[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Government mandated blocking of foreigen Web content
[disLEXia permalink
http://md.hudora.de/blog/guids/53/53/5261415523775104.html]
Endlich fertig mit Korrekturlesen usw.: "Government mandated blocking
of foreigen Web content"
ist jetzt zum Verlag gegangen, einen Preprint gibt es unter
http://md.hudora.de/publications/200306-gi-blocking/200306-gi-
blocking.pdf
Zu den empirischen Ergebnissen zählt:
* Many providers seem to assume that http://stormfront.org/ is not to
be blocked while http://www.stormfront.org/ should be blocked. Of of 27
surveyed providers 12 didn't block http://stormfront.org/ it at all and
11 possibly blocked it only by accident. This is an error rate of at
least 44%.
* Keeping email usable seems to be no issue to most providers. All
providers block at least some email via MX record manipulations. A
single provider has tried to reduce email blocking by not tampering
with DNS MX resource records, but failed in this effort. All other
seemingly didn't even try to keep email from being affected.
* Privacy of users trying to access the blocked pages seems to be no
issue to most providers. One provider is even using - possibly by
accident - cookies, two providers reroute email to their own systems,
10 providers return DNS A resource records at machines located at
other providers allowing third-party logging, 12 providers allow third
parties to monitor redirects leading to them, where in two cases the
third party is the district government itself.
* Informing users of what actually is happening seems of no priority.
Web accesses to blocked content results at 11 providers always in
confusing errors and at all other providers at least in some cases in
confusing errors.
* Configuration of DNS-tampering seems to be difficult. At least 30%
of the providers have created major misconfigurations besides being
overrestrictive or underprotective.
* Sites not directly mentioned in the blocking order and run by
different persons than the sites which were mandated to be blocked
where substantially hit by erroneous blocking.
http://kids.stormfront.org/ is blocked by 58% of the surveyed
providers. http://www.rotten.com/, which the district government in
2001 briefly considered to be blocked, is blocked by 11% of the
providers.
* Compliance with the blocking orders seems to be next to impossible.
Even when stretching the legal principles to the maximum and
interpreting the blocking orders in the broadest possible way, only
55% of the providers comply with them. Interpreting the blocking
orders more reasonable in a way that they try to protect non-Web
communication from being blocked, we see no single provider
complying. With this interpretation 45% underprotective and
overrestrictive at the same time while the remaining 55% are "only"
overrestrictive.
Ich halte dsa für die laufenden Verfahren für bedeutsam, weil gezeigt
wird, dass in Theorie und Praxis eine Vielzahl von "anderen" Websites
und sonstigen Services gesperrt werden. Auch zeigen die vielen
Fehlkonfigurationen, das die Sperrung eben nicht "einfach und mit
geringem Personalaufwand" durchzuführen sind. Obendrein liegt an
mehreren Stellen ein offensichtlicher Ermessensnichtgebrauch vor.
Insdbesondere Layer 3 Filtering (d.h. per IP-Adresse) vorzuschreiben,
ohne auch nur Layer 4 Filtering (d.h. nach Ipadresse und Port) zu
erwähnen ist so eine Stelle. Obendrein bleib ich dabei: Der Verfühgung
ist nicht zu entnehmen WAS gesperrt werden soll.
Aber natürlich hält man im Elfenbeinturm seine eigenen Ergebnisse immer
für besonders wichtig.
Das ganze gibts als kurzen, teuren Vortrag beim DFN am 12.6. und als
Langfassung für lau beim CCCC in Köln am 26.6.
Gruß
Max Dornseif
--
Maximillian Dornseif - http://md.hudora.de/blog/
Dipl. Jur., University of Bonn, Germany - ars longa, vita brevis!
--
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de