An HTTP Status Code For Censorship? 369
New submitter Tryfen writes "UK ISPs are being forced to block The Pirate Bay. One is using 'HTTP 403 Forbidden' to tell users that they cannot access the site. From the article: 'However, chief among my concerns is the technical way this censorship is implemented. At the moment, my ISP serves up an HTTP 403 error.' ... As far as I am concerned, this response is factually incorrect. According to the W3C Specifications: "The 4xx class of status code is intended for cases in which the client seems to have erred."' So, should there be a specific HTTP status code to tell a user they are being censored?"
No problem (Score:5, Funny)
Re: (Score:3, Insightful)
Screw status codes. There should be a rifle pointed at the head of every legislator who votes on one of these sorts of measures.
Re:No problem (Score:4, Insightful)
Screw status codes. There should be a rifle pointed at the head of every legislator who votes on one of these sorts of measures.
George Washington didn't get rid of big British government by voting, holding protests (don't forget your permit!), or writing his elected officials. George Washington got rid of big British government by orchestrating the execution of hundreds of British government officials...
Re:No problem (Score:5, Funny)
Highly unlikely. George Washington has been dead for a long time.
Re: (Score:3)
Highly unlikely. George Washington has been dead for a long time.
Oh, I'm sure there are plenty of George Washingtons who are alive and well right this very moment.
Re: (Score:3)
And here we have a real advocate of democracy...
Re: (Score:3)
Re:No problem (Score:5, Insightful)
Re: (Score:3)
Re: (Score:3)
So... liberty is the majority starving to death for the sake of the army-controlling minority?
Maybe you should think up a better analogy. Assuming the implication "liberty kills" was not the point, of course.
Re:No problem (Score:4, Insightful)
Skipping enough meals will kill the wolves That's why the analogy sucks. It describes a situation where neither liberty nor freedom can possibly exist: the sheep can't trust the wolves, so it has little choice but to keep them helpless and unarmed. The sheep is privileged over the wolves and must keep itself that way in order to survive. It's not good enough for the sheep to just defend itself against, because if the two wolves are allowed to become equal (armed), they can overpower it through numbers. Consequently, the sheep must actively suppress the wolves.
So while the analogy pretends to describe liberty, it actually paints a dystopia where a minority elite oppresses the majority through threats of violence and justifies this with the fact that they'll be killed if they ever lose their grip on power. They are also entirely correct: the majority doesn't have any choice in the matter due to convoluted circumstances. Consequently, no negotiation or program of democratization is possible. The sheep either rule the wolves with an iron hoof or die.
That's why I oppose this particular analogy: not because of some bullshit notion that people should not be allowed to defend themselves, but because it's a very bad analogy.
Re: (Score:3)
Disclaimer: I oppose the violent solution, especially given that institutional recourse has not yet been exhausted.
Having said that, there's a reason why Washington was nicknamed "Cincinnatus". Strong leaders who would voluntarily give up power when it's no longer needed have always been hard to find. These days, they're nonexistent.
Re: (Score:3)
I'm always curious as to how people like you would answer the question. At what point do you stop opposing the violent solution.
Is it when the government starts executing its citizens without a trial? Because that has already happened. And Obama has signed an order saying that they can do it anytime they want, without court review.
And the liberals think GWB was bad. Where are they now that BHO has topped everything Bush did in eight years in only three short years? Oh right, BHO is THIEIR kind of tyrant. :-
Re: (Score:3)
I'm always curious as to how people like you would answer the question. At what point do you stop opposing the violent solution.
My country, as we Australians are fond of saying, was not created by a war. The number of attempted uprisings can be counted on one hand. Needless to say, we don't have the same fixation with the violent solution.
But to answer your question: I'd consider it if I wasn't allowed to emigrate.
Re:No problem (Score:4, Informative)
Having said that, there's a reason why Washington was nicknamed "Cincinnatus". Strong leaders who would voluntarily give up power when it's no longer needed have always been hard to find.
It's a terrible nickname, in general, though. Cincinnatus stepped down from an essentially military position at the end of the war, but he didn't similarly give up his truly governmental position as Senator. And he spent his entire career opposing the sort of Constitution that Washington fought for, and opposing equality for the people.
