Laiste

Wednesday 12th November 2008 | 02:21 PM

Thanks for the links Rodney. I totally agree. Here's a copy of the email I sent Senator Conroy-

Dear Senator Conroy,

As a parent, your proposed internet filtering appalls me. The assumption is that I cannot protect my own child nor adequately teach her how to use the internet responsibly.

You already have a huge number of unanswered questions on your plate courtesy of Senator Ludlam, questions I would very much like the answers to, but I have a few of my own.

Firstly, why does the Government think that parents are incapable of deciding what is best for their own children? How many parents would sacrifice freedom of speech for protection from a danger that is statistically more likely to come from a family member or close friend? Will sites that warn of danger signs and warnings of paedophiles or sites of support groups for survivors be blocked by the filter? How do you propose that the filter will be able to tell the difference if it is based on key words? What other ‘unwanted’ content will be blocked?

I don’t want to live in a Nanny State, and that’s exactly what the ISP based internet filtering is- a Government taking away choices from its citizens; choices about what we can access, choices about how we parent. It is a decision that assumes the people of Australia are too stupid to monitor the internet access of their own children. Nothing could be further from the truth. You can’t protect children from all danger in the manner you are proposing. Determined paedophiles will simply find another way. Far better to spend every cent on education and support services or the Department of Community Services which can protect children from the real dangers they face.

I look forward to your reply.



If I get one I'll post it here.

Chris Walters

Wednesday 12th November 2008 | 02:24 PM

Top article Rodney!

I'm living in Japan and will be returning soon. I didnt know this was going on, and frankly it's quite scary at the stupidity of it all (even though their hearts are in the right place at what they would like to achieve).

Senator Conroy sounds like a fool, and a fool with so much power is very dangerous.

I hope the Australian masses wake up to this and start making a bit of noise.

Chris

Rodney

Wednesday 12th November 2008 | 02:28 PM

...in response to this comment by Laiste. Hi Liaste,

Excellent questions, though I don't expect you'll get a reply if the media and other Senators can't.

EFF and others are reminding us that paper letters are worth far more to politicians than emails, so if we can all take the time to print out a letter like Liaste's and mail it off to our local member and S. Conroy, we have a better chance of being heard.

Not to make it all too sensationalistic, here is a quick reminder of what Adolf Hitler wrote in Mein Kampf;
"The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation."

Mikey

Wednesday 12th November 2008 | 02:31 PM

Senator Conroy is the new Richard Alston:

http://www.rustylime.com/show_article.php?id=387

Jokes aside, this is a scary reality. Watching with interest. Just wish there was something more proactive we could do.

Rodney

Wednesday 12th November 2008 | 02:39 PM

...in response to this comment by Chris Walters. Yeah that's the idea of writing about it. People need to know this is serious and, without some signs of resistance, a fait accompli.

Honestly, can you image a massive, publicly listed corporation, where not a single manager has even a vague understanding of the details of the area they're managing, yet they have absolute power to ignore all advice and just do whatever gets them the best kick-backs in back room deals? If they tried, they'd go to prison. Yet this is precisely how our government operates. Conroy probably can't even spell 'Internet' yet he gets to utterly decide it's future, here.

At the same time as this man is planning to cripple Internet speeds by over 80%, we have the Prime Minister on TV complaining that the Internet is too slow and we need a $5 BILLION dollar injection of public funds to give it a "turbo charge". If it wasn't my country, it'd be hilarious.

Marvin the Martian

Wednesday 12th November 2008 | 02:47 PM

I'll bet that the newly proposed national broadband network has something to do with it. Telstra has said that they will not guarantee their bid since the government is not being transparent on the new rules and regulations that they will have to follow.

Frankly, if this does go through, this will be the first country in the world where the majority of the population will return to snail mail go back to living in the technological dark ages.

Jake

Wednesday 12th November 2008 | 02:49 PM

In all reality, such frivilous spending would need to be justified in this current ecconomic climate and I certainly do not see this being passed before the next ellection, especially considering the considerable infrastructrure requirements.

In actual fact, the public health system in Australia requires an injection of around $5-6b to urgently adress a Nation-wide hospital bed shortage and such frivolity is unlikely to occur while this need exists, it would be political suicide.

The minister for communication also clearly has no idea what the policy entails and is thus inept when considering his portfolio.

Jack

Wednesday 12th November 2008 | 02:51 PM

Help us anonymous?

Rodney

Wednesday 12th November 2008 | 02:58 PM

...in response to this comment by Jake. The government is planning to spend "only" $250 million on the filter. They expect the ISPs to make up the rest of the expenses and then pass the cost on to us. So we will pay a lot more - for a lot less. Of course, it won't cost $250 million, because it will utterly fail. But because they're government, they won't admit failure and will throw more money at it, to "fix" it. So it will end up costing billions, before being quietly dropped in about 8 years time, when the spot light has moved away.

