W3C.org Briefly Censored In Finland 115
k33l0r writes "The web site of W3C, w3.org or w3c.org, was briefly censored (Google Translation) by at least some of the local ISPs. For an unknown reason the URL was mistakenly entered into the Federal Police's censor database. Some of the Finnish ISPs use the database to filter out questionable content such as child pornography."
Finnish online activist Matti Nikki describes some of the problems with this database-based censorship.
Blacklists suck. (Score:1, Informative)
This isn't news. Legitimate sites ending up on blacklists is normal. It happens all the time. Might as well report that the sun rises in the morning.
Easy to circumvent: (Score:5, Informative)
Effi: Finnish police censors a critic of censorship [effi.org]
This shows that they are using DNS based filtering. Very easy to get around, run your own DNS servers and bypass your ISP's DNS servers alltogether.
Human translation (Score:5, Informative)
Sorry for the bad quality, it is 5 AM in Finland, and I'm very tired. But I bet I can still beat Google's translation service.
W3C's site on Finnish censorship list
(Updated on 27/9/08 at 19:31: DNA wasn't the only operator affected by the censorship.)
Customers of telecom operator DNA were unable to access the web server of World Wide Web Consortium (W3C), an organisation developing web standards, on Friday evening and early Saturday, because the address of the site had erroneously became included on the censorship list of National Bureau of Investigation.
Many readers of Tietokone magazine informed us late Friday evening and early Saturday that a police information page was opened instead of www.w3.org. The information page says that the target page includes child pornography. The problem was fixed on early Saturday, and currently DNA's customers should be able to access W3C's site normally.
Different operators use the same filtering list provided by the NBI, but different operators may fetch the updated list at different times.
Internet activist Matti Nikki also describes of these observations on his lapsiporno.info -site (lapsiporno == child pornography), which still cannot be accessed by those operators' connections that use the filtering list. (Translator's note: using the list is not mandatory for operators.)
Operators have kept filtering webpages by domain, even though this is not the first time the practice has caused ambiguousness in censorship.
NBI and operators assured last spring, that ambiguous domain-based filtering can be replaced by URL-based filtering, but implementation of this change has been delayed. Many operators have also announced that they will make the filtering voluntary to their customers due to technical problems and negative publicity.
Censorship list in the hands of the NBI
Internet operators gave an estimate for Tietokone magazine last spring, that implementing a precise URL-based filtering system will cost millions of euros. Present domain-based filtering methods are based on domain name redirects or so-called mandatory proxies, i.e. transparent proxies.
Public relationship officer of DNA, Sinikka Veneranta, says that the police removes and adds addresses to the list as they see best, and the operator does no processing for the addresses on the list by itself.
But there are still differences in the time how quickly the addresses on the list will end up in systems of different operators. W3C's address is known to have been end up also to the systems of Mikkeli Telecom Co-operative (MPY).
Re:Easy to circumvent: (Score:2, Informative)
Personally, I am running bind. My ISP's DNS servers were rather slow to respond.
With most linux distros, all you have to do is install it with your package manager, and then set your machine to use itself, rather than the ISP, as the DNS server. The default configuration that gets installed will generally query the root servers. You will need to check your distros documentation just in case.
Bind packages can also be found for DD-WRT. I don't run them, so I cant say how well they work.
DD-WRT Bind DNS-slave server [dd-wrt.com]
http://www.dd-wrt.com/dd-wrtv2/downloads/others/packages [dd-wrt.com]
For M$ users, DNS server packages, (including bind), are available. I don't have experience with them, as I dumped M$ shortly after XP was released.
Google Search [google.com]
ISC Bind [isc.org]
There is more than enough documentation on how to set-up and run DNS servers available on the net, it is pointless to do that here.
The biggest thing that I don't understand is why people who write such articles don't mention that there are solutions available. It would have simply been a 2 or 3 sentence paragraph in TFA to give links to a way around the censoring. TFAs that were linked to didn't even point out that it was DNS filtering, the link in my original post came from one of TFAs.
