
In the UK? Strange browser behaviour? You might be being IWF’d. - iuguy
http://grimboy.co.uk/blawg/in-the-uk-being-told-youre-already-downloading-or-have-failed-the-captcha-too-many-times-by-file-hosting-sites-for-no-reason-you-might-be-being-iwfd/
======
joshu
Once, delicious was very briefly on the block list. They quickly realized that
it didn't host images and unblocked it.

Buuuuut:

Virgin and NTL blocked it for YEARS afterwards. It was a nightmare getting it
unblocked. I eventually had to reach out to a friend that knew Branson to get
a high enough level connection.

Government blunt weapons plus corporate disinterest are in aggregate bad for
everyone.

------
JonnieCache
Transparant HTTP proxying by your ISP isn't _all_ bad. Back when Virgin was
NTL, if you didn't pay your bill, instead of cutting you off at the exchange
they would just put in place a proxy rule that redirected all HTTP requests to
a page telling you to pay.

Some broke friends of mine noticed that their already downloaded torrents
still worked. Obviously, all non HTTP traffic worked just fine. They took to
going to the pub at the end of the road, grabbing .torrent files and
downloading them at home. Pretty resourceful. I considered hooking them up
with a SOCKS proxy but never did.

------
donohoe
Great. They're not just censoring the Internet (poorly), they're also breaking
it too. Fantastic.

~~~
aj700
"Think of the children" wins the day every time.

As it probably should, in this case, because we're not giving up a lot. People
think that one child abused is one too many, which is hard to argue. But yes,
you can argue that blocking entire domains instead of specific urls is
overkill.

Accessing free child porn anonymously doesn't "incentivise" child abuse. But
some think that it encourages abuse in real life. But that's a psychological
argument, not a technical one.

~~~
mseebach
> People think that one child abused is one too many, which is hard to argue.

It is hard to argue, but it's also a red herring. The missing bit is the solid
link between someone(1) NOT accessing child porn and, somewhere down the line
a child NOT getting abused.

1: and that someone is likely to be a small fish, as one must expect the
serious guys to be perfectly capable of using any of the hundreds of easily
accessible and usable tools (various flavours of crypto) to circumvent the
deploy anti-measures.

To a certain extend, this is the war on drugs all over again. We fight (a very
small subset of) the consumers because then we are seen to _do something_
(tm), but it's not clear that it puts a significant dent in the production.
And this is a harder nut to crack than drugs, because the easy demand-side
solution (at least partial legalisation) is not really feasible here.

~~~
mseebach
Actually, come to think of it. There exists a possible partial demand-side
solution: CGI or drawings, but in recent debacles surrounding this, opinion
has been firmly against. Flooding the market with easily accessible, legal no-
victim drawn/CGI material at least has the potential of keeping potential
consumers of the real stuff away from it.

This just goes to show that "one child abused is too many" only applies when
the solution discussed isn't "wrong".

~~~
bhickey
The think of the children squad is immune to reason. They'll smear your name
and then your colleagues will look at you funny when you wander into the
office at 10:30.

------
petercooper
And transparent proxies being what they are, even when you're accessing
legitimate content, you can end up with bizarre failures since cookies aren't
working properly. Get quite a lot of "you don't have cookies enabled" errors
from file transfer sites which don't occur through non-UK VPNs.

Shoddy transparent proxying and traffic shaping isn't anything new in the UK
though. For the past couple of years I've frequently had Google go "down" for
blocks of 5-10 minutes several times each week, yet through VPN it's fine. If
you want a reliable connection at home in this country, it seems you need to
just be permanently hooked up to a VPN located _somewhere else_.

------
tgandrews
Looking at the IWF website. Only child porn is within their remit. This seems
a little crazy breaking parts of the web and effectively assuming everyone
visiting a file sharing site is a paedophile.

<http://www.iwf.org.uk/hotline/the-laws>

~~~
cstross
As is noted in the original article, this is a malfunction: IWF issue a
blocklist of URLs, not IP addresses, but the ISPs filter content by proxying.
Some of the ISPs have crappier proxy setups than others. Notably, the biggest
ISPs (Virgin and BT) are the most aggressive at enforcement; smaller ISPs may
not have the resources to waste on nannying their customers. I'm on Be
Unlimited -- smaller, aimed at clueful users, features include stuff like
static IP addresses and unblocked SMTP access -- and Filesonic.com appears to
be accessible.

(I am not-dumpster diving for kiddie porn, however. It's a strict-liability
offense: merely having the stuff in your hard drive cache, unlooked-at, is
enough to draw a gaol sentence.)

~~~
_delirium
_It's a strict-liability offense: merely having the stuff in your hard drive
cache, unlooked-at, is enough to draw a gaol sentence._

That's something that comes up periodically w.r.t. to the IWF itself. It's not
an agency of the police (or part of the govt at all), so the exception to
child-porn laws that permits police to view such photographs in the course of
an investigation doesn't apply. Thus, if the law were to be applied as
written, it should be strictly illegal for IWF employees to have accessed many
of the sites on its blocklist. So either they haven't done so, and their
blocklist is of questionable accuracy; or they have done so, and thereby
committed a crime.

Fortunately for them, the government supports the IWF and has no interest in
prosecuting them.

------
JonnieCache

        $ curl -I filesonic.com
        
        HTTP/1.1 302 Moved Temporarily
        Server: nginx
        Date: Sun, 17 Apr 2011 12:21:29 GMT
        Content-Type: text/html
        Location: http://www.filesonic.com/
        Age: 0
        Via: HTTP/1.1 webcache1-know.server.virginmedia.net (Traffic-Server/5.7.0-59705 [cMs f ])
    

Note that I can still download from those site at will. It doesnt look like
they're actually blocking anything. I'm on the 10mbit service, which is on a
different network to the 50mbit+ plans.

