Forgot your password?
typodupeerror
The Internet Censorship Your Rights Online

Australian Censorship Bypassed Before Live Trials 184

Posted by timothy
from the you-expect-free-choice-from-the-government? dept.
newt writes "The Australian Government is planning to conduct live trials of as-yet-unspecified censorship technology. But as every geek already knows, these systems can't possibly work in the presence of VPNs and proxy servers. PC Authority clues the punters in." Maybe the ISPs secretly like encouraging SSH tunneling — and making everyone pay for the extra bandwidth used. Not really; Australia's major ISPs, as mentioned a few days ago, think it's a bad idea.
This discussion has been archived. No new comments can be posted.

Australian Censorship Bypassed Before Live Trials

Comments Filter:
  • Uh. (Score:2, Interesting)

    by Anonymous Coward

    Ssh typically does compression and then encryption, so we might very well end up with a net savings in bandwidth.

    • Re:Uh. (Score:5, Insightful)

      by Ethanol-fueled (1125189) * on Wednesday November 05, 2008 @04:19PM (#25648459) Homepage Journal
      ...Until the Aussie government considers SSH, VPN's, and anonymizing proxies to be "hacking"(illegally circumventing a la DMCA) and takes steps to outlaw them.
      • Re:Uh. (Score:4, Insightful)

        by heretic108 (454817) on Wednesday November 05, 2008 @04:35PM (#25648719)

        I'm an Australian myself, and it saddens me to say that you might have a point there [convictcreations.com]. Australia's legendary convict streak [davewarner.com.au] has always been counterbalanced by a lurking streak of repressive authoritarianism [wikipedia.org] of a kind which, if permitted to fully express itself, would make the UK's big brother state look tame.

        • Oh please! Australia's convict legacy, (along with Australia's image of itself located in the bush or the outback, the bushranger rebel etc) is just over-romanticised nonesense. The fact is only NSW and Van Diemens Land (as it then was) were founded as convict colonies. The other states were founded by free settlers. And even in NSW and Tasmania the contribution of convicts to the population is insignificant (say compared to the fossickers who came during the 1850s and 60s). Let's stop pulling our collec

          • by deniable (76198)

            Some of the other colonies did use convict labour. Western Australia was founded by free men but imported convicts for a while. The thing a lot of the people making a big deal about our convicts forget is: we let them go when their term was up and their children were born free.

            If you came out in '71 you'd be in the majority of Australians who are or descend form post WWII migrants. I'm old school, my family are post WWI migrants. :)

            I remember being forced to do scripture classes in primary school. We al

            • by Capsaicin (412918)
              p> The thing a lot of the people making a big deal about our convicts forget is: we let them go when their term was up and their children were born free.

              Ah but it's all in the poluted blood see! What Americans who say this forget is the they were only sent here after they had their revolution and wouldn't take any themselves. And what most everyone forgets is that 'Australia' (as a political rather than geographical entity) did not exist until the first day of the C20th (1901-01-01), by which time tra

              • Re: (Score:3, Interesting)

                by cammoblammo (774120)

                When deciding whether to allow them to have access to my first kid I bought their course materials. I have no problem at all with kids learning bible stories (I'm a amateur wannabe bible scholar myself), or being taught to be kind to one and other (in fact if the catholics we here I might let him go). But that is not what is being taught. The course has been cleverly designed to inculcate the kids with fear and an unshakeble belief in God as the evangelists see him (complete with creationism).

                Hmm, I know the problem. I fixed that in my kids' school---I teach the Scripture lessons. Few of the kids in the classes I teach (11-12 year olds) had heard of evolution until I taught it to them last week.

                It wasn't strictly in the curriculum, but it's nothing that's not (officially) in the school curriculum anyway, so I think I'll keep my job. If I stop posting on /. in the next week or two, though, send out a search party...

