Hundreds of Sites Blocked By Canadian ISP 302
An anonymous reader writes "Last week Slashdot reported on the blockage
of a union website by Telus, a leading Canadian ISP. Since
that story, the company has restored access but the fallout
continues. The move may lead to new
ISP regulations in Canada and a study
by the OpenNet Initiative has found that by blocking the union
site, Telus also blocked an additional 766 websites including a breast
cancer fundraising site." From the article: "While there are a number of different ways to block access to Web
sites, the method Telus chose to block the Voices for Change site --
blocking its IP address -- produced massive collateral filtering.
Filtering by IP address is efficient since ISPs can quickly and
effectively block access to the target site using their existing routing
technology. Many ISPs already block certain IP addresses to combat
spam and viruses. Large networks, like Telus, have mechanisms in
place to block IP addresses almost instantaneously, simply by
updating their routers with a "block list" of addresses.
However, it is common for many different, unrelated Web sites to
share the same IP address."
If they want to do that its fine (Score:3, Insightful)
but expect to be sued for providing access to childporn, illegal software, coprighted material, terrorist training manuals, political sites, communists, bomb making equipment
slippery slope egh ? see you in the next RIAA lawsuit !!
Re:If they want to do that its fine (Score:2, Insightful)
Re:If they want to do that its fine (Score:3, Insightful)
It's like the hacker/cracker thing that comes up on Slashdot all the time. You know, that's great that you guys don't like that hacker is associated with taking down systems. Doesn't change t
Re:If they want to do that its fine (Score:2)
Re:If they want to do that its fine (Score:2)
OT: Geography lesson (Score:3, Insightful)
America has three subcontinents: North -, South -, and Central America.
North and South America aren't separated by sea, only by an ARTIFICIAL cannal in Panama.
Eurasia has subcontinents: Europe and Asia.
Asia is not considered a subcontinent as a matter of fact, being "the central and eastern part of the continent of Eurasia, defined by subtracting the European peninsula from Eurasia", according to wikipedia; it's further subdivided in various reg
Re:If they want to do that its fine (Score:2, Interesting)
Re:If they want to do that its fine (Score:4, Interesting)
Besides can an ISP check on what you send without violating the law on privacy (the one that makes it illegal to read other peoples mail)?
IMO an ISP can't be held resposible for a email or file transfered. However they can be held responsible if they, after being notified by other people or an authority, don't stop a certain person from continuing sending harmfull mails or don't remove illegal content from their webspace.
Just my 2 cents.
DMCA (Score:5, Informative)
I don't know if this is something that applies to Canada as well. But it's be biggest reasons why ISP's in USA will not filter or control access to parts of the internet based on content. The end user has the option to filter, but it must be controlled by that user, not the ISP.
Re:If they want to do that its fine (Score:2)
Email is not considered "private" communications. Traditionally it would sent as clear text. If you made reading it illegal than any packet sniffer would be illegal.
Laws on private electronic communications have not kept up. The problem is the balance of what should be protected by law vs freedom.
Try to mail some marijuana leaves/seeds... (Score:2)
i'm confused.... (Score:2, Interesting)
It is?
Re:i'm confused.... (Score:2, Informative)
Re:i'm confused.... (Score:4, Informative)
Re:i'm confused.... (Score:2)
Re:i'm confused.... (Score:2)
Ever heard about http proxy servers and transparant proxying?
In case of http its really easy since the tools for doing it are readily available and have been for a long time.
Re:i'm confused.... (Score:2)
In short, of course the parent's heard of a proxy. Of course it's easy *to set up* and the tools are available. Now, build me one that can handle multiple OC-48 pipes without slowing down traffic and won't piss off paying customers by caching pages with old information (such as pages that a web designer is working on, or cnn.com).
Not so e
Re:i'm confused.... (Score:2)
Definitely, but cost != technically difficult.
In short, of course the parent's heard of a proxy. Of course it's easy *to set up* and the tools are available. Now, build me one that can handle multiple OC-48 pipes without slowing down traffic
I have setup such things using a cluster of proxy servers. it will cost you a bit, but it is not tech
Re:i'm confused.... (Score:2)
I realize that this isn't going to block the site for 100% of the people, but I would wager that the same people who could defeat this system, could defeat the layer 7 firewall as well.