The $5 billion proposal is unrelated and is to "make the internet faster" (which they'll never do because as you say, it's too much money for them to spend).

Jack

Wednesday 12th November 2008 | 03:48 PM

On a more serious note. I'm currently still a high school student at an R-12 (Reception to Year 12) catholic school (I am Atheist though). The internet at our school goes through filters set by the Catholic Education Board. As you can probably imagine these filters block out quite a large number of sites for many different reasons.

At current basically all of the students in my year level and I am also aware that most students in younger year levels know how to use proxy websites. The catholic education board desperately tries to block these proxy websites, but since their are a massive number of proxies their efforts are useless. In the 3 or 4 years since the wide use of proxies began at our school, there has never been a time where students weren't aware of an unblocked proxy. As soon as a proxy was blocked the address to a new unblocked proxy would spread fast.

I haven't done huge amounts of research into this Government filter. Although I can't see why a simple proxy website wouldn't get around accessing content blocked by this filter. (Maybe someone with more knowledge could explain why this wouldn't work.)

School students, kids, have full knowledge of how to use proxies to get around filters. This filter will be useless.

Rodney

Wednesday 12th November 2008 | 04:25 PM

Hi Jack,

Proxies will no assist you with packet inspection.

The Catholic School Board is passing your traffic through a proxy server, which queries a list of know black-listed sites. By changing the proxy server, you're easily allowed to step around such primitive filtering. It's astonishing they let you change the proxy in any case, as Active Directory can easily block users from doing this. Transparent proxies would stop you even more effectively (I.e. forcefully re-routing all traffic on port 80 through a known proxy). Proxies only work on HTTP traffic, or FTP, by and large, as they're not suitable for other kinds of traffic.

The government isn't proposing this. They're proposing that the filtering is done upstream from you. So you can make all the changes in the world on your computer and it's irrelevant - the blocking is being done by your ISP. If they simply say your computer cannot speak to a certain IP, it's game over for you. Also, if they start packet inspection, which is what they intend (hence the massive loss of speed), you won't be able to download anything from anywhere which contains key words. So if someone emails you a joke and it contains the word "hardcore" (for example)... you're not getting that email because the packet which contains that word will be dropped.

Your school is working like this:
You------------Catholic Proxy----/-/---RustyLime
|------------------Proxy Box-----------------|

So by skipping around the catholic proxy, you get to the target site. Because the proxy is "optional", you aren't forced to gateway out through it.

Where as the Government is proposing this:
You------/-/-------ISP filter-----Proxy---------RustyLime


If there is a rule at the ISP router which says "drop anything from RustyLime", then no matter what proxy you tell your computer to use, it won't help. The proxy is already past the point of the filter in the network. As you must use your ISP's gateway, you have no option in the filter.

Jack

Wednesday 12th November 2008 | 06:09 PM

Hi Rodney,

I was unaware they intended packet inspection, this is even more outrageous than a simple blacklist of IP's and URL's. You wouldn't happen to have any knowledge of how they intend to handle packets if the content is encrypted? I understand the blocking/filtering of secure connections but for example if I were to write a program which sent data through a different port other than 80 or 443 . If the data I was sending was encrypted how will they handle those packets? Do they intend to block traffic on ports except for the allowed ports?

Sorry if I was unclear about the Catholic Education Board's proxy. We do get sent through their proxy and are unable to change this. When I said proxy I was referring to HTTP (Website) Proxies (Such as hidemyass.com).

Me --------- Catholic Proxy --------- HTTP Proxy -------- Rusty Lime (Ironically Rusty Lime is blocked by the filter)

What I gather from Upstream filtering is if I try to access a blocked site through their intended filter.

Me ---[HTTP Request: hidemyass.com

Peter

Wednesday 12th November 2008 | 06:13 PM

If ever there was a TT/ACA story this has to be it.

Once its gone its gone, we will never get this freedom back regardless of the incumbant government

Jack

Wednesday 12th November 2008 | 06:18 PM

My comments are getting cut off and then the other half didn't come up =/ Hesitant to post other half again incase I looks as though I keep posting blank comments. Any Help here?

Added you on Facebook to try and get the full comment to you.

Jack

Wednesday 12th November 2008 | 07:03 PM

(Realised it was a problem with some symbols I used in my post, If anyone would like to delete my last two posts, Thanks)

Hi Rodney,

I was unaware they intended packet inspection, this is even more outrageous than a simple blacklist of IP's and URL's. You wouldn't happen to have any knowledge of how they intend to handle packets if the content is encrypted? I understand the blocking/filtering of secure connections but for example if I were to write a program which sent data through a different port other than 80 or 443 . If the data I was sending was encrypted how will they handle those packets? Do they intend to block traffic on ports except for the allowed ports?