        • Yeah, that's it. What I find quite amusing is that when something goes wrong, I've found that people who regret our lack of convict frontier mentality start complaining... to the authorities.

      • Re: (Score:3, Insightful)

        by mlwmohawk (801821)

        .Until the Aussie government considers SSH, VPN's, and anonymizing proxies to be "hacking"(illegally circumventing a la DMCA) and takes steps to outlaw them.

        While one can never account for the cluelessness and stupidity of so called "conservative" government, tools like SSH and general encryption are foundations of a lot of necessary infrastructure.

      • Re:Uh. (Score:5, Insightful)

        by drsparkly (65767) on Wednesday November 05, 2008 @04:42PM (#25648829) Homepage

        How many businesses rely on VPNs to connect their remote offices? How many sysadmins use SSH to remotely connect to their unix systems? If the government moved to outlaw VPNs and SSH, there is no point having an internet any more. If the government did this there would be a major backlash from the business community. It would be political suicide, if the current plan isn't already.

        My internet connection is paid for by my current employer so I can (a) telecommute (VPN) (b) remote administer systems in case of problems (VPN, SSH). Its a home internet plan, so they could not simply limit this block to home internet users.

        I repeat my point... if the Aussie government starts blocking every protocol that can be used to bypass their stupid filter, there is no point having an internet. Australia will be back to the stone age.

        • Most likely, any ban on VPN and friends wouldn't be blanket, that would be suicide, as you note. It would, instead, be a clumsy and poorly worded attempt to distinguish between "business" VPNs(++Good) and "consumer" VPNs(++ungood). It would of course be a failure, and pretty much end up failing to catch most relevant cases, while criminalizing every hobbyist who uses a Free SSH implementation.
        • Re: (Score:2, Insightful)

          by limaxray (1292094)
          They could get around that by only outlawing encryption systems that didn't have a government approved back door. Then the companies could be safe from the hackers while the government kept the population safe from the child porn. It wouldn't be the first country to pass such requirements...
      • by jroysdon (201893)

        There is nothing your ISP can do about SSH over https ports. It is encrypted (as https always is) and fools every single proxy I have ever used (hundreds of customers). You can't just blanket block https.

    • Re: (Score:3, Insightful)

      by Hatta (162192)

      On the other hand SSH tunnels aren't amenable to caching. And no matter what, you're adding another hop.

    • by jandrese (485)
      It only compresses if you ask it to, and frankly, the results are usually less than impressive. From the manpage:

      -C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections). The compression algorithm is the same used by gzip(1), and the ``level'' can be controlled by the CompressionLevel option for protocol version 1. Compression is desirable on modem lines and other slow

      • Re: (Score:3, Informative)

        by tabrisnet (722816)

        On any kind of WAN link, it's a savings. It only costs you something on a 100mbit LAN link. The basic problem is that if you hit the CPU limit before you hit the bandwidth limit, compression (or encryption) will suck. But if you can hit the bandwidth limit first, then you will get a reasonable savings.

        I've so far found that on a reasonably modern CPU, you need to be pushing in excess of a 10mbit ethernet, but less than a 100mbit ethernet, for it to hit the CPU limit first.

        Reasonably modern CPU being defined

  • by Smidge204 (605297) on Wednesday November 05, 2008 @04:10PM (#25648281) Journal

    A wise man once said: "The Internet interprets censorship as damage and routes around it."

    (And if you don't know who, turn in your Slashdot account by tomorrow morning.)
    =Smidge=

  • Positive aspect (Score:4, Insightful)

    by khellendros1984 (792761) on Wednesday November 05, 2008 @04:10PM (#25648287) Journal
    I can see a positive possibility here. Find a work-around, and when you're caught visiting "illegal sites", claim that you thought your actions were legal since there's a "foolproof" filtering system that should've properly protected you.
    • Disobedient (Score:3, Insightful)

      by bill_mcgonigle (4333) *

      you thought your actions were legal since there's a "foolproof" filtering system that should've properly protected you.