Re:i'm confused.... (Score:2)
Note that SSL doesn't give much of a problem here Yes, the data (including the headers) is encrypted, but you can only have one SSL certificate per IP address (per port). I forgot the technical reason, but it seems silly that they haven't come up with a workaround yet.
Re:i'm confused.... (Score:2)
1) Open socket to ip address and port.
2) Send HTTP request, including the Host: header.
3) Get response.
Here's what happens when SSL gets added.
1) Open socket.
2) Negotiate SSL, including verifying the certificate, which contains the host name. If it doesn't match, fail.
3) Send HTTP request, including the Host: header.
4) Get response.
Unless you want to replace every browser out there, along with every web server, to enable a new STARTTLS-enabled HTTP/2.
Re:i'm confused.... (Score:2)
Open socket
Apache whines then picks the first vhost matching this hostname:port and loads its certificate.
Client matches cert against hostname
SSL is negotiated
Client sends request including hostname
Apache picks the by-name vhost matching the hostname given, and the transaction continues.
Re:Paul Graham's Example (Score:2)
Re:i'm confused.... (Score:2)
> It is?
Surely you didn't think that for $30 a month Hostway was giving you your own box, did you?
Re:i'm confused.... (Score:2)
It's not that far off. For $45 a month you can get a dedicated server [layeredtech.com] if you pre-pay for a year.
Re:i'm confused.... (Score:2)
Re:i'm confused.... (Score:5, Informative)
Re:i'm confused.... (Score:2)
That's interesting. I'm sure many people who aren't familiar with the inner workings of the net (myself included) are surprised. The attitude of one website, one IP address seems to pretty prevalant. Take this tool [mozilla.org], for instance, that shows the IP address of any website.
So, I suppose that visiting any one of these addresses should show the same address, right? Thanks again for your helpful explanation! -- Paul
Re:i'm confused.... (Score:2)
Take this tool, for instance, that shows the IP address of any website.
All websites have at least one IP address. Not all websites have a unique IP address, however.
Re:i'm confused.... (Score:3, Informative)
From the Apache WebSite.
http://httpd.apache.org/docs/2.0/vhosts/name-based
IP-based virtual hosts use the IP address of the connection to determine the correct virtual host to serve. Therefore you need to have a separate IP address for each host. With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. Using this technique, many different hosts can share the same IP address.
Name-based virtual hosting is usually simpler, since you nee
Re:i'm confused.... (Score:2)
If you say I want 20 IP addresses because I want to run 20 websites, the issuing authority will turn you down flat. So you pretty much _have_ to do virtual hosting.
Re:i'm confused.... (Score:2)
Without HTTP 1.1 and the Host header, you could just bind multiple IPs to a single machine.
Yes, but I believe your limit with hard IPs is 256 (IIRC). With host headers, your only real limit is the robustness of your hardware and the size of your pipe (although with Apache, at least, if you want more than 2048 hosts, you do have to redefine the HARD_SERVER_LIMIT in src/include/httpd.h, and then recompile...again, IIRC).
Re:i'm confused.... (Score:2)
Theoretically, the number of IPs is limited by the size of your subnet(s), but that's it. You could have two IPs available or two hundred thousand.
Uh oh (Score:4, Interesting)
I'm certainly no legal expert, but this seems like it could open the floodgate for litigation. Maybe by the time the regulations arrive the market will have already corrected this problem?
Re: (Score:2)
Re:Uh oh (Score:2)
The data passes over their network, so they can do as they wish with routing it. they're not stealing it, they're just not completing the route.
Look at any dedicated service contract (T1's, ethernet, T3's etc) and you'll see lovely print saying they can do whatever they want.
You are connecting to their network- not the other way around... hence you are subject to the way they run their network..
-M
Illegal, reckles, and dangerous. (Score:5, Insightful)
From The OpenNet Initiative PDF:Clearly, Telus violated the Canadian Telecommunications Act by their heavy-handed disconnection of www.voices-for-change.com. This alone should be grounds for revocation of their license, but the incidental blocking of an additional 766 unrelated websites is even more reprehensible than their intended censorship.
Re:Illegal, reckles, and dangerous. (Score:4, Insightful)
Re:Illegal, reckles, and dangerous. (Score:2)
The common case is that they are blocking all access to a port for a class of customers. (And they say this in the contract any customer in that class has signed.)