In fact, he served as one of the most widely hated politicians in Roman history well into his 80s--he was beloved by the patrician noble class who wrote numerous hagiographies, but as a Senator and politician he was a horribly classist ruler who spent his entire career opposing the right of the lower and middle classes to involve themselves in governance. Even where the lower classes had the legal right to form tribunes with governmental power, he'd send his son Caeso Quinctius with troops to break them up and prevent them from reaching quorum (thereby preventing any general legal reform that might benefit the majority).
Indeed, he was so despised as a ruler that the Law of the Twelve Tables and the Roman Constitution were largely written as a backlash to his unmitigated pro-aristocratic draconianism. Plebian leader Terentilius opposed him for decades and advocated the passage of codified laws protecting all Romans and allowing plebs to run for Consul; eventually he managed to organize a secessio plebis (essentially a general strike) while the army was away and unable to put it down, thereby outmaneuvering Cincinatus' pro-patrician bloc and forcing the passage of the Law of Twelve Tables.
It's also worth noting that the dictatorship that he's so famous for giving up was a six-month term as Magister Populi ("Master of the People"), which was created for the express purpose of putting down the Aequi and other tribes in revolt. It's not like he was absolute ruler for life and gave it up.
So - pretty much like Washington? (Score:4)
Was the early USA an improvement on the UK? On the whole I'd say yes. But it is worth remembering that people like Paul Revere were, by the standards of the time, rich and important men.
Re:No problem (Score:4, Insightful)
Screw status codes. There should be a rifle pointed at the head of every legislator who votes on one of these sorts of measures.
Comments such as this help me to take the temperature of the slashdot community from time to time. It used to be that I'd see a lot of sneering comments against gun culture in the US, but maybe the American forefathers we're right that the citizens should have the right to arm themselves in the face of tyranny.
It's just odd that it took DRM to bring about this change in attitude in American slashdotters, if I've observed the trend correctly.
Only a rich autistic teenager stuffed full of self-entitlement would think that trying to prevent access to free downloads of shitty commercial music and movies was cause for armed rebellion.
The whining fucktards on slashdot aren't representative of normal people's reactions.
666 (Score:5, Funny)
The proper status code would be "666 - Go To Hell". Served to the court, not the customer.
Re:666 (Score:5, Insightful)
Re:666 (Score:5, Insightful)
In keeping with the 3-digit status codes we already have and the use of the 4xx series to indicate that the client has apparently made an error, I think status code 451 might be more appropriate.
RIP, Ray Bradbury.
Brilliant! (Score:3)
Status code 451 (Score:2, Funny)
I know the parent post is already modded +5 Insightful but can we force the display of the post and display it in neon green too?
That's not only appropriate, the timing is perfect too.
RIP, Ray Bradbury.
Great idea! (Score:3)
In keeping with the 3-digit status codes we already have and the use of the 4xx series to indicate that the client has apparently made an error, I think status code 451 might be more appropriate.
RIP, Ray Bradbury.
Whoa. What an exceptional post. It deserves a +6. And as far as I am concerned it is the hands-down best idea for a real censorship code. w00t!
Re: (Score:3)
4xx indicates "Client Error", 5xx indicates "Server Error" (according to rfc2616).
In case of censorship, neither ocurrs really, so 6xx does actually make sense. It's "No error, but can't continue anyway". Or maybe "Legislation error".
Though I don't see the IETF extending a communication protocol to support censorship.
Re: (Score:3)
403 is indeed, wrong: "The server understood the request, but is refusing to fulfill it.".
In cases like this, where the ISP is blocking the request, 403 is wrong; the server did not understand the request. It didn't even receive it.
Re:666 (Score:5, Informative)
Bad idea for internationalization.
While 666 is considered "evil" and "bad" in most Western (read: Christian) cultures, that does not apply elsewhere. Notably in Arabic-speaking countries: 6 is considered lucky, especially in combinations (one particularly wealthy Qatari spent millions on the phone number 666-6666). I have heard this is because, in Arabic, 6 is "ellah", which has obvious similarities to "Allah".
Same with the Chinese - 6 is considered lucky, and 666 has no particular meaning. And in Jewish numerology, six is associated with God - exactly the opposite of what you intend.
Unless you're suggesting that neither the Arabs, nor the Chinese, engage in censorship...
