BitTorrent hole in ISP filter tests

By Liam Tung, ZDNet.com.au

28 July 2008 05:16 PM

Tags: acma, broadband, conroy, censorship, digital economy, enex, filter, peer

The results of ISP-level content filtering tests released today by the federal government have revealed that the products tested could filter websites with illegal content or block entire peer-to-peer networks such as BitTorrent, but could not identify illegal content shared on peer-to-peer (P2P) networks.

The report, released today by the Department of Broadband, Communications and the Digital Economy, showed ISP filtering technologies were improving, however it also highlighted significant holes in current technologies to automatically filter content shared over peer-to-peer networks.

While all six tested products, which were not named, were able to block entire networks of non-Web protocol traffic, such as instant messaging and peer-to-peer networks, none could identify illegal or inappropriate content over those networks.

However, the report showed that new filtering technologies imposed far less network degradation when turned on than under previous tests using older technology.

Under previous tests, network performance degradation was no less than 75 per cent, while this round of tests ranged between two per cent for the best product and 87 per cent for the worst. Products also performed better in accurately blocking blacklisted content.

Current technologies can block entire P2P networks, but not specific content. (Credit: ACMA)

"It is very encouraging to see that the industry has made significant progress with ISP filtering products and we are heartened that many of the products tested are commercially available, with many of them already deployed overseas," Communications Minister Senator Conroy said.

"The next step is to test filter technologies in a real world environment with a number of ISPs and internet users," Senator Conroy said.

A spokesperson for Conroy's office said the department expected a live test to begin before the end of the year. The government will release an expression of interest to ISPs for the tests.

A range of filtering techniques were tested at Telstra's Broadband eLab by testing company Enex Testlabs, which compared Domain Name Service poisoning, packet filtering and analysis-based filtering.

The trials are aimed at determining whether broad-scale ISP level filtering would be feasible for the purpose of boosting online safety laws.

Talkback (24)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 24 comments

Add your opinion

Filtering Anonymous -- 28/07/08

Ugh there any hope of killing this net filter project at all ? :(

ISP now a security adversary Craig Ringer -- 28/07/08

Great ... they're seriously considering DNS poisoning as a filtering mechanism. If they go ahead with that your own ISP will be a security adversary to be avoided. Then again, that looks like the trend no matter what approach they take.

I know how to set up an encrypted tunnel to a remote, trusted DNS server. It'd be easy to distribute canned products to do so, and blocking them would be an ineffective arms race. So, as usual, only the very casual offenders will be hampered, and all legitimate users will pay the price for ineffective and heavy-handed filtering.

Yay!

I know, how about we rate-limit or block all encrypted traffic. After all, you could never have any security concerns that you couldn't trust your friendly government and ISP with! And of course there's no possibility that they or individuals within them could be corrupt, untrustworthy, or incompetent - never! So why encrypt your communications? Do everything unencrypted so we can "protect" you. What's that about people caught selling illegal access to police records, welfare databases, etc? Ah, completely different to the issues around 'net filtering, of course. I believe you. Really.

This whole scheme is a stunningly bad idea. Even opt-in it's pretty dodgy. If made opt-out then opting out will be taken as evidence that you intend to do illegal things (rather than that you don't trust your ISP, you like your 'net access to be fast and reliable, etc). If made mandatory, .... ugh. Speed and reliability right out the window.

In my work it's part of my responsibility to ensure that the journalists can get reliable, trustworthy 'net access to the greatest extent possible. I *really* don't like the idea of having to add my ISP to the list of untrusted hops to be worked around.

Nazi's Anonymous -- 28/07/08

Yes I am glad we had WW2 to remind us of the facists.
Its strange how our Australian governments over the last 25 years like to tell us how we should live our lives, what we should look at on the internet, and what we should think.
The Nazi's succeeded in 1939 and just like then we just don't notice them protecting us from ourselves.

YAY! Anonymous -- 28/07/08

Safety of content...oooouh!

Can anyone say, mind police?

Not legal Anonymous -- 29/07/08

How is it legal to block access to legitimate content. I vote, i vote for party x, my vote isn't automatically "censored" and made invalid. If the australian government wants to "poison" dns they can get lost. Opendns has provided this for some time-- Here is a great idea lets sign australia up on an open dns account FOR ALL OF AUSTRALIA and have ALL the isps sent ALL their data to the ONE location. --- get lost its about providing a) a reliable b) open c) access to legal content. It is not about blocking 99% of the internet just so we can be safe from the 1% of bad bad bad content that we cannot be told about and will be illegal to disclose for fear of us trying to access those sites. I have said in the past and will continue to say again .... DNS filtering is ok and is a good solution. However, you start to run into security and ethical problems. If you want to attack next generation networks that have the potential to have a world of good then you can go and shove your head in the sand and go no no no no NO we are taking australia back into the DARK AGES its for the BEST.