There is no favoratism in that approach: Everyone is blocked, regardless of content, politics, etc. The service provider just does not provide service on that port. (And they don't claim to.) That would be legal.
Providing limited service, when you say
Telus and ports... 80 is blocked (Score:3, Informative)
Re:Illegal, reckles, and dangerous. (Score:3, Interesting)
Does the Canadian Telecommunications Act include ISPs as 'carriers'? Most legislation considering telecommunications and common carriers that I know of was written before the internet was as popular and vital as it is now.
Re:Illegal, reckles, and dangerous. (Score:2, Insightful)
Re:Illegal, reckles, and dangerous. (Score:2)
Exactly my point. Telus has clearly violated existing regultions...the authorities should be concentrating of enforcing those, rather than pointlessly re-legislating.
Re:Illegal, reckles, and dangerous. (Score:3, Informative)
Hope this helps.
Re:Illegal, reckles, and dangerous. (Score:4, Informative)
No, what the website was doing was posting pictures of Telus managers.
Thats obviously an intimidation tactic, possibly even dangerious.
Yes, and there are methods of dealing with that - like court injunctions.
I think if they felt the site posed a danger to their employees, their right to safety is more important then thier status as a carrier, collateral damage be damned.
Bullshit. If they *really* felt that the site posed a danger, then they could get an injunction in a matter of hours. It is the correct way to do this, and it would actually *WORK*, because it would affect everybody, rather than just Telus customers.
Re:Illegal, reckles, and dangerous. (Score:2)
If they had wanted to deal with this properly, they would have seaked an injuction. They didn't.
Re:Illegal, reckles, and dangerous. (Score:2, Insightful)
Back when Telus was British Columbia Telephone and Alberta General Telephone, the unions were separate and everybody got along fine-ish.
Now Telus(the merged result with new management) is trying to squeeze efficiency out of their existing infrastructure and lay off workers etc...
It's a union busting tactic to see if they can break the TWU (telecommunications Workers Union).
Re:Illegal, reckles, and dangerous. (Score:2, Insightful)
i'm glad... (Score:5, Funny)
Re:i'm glad... (Score:2)
The Computer knows that you don't want to worry about this and will ensure that anyone who disturbs your tranquility, including you, will be used as reactor shielding.
The Computer is your friend. Trust the Computer.
Public Outcry (Score:5, Insightful)
a) Force them to let everything through, but this means they can't block virus speading sites, etc
b) Only allow them to block what the regulators seem fit. Which puts what you see and can't see into the hands of beurocrats. This would cover all ISPs in Canada so you can't switch to one that does block stuff you want it to (Porn if you have little kids, etc.)
I personally prefer to let people hurt them in the wallet when they pull crap like this. Corporations take more notice when something hurts them in the wallet.
Re:Public Outcry (Score:3, Insightful)
Ah yes, the old government needs to get involved where the peopl have already solved the problem argument. The Canadian government doesn't need to do anything here. If Telus did violate a law on the books then the ONLY thing government should do is prosecute them, and that should come from the judicial part of the government, not the legislative part (I'm not sure exac
Re:Public Outcry (Score:2, Interesting)
And why should they? Blocking the spreading won't make the viruses go away. Plus, if I were a researcher or hobby virus analyser, I couldn't get to them anymore.
How about we get systems more secure so it wouldn't matter a single bit whether a site distributing some malware is reachable or not?
Wow (Score:5, Informative)
A buddy of mine is a desktop admin at Telus in Toronto (the strike is in Alberta and BC). That's a hell of a message to send to the rest of your employees: "We 'support' your right to strike, but we don't want your message to get out to the world."
And he thought he hated his job before the strike. Yow.
Re:Wow (Score:3, Informative)
As such the job action encompasses the entire Union, not just Alberta and BC how ever Telus has refused to provide the Union with the names of the employees in Eastern Canada.
Further, the job action is not actually a strike. Union members in BC and Northern Alberta were locked out of their jobs in an act initiated by Telus creating a 'Lock Out' and not a 'Strike'
Re:Wow (Score:3, Interesting)
A few years ago, Telus offered me a job, at 3x what I make now.
I told them to get stuffed.
