It does give the lie to the "for the children" argument when blocking copyright infringement is mandatory and banning child porn is optional.
Child pornogrpahy is obviously illegal, but nearly all of it is actively filtered via the IWF lists.
Legal forcing comes from court orders, of which there have been many of in regard to piracy and many other issues. Don't need court orders to regularly bring down child porn because there are already plenty of active attempts and stuff in place from IWF, ISPs, Police forces etc.
_If_ you have a mechanism that you've put together to block some content (in this case the IWF to block child porn porn) then you must also use this mechanism to block stuff the court wants blocked, in this case everything Hollywood has arbitrarily decided it might be a copyright infringement.
But if you don't have a mechanism to block stuff (which A&A does not because why would you want to spend money on that nonsense?) then obviously the court shouldn't order you to go around making Hollywood's life easier and you can ignore it.
The IWF blocks are completely separate (and use a different mechanism) to the court ordered piracy blocks.
The court ordered piracy blocks only apply to the "big 6" ISPs. A&A doesn't have to comply because they're an insignificant ISP with very few customers.
Cleanfeed as originally designed is irrelevant in 2019. It worked by doing transparent HTTP proxying on port 80 and then comparing URLs to a blacklist of hashes. But in 2019 the site can just upgrade you to HTTPS and then you vanish off the radar in Cleanfeed. What's left is yet more DNS blocking.
You might think wait, surely they could do IP blocking? Well, no. Fast flux combined with the address exhaustion means if you do this you'll either underblock so badly you might as well not bother trying, or you'll overblock and get yourselves a reputation as the ISP whose Internet doesn't work. SNI lets your opponents do this to you as much as they want even though very few of their customers are doing anything you actually want to block.
So the other working (but far too expensive) option is "Deep packet inspection" or "Transparent TLS proxies" where you'll watch the ClientHello and drop clients asking for forbidden names in SNI before the connection is encrypted. The UK government's White Paper in 2018 showed no appetite for this extra cost, but even if they go there that's exactly what eSNI fixes - so they'd spend all that money and by the time they ship anything probably it doesn't work anyway.
You wish. Those lists can only filter specific sites. Not the myriad of child porn that is shared privately. So those list based blocks might in fact protect some users who inadvertently clicked on the wrong link, not knowing where it would lead. But people actually seeking out this content do not care.
It still would be effective to just inform providers and domain registrars.
I'm involved in running a small, non-commercial website that offers instant chat rooms without the need to sign up first. At some point the kiddly diddlers found out about it, and used it as basically a bootstrap tool for their activities. We had to play cat and mouse with them for a while, but have improved our system where most such things get automatically detected now or at least marked as suspicious, and the rest is handled by humans. So I am in the unfortunate position to know a thing or two about how these people operate, or at least those who abused our service.
After they initially find each other, either to "trade" one on one or have a group thing going, they use services such a mega.nz and other file hosters with ever new download URLs, or switch over to messenger services such as kik, tox and discord in particular, and use email (in particular protonmail these days) as a backup to finding each other again should their other accounts be taken down.
TOR also plays a minor role, of course, but TOR's importance is usually overstated in public discussions about child porn, at least as far as I have seen, and we've rarely encountered people sharing hidden services; it's mostly about using TOR as an anonymizing, free "VPN".
The amount of content (aka child abuse media) they share is tremendous. Them sharing 10s of GBs with a few mega links in one go was common.
 We had this discussion in Germany ten years back, when the government proposed such filter lists that the ISPs should then enforce. There was a big opposition to that, as people thought the content should be actually removed and perpetrators prosecuted instead of just "hiding" it, and also establishing such a system would make all kinds of other groups eager to get courts to block other content with it, such as alleged piracy sites. Oh, and of course the lack of accountability and transparency was a big issue too.
Turns out most providers will cooperate in taking down content, and the rest can be "made" to cooperate. The German group AK Zensur (NGO) ran an experiment back in 2009, and contacted providers based on leaked government child porn filter lists (mostly from Scandinavian countries). Most providers responded within 12 hours, removing illegal content, but more often than not they did not actually find child porn whatsoever (which the AK Zensur then verified). Most providers further said they had not been contacted previously (good job, law enforcement).
 mega.nz's model of plausible deniability means they also cannot identify content because they never see the content unencrypted (not even a hash of the unencrypted content). So they can only take down individual URLS and accounts, but cannot take down exact copies of the same file uploaded to other accounts. This, combined with the ease of making new accounts, each of which gets 50GB storage at first, and the feature to "unshare" (invalidate share links; allows people to share content for sometimes just a few seconds, so other people can import it into their own accounts and download later), makes mega very popular not just with content pirates, but also with people sharing child porn.
 Easy to use, and easy to use group chats.
