Abstract
Three main methods of content blocking are used on the Internet: blocking routes to particular IP addresses, blocking specific URLs in a proxy cache or firewall, and providing invalid data for DNS lookups. The mechanisms have different accuracy / cost trade-offs. This paper examines a hybrid, two-stage system that redirects traffic that might need to be blocked to a proxy cache, which then takes the final decision. This promises an accurate system at a relatively low cost. A British ISP has deployed such a system to prevent access to child pornography. However, circumvention techniques can now be employed at both system stages to reduce effectiveness; there are risks from relying on DNS data supplied by the blocked sites; and unhappily, the system can be used as an oracle to determine what is being blocked. Experimental results show that it is straightforward to use the system to compile a list of illegal websites.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bright, M.: BT puts block on child porn sites. Observer (June 6, 2004), http://observer.guardian.co.uk/uk_news/story/0,6903,1232422,00.html
Brightview Internet Services Ltd.: WebMinder, a configuration for restricting access to obscene sites identified by the Internet Watch Foundation, 21 p. (June 9, 2005)
Dornseif, M.: Government mandated blocking of foreign Web content. In: von Knop, J., Haverkamp, W., Jessen, E. (eds.): Security, E-Learning, E-Services: Proceedings of the 17. DFN-Arbeitstagung über Kommunikationsnetze, Düsseldorf 2003, Lecture Notes in Informatics, pp. 617–648 (2003) ISSN 1617-5468
Edelman, B.: Web Sites Sharing IP Addresses: Prevalence and Significance. Berkman Center for Internet and Society at Harvard Law School (February 2003), http://cyber.law.harvard.edu/people/edelman/ip-sharing/
Her Majesty’s Stationery Office: Protection of Children Act (1978)
Internet Watch Foundation: Annual Report 2003 (March 22, 2004), http://www.iwf.org.uk/documents/20050221_annual_report_2003.pdf
King Abdulaziz City for Science and Technology: Local Content Filtering Procedure. Internet Services Unit, KACST, Riyadh (2004), http://www.isu.net.sa/saudi-internet/contenet-filtring/filtring-mechanism.htm
Lowe, G.: An Attack on the Needham-Schroeder Public-Key Authentication Protocol. Information Processing Letters 56(3), 131–133 (1995)
McWilliams, B.: Cloaking Device Made for Spammers. Wired News (October 9, 2003), http://www.wired.com/news/business/0,1367,60747,00.html
OpenNet Initiative: Google Search & Cache Filtering Behind China’s Great Firewall. Bulletin 006, OpenNet Initiative (Augest 30, 2004), http://www.opennetinitiative.net/bulletins/006/
Norge, T.: Telenor and KRIPOS introduce Internet child pornography filter. Telenor Press Release (September 21, 2004)
US District Court for the Eastern District of Pennsylvania: CDT, ACLU, Plantagenet Inc v Pappert, Civil Action 03-5051 (September 10, 2004)
Zittrain, J., Edelman, B.: Documentation of Internet Filtering Worldwide. Harvard Law School (October 24, 2003), http://cyber.law.harvard.edu/filtering/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clayton, R. (2006). Failures in a Hybrid Content Blocking System. In: Danezis, G., Martin, D. (eds) Privacy Enhancing Technologies. PET 2005. Lecture Notes in Computer Science, vol 3856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11767831_6
Download citation
DOI: https://doi.org/10.1007/11767831_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34745-3
Online ISBN: 978-3-540-34746-0
eBook Packages: Computer ScienceComputer Science (R0)