Re:666 (Score:4, Funny)
Thanks, I didn't know that, besides the obvious thing that 666, coming from Christian mythology, wouldn't be recognized (at least with the same meaning) by people with different cultural backgrounds.
Maybe the ideal status code for China would be 6489. Then they'd have to censor the censorship, preferably by serving the original content instead...
Re:666 (Score:5, Informative)
Re:666 (Score:5, Insightful)
So, in other words, a way of encoding the date that only Americans would recognize.
Re:666 (Score:4, Interesting)
Re:666 (Score:5, Informative)
Re:666 (Score:5, Informative)
Re: (Score:3)
E-gads, this far into the thread and nobody has mentioned that 666 and 616 are the numbers you get when you take the two most popular spellings of Nero (the roman emperor in charge at the time of writing) and use the then popular Jewish numerological practice of deriving a number from a persons name. 666 (616) wasn't the number of the devil, it was the number of the beast, and the beast was Nero.
All religion is old politics.
Re:666 (Score:5, Informative)
I have heard this is because, in Arabic, 6 is "ellah", which has obvious similarities to "Allah".
Wrong.
In Arabic the number 6 is pronounced "sitteh". If fact, there is no number pronounced anywhere close to "ellah" or "allah". The only two numbers from 1 to 10 that even start with a vowel are 4 (arba'a) and 10 ('ashrah). And because Arabic numbers follow a pattern, just like most languages, this rule holds (ie: 40 starts with a vowel, 400 starts with a vowel, etc).
Perhaps you're recalling this ( http://www.beholdthebeast.com/islam__quran_and_666.htm ) Christian propaganda?
So what if there SHOULD be, nobody will use it (Score:5, Insightful)
Why would you tell people you're censoring them, when you can just as easily NOT tell them and keep them in the dark... you know, to CENSOR them.
Re: (Score:3)
Pretty much. This is a stupid question because what repressive government is going to admit that they're censoring something, and on top of that not make it some kind of crime for the service provider to let you know?
Re:So what if there SHOULD be, nobody will use it (Score:5, Interesting)
Re: (Score:2, Funny)
Quite right. When goatse and two-girls-one-cup remain uncensored - one can only imagine the horrors that are censored to save our innocent eyes from harm. God bless the censor and all who sail in her!
Edit: captcha == decked!
Re: (Score:3)
Re:So what if there SHOULD be, nobody will use it (Score:5, Insightful)
In theory an ISP might want to return a "this has been censored" code in the case of anything where some outside entity forced them to censor the content so they can pass the blame on to someone else. I don't know if any ISP would actually care enough to bother implementing it, but it's certainly a possibility.
Re:So what if there SHOULD be, nobody will use it (Score:4, Insightful)
In practice, an ISP has complete control over what they return in this situation.
The Used could be redirected to the EFF.org [eff.org] or to the official legislation that forbade access, or one might be redirected to the homepage of a list of proxy services. If it were me in charge and I wanted to provide a public service befitting the mythical status of the benign ISP, I'd set up a simple HTML page including all of the above with a disclaimer stating that my company took a neutral position on the question of support for the newly minted Ministry of Information, and I'd include a link to Terry Gilliam's, Brazil [wikipedia.org], as well as Marshall McCluhan [marshallmcluhan.com]'s official website.
Re:So what if there SHOULD be, nobody will use it (Score:5, Informative)
Censorship need not be to hide the existence of information from the public, only restrict their access to it. The Chinese government is actively trying to hide the existence of the Tienanmen square massacre, and that's certain the form of censorship we think of most, but it's not all of it. The British government isn't hiding that the pirate bay exists, they are simply saying you aren't allowed to access it from within the UK. Pixelating porn or graphic violence isn't telling you that people don't have penises or their heads blown off it is done because seeing it could (according to the censor) be damaging to you.
For the british government a 'censorship' code makes a lot of sense. "You are attempting to access material forbidden to persons within the UK, for information on why this information is blocked click here'. The same could be said for much of the 'morality' police in the middle east. "This site contains blasphemous material and to protect you from its content we are preventing your access, this helpful message brought to you by the police of vice and virtue'. In fact in those cases a censorship status code would be an indication that the bureaucracy is doing the job it is tasked with doing, and something they can point to as places they have blocked.