Virgin have stiffed me before with deep packet inspection, but this one is new
to me. Time to persuade my new housemates that changing to DSL is a good
idea...

Or figure some more elegant way around it. Any ideas? Hooking up openDNS at
the router level is on my list, but I doubt that will help.

~~~
dspillett
If they are not using a transparent proxy to pick up the HTTP traffic then
using OpenDNS or Google's public DNS (8.8.8.8 and 8.8.4.4) will help.

If they are going as far as inspecting http traffic (and selectively
editing/blocking some of it) with a transparently proxy rather than
redirecting selected domains via DNS poisoning then your only way around this
is some sort of VPN which of course requires a host elsewhere for the VPN
server to run on (unless you use something like Tor, but that is very slow and
may cause the same "many people from a small set of IP addresses" problem
itself anyway due to the relatively limited number of exit nodes).

~~~
barrkel
Customer requests are redirected by ISPs to the transparent proxy on an
IP:port basis. DNS is not poisoned; using a different DNS will not affect how
it works.

<http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf>

I personally use a cheap VPS located in the US to get around IP geolocation
(e.g. occasional Youtube videos, Hulu etc.), and it can also circumvent this,
though I have never had cause to - my Be Pro account does not block
filesonic.com, for example.

------
ugh
Wow. I didn't know that the UK has a censorship infrastructure.

~~~
calpaterson
<http://en.wikipedia.org/wiki/DA-Notice>

<http://en.wikipedia.org/wiki/Gag_order#United_Kingdom> (These are called
super injunctions in the UK)

~~~
retree
DA notices aren't legally enforceable though. Most newspapers comply
voluntarily.

They're overseen by a committee of both government representatives and those
from the press and news distribution (including Google's Europe head of PR)

see <http://www.dnotice.org.uk/>

~~~
scraplab
Perhaps, but given their sensitivity you would want to comply or face some
difficult discussions with intelligence agencies.

------
cabalamat
Someone needs to set up an Internet Watch Foundation Watch Foundation.

------
mattmanser
This actually took down editing rights for wikipedia for virtually the _whole_
of the UK a year back or so. For wikipedia the whole of the UK looked like it
was coming from 6 IP addresses.

Turns out that they'd blacklisted an album cover for having a naked 14 year
girl on it, so everyone going to wikipedia got shunted through the system,
which makes it appear as if everyone's coming from a handful of IP addresses.
Ironically the 70s album cover wasn't censored in the UK when it originally
came out.

I can't remember all the details now, I'm paraphrasing a story told by Glyn
Wintle from the Open Rights Group[1]. I saw him at a Notts Tuesday event[2],
good speech, a whole lot more insidious things going on than you realise.

In the UK the Open Rights Group are the people you need to support/get
involved with to help keep things like this in check!

[1]<http://www.openrightsgroup.org/>
[2][http://notttuesday.com/2010/07/05/tuesday-13th-july-
keeping-...](http://notttuesday.com/2010/07/05/tuesday-13th-july-keeping-
rights-open/)

~~~
iuguy
Even better still the filter was bypassed by using the HTTPS version of
Wikipedia.

~~~
mike-cardwell
If you install the HTTPS-Everywhere Firefox addon, all wikipedia URLs and
hundreds of other domains are automatically redirected to their https
equivalent.

------
vabole
One thing that annoyed me a lot while I was living in China was the extensive
censorship of the internet. Seeing the same amount of censorship in the
western countries is even more unsettling. The only difference is in the
definition of the illegal content used .

------
udp
Yep, my connection is "IWF'd"... I had no idea this kind of thing was going
on. At least when they block a website in China they block it with a clear
message instead of just silently breaking its functionality.

~~~
dav-id
In China they do it silently with no message, you see just a 404 from your
browser.

~~~
X-Istence
My friend in China says it isn't a 404, the connection is just RST'ed to both
sides and dropped. Simple, and effective. Your browser should display a
"connection reset by peer" message or something to such an effect.

------
tobylane
Damn that's annoying. They are actually quite good in their package, I shall
list the options from memory (ignoring what doesn't apply or is just plain out
of mind).

Sky - Broadband, phone, TV. Requires you to pay a Murdoch (hard pill to
swallow for one parent)

Virgin - Cable (internet on different unshared fiber), phone, tv. Requires
acceptance of this article. (Tbh not too fussed)

BT - Broadband and calls. TV package is an expensive joke. Call centre is
shit/Indian (quality of the line and training, not racism)

Talktalk - Broadband and calls. Even worse call centers. My parents are afraid
to leave them now...

Anyway, I believe I'm wrong somewhere, I wish I was wrong in more places
(everything negative).

------
AndyJPartridge
I'm on a Virgin Media 50MB connection, and filesonic.com is blocked for me.

~~~
papaf
Is <http://78.140.176.180/> blocked? If not then switching to something like
OpenDNS will get round the damage.

To be honest though I have no idea on what level their transparent proxying
works.

~~~
barrkel
There's a paper on it I posted above, if you're curious:
<http://www.cl.cam.ac.uk/~rnc1/cleanfeed.pdf>

------
wzdd
I used to live in Australia, at a time when most .au ISPs did not censor the
Internet. However, transparent proxying was fairly common among ISPs anyway,
because it saved them money. I suspect that might be what's happening here
(though I guess the cost savings are higher when you do it in Australia,
because data charges to Australia are ridiculous).

If the ISPs just wanted to implement IWF censorship, they could do it less
invasively by using packet inspection.