Sorry if I was unclear about the Catholic Education Board's proxy. We do get sent through their proxy and are unable to change this. When I said proxy I was referring to HTTP (Website) Proxies (Such as hidemyass.com).

Me --------- Catholic Proxy --------- HTTP Proxy -------- Rusty Lime (Ironically Rusty Lime is blocked by the filter)

What I gather from Upstream filtering is if I try to access a blocked site through their intended filter.

Me ---[HTTP Request: hidemyass.com - rustylime.com]------ ISP [Out going request blocked due to "rustylime.com" contained in the packets]

I've done a little online coding (mostly for multiplayer games) but to how I understand this so far. Say for example I want to have an unfiltered chat with a friend also in Australia. I write a chat program which encrypts outgoing data and decrypts incoming data. If I send this data through an allowed port such as 80, packet inspection will only see encrypted data. Assuming the encrypted data isn't headed to a blocked IP the packets go through and the data is decrypted on the other side avoiding detection.

What’s to say I can't modify this program slightly so instead it sends an encrypted request for a website to someone outside of the Australian filter. The program outside Australia requests the website, takes that data, encrypts it and sends it back to me in Australia. Obviously their are a few functionality issues such as Flash Elements, Java Elements, etc. (Mostly because my programming skills aren't advanced enough to deal with elements like this.) But at least basic data could get to me.

Jim

Wednesday 12th November 2008 | 07:45 PM

...in response to this comment by Jack. The problem is the adults who should be allowed to view porn may not be able to figure it out. Count me as one of those adults. I'm just glad we still have free and unfettered access in the US, at least for now... Then again, the porn industry is probably the only real money maker left here.

Papa

Wednesday 12th November 2008 | 10:43 PM

Porn and booze...

Rodney

Thursday 13th November 2008 | 09:31 AM

Hi Jack,

They plan to inspect encrypted packets using "man in the middle" attacks. Man in the middle attacks constitute a computer-crime by Australian law. But Conroy doesn't know or understand that and simply plans to change the law to make it legal for him to do it and no one else.

Effectively, what they do is set up a "trusted" server and then get Microsoft to add it to the trusted authorities. Then they force all encrypted traffic through a proxy which makes a request on your behalf. This technology is in use in many corporations and Microsoft IIS allows this, for example:

YouGov---{ Govt SSL Encrypt }----Proxy HTTPS EntryGov---{ plain text }---- Proxy HTTPS Exit---{ Real SSL Encrypt }---Real Server SSL

This allows them to inspect packets in your HTTPS traffic in clear text. Because Microsoft will bend over for them and add their server to trusted SSL, your web page won't throw a wobbly when you go to the bank, for example. If you click on the little padlock, you will see the names don't match - but you won't get warnings and the average Joe would never think of checking the names themselves. Likewise the average Joe will be using Windows, so they'll be subject to the new rules of play, from Microsoft + Australian Government.

It constitutes not only a massive invasion of privacy and security threat (because it will get pwn3d by someone) but also a massive single point of failure. When this proxy goes down, all online transactions in the country will go down with it. So imagine if this system failed for a day. No online banking. No eBay. No Amazon. No paying bills. No share trading. No ASX. Nothing. For anyone in the entire country. Now imagine the disaster if this went on for a week. But again, Conroy, who I propose to henceforth call "ClownBoy", doesn't understand this, because he thinks a computer is that amusing Solitaire device that helps him hold sticky notes on his expensive oak desk.

It's sinister in the extreme. This means even your online purchases and banking transactions will be snooped on by the government. It's seriously got to be illegal. There is no way some government employee won't abuse this and steal money and credit card details, etc. It means government IT admins, who will probably get paid about $40kpa, will be able to view share transactions in real-time and basically monitor, alter and interrupt any commercial transactions they wish to. It must not be allowed. But Conroy is seriously planning to do this and if he does, there is next to nothing you can do about it.

And he's selling all the above abuse of power under the banner of "protecting the children". And because most politicians are equally Luddite in nature, they don't care and don't want to be seen as "pro kiddie porn".

P.S.
I find it funny RL is blocked by the Catholic School Board. :-)

Rodney

Thursday 13th November 2008 | 09:37 AM

...in response to this comment by Jack. With regards to sending an encrypted request to a site outside the filter, that won't be possible either. Nothing is outside the filter. If they are inspecting packets and dropping anything that contains keywords, you cannot proxy around it.

