In Australia, Censorship vs. DNS, and Porn As Network Driver 96
daria42 writes "Remember how Australia's planning to censor its Internet? Well, it looks as though the country's second-largest ISP, Optus, has made a stumble right out of the gate. Optus today confirmed you could circumvent its filtering technology simply by setting your PC to use a different DNS server than the default. Yup, it's really that easy. Oops."
And why would anyone want to change their DNS settings? angry tapir writes "While the Australian Government has extolled the virtues of its currently under construction National Broadband Network (NBN) in delivering e-health and government agency services to every Australian, adult content will be the major driver of consumer adoption."
Is that really a surprise (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
I'm so disappointed. I saw "Porn As Network Driver" and immediately Googled for the .dll. I wanted to test out if the new driver meant the intranet is for porn too.
I'm new to Australia (Score:4, Insightful)
Re: (Score:1, Troll)
But even I know that you'll get better Internet access to anything by not using a terrible provider like Optus or Telstra.
Fixed.
Anyone with an ounce of technical or financial acumen knows to avoid Optus and Telstra like the plague.
Re:I'm new to Australia (Score:5, Informative)
I read an article from somebody who was the only competent person at the internal meetings for setting up such a censorship in Germany [danisch.de].
What you all have to know, is that all this censorship "technology" ultimately is an offspring of something a Swedish (I think) company made. And that original thing, which they all drag around to show how "nice" it works, is extremely flawed and utterly idiotic.
Neither them nor the government they started with, can tell the difference between the WWW, domains, the Internet and IP addresses. To them it's all the same.
(You have to know that there are usually only lawyers and totalitarian-oriented politicians at those meetings.)
This goes so far, that if you try to tell them how the Internet works, they look at you with a blank stare and ridicule you. Followed by openly calling you a "troublemaker" who "spreads lies" in their speeches, etc.
I'm not kidding. That's how it went down in Germany.
To say they were incompetent, would still be a disgusting insult to the incompetent.
In the German meetings, it became clear, that it was technically completely impossible, to create such a filter in a proper way. You could either create a completely failing one, like this one, and look good politically... for about a day, before everyone would laugh at you about how much it fails. (In other words: Political suicide.) Or just push the whole project under the rug, and hope you get away with your failure.
Luckily, because of that one techie among them, they chose to scrape it and tell nobody here in Germany.
It seems, that Australia went for the political suicide.
So I say, good luck with that, and good bye! ;))
Re:I'm new to Australia (Score:5, Insightful)
To say they were incompetent, would still be a disgusting insult to the incompetent.
Yes this perfectly describes the situation in Australia. Senator Conroy (the man responsible) simply refuses to listen to the advice of anyone who disagrees with his ideology or points out the gaping flaws in the implementation. He is obsessed by his own personal ambitions and is too stupid to recognise good advice when he receives it.
It seems, that Australia went for the political suicide.
I certainly hope this is the case, although I have my doubts. Apparently being stupendously incompetent is insufficient grounds for removing a minister from their post. I fear this will be one in a long serious of blunders he inflicts on the Australian people.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
This isn't the Swedish Child Porn filter is it? I'm not sure if that was ever actually intended to be used as a way to censor the internet, all it ever did was reroute all DNS entries for known child porn sites to the police website with a boiler plate "This site has child porn, you shouldn't go here!"
It was never political suicide in Sweden since noone expected it to actually stop pedofiles, it's just a small thing among many in their overall work, I don't think anyone actually gives a crap about it ^^
For everyone not in Oz (Score:4, Interesting)
Re: (Score:1)
You'd have to be pretty naive to think one had nothing to do with the other.
Re: (Score:2)
I thnk you'll find the reason Telstra & Optus are doing this is purely financial. You might recall that in the very same week - the very same day in fact - that it came to light Telstra and Optus had agreed to voluntarily implement Conroy's filter they also got a sweet 11billion deal from the 100% governement owned National Broadbank Network to purchase their copper lines. You'd have to be pretty naive to think one had nothing to do with the other.
Actually your wrong.
That deal actually negotiated months ago and it was only finalised this week, the deal was negotiated by NBNco, not ACMA and finally Optus was not involved (nether was Iprimus, the third ISP to implement this voluntary filter).
So in light of the fact that Optus and Iprimus got paid nothing, your conspiracy theory cant hold water.
Please get your news from reputable sources in the future.
No problem! (Score:5, Insightful)
Re:No problem! (Score:5, Insightful)
Watch out they'll make it illegal soon. And soon only criminals will run bind.
Re: (Score:1)
Pretty sure you can also use your own hosts file for this as well, ignoring any 1st and 3rd party DNS.
This idea is useless.
Re: (Score:2)
Only criminals will have host files.