In the same way your anti phishing filter might be censoring you from some malicious website, they're quite happy to tell you that you've been blocked from that site, because you've actually asked them to censor it for you. The government in the UK especially, was asked by the public who voted them into office to make decisions, including censoring material (as that is a government power) in their best interests.
The UK government through the film classification board censors films and games, or it used to until some of that power was transfered to the EU. What criteria they used for censorship wasn't a secret, and they even had processes for appeals and re-evaluations if you felt like the censorship was unfair. Everyone knew what they were doing, because that was their mandate, rate films, restrict access to them, and prevent harmful material from getting into the UK. Website censorship isn't fundamentally any different, by 'importing' a banned film from the US or france or whatever you were doing the mail order equivalent of changing your DNS provider. The fact that the legal situation in the UK hasn't caught up to DNS providers yet doesn't mean it won't.
Re: (Score:2)
Re: (Score:3)
While I'm a supporter of big tinfoil, I think the fact that the people in question chose 403 -- Forbidden -- implies that they were trying to come up with something that would sort of make sense. Otherwise, they probably would have chosen a 404 or something to imply that, "Gosh, the URL must be wrong somehow."
"666 Evil Censorship" (Score:2)
Ovious, I would think.....
It's all in the point of view! (Score:5, Insightful)
In a normal person's point of view, the user has not erred. The government has erred, and HTTP has no provision for that.
From the government's point of view, the user has erred because no right-thinking user would want to access a proscribed IP.
So what it comes down to is, should HTTP represent the user's POV or the Government's?
Re:It's all in the point of view! (Score:5, Insightful)
So what it comes down to is, should HTTP represent the user's POV or the Government's?
Neither. HTTP deals with clients and servers, not users and governments. Political issues are rightfully outside of its scope.
As for the error code, 403 (Forbidden) is described as "The server understood the request, but is refusing to fulfill it". Is this not technically accurate?
Re:It's all in the point of view! (Score:5, Informative)
As for the error code, 403 (Forbidden) is described as "The server understood the request, but is refusing to fulfill it". Is this not technically accurate?
It's not accurate because the server didn't even recieve the request. The request was intercepted in transit and blocked by third party.
Re: (Score:2, Insightful)
I don't disagree, but if you're going to make that argument then no status code can be accurate and thus the question is rendered moot. Ideally this kind of filtering would not be put in place (DNS and IP blocks should be enough), but we don't live in an ideal world. If this type of filtering is going to be put in place then, given the available options, 403 seems to be a reasonable status code to return.
Re:It's all in the point of view! (Score:5, Interesting)
It's not accurate because the server didn't even recieve the request. The request was intercepted in transit and blocked by third party.
The "502 Bad Gateway" seems to be the correct code for the behavior. The definition [w3.org] may not be 100% accurate in that it implies the proxy (which is what this censorship is) actually received a reply from the target server.
It would be quite funny if an ISP set the following response:
305 Use Proxy
Location: https://tpb.pirateparty.org.uk/ [pirateparty.org.uk]
Re: (Score:2, Interesting)
No it is not, because the server *is* willing to fulfil it, but never gets the request. I think there shouldn't be any status code whatsoever for this, both on the principle that censorship is wrong and shouldn't be enshrined in RFCs and on the principle that the ISP should under no circumstance be meddling with the data stream; if they can't give you the page they should just drop the connection.
But if we have to have a status code for this, 1984 would be the obvious choice. The fact that it's four digits
Re: (Score:2)
HTTP error codes are supplied by the server to indicate the status of the request from the server's point of view. Every response is supplying information to the client that the server knows. It's information from the server's point of view. In this case, a proxy is acting on behalf of the server, and from the proxy's point of view, the request was denied because it was forbidden. (This brings up the issue of proxies that modify content without the end-users permission, but that's a different kettle of
Easy (Score:5, Funny)
Error 1984 - This site has been blocked due to government censorship
Re: (Score:2)
this
Re:Easy (Score:5, Funny)
Agree, but the status should be " 1984 - SITE DBL PLUS BAD -GOVMNT OVRSITE"
Re:Easy (Score:4, Informative)
Re: (Score:3)
newspeak nazi says:
1984 - Site doubleplusungood - Love - MINTRUE
Re: (Score:2)
Re: (Score:3)
... and you should feel doubleplus ungood.