If they were simply talking about a big black list, I'd be less furious. It's still wrong, because they can (and will) start blacklisting political opposition, etc. It will start with something we can all agree on, like blacklisting ultra-right-wing Neo Nazi parties. Then slightly less offensive parties will be blocked. And then the media companies will start requesting anything that conflicts with copyright gets blocked. Then they'll start claiming things conflict with copyright which don't - but simply put them in a bad light. Before long, you will only be able to see one message and one party line and that's it.

Make no mistake about it - their plan is actually more restrictive than the current filtering in Iran or China. And that's not my opinion - that's from direct quotes from the CEOs of Internode, iiNet and Telstra, the three biggest ISPs in the country.

Peter

Thursday 13th November 2008 | 12:25 PM

...in response to this comment by Rodney. Well its hit the mainstream internet media

http://www.news.com.au/technology/story/0,25642,24645568-5014239,00.html

Rodney

Thursday 13th November 2008 | 12:52 PM

...in response to this comment by Peter. Yes, there are several stories like that one which utterly miss the point, from journalists who don't understand the technology any more than Senator Clownboy. The average reader will read that article and think "that's good. We SHOULD block kiddie porn". The Media needs to harp on about the massive speed losses we're about to experience and all the issues that come along, as mentioned above. They need to point out how far Clownboy plans to take this. And then TV needs to pick it up. Internet news sites don't reach the average Joe.

2821

Thursday 13th November 2008 | 09:29 PM

Some of the comments here are somewhat alarmist and factually incorrect. Part of the justifiable outrage over this proposal is that it will be a huge waste of money and trivially circumventable.

It is not unheard of for corporates to "proxy" ie. MitM https. They do this by installing via M$ AD a trusted CA in the workstation browser. So when you attempt an https connection you actually connect to the ISA proxy which has a wildcard cert signed by the CA your browser. At that point you are screwed and your employer has all you internet banking etc...

But the government or isp owning your end point browser? You should be able to mitigate this risk quite effectively. I think it is a bit loony to suggest that one of the root CAs (Thawte, VeriSign etc.) would issue a wilcard cert to the Australian government but it's a finite risk...

As far as the filter goes, I think it is unlikely that the government will be able to keep track of all the hosted vpn services in countries other than Australia. And these are pretty rock solid in that they securely tunnel all protocols out of Australia (using the providers ssl CA which is not prone to compromise of the SSL cartel) on any of the 65000 tcp/udp ports. These vpns absolutely prevent eavesdropping and therefore keyword blocking and circumvent DNS tampering or blocking and ip blocks. As a bonus they anonymise the end user's ip and one would assume they would also bypass the performance hit of the filter if the filter were just looking at standard ports like 80, 110, 25...

Rodney

Thursday 13th November 2008 | 09:52 PM

...in response to this comment by 2821. 2821,
The alarmist nature of the comments have a reason. Ordinarily I would call even my own post above a crazy conspiracy theory, something I am utterly adverse to - if it wasn't all sadly factual.

Of course it will be trivial to circumvent a blacklist but it won't be trivial to circumvent packet inspection. Packet inspection is precisely what Senator Conroy intends. Do you think they achieved an 86% loss of speed with a simple blacklist?

You may think it "a bit looney" to suggest that the government would request a root level cert for this - but this is precisely what Conroy is asking for. Of the 6 products the government trialled in Tasmania, 5 use MiTM to allow deep inspection of HTTPS traffic. Don't believe me? Then check the facts:
http://farm4.static.flickr.com/3240/2709790525_4e920445ec.jpg?v=0
http://techliberation.com/2008/07/28/australian-isp-level-content-filtering-report-released/
http://www.zdnet.com.au/news/communications/soa/BitTorrent-hole-in-ISP-filter-tests/0,130061791,339290888,00.htm

You will also note that 5 out of 6 trials either rate limit or completely block bit-torrent traffic and two read your emails. Once again, we see the government deciding how we are allowed to use our own packets. All of the products also include DNS poisoning, which would allow them to redirect you to sites which appear to be your target but are not. Again, this would be a hackers wet dream.

Which is entirely my point. Conroy hasn't got enough knowledge of the subject material to understand what he's asking for. He just wants to know that he can filter "everything".

2821

Thursday 13th November 2008 | 10:10 PM

So... Lease a virtual machine outside of Australia. Create your own certificate infrastructure and connect to your machine over either an ipsec or ssl vpn. Hey. Use an ssh tunnel if you like. Then all the isp or Australian government can see is ciphertext on a strange port. They cannot eavesdrop this and they can packet inspect it all they like but that is futile. Sure, the act of packet inspection may degrade performance I give you that but the bottom line is you just need one open tcp or udp port out of Australia to guarantee your privacy from the Australian government stooges. You use the DNS at the other end of the tunnel in the US or Sweden or wherever. Relax dude. It is possible to lockdown a network on a small to medium scale. I do this for people for money. But to lockdown a country? Not possible unless you severely curtail the utility of the network in terms of contact with those beyond Australia. Think academic collaboration, B2B systems, etc. etc. And half arse attempts, as I said, are TRIVIALLY beatable. Remember the US restrictions on export of crypto? They classified it as a weapon! Now it is a weapon against draconian censorship measures and potential breaches of privacy and/or security inflicted by our own elected public servants.

