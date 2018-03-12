Comcast 'Blocks' an Encrypted Email Service: Yet Another Reminder Why Net Neutrality Matters (zdnet.com) 59
Zack Whittaker, writing for ZDNet: For about twelve hours earlier this month, encrypted email service Tutanota seemed to fall off the face of the internet for Comcast customers. Starting in the afternoon on March 1, people weren't sure if the site was offline or if it had been attacked. Reddit threads speculated about the outage. Some said that Comcast was actively blocking the site, while others dismissed the claims altogether. Several tweets alerted the Hanover, Germany-based encrypted messaging provider to the alleged blockade, which showed a "connection timed out" message to Comcast users. It was as if to hundreds of Comcast customers, Tutanota didn't exist. But as soon as users switched to another non-Comcast internet connection, the site appeared as normal. "To us, this came as a total surprise," said Matthias Pfau, co-founder of Tutanota, in an email. "It was quite a shock as such an outage shows the immense power [internet providers] are having over our Internet when they can block sites...without having to justify their action in any way," he said.
By March 2, the site was back, but the encrypted email provider was none the wiser to the apparent blockade. The company contacted Comcast for answers, but did not receive a reply. When contacted, a Comcast spokesperson couldn't say why the site was blocked -- or even if the internet and cable giant was behind it. According to a spokesperson, engineers investigated the apparent outage but found there was no evidence of a connection breakage between Comcast and Tutanota. The company keeps records of issues that trigger incidents -- but found nothing to suggest an issue. It's not the first time Comcast customers have been blocked from accessing popular sites. Last year, the company purposefully blocked access to internet behemoth Archive.org for more than 13 hours.
Never Attribute to Malice (Score:1)
Why do people keep saying that [cia.gov]?
...what can be explained by incompetence.
Any sufficiently advanced incompetence is indistinguishable from malice.
Then why wouldn’t Comcast have just said that? The fact that they denied that anything happened shows that it couldn’t be an accident.
I'm not an apologist for Comcast, at all.
However, remember they run their own DNS so they can mine where you're going with that so-called stealth browser of yours. When it does a DNS lookup, you get the correct IP address to do the https page pull.
If a DNS address becomes black-holed (there are a number of ways to accidentally do this, including being stupid), then you loose a site.
I'm guessing it got screwed up in cache, and when the cache flushed, it came back again. No huge subterfuge, no DDoS attack, just incompetence.
Then why wouldnâ(TM)t Comcast have just said that? The fact that they denied that anything happened shows that it couldnâ(TM)t be an accident.
They didn't deny that anything happened.
Who better to block than small, niche sites that have no power? Blocking a Google would cause a huge shit storm.
Re:One day? (Score:5, Insightful)
That's one reason Net Neutrality matters so much. It's hard enough to offer competition against the behemoths. Once Google or any huge service provider can pay their way out of the slow lane, small businesses looking to compete might as well give up.
Re: NN hasn't expired yet (Score:5, Insightful)
Except that when they happen, rather than working hard to fix the issue, they can just say "We don't care. We don't have to".
the routing issue may have been the fault of another major provider's route to comcast. Those of us who work in organizations that accessed across the continent or world see this kind of thing all the time. This has nothing to do with NN, and may even have nothing to do with comcast.
THIS PARTICULAR outage might not be Comcast's direct fault, but if not, it was the other side of a peering point. The more Comcast is worried about getting in trouble for NN violations, the more likely they are to pressure that operator to get it fixed. Or, Comcast drops the static route and let's BGP route around the damage.
I am quite familiar with large scale routing issues. In general, something like you propose will either affect only part of a national network (and then find an alternate route) or it will affect a large part of the network.
Either that or your diagnostic abilities suck monkey balls.
Step one, narrow the diagnosis based on where the outages are. Work out from there.
It should be easy to use "traceroute" to find the route between a Comcast customer IP address and Tutanota's servers. Wherever it happens, the guilty party could have been dropping the received or transmitted packets from the servers. Traffic seems to go out to the USA via Hurricane Electric and then to Tutanota.
It should be easy to use "traceroute" to find the route between a Comcast customer IP address and Tutanota's servers.
With the growing number of carriers who block ICMP, while it SHOULD be easy to use traceroute to learn interesting things, in many cases it is worthless.
Here's a flash: is anyone going to sue Comcast for blocking outgoing access to port 25 as an anti-spam measure? It's blocking email. Was this "block" which nobody knows was actually a block but is good to bash Comcast anyway over a case of blocking an outgoing port for spam reasons?
NN rules haven't expired yet. Also, given the number of state legislatures and attorneys general rumbling about both suing the FCC and implementing state level NN laws, this would not be a good time (politically speaking) to provide them ammunition.
I didn't know that Ernestine worked for Comcast!
Call their tech support some time. She may have an Indian accent now, but she definitely works there.
But then if the evidence is gathered and they are proven liars, it wouldn't go well for them.
Equipment failure is a well understood probllem, including about how long it should take to fix or work around.
Hanlon's Razor (Score:5, Insightful)
Never attribute to malice that which is adequately explained by stupidity.
Re:Hanlon's Razor (Score:4, Insightful)
Fleming's Razor:
Once is happenstance. Twice is coincidence. Three times is enemy action.
This is at least twice, per TFS.
You contacted a spokesperson? (Score:2)
When contacted, a Comcast spokesperson couldn't say why the site was blocked
Everyone knows you call Comcast Customer Support to get answers.
Use a VPN (Score:1)
When I use Comcast, I use a VPN.
Under The New Rules (Score:1)
An ISP has to disclose any traffic shaping. The fact that Comcast would not comment shows to me that it was a mistake. Net neutrality hasn't even expired yet but even if it did, this still would be illegal without disclosure if done intentionally.
Cutting the cables of rivals is also illegal, and Comcast has been in court for it.
Partly blocked? (Score:2)
I'm not defending Comcast... (Score:1)
This will be an interesting situation. I've worked in networking for more years than I would like to say. And the mantra is: The network is broken. There is a number of reasons this connection could have had an issue and it has nothing to do with blocking traffic. DNS services, multiple routes converging, new hardware installed, there is a number of links in this chain. I just want to see now how many times this will come up. What will an ISP have to do to "prove" there is no blocking? Would you trust what they say?