Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Site Notices
Posted: 3/20/2002 6:06:03 AM EDT
Child-protective mania has given State of Pennsylvania a pretext to indulge in Internet censorship. The legislature has passed a law requiring ISPs to block access to kiddie porn Web sites. Under the scheme, PA residents will have to be prevented from accessing the sites, which will be identified by the state attorney general's office. The law is backed up with penalties ranging from $5,000 for a first offense to fines of $30,000 and seven years' imprisonment for a third offense. The PA legislature doesn't offer any guidance as to how the blocking is to be accomplished. The legislative measure was brought to our attention by Richard M. Smith of ComputerBytesMan.com. "ISPs are going to have to filter by URLs. I think this is a hard technical problem. I'm not even sure what kind of software can deal with ISP traffic volumes," he noted during an e-mail exchange. Add to this the fact that active KP URLs often change on a daily, sometimes hourly basis, and you see that PA is going to be issuing constantly out-of-date URL lists to ISPs throughout the nation and expecting them to dutifully filter them for its residents. So, will this reduce the amount of KP circulating on the Web? Will it protect children from exploitation by pornographers? Obviously, it will do neither. It's pure self-congratulatory legislation with no appreciation of the practicalities, and no hope of accomplishing anything worthwhile. It will, of course, accomplish Internet censorship for PA residents, which may later be expanded once the necessary tools are in place; it will tax the resources of ISPs struggling to comply with impossible demands; and it will impress the uninformed with Pennsylvania's devotion to child protection. But it will not make the slightest dent in the trafficking of this filth. No online KP haven is going to be put out of business merely because it can no longer accommodate the diseased sexual desires of Pennsylvania's perverts. No pornographers will be prosecuted -- only ISPs will be. No KP sites will be disabled; and no online archives will be erased. Trading via IRC, ICQ and AIM will go on unimpeded. Business will be burdened with extravavant requirements and Draconian penalties; and the public will be burdened with censorship, all for no good reason. The Pennsylvania legislature has pulled a terrific fast one here. It's granted censorship rights to the state on the pretext of child protection. It's created a superficial image of concern over KP, while laying responsibility for it as far from the source, and from itself, as humanly possible. And it's got away with it. Governor Mark Schweiker signed the bill into law last month. It takes effect in April.
Link Posted: 3/20/2002 7:06:23 AM EDT
pulling of hourly changes to urls? possible mabey.. but a IP change would be more effective. although take far longer to compleate as it travels all the nets DNS servers (typicaly 24-48 hours for worldwide propogation) either solution presents its own problems. registration with some DNS server group, constant rapid changes may trigger a alert and investigation. then if KP it gets reported. its best if these guys lie quite and dont use URLs. IPs be pinged to no end until a open one is found. set the ip of the site to that. send the message or whatever is done to let the deranged perverts find it. then rinse and repeat. this method would be fairly effective at keeping them hidden. but traceroutes can still be done and find out where their servers are. then talk to whoever is hosting them one step above their server. and get the name blocked. unfortunatly this is easy to get around, change the name. these sicko's know all the tricks and use them. but they will still get caught because everything on the net is trackable. if i had someones IP i could tell you their ISPs contact data. keep the time of the trace and the ip. the ISP can then look through their login/usage records and see what user had that IP at that time and get their name number, ect (if i was a LEO, ect). they best way to fix these guys is life in prison. because once they get out they will go back to their old tricks.
Link Posted: 3/20/2002 8:20:07 AM EDT
More "feel good" laws passed by pols that have no idea if what they pass can be done or not. Just more "See! We passed a law that says you can't do that anymore. It's not our fault, it's the ___________." (fill in the blank with name of scapegoat). I don't like the precident of the gov filtering access to information (but I do belive that anyone who creates or distributes kiddy porn shold be tossed into the nearest dungon to rot).
Link Posted: 3/20/2002 8:26:57 AM EDT
If you're a good ISP, and don't rip-off customers like a cable company, you don't use a proxy server in between the customer and the rest of the world. In other words, you don't molest your customer's data without them knowing about it, like a cable company or many DSL providers do. How is a good ISP going to block by URL? It simply can't be done with they way they're setup. It requires them to add hardware (like a big Sun running Squid) and require the customers to use it. It sounds like the bill was backed hard by the cable companies to reduce the quality of service of their competition. Why compete with others when you can legislate them to reduce their quality to your own low level.z
Link Posted: 3/20/2002 8:38:07 AM EDT
Originally Posted By zoom: If you're a good ISP, and don't rip-off customers like a cable company, you don't use a proxy server in between the customer and the rest of the world. In other words, you don't molest your customer's data without them knowing about it, like a cable company or many DSL providers do. How is a good ISP going to block by URL? It simply can't be done with they way they're setup. It requires them to add hardware (like a big Sun running Squid) and require the customers to use it. It sounds like the bill was backed hard by the cable companies to reduce the quality of service of their competition. Why compete with others when you can legislate them to reduce their quality to your own low level.z
View Quote
Easy to do with some hardware and software. cisco PIX and a software package called websense. This just takes some money. The big problem is the speed at which things can change. Teams of people would have to monitor the internet at all times and send out updates hourly and every ISP would have to update their websense hourly. It would make more sense to not block the sites, catch the people who have them and put them in jail.