Rodney

Thursday 13th November 2008 | 10:59 PM

Yeah. That's trivial. I'm going to pay $1000 + bandwidth a month to lease a virtual machine outside the country and browse on that, then IPsec tunnel the traffic back to my house. Very trivial. I am sure every Australian will easily manage that. And I'm sure no admins would ever think of simply dropping any packet which cannot be inspected. Oh wait. That's exactly what ISA already does in a AD domain. I also work in IT security and understand this issue very well. As for not being able to lock down a country, maybe you should visit China.

One of the biggest issues for me is the loss of speed and performance caused by upstream routers inspecting my packets, because you cannot work around that. I am aware that we can work around most blocks but what I don't want to see is a loss of business because my servers appear to no longer be able to provide a reasonable speed to clients.

You're right that the end story probably won't be as bad as I am saying it could be - but I am only repeating what reputable news outlets are saying and what the CEOs of the ISPs are saying. So why is the government trialling these ideas - or even floating them at all, if they have no plans to implement them? Presumably so what they do give us doesn't seem so bad, compared to what it could have been. If they just blacklist a few thousand sites, fine. As long as none of them are false positive, then go for it. But if people don't appear to care about a salami slice (i.e. a small bit at a time) approach to having the Internet restricted, then in time it will be just as bad as they're talking about now.

2821

Friday 14th November 2008 | 07:37 AM

You can get a VM in the US with 250GB of data a month for ~ $30-40USD/mo. Christ, you can get a 4 core machine with 4GB RAM and 2.5TB/mo for $300USD/mo. Have a look at godaddy's offerings. You clearly pulled the $1000 figure out of your arse. Plus there are already hosted vpn services that offer exactly what I described for even less and that even normal end users can grok. Have a look at http://vpnout.com

Do you actually know how the Great Firewall of China works? It can be trivially defeated by vpn/ssl/ssh tunnelling or even more easily if you just ignore the anomalous RST packets that they fire at you (anomalous TTLs). I suggest you go and google "The Great Firewall of China" and get a clue. The issue for you if you are a Chinese citizen is that large streams of encrypted traffic to your ip will perhaps result in unwanted attention and/or a visit by the secret police in their human organ harvesting van. They won't know what information you are accessing but the fact that you need to encrypt it implies guilt, right?

Just from reading your posts in this thread I would not employ you in IT security. You know a little bit but you know what they say about a little bit of knowledge..?

Rodney

Friday 14th November 2008 | 08:30 AM

...in response to this comment by 2821. And you, 2821, suffer from typical 'IT arrogance'. Just because you know how to do something you think it's "trivial" and everyone can do it or must be retarded if they can't. Never mind the fact you probably couldn't fix your own car to save your life or wouldn't have a clue about a million other things in life - you think because you can compile a kernel you are a superior human being. You also assume that no one else's ideas are valid. This alone tells me you work for a small IT business, where people like you are the norm. A major failing of the IT industry is the large number of people like you who believe that they're smart and everyone else is dumb. I encourage you to realise that this isn't the case. You're just as dumb as everyone else, in certain areas and they're just as dumb as you in others. It's this arrogant attitude that gives IT workers a bad name.

But that's never been the point of this article. The point isn't that it's possible to beat it. The point is that it should be happening in the first place and that people who are not qualified to make decisions shouldn't be making them. The discussion should never be about how e83r l33t you think you are or how mad your 5kilz are. The point is this is a major infringement on our privacy, our rights and the thin edge of the wedge. Even in your own post you say it's "trivial" to beat the Chinese firewall - then in the next breath mention doing so will void your life. Interesting definition of 'trivial'.

2821

Friday 14th November 2008 | 09:17 AM

Why don't you address the arguments rather than making ad hominem attacks? It is simple to sign up for a hosted vpn service. Anyone can do it. Did you even click through to vpnout.com? Also, there is currently nothing on the table suggesting that the Australian government will make such services illegal. VPNs are widely used by corporates. The point is that what the government is proposing is an offensive proposal but it just won't work. Get angry about the government wasting your tax dollars through their ignorance with the justification of protecting "the children". The proposal will do nothing to stop the trade in child porn in precisely the same way as it will do nothing to impact upon anyone who is serious about their own privacy or access to material that may fall foul of the government of the day's block list.

I'd rather not address your tangents but fwiw I can fix my own car and have tuned racing motorcycles in the past so am quite adept at mechanics.