Re: (Score:1)
Watch out they'll make it illegal soon. And soon only criminals will run bind.
The rest will run djbdns.
Re: (Score:1)
The rest will run djbdns.
Until you need to lookup an IPv6 address from an IPv6 connec
Re: (Score:2)
dnsmasq works for ipv6 addresses over ipv6 connections.
http://www.thekelleys.org.uk/dnsmasq/doc.html [thekelleys.org.uk]
Re: (Score:3)
so THAT's what they meant by 'finger yourself and you'll go bind!'
Re: (Score:2)
google dns ftw!!1
i'm sure that the company which stood up even against china against censorship, would certainly not tamper their dns service at the behest of a government.
Re: (Score:2)
Re: (Score:2, Interesting)
As do I (and I live in AU), so I thumb my nose at these measures. I made the decision early on to DIY with as much as possible: mail, DNS, NTP, web and whatever other servers I need. Mainly for my own education. At times I've wondered whether it's easier to just use free services, but now I can sit back smugly and say "Ha!" The next part of my education is adding encryption to those protocols that aren't already so.
Re: (Score:1)
Re: (Score:3)
I know, right? It's good to know that there are places that have more intrusive censors than my country.
I always thought that Australia was full of rugged individualists. Another myth shattered. Are there a bunch of fundamentalists there or is it just that they're all prudes?
Did the government take power in a military coup or did Australians actually elect this bunch of pearl-clutching church ladies?
Re: (Score:2)
Re: (Score:2)
You mean Australians are volunteering to have their internet censored?
is there a lot of demand for censorship among Australian citizens?
Re: (Score:1)
Re: (Score:2)
This is a decision taken privately by two ISPs in Australia. There was no doubt some form of governmental pressure involved ... but it's not a law, it's not a governmental requirement, and it didn't involve anyone electing or voting for anyone. The two companies are free to stop doing this tomorrow if they so choose.
So if you don't like it, and you happen to be a customer of one of these two ISPs, circumvent it (easily done as mentioned in TFS), or change to another ISP (which is a good move anyway - Telstr
Re: (Score:2)
As an American, I can't relate to any of that.
Australia has all kinds of people and politicians (Score:2)
Australia has some well-known prudes in their parliament who've been pushing movie and internet censorship for years. I don't remember if they're currently in the government or not, but some of them are at least in positions with enough power that they can't simply be ignored, though often it seems like they're in positions where they get to rant and rave loudly in public without actually getting to implement most of their latest great ideas, or their parties get to put them in charge of censorship policy
China (Score:1)
The Chinese have an effective censorship solution known as the "Great Wall of China". Maybe Conroy should buy it off them? I wonder if it involves routing each user's communications to China? No problem, the NBN would fix that.
The Internet if for... (Score:3)
PORN!!
Required YouTube link: The Internet is for PORN!! (WarCraft Edition... just because). [youtube.com]
sadly, easy to block (Score:4, Insightful)
for prot in tcp udp;do iptables -t nat -A PREROUTING -i lan0 -p $prot --dport 53 -j DNAT --to-destination 1.2.3.4;done
There are other reasons for DNS hijacking, too. For one, it lets the ISP do SiteFinder-like spewing of adverts. Another reason is to "fix" broken local settings -- here, a bunch of "computer repair" bozos used to hard-code people's DNS settings to a big ISP's DNS server, and when that ISP reconfigured it, suddenly "the Internet broke, fix it!", making small local ISPs go the easy way rather than argue with customers.
Thus, don't expect this workaround to last long.
Re: (Score:2)
And then we run DNS over VPN (or just a different port). Eventually, all traffic over VPN. And the arms race continues...
It's already been noted that the widespread usage of VPNs, driven by filtering and traffic shaping, has only made it harder for the police to crack down on real criminals. How long will it be until anyone can buy a small box that sits between their computer/switch and router which automagically sends all traffic through a VPN server in a free country?
Re: (Score:1)
Great just as DNSSEC is is viable. Try intercepting DNS traffic to modify it then.
I don't believe the ISPs concerned have any interest in implementing the policy, it is entirely a monetry loss to them, so they are just seeking to tick off the legal compliance box with a fair interpretation of the law.
Not for techies (Score:4, Informative)
Thing is,once the NBN is setup, the gov will have complete control over the data, and where to route it.
Re: (Score:1)
You say "its easy to bypass" and then state you use opendns... a dns service that censors things.
Congratulations on being hypocritical.
Re:Not for techies (Score:4, Informative)
OpenDNS doesn't block anything, if you're just using its DNS servers in place of your ISP's. It's not until you create an account on their web site, add a network and configure the filter settings that it blocks any lookups. You can disable the smart caching, typo corrections, DNS proxying etc. if you register. I choose "none" myself, because I don't want anyone fucking with my name lookups.
