case: http://www.heise.de/newsticker/Schweizer-Richter-ordnet-erneut-Website-Sperr...). The providers of illegal content are always faster creating new sites then the zensors updating their blocking list.
Today we are blaming China for their "great firewall". Tomorrow they will tell us they are doing the same thing we are doing - blocking access to content which is illegal by law.
Btw: It is interesting that the press release doesn't name which providers are using that WhiteBox. If it is really that great, why don't they say who is using it?
Greetings, Peter
Am Mittwoch, den 10.12.2008, 22:10 +0100 schrieb Peter Rohrer:
Btw: It is interesting that the press release doesn't name which providers are using that WhiteBox. If it is really that great, why don't they say who is using it?
For me, this would be a reason to change the provider.
I see this like another example of fighting evil at the wrong end. Of course it is important to fight such content but is filtering websites the right method ? I don't think so.
Let be realistic, how many ISPs worldwide are gonna deploy a Whitebox ? Filtering locally simply means stopping end users to access illegal sites. Ok, but the sites are still there and everybody else will still have access ! What do we wanna fight ? The access to illegal content or the publishing of them ? Just because some ISPs will filter-out those sites will not reduce the amount of kids being abused. What is worser ? Someone looking at kids being abused or someone who abuse them ?
I see already Netclean press releases claiming the big success as the list of sites will increase, as at the same time, the guys who manage those sites will not notice any decrease in hits...
The Netclean solution is better than nothing but definitely this is not gonna make the difference.
Daniele
Filtering locally simply means stopping end users to access illegal sites. Ok, but the sites are still there and everybody else will still have access !
Yes, but i'm sure that the 'local' netclean box can log IPs of people who attempted to access such illegal sites (such as Wikipedia) So whenever your goverment goes into
get_some_good_press(pretend_to_protect_kids());
mode, punishing people will be much easier than before.
Just because some ISPs will filter-out those sites will not reduce the amount of kids being abused.
I agree. They should punish people who:
- Produce such content - Pay for such content
...but starting to block random sites is just silly: It didn't work when they started to use DNS and it won't work this time either...
Regards, Adrian
Hello Fredy, list,
Fredy Kuenzler [Wed, Dec 10, 2008 at 11:17:25AM +0100]:
Peter Keel schrieb:
- on the Wed, Dec 10, 2008 at 09:54:11AM +0100, Marc Hauswirth wrote:
After the presentation of "Netclean whitebox" at last Swinog meeting from Pascal Seeger and Grégoire Galland, we are pleased to announce that now two ISP in Switzerland are using it to filter their Internet access to block pedophile content.
The opposite of "good" is "good intent".
As said earlier, IMHO the authorities should purchase the system for all serviceproviders. This is not a matter of marketing, this is too serious.
http://www.blogg.ch/index.php?/archives/785-Netclean-Whitebox-effektive-Meth...
Thank you for the nice explanation. As you know, I pretty much respect you, but in this case I absolutely cannot agree with you.
Imho, any ISP should refuse with all power it has to even install such a global filtering mechanism into his network.
We all know that the topics change (child porn, nazis, terrorism, copyrighted data, unwanted politics, hacking, crypted data, your site) (maybe even in that order), as time goes on.
So what you propose is a central administrated filtering mechanism, which is one of the worst things that can happen.
Just thing of RIAA or chinese government controlling (as in "political influence") those boxes.
I personally will propose every ISP that implements that strategy for the BigBrotherAward, killing the last freedom in the internet.
Nico
-
Adrian Ulrich -
Andre Timmermann -
Andreas Fink -
Chris Gravell -
Daniele Guazzoni -
Fredy Kuenzler -
Lukas Beeler -
Marco Fretz -
Markus Wild -
Matthias Leisi -
Michael Krygier -
Michael Naef -
Nico -telmich- Schottelius -
Peter Guhl -
Peter Keel -
Peter Rohrer -
roger@mgz.ch -
Stanislav Sinyagin -
Will van Gulik -
Zorg 421