Anyway, I accept your Captain Obvious remarks about people having knowledge and skills in different areas. As an IT expert I feel it is my responsibility to inform those who are not so familiar with IT. Again. It is absolutely trivial, for a few dollars a month, to make anything the Australian government implement completely ineffective and thereby protect your privacy and avoid censorship. Propogating this information is much more useful, imho, than the sort of fear mongering you seem to be keen on.

Keep attacking mate. You are just digging yourself a deeper hole and displaying that you in fact are the one who is fairly clueless n00b.

Rodney

Friday 14th November 2008 | 09:32 AM

Thanks for proving my point.

Again you hammer away it's 'trivial' for an 'IT Expert' to work around this issue, again missing the point that many users cannot even install Office by themselves. The point isn't that it can be worked around we should 'educate' people how to be l33t haxors - because you can't educate most people how to do this things because they a) don't get it and b) don't want to get it. Not everyone wants to nerd-up their nights working around filters - and they shouldn't have to. Instead, how about we look at the actual problem instead of trying to show how awesome we are by working around it.

I'll just leave it as agreeing to disagree.

2821

Friday 14th November 2008 | 09:42 AM

Look. If a user can go and sign up for, for example, a facebook account, then they can go and sign up for the vpnout service and follow the simple directions to get it working. Ok, maybe it is not as convenient as just plugging into an ethernet port or joining a wlan but if you want privacy and security it involves some effort. The uptake of a raft of web services suggest that end users are not as hopeless as you suggest and certainly if they care about their privacy and security and about not being censored then the effort is well worth it. Like I said, if you care about this bad proposed legislation then inform people about why it is bad and how they can defend their rights.

Again, please keep posting. We are learning more and more about you and having a good laugh too.

BTW, is this your blog?

Rodney

Friday 14th November 2008 | 10:03 AM

...in response to this comment by 2821. You just don't get it do you? You're still going on about how easy it is to circumvent, with a complete lack of understanding for how much the average person knows about it or actually wants to know. People don't want to have to work around it. They want it to just work for them. Web services are taken up because they're easy to use. People don't know how Facebook works - they just log in and click where they're told to. Suggesting the take up of Web services shows people understand IT is like suggesting people understand communication physics because they buy a TV.

So yes, we're all having a learning experience here. People are certainly having a laugh but I am not so sure it's at me. And even if it is, as long as they are made aware of this issue and take it on board, then I don't mind.

Chris

Friday 14th November 2008 | 10:16 AM

Hi Rodney and 2821

How you guys doing? The weather outside the window here in Japan looks pretty nice though a little chilly for Autumn. How about where you are? Glad it's friday!!

Anyway, I know I just did a big no-no and am way off the subject, but I thought it call a time out :)

I am one of the dummies that Rodney talks about (absolutely no offense taken), alot of this is over my head (but I can install software ;). Thanks for both supplying some good info I can check out for the future.

Chris

Brad

Friday 14th November 2008 | 10:21 AM

This is an absolute joke, I cannot believe this is going to happen. This moron conroy needs a lobotomy. Say goodbye to our freedom. I'm writing to the gov about this as soon as i calm down.

2821

Friday 14th November 2008 | 10:31 AM

Without any assistance my 67 year old mother just signed up for vpnout, set it up and is using it as we speak. Took her < 15 mins. I haven't explained the why or the wherefore of why she'd want to use it but that explanation would take maybe 5 or 10 more minutes. Up until now all she uses her machine for is web browsing and email. I asked her how difficult, out of 10, she rated the signup and setup and she said 4.

Dude. Get over it. If people care about their security and privacy they have the means to do something about it regardless of what the Australian government do, provided they get some good advice. You are really overstating the difficulty. It is no harder than installing a torrent client and creating a browser association for .torrent files, as another example, and plenty of average users manage that.

Rodney

Friday 14th November 2008 | 11:06 AM

...in response to this comment by 2821. You're still going on about this?

Try to understand. The point is not that you can work around it. The point is you shouldn't have to.

2821

Friday 14th November 2008 | 11:22 AM

Yeah. Just like you shouldn't have to be concerned with SSL web pages when you do your internet banking or WPA security on your wireless LAN because the bad guys just shouldn't steal your identity. Pull your head out of your arse and take a look at reality.

2821

Friday 14th November 2008 | 11:24 AM

Or locking your house or car. It is inconvenient and you shouldn't have to because stealing is illegal... Can I stop yet? You sir, are a twit.

Rodney

Friday 14th November 2008 | 11:49 AM

No, your analogy is completely wrong. It's not equivalent to having to lock your house to protect it. It's equivalent to the government locking your house for you with a key you don't have and then you have to ask them to let you and out, each day.

