Blog

There’s been a lot going around recently regarding the ACMA’s proposed blacklist for undesirable and illegal content. By all measures it appears to have been an embarrassment for the government (or at least Senator Conroy) and just isn’t getting any support from anyone, judging by what’s getting reported in the mass media (though I admit minimal exposure to tabloid publications). I don’t even know if the trials of this filtering technology have managed to get off the ground yet.

In case you’ve not been following, ISPs aren’t that interested in participating in these trials, many are accusing the government of censorship, senator Conroy isn’t really sure what the filtering can or can’t do, the “OMG TOP SECRET” blacklist has been predictably leaked (or has it?), and a little while ago there were suggestions the government would find a way to fine you for even sniffing a blacklisted URL.

Myles Peterson from the Canberra Times has his own little opinion piece which I liked very much for the way he’s summed things up. I’d like to borrow a quote from it:

The list was first labelled a fake by a spokesperson for Senator Conroy’s department. Then it was announced linking to the list, or sites on the list, could attract a fine of $11,000. But if the list was a fake, how could linking it attract sanctions? Later it was revealed that the list was not a fake, but the actual ACMA blacklist to which ‘someone’ had added a few extra sites.

So after much confusion it was established that the government’s not-so secret blacklist of almost-banned websites had been sort-of leaked in an unpure form. Confusion reigned again.

I expect the whole thing will go away soon enough (probably not soon enough for senator Conroy’s liking now), but it’s been a disturbing demonstration of how poorly managed and implemented such a system could be. Never minding the impracticality of the whole thing, the implementation is downright offensive. The idea of a secret blacklist, controlled by few, with no mention so far from the government about oversight or recourse for those affected, works very much against core principles of democracy.

But this is politics, and I like my job because I don’t have to deal with politics. How would I implement this filter? Assuming I were an ISP, I’d have some big caching boxes on the network. Bandwidth is stupidly expensive in Australia, so if I can cache some content for local users I can save on the bandwidth. I’d use Squid because it’s free, mature and well-featured. To make sure everyone uses the cache, I’d use a little iptables voodoo and quietly force all http connections through it. This is an easy guide to setting up Squid as a transparent proxy, and Squid also has a comprehensive wiki document on transparent proxying.

Now noone can escape the tentacles of my squid box, muahaha! For the blacklist I’d probably add SquidGuard to the mix, it’s made exactly for high-performance blacklisting with Squid. All I have to do now is let the ACMA send me a copy of the blacklist periodically and keep my proxies up to date.

What about avoiding the blacklist? Oh, that’s easy. You can’t run SSL sites (https) through Squid, as that’ll break the security and people will notice the popups in their web browser (users might be dopey enough to not care, but banks wouldn’t stand for it). Mail doesn’t go through squid, so I can still send all my terrorist training manuals through email. Torrents aren’t affected by squid, so I can still get all my child porn from Russian tracker sites. Using Tor will generally sidestep this, so my supply of snuff films is safe.

I should also mention that, as a webhosting and colocation provider, Anchor has multiple connections straight to the interwebs and doesn’t touch any of this ISP hassle. I’ll just keep downloading stuff to my colocated server and get it home with FTP, thanks.

But what’s that? This isn’t meant to stop these methods of dissemination? Oh, it must be all that think of the children stuff again, yeah, the government needs to do that. Oh, hang on, they were already doing that. Several years ago it was legislated that ISPs must, on request, supply filtering software to their users, to install on their home PCs. The children are already safe, so why in the hell do we need an expensive, over-arching, poorly managed, poorly implemented replacement for a problem that we don’t even have?