      It's fool-proof, not criminal proof. Since you're reading material that's critical of the Australian government you've proven yourself a criminal.

      Please come with us. *click-clack*

  • China! (Score:5, Funny)

    by vik (17857) on Wednesday November 05, 2008 @04:17PM (#25648407) Homepage Journal

    Won't it be embarrassing when people start routing their traffic through China to get around American and Australian internet legislation?

    Vik :v)

    • Re: (Score:3, Insightful)

      by ink (4325) *

      What American legislation? It seems that France, China, Australia, and the UK are the ones spearheading big-brother Internet censorship.

  • by Sasayaki (1096761) on Wednesday November 05, 2008 @04:17PM (#25648409)

    As an Australian who fervently opposes Chairman Rudd's censorship bill...

    There is one advantage I can see to all of this. Big Brother will block anything illegal and offensive to me, right? So I can download absolutely anything I DO find since it MUST be legal. After all, the censorship is perfect!

    Pirate bay here I come!

    • Follow up (Score:4, Funny)

      by Sasayaki (1096761) on Wednesday November 05, 2008 @04:18PM (#25648427)

      So far it's working out great! Haven't had my net cut off y

      • by Samah (729132)
        I think you meant that you haven't had your net cu*#tof$%@@&$%<NOCARRIER>
    • Re: (Score:2, Funny)

      by renegadesx (977007)

      As an Australian who fervently opposes Fuer Rudd's censorship bill...

      There, fixed that for you ;)

      • Actually it's Fuer Howards plan, voting out the Liberal government did nothing to stop such foolishness.

        My vote counted for nothing.....NOTHING!

    • Re: (Score:3, Insightful)

      by syousef (465911)

      As an Australian who fervently opposes Chairman Rudd's censorship bill...

      I'm Australian too and I'm getting increasingly annoyed with Rudd. I find the man to be less than genuine, and it doesn't stop with his pandering to China or fearlessly taking on a dictatorial line. He seems to remind me of that every time he's in the news. Like yesterday saying that Obama had fulfilled Martin Luther King's dream. Tell that to almost all the southern states - they all voted for McCain. I can't even think how I'd be fee

      • Not that I like Rudd but in his defence many people have said the same thing - its sort of the token sound bite you would come to expect, and is not exactly untrue - a half black man has taken the highest office in US government. While it doesn't mean that there is no more racism, its a very important milestone.

        I don't like Rudd because, with this censorship stunt, and that phoney outrage over the art exhibition featuring children - he has shown himself to be a person who believes that the public needs t
        • by syousef (465911)

          Not that I like Rudd but in his defence many people have said the same thing - its sort of the token sound bite you would come to expect, and is not exactly untrue - a half black man has taken the highest office in US government. While it doesn't mean that there is no more racism, its a very important milestone.

          Can I suggest respectfully that you go and read the MLK speech. He was talking about a world where a black man being president would not even draw media attention. What we have instead is a world whe

          • The first time a black person wins the presidency of course it will be a big deal - and assassination attempts (despite everyone talking about it) have been a no show. Next time a black person runs for president there will be much less talk about him being black. If MLK was alive what do you think he would say?
            • by syousef (465911)

              The first time a black person wins the presidency of course it will be a big deal - and assassination attempts (despite everyone talking about it) have been a no show. Next time a black person runs for president there will be much less talk about him being black. If MLK was alive what do you think he would say?

              Trying to predict what a dead man I barely knew would say is difficult but I would guess that he'd be very pleased with this step but that he wouldn't be declaring victory.

              As for assassination attempt

      • Tell that to almost all the southern states - they all voted for McCain.

        wow! redneck racists voted for the white guy. colour me surprised!

        • by deniable (76198)
          It was interesting seeing the early projections yesterday. The red/blue state maps almost looked like a map from the civil war.
    • Re: (Score:3, Interesting)

      by deniable (76198)

      Given that this whole thing looks to be a pander to Steve Fielding and Family First, I think the better solution will be to start blocking things they care about. That and downloading porn and asking them to grade it for me.