HTTP 451 (Score:5, Insightful)
I nominate HTTP 451 - Site is not permitted in your country.
Re:HTTP 451 (Score:5, Interesting)
I nominate '703 - Your government is being a twat.'
Some others:
701 - Your ISP is being a twat.
702 - Your organization is being a twat.
704 - Your ISP is being a twat, and has messed with your DNS request, sending you to a spamvertizement for the domain requested.
705 - Your ISP is throttling / packet shaping the living hell out of your connection.
706 - Variant HTML requested (mobile, Flash-free....lots of flags in here).
707 - The current server time (in ticks since the epoch) & the server's time zone.
Re: (Score:2)
I nominate
HTTP 233 - because not everyone lives in "your country"
Re: (Score:3)
451. Allusions to a fairly well known novel about censorship. I like.
-uso.
Re: (Score:2)
402: Payment required: Someone paid to a regulator more than you did. If you want to re-establish this service, you should brive^H^H^H^H^H pay for the service.
406: Non acceptable: Completely unacceptable what your ISP or your country is doing.
409: Conflict (of interests): The MPAA, RIAA, local government or ISP is blocking you. Then probably redirect to 402.
417: Expectation failed: Your expectations on your local government or your ISP have failed to you. Change your provider...
Re:HTTP 451 (Score:5, Insightful)
Mod parent up. This is brilliant, probably the best thing I've seen on /. in years. Following Bradbury's theme, how about.....
HTTP 451: An error in your society has prevented your client from receiving the specified content.
(And I love the fact that HTTP 450 paves the way for this.)
Re: (Score:3)
Now all we need is for someone to write an RFC and submit it to IETF.
Re:Exactly (Score:5, Informative)
Re: (Score:2)
449 - Retry With....
449 - Retry with a proxy in another country.
Re: (Score:3)
I vote for a 6xx range... (Score:3)
Then we could use statuscode 666 Evil Government - so cool :)
But on a slightly more serious note, the following codes would be perhaps slightly better?
303 See Other - with a list of bittorrent sites you might want to check out :) :) :)
305 Use Proxy - with a list of proxy servers in other countries that would enable you to get around the block
or
503 Service Unavailable - if you think the situation is temporary
Stop. (Score:5, Insightful)
None. If a site absolutely must be blocked, then blackhole its IP addresses and fail resolution on the ISP's DNS servers. Middleboxes that inspect layer 4 and above are never OK, and never part of a trustworthy ISP network unless explicitly requested by the end-user.
Re:Stop. (Score:5, Insightful)
Thailand (Score:5, Interesting)
Thailand used to have a huge graphical image on a special server for censored websites. Any access on a censored URL would be forwarrded to that image. Apparently the load was so high the server would constantly crash, and eventually they deleted the image, so you get a 404 error. Now they got smarter and just display a text message telling you the website is censored by the government.
China Does It (Score:5, Interesting)
Many of the services/messages blocked in China come with explicit warnings that they have attempted something illegal. And some don't.
Re: (Score:2)
Wow, the UK is becoming China, but for different reasons. I hate censorship in any form, and especially from a country I respect.
Fahrenheit 451 (Score:5, Insightful)
Re:Fahrenheit 451 - YES! (Score:2)
Mod parent up
Comment removed (Score:5, Funny)
Re: (Score:2, Insightful)
unfortunately 101 is already in use. 410 (gone, no forwarding address) is probably the smartest to use.
Re:How about using HTTP 101? (Score:4, Insightful)
101 already exists, and means switching protocols. The 1xx series in general is inappropriate.
Microsoft already used 450 as a censorship status code (for censored by Microsoft Parental Controls), so I think 451--with a nod to Ray Bradbury--would be appropriate.
Redirect to a page... (Score:5, Insightful)
..that explains the situation and encourages the user to click on a clicky that automatically files a complaint with the approporiate government agency and/or sends an email to the relevant minister. Should be maintained by a third party such as the EFF.
Re: (Score:2)
It's the way you did it. (Score:4, Funny)
402 Payment Required (Score:2)
You simply have the legislature more than the lobbiest are paying to get the content blocked.
How are you blocking? (Score:2)
I am trying to understand how you are blocking access to a web site? :-)
Do your users all go thru a http proxy? What if they don't? I have three internet access points, none use a web proxy (That I know of
Do you block DNS? I can point my dns anywhere I want.