When will they learn Anonymous -- 29/07/08

Welcome to the age of OPENDNS. The systems they are talking about using only work if you don't know any better. If you really were looking at child pornography (the basis for the introduction of this, and yes i have it in writing from the minister) then simple and older technologies such as TOR/Onion Rings would make this pointless.

Things like this is why I dont use my ISP's DNS, and incidentally why the methods they are talking about wont be very effective.

Its kind of funny that they are evaluating it based on all sorts of other criteria, when they weren't in scope.

urgh Anonymous -- 29/07/08

why are they even bothering? is the internet such a big adversary to the plans of our government? aren't there lots of much bigger problems they have on there plate that they should be dealing with?

what ever happened to parents?

why bother?? frank -- 29/07/08 (in reply to #320107932)

They are bothering about doing this to get the support of the Family First senator..

Just don't force it on me Jeremy Birkett -- 29/07/08

I really don't care if they implement this, as long as it's an opt-IN system.
Let the concerned mums & dads choose to ask (and hey, attach a fee to it too) for this and have it enabled, rather than slugging everyone with it.

If not, there better be a way to turn it off. I'm an adult, the government can keep their sticky fingers out of my personal life.

Turning it off Craig Ringer -- 29/07/08 (in reply to #320107934)

Aah, but if it's opt-out and you turn it off, that automatically makes you a person of interest - someone who "has something to hide", wants to do illegal things, etc.

There is, of course, no chance that you might simply want your 'net access to be fast and reliable. These studies show false-positive rates of around 3%. That's a LOT of false positives, and would significantly impair general 'net use. Additionally, the fact that some of them even fail to use HTTP 403 error codes is stunning.

I agree that it'd be fine as an opt-in service where traffic from users who've selected the service is redirected through the filter/proxy. But forcing *all* traffic through the thing is a terrible idea that's going to result in a significant degradation of service reliability, and probably performance, even if your particular account is set not to have any active filtering.

The Australian government seems to be unable to learn from past efforts at Internet censorship. They get laughed at and ignored. Hopefully that'll happen this time too ... but it looks like this time they may actually be serious.

These systems just don't work unless they're whitelist based and block all protocols they can't proxy at an application level. Otherwise it's trivial to tunnel through them. It's not like they haven't had it repeatedly explained to them, either ... but they're not really interested in whether it works, the costs, or the downsides - only the short-term political mileage.

Time for a War Anonymous -- 30/07/08

Looks like it is about time for another world war as people are putting up with this crap from the govenments around the world. Govements is supposed to be the voice of the people not the voice of a few with money.

We voters do have the power to change things we must not be afraid to raise our voices and speak out agaist the govenment that is not listening to what the marjority of people want.

On topic of the story. WE THE PEOPLE DO NOT WANT FILTERING. THIS IS WHAT WORLD WAR II WAS OVER. COMUNISM - THE WILL OF A FEW BEING IMPOSED ON THE MARJORITY! PRIVACY GONE. FREE SPEACH GONE!

People are forget how many millions of our father, grandparent, great grandparents that forght and died in the name of freedom.

Yes we have should have basic laws but other than that what die millions die for becuase what freedom we had if being taken day by day.

Rise up speak your mind!

Just how far does this go ? Paul Aslin -- 31/07/08

And I thought we were suppose to be fixing DNS poisoning, not creating it on purpose.

Hang on, filtering email as well, do they plan to block yahoo/hotmail as well ?

And just what IS unacceptable content ? Unacceptable to most people, or to the paranoid police force, or even to the old lady who goes to church on sunday and doesn't even watch TV.

If you believe the police we should block all photography sites, because its obviously a crime to photograph anyone or anything. Same too for having chemistry as a hobby, your obviously making drugs.

By all means block illegal content, but lets not have another Great Firewall of China.

HTTPS geniesis -- 01/08/08

Anyone notice that the 6 filters can filter HTTPS. Which begs the question, how far it actually filters. URLS, or actual content. Since it says ticked and ticked means "Content filtered", it seems like a very very HUGE security risk.

Just imagine accessing your bank through HTTPS and its being content filtered. Then imaging if the filtering device was hacked. That cracker will now have the ability to view anyone's bank account details that passes through that device. :(

If for arguments sake the device cannot content filter HTTPS, then illigal websites will now just start putting their websites on HTTPS thereby bypassing the whole filtering system. :(

On another note, some of the filtering methods being used (DNS poisoning for one) is just plain abusing what the standards bodies out there are trying to do. We are going to go from something that more or less works to something that will break systems all over the place due to the corruption of the protocols. Altering them is just going to cause software makers headaches and I can't imagine a software company adding exception code to their programs just for little ol' Australia.