 Harder to set up, but it claims to allow quasi anonymous decentralized communication incl file sharing if you put it behind a VPN or TOR. We've encountered "how to setup tox" inforgraphics in the past.
 Discord used to be a bit wild west, being a new service which hadn't figured out a lot of things yet (kinda like us at the beginning), and probably underestimated the problem (also kinda like us in the beginning). They also made it pretty hard to actually report abuse (something like, "actually join the server, switch to developer mode, toggle some obscure other preference, copy the internal channel ID and write us an email containing that information"). Tho it seems they are doing a lot, lot better recently in banning "servers" involved in child porn.
 Which put us in the unfortunate position to proactively ban TOR users from chatting (they can still read). 99% of TOR traffic was either outright malicious stuff like child porn, or spam. Sorry to the remaining less than 1% who played nice.
There is a mandatory block list which all ISPs are required to use, maintained by a private organization - the Orwellian named "Internet Watch Foundation", which is kept secret and is not disclosed for the stated reason that giving details would tell paedophiles where to look. They were responsible for the classification of the German band Scorpions album cover on Wikipedia being classed as child porn and resulting in blocking the Wikipedia page in the UK until that was sorted out. (Dec 7 2008)
> We don't provide a filtering service to restrict or limit access to anything on the Internet. When you take services from us you are opting out of any filtering services. The Internet has a lot of good and useful things, but it also has a lot of unpleasant and offensive things. Don't blame us for what you find on the Internet.[...]
> We do not have, in our network, any equipment installed to filter access to any part of the public Internet for our customers as a whole. We aim to give 12 months notice if we ever add any such filtering.
In the past, they've spoken out more explicitly against the IWF:
> Not using IWF watch list
> The system deployed now is not effective. It blocks web sites that have been reported, and that is all. It causes side effects (see recent wikipedia incident). It does not block ftp access, email, secure web sites, usenet, irc, peer to peer file sharing, or any tunnelled IP to proxies outside the UK, or indeed any number or simple ways around it. The system does not even try to.[...]
> We feel sure anyone wanting access to child porn will have no trouble using the 95% of ISPs that use the IWF and there is no reason for them to come to us specially.[...]
> At the end of the day, we are no more of a policeman than a power company powering a counterfeit printing press. We provide a utility - we shift IP packets. Using us for anything illegal is a matter for the police to deal with and the criminals concerned, and not for those companies that provide power, water, gas, or internet that happen to allow those activities.
We crossed the Rubicon for so many reasons.
I watch a bunch of Netflix, Youtube, play some online games, never came close to my quota, but I know people using 1TB+ per month on other ISPs so YMMV.
Their control panel is incredibly functional – containing detailed logs of pretty much everything. They also provide a lot of more technical line control options that you'd otherwise have to phone up and convince somebody to get changed.
We haven't had the pleasure of needing to phone them up yet, but from what I've read about them they're a technically very capable team.
I really can't recommend them enough. Sure, it's expensive, but a) I like the feeling that I'm contributing to things I agree with, and b) the people who work there deserve to earn a decent wage. Insofar as broadband has a "first class" product, they offer it.
the problem there is the effective not the draconian
We know some evil people record these vile acts, but we don't think that banning video cameras will solve the problem - so my gut feeling is that banning abuse images online is less about stopping the crime and more about not being reminded it exists.
So I wonder what the effective solutions to child abuse are?
Something to do with nosey neighbours willing to pry? With school teachers being amazingly sensitive? something to do with spending huge amounts on foster care and social services - something to do with simply getting to know and talk with your neighbours? or something else?
Was childline ever effective?
I don't know - but it's a huge problem with amazing ROI - and well worth spending at least as much as we do on pointless record my browser history projects.
This is absolutely the worst thing about HN.
"I don't know anything about zoology, biology, geology, geography, marine biology, crypto zoology, evolutionary theory, evolutionary biology, meteorology, liminology, history, herpatology, paleontology, or archeology, but I think ..."
We know from interviewing the children who were abused that they continue to be traumatised by the knowledge that images of them being raped are still available online.
We also know that fear of people viewing the images causes children to avoid seeking help. Some children feel huge amounts of shame or guilt, and they wrongly think that they will be seen as willing victims.
You're also making the mistake of limiting your thoughts to images created by a local abuser - someone in the same room as the child. You need to remember that some images of CSE are created by the children after they've been groomed.
 Although reading any HN thread which mentions images of CSE these children aren't far wrong.
Unfortunately, banning possession/distribution doesn't actually make things unavailable, so it fails to prevent this harm too... Though I suppose the knowledge that people are trying to track down and eliminate such content may help the victims in question.
Thank you. Consider my opinion changed. There is a clear reason to pursue this course of action, even if it is less effective at the root cause.
Personally I think having my prejudices called out is one of the good things about HN.