Anders

Friday 14th November 2008 | 12:33 PM

...in response to this comment by 2821. Sorry mate - you're completely off track there. I know you are just trying to show off your l337 knowledge of networking, but Rodney's analogy of it being "equivalent to the government locking your house for you with a key you don't have and then you have to ask them to let you and out, each day" is perfectly accurate.

We all know certain things can be circumvented, but the entire point is that you shouldn't have to.

Adam

Friday 14th November 2008 | 02:44 PM

...in response to this comment by 2821. So let's hypothesise: the government outlaws the aboriginal right to vote, and your suggestion (being that you are an experienced plastic surgeon) is that it doesn't matter, because aborigines could get some 'trivial' cosmetic surgery and disguise their own blackness! Fuck the system! Offshore circumvention is what liberty is about, "noob"!

Wait, no -- they outlaw the BRUNETTE right to vote, ok? Let 'em! It'll be good for hairdressers everywhere, actually. Forget that it's insane, because why would anyone try to actually do anything about anything at the root cause? Insult anyone who dares, I say.

That'd be so clever.

Rodney

Friday 14th November 2008 | 05:25 PM

...in response to this comment by Chris. Hey Chris,

You're no dummy mate - don't ever let anyone make you feel dumb for not understanding their field of expertise. We all have our areas of interest and if they were all the same, the World would be much more boring.

And you're not off topic. :-)

Funny

Friday 14th November 2008 | 06:25 PM

i love it how 2821 calls starts the abuse and trash talking but then has a cry when someone calls him arrogant

seems like someone doesnt like people not bowing down to him

Allan

Friday 14th November 2008 | 06:41 PM

...in response to this comment by 2821. hahahaha sure she did! You rang your mum out of the blue and said 'hey 67 year old mum! go install this software and rank it out of 10 for difficulty coz this guy on the internet doesnt believe im the best at stuff!' Then you went and fixed your own motorbike coz your just the best at everything. My hero!

Peter

Friday 14th November 2008 | 07:13 PM

...in response to this comment by Allan. 2821 wrote: "If people care about their security and privacy they have the means to do something about it regardless of what the Australian government do"

The trouble is the "australian public" dont understand the internet and will belive the government is protecting them, they dont care...

Allan

Friday 14th November 2008 | 07:29 PM

...in response to this comment by Peter. which is exactly why 2821s approach is wrong and rodneys is right

Jorgy

Friday 14th November 2008 | 07:37 PM

...in response to this comment by 2821. You say its your responsibility to teach everyone because your an expert... i think you just like the sound of your own voice

Yazeed Madaeen

Saturday 15th November 2008 | 07:46 PM

What i say here i know possible, it is implemented on my local network at home.

If you can see my internet connection as the ISP's connection, and my router as the ISP, and all the computers at my house as the "Users" of the ISP's service, then read this example

A radius server needs authentication once you log on to the internet, you open your browser and you are required to enter a password, (Google "radius server Wikipedia" out), if you enter the adult password you get open internet, if you enter the other you get restricted internet.

Radius the way it is implemented on routers etc.. will not allow this (Since there is a single connection to the ISP unlike LAN), so how about a proxy for all the children of Australia ?

An even better solution would be, adults can unlock the internet from the ISP's website, or unlock it for a finite amount of time, once that expires they will have to re unlock it (To make sure no one forgets protection switched off), whatever it is, i am sure they have already asked experts, and they have different concerns

It may be that they have concerns about "Outlaws" plotting something, maybe they just can't disclose that since it will bring public outrage, and again they can not ignore it "until something ugly happens", all i know is, There are 1001 obvious solutions they can not have missed.

If he was so ignorant, how could he have thought of things Microsoft needs to do for him ! i think this guy knows what he is talking about

Now if he would only disclose his concerns, maybe more experts can come up with creative solutions !

andrew

Saturday 15th November 2008 | 09:09 PM

there is always some government minister who pokes there nose into something they do not think thru. surely there has to be more on the gov agenda than worrying bout internet filtering. how about the government look into welfare of kids who get abused, both phisically and sexually from family memebers as a start. I am sure welfare agencies would love the money the government wants to spend on this filtering....

Friendo

Friday 21st November 2008 | 07:41 AM

Well, 49 comments down the line, I just couldn't stay out of this one any more. Of course, my heart lies with Rodney, and you other Aussies who are going bonkers over this whole thing.

I gotta' tell you though, I rarely LOL, but this is one of those times..You guys are always-and rightly so most of the time-telling us how messed up we are on all these various things here in the States. And now here you come with the same exact kind of stinking sh*t you're always ragging to us about how we screw it up.