In any case there are going to be a multitude of ways to bypass this system. For one if this system is implemented there will probably be an explosion of anonymous proxys, to the point which the blacklist database won't be able to keep up. For one, there is a firefox plugin that can auto select an anonymous proxy from a list of anonymous proxy's an can auto update that list.
Another software that could be used is Tor (onion ring anonymizer), which from my knowledge will definitely not be filterable.

you can't filter HTTPS by content Anonymous -- 06/08/08 (in reply to #320108215)

Unless ISPs are able to break strong encryption, or everyone using HTTPS kindly gives up their private encryption key (thus ending all e-commerce in the world), HTTPS is immune to and man-in-the-middle content-based filtering. The just leaves blocking by URL source etc.

Thus sites and P2P using HTTPS can circumvent the filtering.

World Of Warcraft Greg W -- 05/08/08

I can see their reasoning now. Child Porn proliferates via World Of Warcraft. That's why they have to block BitTorrent (WoW's update mechanism).

P.S. I am aware of the ability of the Blizzard Downloader to use HTTP connections but that's beside the point of demonstrating a legitimate use of BitTorrent.

About time !!! Anonymous -- 11/08/08

Its absolutely essential the world starts to police the internet, whether this is deemed unfair, unsportsmanlike, a restriction on our freedom or big brother, who cares. It is needed for the safety of our children.

At the end of the day, you're being monitored anyway, whether you like it or not, Google is doing it. You just need to get used to the idea.

On a serious note, we need to bring integrity to the Internet and get rid of unnecessary violent and illegal sexual content that is not welcome in this world.

More filtering should be put in place to automatically rule out any over 18 content and even filters applied based on age content, which can then only be applied once it is authorised by the correct person.

I am all for freedom of speech but the world needs to make the internet and ISP accountable to only delivery content to the right age group.

Finally, about time too. Lets face it, the Howard's government internet filter was never going to work, to rely on parents to download and install an application, just a crazy waste of money for an idea that was always going to fail. Good intentions absolutely shockingly bad idea and execution!

Filtering at the ISP is the way forward. However, we still need to block all violent, sexual or any content base by age group by default unless unlocked by an adult.

This is not an Australian problem this is a global problem and the Australian government needs to rally the world to do more to control the Internet.

Drivel Anonymous -- 18/08/08 (in reply to #320109566)

One wonders if the US requires gun owners to secure their guns from their children or whether they try to do it for them? Is it the parent or the child's responsibility not to get their hands on their parents guns? This is no different.

The internet is no place for children to be playing - do you let yours play on the road? Do you think it is someone else's responsibilty to care for *your* children? Should the rest of the internet users pay because *you* are unable to *monitor* your *own* children? Methinks not. Who at your home pays for the internet use - the kids or the adults? Who maintains the PC and ensures it is set up correctly? Oh, you want everyone else to pay for that because you can't be bothered - good luck...

Filtering at the ISP will *never* be the way forward (unless you're keen to drop all rights to privacy that we have here) - we simply do not have the technology to differentiate photos, etc well enough - shadows, lighting, patterned clothing, skin textures, etc etc all contribute and automation will only define the boundaries better (which will make things worse). Remember that SPAM actually increased in the USA once spam was defined in legal terms... since it was very easy to create something that clearly was not spam under the definition given. Now apply this reasoning to photos and other content...

I agree that it is a problem. But your children's (or anyone else's) access to online content is *not* my problem - it is *your* problem.

So stop trying to make the rest of us pay for your problems and start monitoring your own kids.

lazy parents purpledragon -- 13/10/08 (in reply to #320109566)

why cant parents realise that the internet is not just for kids? if you dont want them to see something, filter it yourself! i have young children that use the internet but i actually take the time to sit with them and moniter what they are searching. the internet is for everybody, and we all like different things.

HTTPS filtering vs Privacy Act Anonymous -- 18/08/08

I'd like to see the Privacy Commissioner's view on this invasion of privacy - decrypting traffic without the end user's knowledge or consent would surely violate the 'act, no? Especially since the privacy act requires some types of personal information to be encrypted in transit...

Time we all moved from SSL to real encryption that we control, like hushmail's purpose built java encryption engine (I always wondered why they bothered to do that, now I guess we have the answer...)

xBeanie xBeanie -- 21/08/08

Slightly off topic, but you have to love the simple-mindedness that comes up with P2P = piracy.

P2P has a promising future in the legitimate distribution of large software and update, on-line media etc e.g. World of Warcraft. Perhaps the threat of outright protocol banning is partially to blame for holding back development in this area.