I still would love to see research on other approaches to tackling the root problem (i.e. the abuse not the images)
(This would presumably included what properly funded social services look like, how cross-department co-operation can be improved, as well as the more "Big Society" suggestions.)
I mean a frustrating part of this is that in almost always some political issue has had a "yes but in Country X they are trying a new system that has had huge success" and slowly a consensus forms around the right way to tackle the problem - but on CSE I have never come across even the right direction of travel.
Finally I hope the threads you mention in your footnote are at an end - there is no willing victim, this is crime and vile crime at that.
Edit: general tidying
I'm personally always amazed that people seem to think the problem is the recording and not the abuse.
Banning video cameras obviously isn't happening, because they're too useful for other things. But if, hypothetically, a company sold cameras magically limited to only recording children, and such cameras would become popular among child pornographers, then you could expect calls for a legal ban on the grounds that denying a few companies the ability to fleece people through market segmentation doesn't outweigh making life more difficult for the child pornographers.
My personal opinion is that this does not reduce abuse. It almost certainly reduces demand for abuse videos, and possibly reduces demand for the creation of new abuse videos - but I don't care about those, I care about the kids being hurt. I'd rather have 10 kids a year get abused and the videos end up on YouTube than have 100 kids a year abused with no videos anywhere, if that makes any sense - and if abuse videos are a substitute for actual abuse one might expect that making the videos harder to acquire would make the latter more common.
And thus it's expected to reduce the abuse done in the process of creating said videos. I provisionally believe your substitution argument. I have no clue if the total abuse is decreasing or increasing here.
Banning images is an actionable measure - with the goal of stopping abuse.
Not saying it's a good one.
Was childline ever effective?"
All of the above basically. Unfortunately council funding cuts are having a detrimental effect on foster care and social services. So that part isnt as good as it should be.
1) the companies pushing them didn’t limit it to just their product (and instead added it to the C runtime resolver)
2) didn’t limit it to their servers (that’s honestly pretty concerning)
Specifically you'll need to set:
- network.trr.bootstrapAddress: To a secure DNS provider you trust (to get the HTTPS DNS resolver's IP/bootstrap DNS over HTTPS). e.g. 188.8.131.52
- network.trr.mode: To 2 (DNS-over-HTTPS is first choice, fallback to OS), 3 (DNS-over-HTTPS only otherwise fail, recommended)
- network.trr.uri to the URL of your DNS-over-HTTPS provider. e.g. https://cloudflare-dns.com/dns-query
If you set all three (and mode to 3), it is a completely bespoke, highly secure DNS solution. That's what I use at work for any personal browsing.
Suppose I have all my devices configured to use my local DNS where I've added names for my other local devices or changed the ones for some names because local devices should use the RFC1918 addresses instead of the internet ones that are routed differently. Suddenly Firefox on every device is using Cloudflare even though nobody ever told it to, and now I have to go touch every device and fix it, including when they're BYOD and the owners want them to "just work" and resolve the names correctly without me having to touch them.
Then the same thing all over again when Chrome does it or any other application.
network.security.esni.enabled = true
The problem is implementing it in the application instead of the operating system. The owner of the device should be able to choose their DNS server in one place (including one that blocks or redirects domains the user actually wants to) and not have to keep after a dozen separate applications all with their own settings that ignore the user's globally stated preferences.
Mozilla could do everyone a favor and produce a free independent DoH implementation for each platform they support that allows it to be used by the OS resolver in every application and have its configuration set all in one place. Extra points for supporting DNSCurve as well.
One advantage that DoH has over DNSCurve is that it is much harder to detect or block due to it being encapsulated as https traffic.
Then the next step is to get operating systems to ship it by default and support DoH as a DHCP option:
> One advantage that DoH has over DNSCurve is that it is much harder to detect or block due to it being encapsulated as https traffic.
If you're using a network subject to active adversarial man in the middle attacks like that then you probably want to be sending all your traffic through some kind of encrypted tunnel rather than only DNS.
So do VPN tunnels over HTTPS/TLS.
There is also happy eyeballs. Use DNSCurve and DoH at the same time and accept whichever answers first, which will be DNSCurve whenever it isn't blocked. Then in a few years when middleboxes have given up trying to block DNSCurve because the alternative is no advantage to them, we can deprecate inefficient DoH to a strict fallback and eventually be rid of it entirely (because they couldn't block DNSCurve anymore if it was 95% of DNS traffic).
The other nominees for Internet Villain were Donald Trump and EU article 13. But they chose Mozilla. Clearly ISPA has an agenda and cannot be trusted.
you are talking about dirty politicians, who are standing against something initially designed to twart oppressive regimes such as China's great firewall... any dirty trick in book is fair game to them.
https://github.com/jedisct1/dnscrypt-proxy does a few good protocols.
to me only the kernel could do it, and it would limit outgoing port 53 by default to every other process.
if I want to set configuration on my hosts file I damn sure want everything to follow it, not have to worry about thousands of applications that might or might not use it.