Child-pornography by children (Score:3, Informative)
There have actually been cases of this happening. Basically what usually happens is the children (up to 17) are punished without the law (suspended if done at school, etc) and any adults/companies/etc knowingly involved in the reproduction, distribution and/or storage of the material are slapped (rather viciously) with child-pornography charges.
The children are usually not charged legally, but after their parents, school administration, older siblings, etc get a hold of them, they wish they hadn't done it.
Censoring by domain name? (Score:3, Informative)
How do they censor by domain name? Do they force/expect everyone to use the ISP proxy server? Do they force/expect everyone to use the ISP name server? Unless they block direct access, it should be easy enough for a user to get around. Of course most users would not know how. OTOH a lot of the really bad pr0n sites don't even use domain names. They use constantly changing IP addresses of proxies running on exploited home/office Windows computers.
Re:A clear case of "why you should not do it" (Score:3, Informative)
> Though noone will likely die or even loose any large ammounts of money or similar due to this particular case
They have already also blocked a site of several companies. Some which are not related to porn at all, but about 99% of the websites they block are legal porn-sites. Also a website who is making critique about this censorship and publishing a list of blocked but legal websites is blocked.
It is quite interesting how little people are defending these legal porn sites. As if it is okay to block them, just because they are porn.
Re:Questionable content? (Score:5, Informative)
Yes, but since you're probably not one of the Finnish policemen in charge of this black list, nor are you one of the highly trained Kmart/Walgreens photo clerk employees, your definition of what "child porn" is -- probably highly suspect.
.
Sure, but that has yet to be proven. This guy [lapsiporno.info] for instance has already received personal threats against him because his site is listed as a "child porn web site", and yet he doesn't have a single picture on his site -- he only compiled a list of web sites that were banned by this list (he simply used a scanner to obtain that information, and it turns out that 99% of those web sites listed do not contain child pornography according to him). Should he put in jail because of this so-called "questionable content"? Should he be branded as a sexual predator and a child porn peddler because of this personal expose?
Re:Easy to circumvent: (Score:3, Informative)
No you dont even have to run your own DNS server and you can stil use your ISPs DNS (it's 99% time faster than say OpenDNS). If you end up on a site with the police cencorship notice, connect to any machine (SSH) or site (WWW) that can resolve domain names without the cencorship. I think all university networks, all foreign machines and sites like http://www.dnswatch.info/ [dnswatch.info] are good for this. Then just edit your /etc/hosts file and manually override the IP address for the domain on per-site basis. Add this line to your hosts:
83.145.201.47 lapsiporno.info www.lapsiporno.info
to access lapsiporno.info for example. It's that easy..
and ofc, the activist website is censored (Score:3, Informative)
Matti Nikki's website has been censored from almost the start because he has been speaking against this kind of censorship, and it's problems.
One of the problems he claims is that it will be used against sites which do not distribute child pornography, activist websites, critical of the goverment, or otherwise "undesired" websites. This blacklist was entirely made for child pornography.
His site got blacklisted, proofing the point. No action has been taken, and no one seems to care how Finland aswell is turning into a police state.
To access his website, simply use OpenDNS.org nameservers.
Finland is in a state of masqueraded communism, the taxes are highest in the world and living costs right up there too! For well above minimum wage job, you don't get even twice the amount of money to spend on things than on unemployment checks.
I were born in Finland, and like living here very much indeed, even so much i've denied some REALLY good positions offered to me abroad and stayed in Finland. However slowly i'm starting to rethink the sensibility of staying in Finland, due to things like this blacklist.
Re:Censoring by domain name? (Score:2, Informative)
Yes they use a very simple domain name based cencorship that causes the ISPs' DNS servers to resolve cencored domain names to a machine (hosted by the ISP on the expense of the customers..) that only serves a very ugly "Cencorced by the National Bureau of Investigation" notice (screenie [wikipedia.org]). It's extremely easy to bypass by editing /etc/hosts, running your own domain name server or using foreign servers like OpenDNS. It should be also noticed, that this cenorship is in its current form voluntary, but the goverment said they hope that ISPs are co-operative so they dont have to make the cencorship compulsory
And still, there are things like Tor that could be employed even if they used IP based filtering. But I hope this is not going to happen..
Re:Clever strategy (Score:3, Informative)