      I've had just about enough of FF. Rigging Australian Idol didn't bother me, but now they're trying to shut down the web.

    • There is one advantage I can see to all of this. Big Brother will block anything illegal and offensive to me, right? So I can download absolutely anything I DO find since it MUST be legal. After all, the censorship is perfect!

      That argument is stupid, and a strawman. Censorship doesn't have to block everything, it just has to have no false positives. What you actually can assume, in that ironic way, about this censorship is that anything censored will be illegal. Nothing more, nothing less.

      • by deniable (76198)
        So the solution then is to ramp up the false positive rate. Get everything tagged as wrong and someone will 'fix' it. Fix it the way a vet does, hopefully.
  • by elrous0 (869638) * on Wednesday November 05, 2008 @04:17PM (#25648411)
    Any decent blocking software also blocks all the popular proxy lists and proxies too (and it constantly updated). Software that does this (like Websense [wikipedia.org]) may not be impossible to get around, but it makes it damn hard (and I know, this is what my school uses and even with my knowledge it's still hard to find a proxy).
    • by MightyYar (622222)

      Any decent blocking software also blocks all the popular proxy lists and proxies too

      But they can't block proxy ports or they will make it very difficult to do business in Australia. How do you get secure email without a tunnel?

      • Re: (Score:2, Insightful)

        by Anonymous Coward
        Which is the point being made by the EFA. As soon as they decide to make themselves the middle man, there will be no security integrity.
    • by compro01 (777531) on Wednesday November 05, 2008 @04:29PM (#25648633)

      My college uses websense, but Tor goes right through it, and with ready-packaged stuff like xB Browser [xerobank.com] and OperaTor [archetwist.com], it's readily available for practically anyone as long as you can grab the program once (long live the sneakernet).

    • by morgan_greywolf (835522) on Wednesday November 05, 2008 @04:36PM (#25648729) Homepage Journal

      Any decent blocking software also blocks all the popular proxy lists and proxies too (and it constantly updated). Software that does this (like Websense [wikipedia.org]) may not be impossible to get around, but it makes it damn hard (and I know, this is what my school uses and even with my knowledge it's still hard to find a proxy).

      Bypassing Websense:

      1. Have a PC running on a high-speed Internet connection on the other side of the Websense proxy.
      2. On that PC, you need to run OpenSSH and an HTTP proxy server, say at mypc.example.com. In this example, I my proxy server will be using port 8080. Run SSH on Port 443 (works every time) on this box.
      3. Using PuTTY or Plink or one of the front-ends for plink, forward 8080 through an SSH connection to this PC from the inside of the Websense firewall. Putty and Plink can tunnel right through the proxy connecting to port 443 just like an HTTPS connection would do.
      4. Set your browser to use the proxy on localhost at port 8080
      5. Done. All Web accesses will go through the SSH proxy and all of this data will be encrypted as a result.

      I will leave the details as an exercise to the reader.

      Doesn't seem 'damn hard' to me at all.

      • Re: (Score:3, Insightful)

        by elrous0 (869638) *
        If I had "a PC running on a high-speed Internet connection on the other side of the Websense proxy" I suppose it wouldn't be.
        • Re: (Score:3, Informative)

          I use my dreamhost [dreamhost.com] shell at work to get around work's s filter. Especially since in the last week they really tightened down the firewall.

          I suppose if you had the extra cash $10 a month for no filtering might be worth it. There are plenty of other ssh enabled hosts out there.

        • by profplump (309017)

          You can get a VM or a cheap old box at some colo for $30/month and run whatever kind of proxy you like. It's not free, but it's not exactly expensive either, and you could share the cost with others users without much hassle.

      • You don't even need the HTTP proxy, only OpenSSH.