Do you block an IP address?
Falling back to the Internet sees censorship as a malfunction and routes around it. How do you stop people from routing around you? (WIthout begin China and having controll of all the network links in and out of the country)
Jus
Use a 5xx code (Score:2)
Perhaps 560 as suggested in the article, and 561 for censorship implemented by the final server (e.g. a server in the US forbidden to deliver certain content to Iranian IPs)
560 Censorship
The server, while acting as a gateway or proxy, received a request it is not legally permitted to gateway or proxy.
561 Censorship
The server received a request it is not legally permitted to fulfill.
Status codes? (Score:3)
How about we just dont allow them to censor.
If you know you are censored, it wont work (Score:2)
Re: (Score:2)
Depends, it may also demonstrate that you are doing something 'wrong' ( perhaps illegal ) and if you are good citizen you will cease and desist on your own
Why return a HTTP response at all? (Score:2)
It would probably be simpler and more robust to simply not reply anything at all. Just tell the router not to forward any packet to blacklisted IP addresses.
It's a scam (Score:3)
All this is, is paving the way for EUSOPA and criminalising everyone who tries to use the Internet for anything more than clicking on iPlayer and G+. Since there will suddenly be so many crims wandering our libraries and cyber cafés, to try them all by jury would be prohibitively expensive, so what we'll end up with is TV Licensing-type day sessions in courts up and down the country, fifteen minute hearings in front of a single magistrate, and automatic defaults in favour of the copyright cartels followed by fixed penalty judgements.
Most people who end up in front of a magistrate over TV Licensing, even if like me they don't have a TV, don't realise that they CAN and SHOULD DEMAND a trial by Jury. Over the past several years I've been in front of magistrates and walked out after informing them in no uncertain terms that I am not playing their game, that the burden is on TVLA to PROVE their case, even the point of PROVING that they have SEEN TV equipment in my home, working and tuned. What can they do? Jail me for asserting my RIGHTS under the Law of the Land? Bring it.
Non issue (Score:3, Informative)
"The request was a legal request, but the server is refusing to respond to it"
Next question please.
There already is an HTTP code (Score:5, Insightful)
The proper one would be in the 5xx range, since the client's request is correct but the server is unable to comply.
503 - Service Unavailable is the obvious choice.
If we want to be cheeky about it, we could respond 305 - Use Proxy to hint that the client making the request can't come through here and must use some other path.
http 402 (Score:3)
you need to bribe your government to get access again.
Re: (Score:3)
Like my right to sing "Happy Birthday" to my daughter?
http://www.wired.com/wired/archive/13.07/posts.html?pg=7 [wired.com]
Re: (Score:2, Offtopic)
Sorry, but you can't do that. If it was allowed, it would destroy the 'conomy!
Re: (Score:2)
Can you imagine a world without music?
What does that have to do with anything? Are you claiming that music will cease to exist if copyright ends?
Re:Does HTTP allow 3 character numbers? (Score:5, Funny)
THERE ARE FIVE CHARACTERS!
Re: (Score:2)
I got the Picard reference. Clever.
Re:**A** HTTP Status Code For Censorship? (Score:4, Informative)
Why? The H isn't silent, is it?
Getting wildly offtopic, but I often have this conversation at work (speaking English in a country of mostly non-native English speakers) when I talk about "An MFP". They often ask me why I don't say "A MFP" instead.
The reasoning is that the "a" vs "an" is applied on pronunciation, not on spelling. When the next SOUND starts with a vowel, you use "an", otherwise you use "a".
So, "An em-eff-pee" and "An aitch-tee-tee-pee" are correct.
Confusion can arise when in some cases some people pronounce an acronym as a word, but others pronounce only the letters. I can't imagine this being an issue with HTTP (or MFP), but SQL does immediately spring to mind. The written phrase "A SQL Server" should be read as "A sequel server"; whereas the written phrase "An SQL server" should be read as "An ess-kyoo-el server"
Outside of acronyms, your own dialect of English can also make a difference. In some dialects, the initial "H" on many words is dropped. Some dialects also drop it or pronounce it on specific words while all others follow a general rule. This leads to the "a hotel"/"an hotel" ("an 'otel") and "a herb"/"an herb" ("an 'erb") discussions that pop up from time to time.