Link Posted: 3/20/2002 9:27:25 AM EDT
Link Posted: 3/20/2002 9:42:49 AM EDT
djk, that's exactly the lower type of quality of service I was talking about. You can do the same thing with transparent proxying on most UNIX's or with an access list on any recent cisco (>=10.3 I think) and any web cache. It doesn't even required a PIX. I was doing this sort of thing long before the PIX came-out. The problem is that if your web cache goes down or is a bit slow for a while, your customers don't have web access. Also with the web cache, you end-up modifying the data the customers are sending out. I disagree with you that changing the access lists is hard. It's easy to automate. Back when I could actually get technical work with Internet-related companies, I setup an add-on to Squid that pulled the Yahoo Kids safe list each day. It also scanned for URL's that looked like ads. Now, junkbuster can be added-on to most any proxy, and it does the same sort of thing very well. But, you're still left with the core problem. If you molest the customer's data with a web cache and make their web access dependant on several different systems working, then the customers will suffer.z
Link Posted: 3/20/2002 9:53:41 AM EDT
[Last Edit: 3/20/2002 10:26:42 AM EDT by djk]
Originally Posted By zoom: djk, that's exactly the lower type of quality of service I was talking about. You can do the same thing with transparent proxying on most UNIX's or with an access list on any recent cisco (>=10.3 I think) and any web cache. It doesn't even required a PIX. I was doing this sort of thing long before the PIX came-out. The problem is that if your web cache goes down or is a bit slow for a while, your customers don't have web access. Also with the web cache, you end-up modifying the data the customers are sending out. I disagree with you that changing the access lists is hard. It's easy to automate. Back when I could actually get technical work with Internet-related companies, I setup an add-on to Squid that pulled the Yahoo Kids safe list each day. It also scanned for URL's that looked like ads. Now, junkbuster can be added-on to most any proxy, and it does the same sort of thing very well. But, you're still left with the core problem. If you molest the customer's data with a web cache and make their web access dependant on several different systems working, then the customers will suffer.z
View Quote
Zoom, I didn't say changing access lists was hard. The problem is not with the equipment the ISP has to get. That is the easy part. The hard part is keeping the actual blocked list up to date, as in the sites change so fast you can't do enough updates or can't know all the sites to block. This would take a team of thousands and they could never catch all the bad sites. Finding the offending sites is the problem, not distributing and blocking at the isp. By the way, the PIX can be set up to do hot stateful failover in milliseconds, so that is not an issue. It does not do proxy caching either, it does site blocking. It also does not modify customer data. Edited to change did to didn't which I ment in the first place.
Link Posted: 3/20/2002 10:02:45 AM EDT
Originally Posted By djk:
Originally Posted By zoom: djk, that's exactly the lower type of quality of service I was talking about. You can do the same thing with transparent proxying on most UNIX's or with an access list on any recent cisco (>=10.3 I think) and any web cache. It doesn't even required a PIX. I was doing this sort of thing long before the PIX came-out. The problem is that if your web cache goes down or is a bit slow for a while, your customers don't have web access. Also with the web cache, you end-up modifying the data the customers are sending out. I disagree with you that changing the access lists is hard. It's easy to automate. Back when I could actually get technical work with Internet-related companies, I setup an add-on to Squid that pulled the Yahoo Kids safe list each day. It also scanned for URL's that looked like ads. Now, junkbuster can be added-on to most any proxy, and it does the same sort of thing very well. But, you're still left with the core problem. If you molest the customer's data with a web cache and make their web access dependant on several different systems working, then the customers will suffer.z
View Quote
Zoom, I did say changing access lists was hard. The problem is not with the equipment the ISP has to get. That is the easy part. The hard part is keeping the actual blocked list up to date, as in the sites change so fast you can't do enough updates or can't know all the sites to block. This would take a team of thousands and they could never catch all the bad sites. Finding the offending sites is the problem, not distributing and blocking at the isp. By the way, the PIX can be set up to do hot stateful failover in milliseconds, so that is not an issue. It does not do proxy caching either, it does site blocking. It also does not modify customer data.