The only difference I really see is that you guys are smaller, and just don't have the level of corruption in politics that we do yet. While at the same time you have all the same wako fringe loons who would do god only knows what to save you from yourself, in the name of some bullshirt, non existent guy in the sky...And the bible tells me so... and that's my story, and I'm stickin' to it.

Don't worry, god knows what is best for you.

This really is an LOL for me though.

Good on ya all,

F-

Rodney

Tuesday 2nd December 2008 | 09:26 AM

People should consider signing this petition, as well:

http://www.getup.org.au/campaign/SaveTheNet&id=463

Christophe

Thursday 18th December 2008 | 09:40 AM

Hi Rodney,

I have no intention of dragging the discussion again towards how easy or not it may be to circumvent the filter as I think you're shown that indeed this is not the point. But you might still be interested to know that in countries where Internet filters are in place, even non-experts are now able to circumvent filters despite the technical difficulties and especially teenagers. The presence of filters actually encourage technologists to offer solutions for the non-tech savvy people: it came as a natural response to the filter.

If the filter is about protecting some of those who are most likely to be able to circumvent them, then it simply only adds the pointlessness!
People should not have to know about proxies and all these things in the first place.

NB. I was in Syria, China and Egypt. While the motivations for bypassing the filters varied from country to country, I was surprised by how easy it was for people to dismiss the filter altogether. In the Middle-East, motivations were mostly political, so bypassing the filter would also entail a risk that people would not have to face in Australia. For a fairer comparison with Australia, Finland also is experimenting with an Internet filter...

Rodney

Thursday 18th December 2008 | 10:03 PM

...in response to this comment by Christophe. Hi Christophe and thanks for commenting.

It's certainly true that Syria, Egypt and China are likely to deal more harshly with law breakers - but Finland is not looking at mandatory filtering. And of the above mentioned countries, only China routinely inspects packets for "naughty" words. That kind of filtering is much harder to get around (proxies won't help; you need other methods).

Look, people are going to work around whatever they put in place. Even non technical people - after all, I can drive a car but I surely wouldn't have been likely to invent the very first one. But The bigger picture here is the shift towards a flawed internet system, with single points of failure, with incompetent buffoons in charge of it and lowly paid uni graduates sifting through highly sensitive commercial information, day in , day out. It's a recipe for disaster. Not to mention we will wind up paying more for a lower service.

All of which says nothing about Conroy's ongoing refusal to answer any questions on the topic - which seems very out of place in a "modern, Western democracy".

Laiste

Tuesday 23rd December 2008 | 04:24 PM

I recieved a 4 page snail mail letter from Stephen Conroy today pretty much saying the same stuff he's been spouting everywhere else. I can copy and paste it here if you like, but theres nothing new or interesting in it.

Jim

Tuesday 30th December 2008 | 07:56 PM

...in response to this comment by Laiste. Might as well, it would add to the thread.

Rodney

Tuesday 30th December 2008 | 10:48 PM

...in response to this comment by Laiste. Please do - in fact - post it as a new article. I think it's very worth the effort.

Ben

Wednesday 31st December 2008 | 12:29 PM

I completely disagree with this filter, but how exactly is it more restrictive than china?

Jim

Wednesday 31st December 2008 | 07:17 PM

...in response to this comment by Ben. That's a great question, maybe one of the more technical minded would answer it...

Brett

Friday 9th January 2009 | 02:06 PM

What it actually is people, and please excuse the conspiracy sounding plot, is an attempt to control all media sources since the internet is posing a major problem for governments who are backing a "new world order" or one world government. Politicians can and do control the media, however the internet has been impossible up to this point to police, and this has posed a major problem for them for the following reasons.

1. Any internet user can freely see what these politicians are up to, despite the mainstream medias attempt to keep the wider TV public in darkness
2. This is not good for them because they are wanting to pass laws like this one, that limit the rights of people and make the average person blind to their plans
3. People who know what they are up to, can fight back, and they do one they are educated, politicians want to make sure they completely control this process
4. Politicians are really puppets, the real people running the world are corporations, and they OWN the TV and print media, but have not been able to control the real flow of info on the net, these Corporations decide which politicians will be backed, which leaves you with the dismal choice of no hopes every time you vote, they are puppets to the yanks and it is the yanks that run the world at the moment and they are planning to own the whole dam thing with a one world government, Australia is just a little region to them.

filtering porn has as much to do with safety as terrorists have to do with getting oil, its a smokescreen for a real intention. Since tobacco is legal and make the government lots of money, it is obvious they care little of safety, they only like what they control.

finally, the Christians or so called Christians are fake! they do not know what the Bible teaches nor do the practice it. No Christian is to have anything to do with politics and that is what the bible teaches! If any religion does actually speak the truth, then they would be like the Jehovah's Witnesses, completely by-passing the media, the governments attempts to control, and political meddling, they bring the truth right to your door.