Edit, to clarify: this depends on the protocol, as someone has noted further down, but in principle you could have an encrypted protocol in which case the ISP (or any other routing node) could only with which server you have exchanged packets.
Edit oops I thought OP said what they communicate not what IP.
 as per wikipedia, https://en.wikipedia.org/wiki/Server_Name_Indication:
The desired hostname is not encrypted, so an eavesdropper can see which site is being requested. This helps security companies provide a filtering feature and governments implement censorship. [..] As of mid 2018, an upgrade called Encrypted SNI (ESNI) is being rolled out in an "experimental phase" to address this risk of domain eavesdropping. On March 1, 2019, Daniel Stenberg stated that Mozilla Firefox supports ESNI.
This data is extremely valuable for marketing since the ISP also knows who you are and where you live. And using DNS bypasses tracker blocking.
This is all about ISP's getting mad that their advertising revanue is being cut off. And possibly a lot of pressure from governments to keep "metadata" like DNS requests in the clear
Most UK ISPs run advertising portals on DNS-not-found redirects, DoH would remove those redirects.
 - https://github.com/jedisct1/dnscrypt-proxy
Their whole argument against DoH is ridiculous.
Both major political parties are pretty censorious and many of the smaller parties aren't much better.
There is certainly one which is much better; and maybe it's a total coincidence, but they seem to be the punching bag of the major parties. ;- )
They’ve been thrown under the bus for entering a coalition government and choosing to support alternative voting over scrapping tuition fees.
Since they were a minority player they didn’t have much choice in fighting that ultimatum, but I understand why people feel scorned. Even if the conservatives are doing many, many more heinous things daily.
As a nice conincidence the “NoToAV” campaign (lit. “No alternative vote”) was undertaken by the same people who drove the leaveEU campaign, they used remarkably similar tactics too. “AV will cost £250m, that should fund our army!” And such.
I mention it because it was funded by the same conservative doners. So the Lib Dem’s lost both ways.
They're the only party that are, instead of 48% of the population being left behind they're actually supporting them. Regardless of your stance on brexit being a good thing or a bad thing there are certain facts that are being ignored. One of which is that "brexit" is a nebulous concept which keeps changing depending on the direction of the wind. I distinctly remember all prominent leave politicians saying we could stay part of the single market. Now they say that was never the plan. This is treating the UK population as intellectually bankrupt.
I'm not saying there's no reasons to _not_ back the lib dems, they've never truly held the chalice so we can't necessarily trust everything they say, it's easy to make such promises when you have no chance of actually winning or have dealt with the realities of ruling.
But perpetuating the "will of the people" meme is incorrigible considering that even the referendum that took us into the EU was followed up with a confirmatory referrendum 2 years after.
That was the EEC, a dramatically less powerful and important collaboration which has morphed gradually into something that would be unrecognizable to those who voted in the affirmative to join the EEC.
Furthermore, that was some decades ago; there has since been born a whole generation of people who are now legal adults, and a similar number of people have since passed away. A referendum of that vintage, on the topic of a substantially different organization, is surely less relevant than a recent referendum with a clear morally (even if not legally) binding result, on the current organization.
P.S. maybe it's not great to paint people as “perpetuating the ‘will of the people’ meme” rather than simply being of the opinion that the referendum represents the will of the people.
It's also a tangially related point but the referendum was organised when glastonbury was happening and since the demographics state that young people tend towards remain, and they were essentially denied a vote. Since 34% of all people didn't vote, and it's such a slim majority I don't buy the argument that it's "the will of the people", it's the will of some people, and it has polarised the country.
The fact is that people didn't actually know what they were voting for, everyone had a different version of brexit in mind, most were absolute fantasy. There are a lot of people who are anti-EU due to decades of defamation by ruling parties and our mass media.
Regarding my last point the EU had to set up a site to defend itself, but, as you likely know: disinformation is hard to counteract.
My statement about "will of the people" being a meme follows directly the definition of memetics:
> Memetics describes how an idea can propagate successfully, but doesn't necessarily imply a concept is factual
People are always saying it's the will of the people but they're unwilling to possibly have another referendum, they're unwilling to accept that people have been lied to, and they're unwilling to accept that brexit as described has changed.
Here's all the prominent leavers saying we would stay in the single market if people voted leave:
So it's not fact, but it's a soundbite that gets repeated ad infinitum.
The turnout for the vote in 2016 was very high compared to a general election. Some say the highest ever.
This idea that it isn't the will of the people is I feel just sour grapes.
Nonetheless, you'll have a better time on Hacker News with less accusatory and loud tone. Your points lower down in this reply are spot on, but because of the "ASCII YELLING" and accusatory tone, it'll probably remain flagged (only visible to people who specifically turn on a feature to view flagged replies).