I sure as Hell don't trust an ISP's DNS server to return unaltered results, or to return results quickly for that matter. OpenDNS has been working very well for me, for years and I certainly do look up porn sites.
Re: (Score:1)
Re: (Score:2)
I am in the Banana Republic of The Harper Government of Canada as well. (Don't expect things to stay the way we like them, with right wing Christian ideology in a position of power)
That's another reason to use third party DNS, as well as TOR for anything that has any possibility at all of being used against you, even by a stretch. I never trust an ISP to respect my privacy. I don't think I do anything wrong but I think to myself "do I want anyone knowing I went to this site?" If the answer is no, I don't go
Re:Not for techies (Score:4, Interesting)
Thing is,once the NBN is setup, the gov will have complete control over the data, and where to route it.
No, it won't.
The NBN will simply provide layer-2 pipes to ISPs. The ISPs will issue IP addresses, handle routing and all that jazz. If an ISP wants to set up a fully encrypted back-haul (say using L2TP/IPSec VPN) then they're free to do so.
If the government want to control the data moving over the NBN they'll do it by legislation, just like they would do with the current model (ISP-over-Telstra-copper), not by deep packet inspection or DNS blocking.
NBN != govt control (Score:3)
all the ISP's saying they "voluntarily" apply the mandatory filtering state its easy enough to bypass, doesn't affect P2P traffic, only websites. I'm in Australia and have been using OpenDNS for years. the ISPs DNS servers really do suck and some even use custom error pages.
Thing is,once the NBN is setup, the gov will have complete control over the data, and where to route it.
No it wont,
Stop getting your info from News Limited (Limited News).
NBNco is a corporatised entity and not under government control.
NBN's mandate is to provide layer 1 and 2 services only. Layer 3 services are provided by RSP's (Retail Service Providers) which will be today's existing ISP's such as Internode, iinet, Adam and even Testra and Optus.
So any filtering will need to be done at the RSP level, iinet and Internode as well as several other ISP's are committed not to do it. Remember that thi
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
It's easier to have the default opt out (Don't want porn, don't go there) than force everyone to change DNS settings.
It's not trivial. And I highly doubt you'll open anything like that by "mistake" more than once :)
Also, most parental control software is a lot easier to install and there are even some free alternatives... In an ideal world I'd say the government would give you the tools to block it if you wanted (government sponsored software) and not force it on anyone.
PS: And correct me if I'm wrong, but
Re: (Score:2)
there was discussion of utilizing free software supported by the government as parental filters, then there was talk about an opt in system, now there is talk about a mandatory filter (2 levels. 1 "kid safe" and the other "legally safe" - which includes "extreme violence" like war cri
Re: (Score:2)
In an ideal world I'd say the government would give you the tools to block it if you wanted (government sponsored software) and not force it on anyone.
That's exactly how Australia's government mandated opt-in filtering works. What TFA describes is an end run around what parliment refused to mandate.
Re: (Score:2)
That's a good feature.
That depends on who you ask. And I don't think that everyone will know how to bypass this (some might not ever figure it out).
Re: (Score:3)
Your kid's netbook isn't going to cough up goatse, lemonparty, tubgirl, 2girls1cup, mr hands, etc via a random click.
Yeah, until someone puts up a machine serving one of them, configured to answer to any (or no) name. You can make a link to an IP address.
Re: (Score:2)
You underestimate porn. There is a tradition of trolls posting such shock pics in unsuspecting forums, blog posts and chat as a joke, and if the common sites are censored they'll just upload the file to imageshack - it'll last long enough before it gets pulled. Then there is the same thing with real porn, which is often spread between friends. I've even seen pornographic spray-logos in TF2
Re: (Score:1)
Did I say that you are wrong about this?
All this can ever lead to is 'the list'. You can't see this because it's on 'the bad list'. You can see this because it's on 'the good list'.
The world doesn't divide into good and bad. Period. Making a list derives from wrong-headed thinking and will always end up with the wrong solution.
The porn filter better pass breast breast cancer t (Score:2, Insightful)
The porn filter better pass breast breast cancer test or it will be a bad mark for a e-health system.
Nest step: criminalise changing DNS (Score:2)
You can almost hear how the mind of an australian petty official works. Will Oz be the first post-democratic country? Where the slide back to totalitarianism is most advanced.
Nest step: Parent makes incorrect statement. (Score:3)
But it's not a legal requirement to filter (it's voluntary), so there is no impetus to restrict changing DNS.
Besides, if you wanted to avoid Optus and Telstra's voluntary filtering, you'd just go to Internode or iinet who have flatly refused to volunteer for this scheme. In fact, the fact it wont work is why iinet expressly said it wouldn't implement it.