        SSH has a builtin SOCKS proxy you can use...

        ie) ssh -D 1024 x.x.x.x

        Where x.x.x.x is your remote SSH accessible host and 1024 is whatever random port number. Then set your browser to use the socks proxy localhost:1024 and you're all set.

        • Re: (Score:3, Insightful)

          by elrous0 (869638) *
          Great. Now how do I get a remote host? Let me guess, I go to a proxy list that Websense blocks?
          • no, you buy it from a hosting provider, or set it up on your home computer, or have a friend do the same.
            • by elrous0 (869638) *

              Again, this is why all these "it's easy to bypass blocking software" arguments are a crock of shit. Sure it's easy. All you need is a host outside the firewall (i.e., in another country if you're in China or Australia) and a way to find out the address of that host THROUGH the firewall that isn't already blacklisted (or soon to be), and the technical know-how to configure your computer to use a proxy. And those requirements, right there, make it all but impossible for 99.99999% of the population to bypass t

              • by 0100010001010011 (652467) on Wednesday November 05, 2008 @06:20PM (#25651439)

                It's becoming painfully obvious you're a highschooler trying to get around some stupid proxy. You don't "go find" hosts outside the firewall. You know what they are. They're your home computer, your home router (if you run ddwrt/tomato), your shell account provider (dreamhost for me). This isn't a proxy list, this isn't a list of proxies. It's a computer with OpenSSH running on it.

                Everyone HAS told you how to do it, you're just so anxious about showing your l33t skills of haxoring to the Homecoming queen you aren't listening.

              • You can have a friend that has a computer, running linux, using DSL or a cable modem. They create a user for you on their PC. They go to a site like "whats my IP.com" and email you the IP address. then, ssh -l -D 1024 xxx.xxx.xxx.xxx then set your browser to use SOCKS on port 1024 (or whatever port).

                Keep in mind that the types of filtering you are talking about is much, much different than the type that australia is talking about. Your school looks at the URL's you type, and decides weather or not to b

                • and some of these big file filters can even work on HTTPS connections

                  you were doing pretty well until here. how exactly does a filter inspect the contents of an encrypted ssl stream without performing a man-in-the-middle attack (which firefox would jump and and down about warning you they're fucking with your shit)

                  • by profplump (309017)

                    First the local IT admins make you install their certificate authority, so you trust certificates they generate.

                    Then they perform a man-in-the-middle attack on your SSL session using a dynamically generated certificate that you will trust because of the setup in stage one.

                    Obviously this only works when you can be convinced or required to trust their certificate authority. But in corporate environments that's the common case, and that's exactly where these kinds of devices are most likely to be deployed.

              • Your school set up websense for a reason, if you don't like this then pony up the cash and buy your own line, or change school. Seems to me that the schools IT infrastructure is working exactly as it should. Kudos to them, minus a million points to you for whining like the typical spoon fed apathetic Australian. (I'm Australian, so I can say this)

                I don't care what your story is, you want unfettered internet, then pay for it like everyone else.

              • by profplump (309017)

                You could provide your own host. Pay a professional or ask a friend to let you run SSHD on some host outside the firewall. If necessary, install an HTTP wrapper to get your SSH data through the local proxy/packet inspector.

                The remote box you're using won't be blocked because WebSense won't know anything about it. Even if your school noticed your traffic and reported it WebSense is unlikely to add your single-user, unadvertised node to their list of proxies. Your school could try to block you directly, but g

    • by Yuan-Lung (582630)
      Software that does this (like Websense) may not be impossible to get around, but it makes it damn hard


      I am browsing through a lolwebsense filter right now.

      ssh tunnel... forward proxy port to local port... point firefox to local proxy port.... Done

      oh wow, that was hard. ^_-
  • If Australia does what a lot of "secure web gateway" vendors are doing with their products - implement a man-in-the-middle attack against encrypted traffic by using a forged cert. So then Australians' choice becomes the same as employees of companies that deploy those systems - agree to being snooped on, or don't use the internet.
    If Australia's government requires that PCs sold there include the root cert used to forge the other certs (again, like SWG vendors), most citizens wouldn't even notice the differe

    • by MightyYar (622222)

      What do you mean a forged cert? Won't firefox and the like complain loudly? If worse came to worse, the companies could send you a CD with the key on them.