Banning P2P outright is like banning cutlery because it can be used to kill. Chopsticks anyone?

your kidding me right? Anonymous -- 26/08/08

i intend to sue if they implement this filtering software... its a breach of the privacy act. What if im doing some online banking, and a hacker manages to get into their database of archived sites that I've visited and pulls up the packets containing my password? or a very bored desk jockey decides he wants to make some cash on the side, so logs into the database, pulls up a few credit card numbers that the filter's captured and head on over to ebay... this 'filtering' software is performing a man in the middle attack on our internet connections, if anyone tried to implement this kind of crap the feds would be kicking down their door in a matter of moments!
Instant messaging, email, P2P, newsgroups, all blocked, what the hell else is left for us to use?

No free speech Dylan -- 25/10/08

In 1948 the United Nations General Assembly adopted the Universal Declaration of Human Rights (UDHR). Article 19 affirms the right to free speech:

Article 19. Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.
Australia was a signatory to this treaty.
How ever, it is not enforceable by the courts.
So we're boned.
Dammit, I like the internet, but if this goes through, I refuse to pay for a filtered laggy product.
Thing is, murder is illegal, so is theft etc. How ever they do not stop you from being ABLE to do so, that is a human rights violation. Is this not the same?

What the.....????? ****ed off -- 15/09/09

After reading this article, I am just astonished that the lengths the government are going to take away our past-time of being on the net, will they ban visiting our favourite bands?
There are bands out there that have explicate names either deliberate or accidental. Taking away our way of communicating with other people on networking sites, forums and IM's this means I cannot communicate with family & friends from around the world any more all because of one man, cannot access my bank account, ebay etc....Come on Rudd I voted you for change for the better but now you take away our rights to voice our opinions online and chat to others around the world.I may as well pack up my contract but you get the bill for terminating early!

All the parents need to do is install K-9 filter does the same job and the parents have control not the government!!!

...of liberty, freedom & proxy servers? Anonymous -- 30/09/09

I 100% believe that the pedo's should be fed feet 1st through a wood chipper, but does anybody else see a problem in driving these people who wanna look at child porn further underground to hide behind proxy servers in other countries & make them harder to keep an eye on? Wouldn't it make more sense to track them in a system where they're more inclined to be lazy?
As for filtering content for children, I think it's absurd that the tax payers should have their rights & dollars eroded for something that should be monitored by the parents - end user filters do exist, & they should pay for them if its a concern, as most internet security programs come with them now as std option.
And P2P networking isn't all stolen Metallica albums (thanks Lars... ) anybody using Linux will know its probably the most reliable way to get the new distros - entirely legal download. So what, no more downloading Linux with P2P? So much for Free & Open Source Software!
Unfortunately for the govt, kids will have proxies sussed before Mr Conroy can pat himself on the back (most of them are probably smarter than him), so will the scumbags who dload child porn, & as for the P2P, proxies will get around that too, they will just be a whole lot slower. I totally agree that children should be protected - by their parents, but this is not going to protect them from anything - they will just learn new tricks. As for the government protecting us from ourselves, those of us who are adults - thanks all the same but i think we're capable of deciding what is acceptable content for ourselves. Can you imagine the outcry in the US if this was tried over there? They won't even accept health care from the government! We must keep our voices heard on this! No Clean Feed!!! Keep making noise!

Add your opinion

Latest Videos

Play now

Microsoft Office 2010 beta
The beta for Microsoft Office 2010 is here and we've had a chance to check out the latest version. Though the … Watch it now
Play now

Ben Forta: All about Adobe
Take one ColdFusion veteran and mix in a healthy dose of prolific book writing, and chances are you will end u… Watch it now
Play now

Google CEO Eric Schmidt
Google's chief sits down for an extremely rare, wide-ranging interview and discusses Google's two operating sy… Watch it now
More videos »

Blogs

IT: Govt's cost-cutting bitch
The government needs to stop looking at IT as a necessary evil or the place to remove costs when the Treasurer comes calling.
Can complaints on mobile content be cut?
On 1 July this year the new Mobile Premium Services Code was introduced. It sounds like it's had a good impact, but is it enough?
NZ farmers: Bleating about broadband
As we know, farmers are such bleaters. They bleat as much as the four-legged woolly things in their paddocks. If it's not the weather, it's the strength of the dollar! Nothing is ever right. Likewise with rural broadband.
More blogs »

Reader Services

Essentials

Broadband Plan Finder
Not sure which broadband plan to choose? Try our Broadband Plan Finder.
Best Servers
Check out the best servers here!
Mobile Phone Plan Finder
Pick the best mobile phone plan deal with our Mobile Phone Plan Finder.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.
Top Ten Servers
Want to find out what servers are in the top ten? Check here!

News > Communications