Oh, you'd also save some money by going with iinet or Internode.
Re: (Score:2)
Besides, if you wanted to avoid Optus and Telstra's voluntary filtering, you'd just go to Internode or iinet who have flatly refused to volunteer for this scheme. In fact, the fact it wont work is why iinet expressly said it wouldn't implement it.
I would in a heart beat if I could, unfortunately despite being only 13k as the crow flies from the Brisbane CBD, my only choices are Telstra or Optus.
I've changed my DNS servers to google.
The way forward... (Score:2)
Shouldn't porn sites just start hosting DNS servers? Seriously, isn't that what most of the internet is used for now?
I'm fairly sure if they took porn off the Internet, there'd only be one website left, and it'd be called 'Bring Back the Porn!'"
— Dr. Cox, Scrubs
Re:It is not about porn (Score:4, Interesting)
Indeed it is, and I'm sure of this because they're so open and... oh, wait, they're not even telling us WHO is contributing to the list, so their promises of WHAT is on it are a bit suspect. Reputable international organisations [news.com.au] with such good reputations that they don't want to be associated with this? Really?
Perhaps they don't want to be blamed the next time a dentist [couriermail.com.au] is mistaken for a pornographer.
Re: (Score:2)
Use Google DNS (Score:1)
Re: (Score:2)
Google even provide online instructions. Works faster than Optus DNS as well, plus meaningful "did you mean?" errors if you make a typo.
Not just to do with bypassing filters, it just works better.
Do not bother with Google conspiracy replies, just put on your foil hat.
i been using g dns for a long time now and i never saw that happen. and i think that's nice. i hate opendns for showing me search results when i mistype a url.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
it maybe that you are referring to google search suggestions, because as i said in my previous reply, google dns does not interfere with your dns lookups. that is considered extremely nice because its so rare for free dns services.
Re: (Score:1)
Re: (Score:1)
Money (Score:2, Insightful)
The exact same week Telstra and Optus were awarded massive contracts to migrate their customers across to the NBN, they also 'volunteered' to implement the filters Conroy couldn't pass into law. iiNet (the third largest, nerd friendly ISP) flat our refused to implement censorship, and were coincidentally told that they wouldn't get any contracts.
I can't help but think Optus were forced to agree to this censorship, so did it in the least effective way possible to just barely comply with the requirement. It s
Re:Money (Score:4, Interesting)
The exact same week Telstra and Optus were awarded massive contracts to migrate their customers across to the NBN, they also 'volunteered' to implement the filters Conroy couldn't pass into law. iiNet (the third largest, nerd friendly ISP) flat our refused to implement censorship, and were coincidentally told that they wouldn't get any contracts.
Quelle surprise.
In the words of Men At Work. (Score:4, Funny)
Where laws don't work and politicians blunder."
Re: (Score:3)
"Conroy said, you can't read-a that language,
The telco's smiled and gave us a shit sandwich."
Re: (Score:1)
.............
"Conroy said, you can't read-a that language,
The telco's smiled and gave us a shit sandwich."
--
And this would differ from a Vegemite Sandwich in what specific details?
Re: (Score:2)
And this would differ from a Vegemite Sandwich in what specific details?
Less salt.
Get a seedbox (Score:1)
The obvious solution is to just get your own private offshore server and route traffic through that.
In Australia we already have ridiculous volume charges, so that it is more or less impossible to make bittorrent work well one. I expect this latest nonsense will just encourage more people to use them.
Is this a bug, or a feature? (Score:1)
It was my understanding that ISPs were generally ridiculing Conroy's attempts to censor the internet. As such, this looks a lot like a deliberate implementation that gives parents who want their kids not finding porn "by accident, Mum, honest" what they're after, while not getting in the way of anyone with full control of their own OS too much.
I disagree (Score:1)
Whilst I think being able to see all kinds of interesting and high quality porn is definitely a factor that people take into consideration when deciding how much they are willing to spend on their internet connection I think its pretty far fetched to say "adult content will be the major driver of consumer adoption." of the NBN. (Can't see that quote in original story BTW)
Considering what people can get already right now pornwise with a decent adsl connection I'm not really seeing how the National Broadband
I used this same broken technology ... (Score:2)
... for my ad blocking filter system. So this means everyone on my LAN will be able to get around it and see the ads.
He may want to get his facts straight first. (Score:1)
I love where in the attached article it said, "The main reason Blu-Ray took off was because the adult entertainment industry chose the format over HD." When the very opposite was true, they chose HD and while everyone expected that would be the home run hit, HD failed not long after.
While I believe the adult entertainment industry is big and powerful at its core, it simply follows the trends and doesn't really set them. I think this was a perfect example where the head of the industry thought that they woul