      • Re: (Score:3, Interesting)

        by compro01 (777531)

        He mentioned adding it to the root certs to get around that. Just persuade Microsoft to add it as a "critical automatic update" and the majority of people won't notice a thing.

        • Re: (Score:3, Funny)

          by Psychotria (953670)
          Microsoft is not high on my list of companies that I regard in good stead. But the Australian Government "persuad[ing] Microsoft to add it [forged certs] as a "critical automatic update" targetted at AU users only seems a bit far-fetched--even to me.
          • by compro01 (777531)

            Well, they've listed patches for their music DRM system as such critical updates, so it doesn't seem very out of character.

            • Well, they've listed patches for their music DRM system as such critical updates, so it doesn't seem very out of character.

              Which countries were targetted for those updates? If it was not targetted on a country-by-country basis, then my argument still stands.

              • by profplump (309017)

                Why would it need to be targeted only at AU users? If MS trusts (read: accepts enough money from) the AU government enough to add their CA to Windows why would they care if it was AU only or affected all versions of Windows?

  • Hrm, so 11 years after their Federal powergrab to start banning arms. Not as fast as some regimes, but fitting the pattern pretty well.

    Remember what Paul Hogan says, "That's not a knife, this is a knife... that'll get you locked up for two years if you try carrying it in my country."

    Australians used to be such bad-asses.

  • Misunderstanding (Score:5, Interesting)

    by QuantumG (50515) * <qg@biodome.org> on Wednesday November 05, 2008 @04:39PM (#25648785) Homepage Journal

    The filter is there for people who don't want to bypass it.

    The only reason there is no opt out planned for the "illegal material" filter is because a "reasonable person" should not want to opt out of it.

    In other words: it's not malice, it's stupidity.

  • Or use OpenVPN! (Score:5, Interesting)

    by toby (759) * on Wednesday November 05, 2008 @05:29PM (#25649969) Homepage Journal

    It's LZO compressed by default - not to mention encrypted and X509 authenticated - which probably means a net reduction in bandwidth. Go visit their site. [openvpn.org] It's truly excellent open source software.

    But seriously. As a practical matter, anyone stuck behind state censorship can use a friend's OpenVPN and proxy in another country.

    • by ignavus (213578)

      But seriously. As a practical matter, anyone stuck behind state censorship can use a friend's OpenVPN and proxy in another country.

      You insensitive clod! I don't have any friends.

      I just post on Slashdot so that I can pretend that I have friends.

  • Somewhat relative: (Score:2, Interesting)

    by Anonymous Coward

    "The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation."
    -- Adolf Hitler

    Sorry for Godwin'ing this article but it is quite relative. Senator Conroy is trying to argue this like a Christian, any time someone speaks against him about the filter he just puts his fingers in his ears and says "la la la can't hear yo

  • It's not about whether you can read by flashlight under the covers. I realize as a 'murican that the First Amendment freedoms of speech are a "local ordinance" in cyberspace, but Australia is copying China...Communist China. I am of the understanding that a printing press can reproduce odious child porn...so we should register and monitor ALL the presses. Does not this small bit offend, concern or otherwise motivate those "down under" ? I'm not very familiar with Aussie politix, but I would think that i
    • by deniable (76198)
      It hasn't been implemented yet and while the politicians are still talking about it, it's under the public's radar. Once Conroy and Fielding start pushing this through Parliament, it will get more attention.

I find you lack of faith in the forth dithturbing. - Darse ("Darth") Vader

Working...