The problem with Telus is that they grew out of a government department, with a government-mandated monopoly. They got spun off as an independant company 15 years ago, but still think and act like they're a government monopoly.
And the moral of the story is... (Score:2, Interesting)
Not lazy; only choice (Score:2, Insightful)
It's unfortunate that the virtual hosting got nailed by it but if their decision (a bad one, the PR in Canada right now is horrible) was to block it, that
Nothing new (Score:3, Informative)
Worse still, 'black-list' blocks not JUST only the IP, but entire subnets or IP ranges...you spend a whole friggen day debugging your network-router-firewall setup and spend the rest of the week arguing with your ISP about who's fault it is.
Solutions:
ifconfig
change MAC address? - an option, as 'most' routers can 'spoof' MAC addresses.
Legal Precedent (Score:2)
"Yeah, so like give us our free beer, eh."
"You want free beer? Go to the brewery. Now get outta here before I put the two of YOU in a bottle."
On that good 'ole Canadian Criminal Code.
(Special thanks to Bob & Doug [imdb.com])
Goodbye Telus, Hello Shaw (Score:3, Interesting)
Re:Goodbye Telus, Hello Shaw (Score:2)
Re:Goodbye Telus, Hello Shaw (Score:2)
Re:Goodbye Telus, Hello Shaw (Score:2)
Re:Goodbye Telus, Hello Shaw (Score:2)
Re:Goodbye Telus, Hello Shaw (Score:2)
Re:Goodbye Telus, Hello Shaw (Score:2)
Re:Goodbye Telus, Hello Shaw (Score:2)
And then there's DynIP. (Score:2)
What if yourHost.site.tld is given an IP address that is 'banned' as belonging to undesirables?
I long for the good ole' days... (Score:4, Funny)
Corporations Replacing Governments (Score:3, Interesting)
But seeing more and more such news today, it happens to me that, are we in the midst of this change?
In China, the government censors you, in Canada and Australia, the ISP censors you!
QOS Regulations Yes! (Score:2, Insightful)
The behaviour of Telus is outrageous and is probably a VERY SMALL tip on a MASSIVE iceberg.
As more and more services fight for consumer's internet pipe they should have protection against bad service and questionable tactics.
Don't cry for telus employees (Score:3, Insightful)
PS: The website was blocked after Telus found that their striking workers where taking pictures of employees who were crossing the picket line for the purpose of later harrasing those said employees. In my opinion both parties are equally at fault for the nice mess they cooked up.
Re:Don't cry for telus employees (Score:3, Insightful)
Re:Don't cry for telus employees (Score:3, Interesting)
I did not see any "pictures of employees who were crossing the picket line for the purpose of later harrasing those said employees."
As to the other claims, so far the only corroborat
Contact the CRTC about this (Score:3, Informative)
There's a five-step form, and they'll refer the complaint. For a quick cut-and-paste snippet, go to the following:
Please be advised that Telus Corporation may be in violation of the Telecommunications Act, Section 36. Please see http://www.crtc.gc.ca/RapidsCCM/Register.asp?lang
Oops...this one... (Score:2)
Re:Contact the CRTC about this (Score:2)
FOX NEWS INTERNET (Score:3, Interesting)
AOL is a good example of this, but I have found censorship to be a big problem with a few other cheap internet providers.
In college, I think I was trying compuserve, but they blocked lots of sites. With them, I could not do political research for my sociology class at home. I
Telus ethics (Score:5, Informative)
How can they possibly claim that they took an ethical approach when they unilaterally terminated access to a website that depicted Telus in an unfavorable light. Whether the site in question was violating other contractual obligations or law is independent of the actions of Telus.
" Fellow TELUS team members:
Central to TELUS' purpose is to make the future friendly for our stakeholders. One of the critical elements in realizing this ambition is to ensure our individual and collective reputation is above reproach. How we work is just as important as what we do. Our goal is to demonstrate the highest level of ethics and integrity in our business dealings with all stakeholders (customers, shareholders, suppliers, colleagues, community). This is a corporate priority and a shared responsibility for all TELUS team members as each one of our actions and decisions affect our company and its reputation."