View Quote
Actually what I have read on the issure, the state will be supplying the ISP with a list of sites to block. If the porn site changes their IP, its up to the state to create a new list to send out to the ISP's. As far as how.... Router level access lists are annoying, but can be done. An ISP can remove DNS resolution to a site, which will be more effective in blocking the name. If a user who has a clue, goes and uses different dsn servers its not the ISP's problem. Also router level access lists will be innefective as well, there are plenty of proxie services out on the net, such as anonamizer ( or however you spell it). So the law is about as pointless and ineffective as the 1994 AW ban.
Link Posted: 3/20/2002 10:10:43 AM EDT
quote: "Under the scheme, PA residents will have to be prevented from accessing the sites, [b]which will be identified by the state attorney general's office.[/b]" That's what will kill this BS. There is no way in hell that the AG's office will have the manpower or resources to maintain or update such a list. No chance. Even if they get one out the first time, it will be obsolete before it gets to the ISP's.
Link Posted: 3/20/2002 10:15:22 AM EDT
If the state is suppling the list of no-no sites to the ISPs then the law is even more useless. No way will the state's list be even close to complete.
Link Posted: 3/20/2002 10:20:11 AM EDT
Ah yes, kiddie porn--the impossible to argue against justification for any statist attempt to strip us of yet more of our freedom. Second only to terrorism and pedophiles in getting soccer moms panties all in a wad. This country is waaaaaay around the bend when it comes to its fascination with deviant sexual behavior. Instead of ignoring the tiny, infintesimal percentage of people who perpetrate these crimes, the left is using it as a means to bring everyone under the surveillance umbrella. They want to control your mind, your kids' minds, and kill you when you get out of line (i.e. try to have an independent thought about anything at all).
Link Posted: 3/20/2002 10:30:19 AM EDT
Router level access lists are annoying, but can be done.
View Quote
As long as the list isn't too long. How are you going to fit a long list of access lists in the 32K NVRAM on a cisco router? I know cisco promised that some of the new routers would have more, but the point is still the same. Keep in mind, the configuration looks something like: ip route 24.97.83.181 255.255.255.255 Null0 to block ar15.com. That's 44 characters to block one IP address! A list of 1,000 IP addresses would be about 44,000 bytes. It wouldn't fit in the configuration memory. With Livingston routers I've used in the past, there's a feature called ChoiceNet that will poll a seperate server for approval before allowing access to an IP address. This is nice, but there's a delay when accessing a new site that isn't in its cache. If the router can't talk to the filter server, there will be a delay when accessing any new IP address.z
Link Posted: 3/20/2002 10:40:16 AM EDT
First, let me state unequivocally that I think the PA law will be ineffective and that it demonstrates that the writer has no clue what the internet really is or how it works, BUT... I also have no problem with commercial ISPs having to remove kiddie porn from their servers when it's called to their attention. Who would? That this occurs probably in .0000000000000001% of all kiddie porn cases - well that's a separate issue. No doubt most of this is being done by people turning on a server for a short period of time then killing it. The law clearly doesn't take that sort of thing into account. Frankly, I'd much prefer a law with a penalty that kiddie pornographers and child molesters be publically castrated and left to bleed to death.
Link Posted: 3/20/2002 10:40:36 AM EDT
[Last Edit: 3/20/2002 10:41:09 AM EDT by Timber_Wolf]
Maybe I'm just not up to speed on how child-porn transfers work, but it seems to me that one would never use any single web site to pull off such a scheme. Wouldn't they go from web-board to web-board... one day on yahoo, another on google, or so on? How would any government bureaucracy be able to keep up with tracking changes? I mean come on? How long would it take to shutdown hotxxxchildren.com or some other site like that once it is found? And why wouldnt an AG do that, instead of trying to pull some kind of BS V-chip crap with it? And I frequently use a proxy to access THIS site, dodging my workplace's internet blocker (they think they can limit us to biz-related sites only [}:D]) Just magine what a hacker pedo could pull... Dosn't make sense, but then again, it is uncle sam.
Link Posted: 3/20/2002 1:55:54 PM EDT
well i know if i was trading illegal files ie warez or kiddie porn i sure as hell wounldnt be doing it on the web it would be on private servers that only my most trusted memembers could get to. witch is why i always get pissed when the media makes it look like theres a pedophile around ever corner on the internet.
Link Posted: 3/20/2002 3:40:45 PM EDT
Top Top