A little slanted (Score:2)
Don't get me wrong, Telus is clearly stark raving mad with nuts on top, but maybe with not quite as nuts as the summary indicates. The settlement includes reference to voices for change removing threatening and revealing information (which we can't judge the merit of, since the information's been removed). Telus clearly has at least
Telus banning access to Voices-for-change (Score:2, Insightful)
The voices for change website was publicly posting pictures of telus employees, management and Union employees that crossed the picket lines, putting their saftey at risk. If you have not noticed, the union in BC can be pretty militant, so yes Telus Banned access to the website until they were able to get a court order to have the website admin remove the pictures, onc
Missing comments (Score:2)
I WANT A LAWSUIT (Score:4, Interesting)
Please post a reply to this message if you know of a class-action lawsuit against Telus for IP blocking.
Re:I WANT A LAWSUIT (Score:3, Insightful)
That's all beside the point.
Access to that which is legal must be made available. It is not Telus' role to act as judge and jury.
There is simply no other practical option.
As an aside:
Telus did not stop access to the site. It simply made it damn difficult for me, having paid them to provide me access to all tha
Re:Hypocrisy in action. (Score:3, Interesting)
If they had gotten the permission of the Canadian Radio-Television and Telecommunications Commission, then you would be correct. Though i suspect that even if they did this the legal way, it would cause bad PR anydangway!
Re:Hypocrisy in action. (Score:5, Insightful)
Collateral damage happens, like it or not.
No, it doesn't. Collateral damage happens when the sysadmin is question is lazy and/or ignorant. It would have been easy to block access to only www.voices-for-change.com, and no others, but instead they chose to block the entire IP address. Either they wanted to pass the blockage off as an accidental outage (and failed) or the sysadmin just couldn't be bothered to do the extra work, and just blocked an entire IP in the router. Either way, it's despicable.
Re:Hypocrisy in action. (Score:5, Informative)
I used to work for a national NSP and during my tenure there we developed a few ways to block IP's despite the fact that half the linecards in our network didn't support packet filtering.
The best way to do this was with a global null route. We'd add a route on all the routers pointing one of our unused IPs to the null0 interface. Then we ran a "null route server" where anything we wanted to block was routed to that IP address (causing all traffic to it to get blocked at the entry point, rather than routed through the network)
We used these measures exclusively for spammers and for large DOS attacks. (For DOS attacks it was less effective because you actually had to block the victim instead of the source, but it was better than nothing)
The point behind this is, many times we had virtual hosting providers call us up and tell us we'd blocked thousands of sites, some even went on to name names. We told them to get the spammer off their server before service would be restored.
This is the normal policy of most ISPs. No Collateral damage involved, you violated the terms of service and I'm sorry your business revolves around the idea of putting a thousand customers on one point of failure.
Now, I'm not saying this is what Telus did. I'm saying this is what they probably did and you guys are jumping to conclusions. The fact is, from a router standpoint it's extrodinarly hard to block "www.example.com" without doing it by IP address.
Re:Hypocrisy in action. (Score:2)
Re:Hypocrisy in action. (Score:2)
However, they blocked it on the backbone, which not only serves TELUS users but people that peer with TELUS. So in essence, it was more then just TELUS users being affected by it.
Re:Hypocrisy in action. (Score:5, Informative)
Re: (Score:2, Insightful)
Re:Hypocrisy in action. (Score:2)
Unfortunately, that's not the case.
Re:Hypocrisy in action. (Score:2, Insightful)
Re:Hypocrisy in action. (Score:4, Insightful)
Re:the ultimate hypocrisy of slashdot (Score:3, Interesting)
the ultimate flawed argument (Score:3, Interesting)
So let me get this straight...you're comparing the behavior of an ISP, who is required by law to not impede access to the websites it hosts, to the behavior of a private website, who is under no such requirement.
Your argument is rather like saying since the city cannot ban people from driving down a street for no good reason, then it necessarily follows that these same people must be allowed unfettered access to the private residences on that street.
Next time, think before you post.
Re:the ultimate flawed argument (Score:2)
You know, that actually works, if you extend it to the situation as it actually was. Say, you own one of these houses on a street, and you are involved in a dispute with the city about something, and people were meeting at your house to discuss what to do about the dis
Re:Peoples Republic of Canada (Score:2)
uh, Telus is a corporation, not the gov't.
Re:bad move by telus (Score:2)