Australian Censorship Bypassed Before Live Trials 184
newt writes "The Australian Government is planning to conduct live trials of as-yet-unspecified censorship technology. But as every geek already knows, these systems can't possibly work in the presence of VPNs and proxy servers. PC Authority clues the punters in." Maybe the ISPs secretly like encouraging SSH tunneling — and making everyone pay for the extra bandwidth used. Not really; Australia's major ISPs, as mentioned a few days ago, think it's a bad idea.
Uh. (Score:2, Interesting)
Ssh typically does compression and then encryption, so we might very well end up with a net savings in bandwidth.
Re:Uh. (Score:5, Insightful)
Re:Uh. (Score:4, Insightful)
I'm an Australian myself, and it saddens me to say that you might have a point there [convictcreations.com]. Australia's legendary convict streak [davewarner.com.au] has always been counterbalanced by a lurking streak of repressive authoritarianism [wikipedia.org] of a kind which, if permitted to fully express itself, would make the UK's big brother state look tame.
Not convicts ... sheep. (Score:2, Interesting)
Oh please! Australia's convict legacy, (along with Australia's image of itself located in the bush or the outback, the bushranger rebel etc) is just over-romanticised nonesense. The fact is only NSW and Van Diemens Land (as it then was) were founded as convict colonies. The other states were founded by free settlers. And even in NSW and Tasmania the contribution of convicts to the population is insignificant (say compared to the fossickers who came during the 1850s and 60s). Let's stop pulling our collec
Re: (Score:2)
Some of the other colonies did use convict labour. Western Australia was founded by free men but imported convicts for a while. The thing a lot of the people making a big deal about our convicts forget is: we let them go when their term was up and their children were born free.
If you came out in '71 you'd be in the majority of Australians who are or descend form post WWII migrants. I'm old school, my family are post WWI migrants. :)
I remember being forced to do scripture classes in primary school. We al
Re: (Score:2)
Ah but it's all in the poluted blood see! What Americans who say this forget is the they were only sent here after they had their revolution and wouldn't take any themselves. And what most everyone forgets is that 'Australia' (as a political rather than geographical entity) did not exist until the first day of the C20th (1901-01-01), by which time tra
Re: (Score:3, Interesting)
When deciding whether to allow them to have access to my first kid I bought their course materials. I have no problem at all with kids learning bible stories (I'm a amateur wannabe bible scholar myself), or being taught to be kind to one and other (in fact if the catholics we here I might let him go). But that is not what is being taught. The course has been cleverly designed to inculcate the kids with fear and an unshakeble belief in God as the evangelists see him (complete with creationism).
Hmm, I know the problem. I fixed that in my kids' school---I teach the Scripture lessons. Few of the kids in the classes I teach (11-12 year olds) had heard of evolution until I taught it to them last week.
It wasn't strictly in the curriculum, but it's nothing that's not (officially) in the school curriculum anyway, so I think I'll keep my job. If I stop posting on /. in the next week or two, though, send out a search party...
Re: (Score:2)
Yeah, that's it. What I find quite amusing is that when something goes wrong, I've found that people who regret our lack of convict frontier mentality start complaining... to the authorities.
Re: (Score:2)
Re: (Score:3, Insightful)
Discussing open network initiatives with members of '%' government? Inconceivable!
Re: (Score:3, Insightful)
.Until the Aussie government considers SSH, VPN's, and anonymizing proxies to be "hacking"(illegally circumventing a la DMCA) and takes steps to outlaw them.
While one can never account for the cluelessness and stupidity of so called "conservative" government, tools like SSH and general encryption are foundations of a lot of necessary infrastructure.
Re: (Score:2)
Re:Uh. (Score:5, Insightful)
How many businesses rely on VPNs to connect their remote offices? How many sysadmins use SSH to remotely connect to their unix systems? If the government moved to outlaw VPNs and SSH, there is no point having an internet any more. If the government did this there would be a major backlash from the business community. It would be political suicide, if the current plan isn't already.
My internet connection is paid for by my current employer so I can (a) telecommute (VPN) (b) remote administer systems in case of problems (VPN, SSH). Its a home internet plan, so they could not simply limit this block to home internet users.
I repeat my point... if the Aussie government starts blocking every protocol that can be used to bypass their stupid filter, there is no point having an internet. Australia will be back to the stone age.
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
There is nothing your ISP can do about SSH over https ports. It is encrypted (as https always is) and fools every single proxy I have ever used (hundreds of customers). You can't just blanket block https.
Re: (Score:3, Insightful)
On the other hand SSH tunnels aren't amenable to caching. And no matter what, you're adding another hop.
Re: (Score:2)
Re: (Score:3, Informative)
On any kind of WAN link, it's a savings. It only costs you something on a 100mbit LAN link. The basic problem is that if you hit the CPU limit before you hit the bandwidth limit, compression (or encryption) will suck. But if you can hit the bandwidth limit first, then you will get a reasonable savings.
I've so far found that on a reasonably modern CPU, you need to be pushing in excess of a 10mbit ethernet, but less than a 100mbit ethernet, for it to hit the CPU limit first.
Reasonably modern CPU being defined
Re: (Score:2, Interesting)
I currently work for an unamed large geotechnical company with HQ in Holland. Their bonehead corporate ICT network routes all traffic through a global gateway in either Holland or the US. I work in Perth, Australia. To access a server on the floor below, the packets are going 1/2 way around the world and back. And its fscking slow.
Thank god for our hosting networks ;)
Re: (Score:3, Insightful)
I was going to say. It's nothing that a diamond head cement drill wouldn't solve. I'm just sorry you went for the easy invisible solution in
Re: (Score:2, Funny)
I currently work for an unamed large geotechnical company
Given that they can't even think of a name yet, their boneheadedness with the network doesn't surprise me.
Re: (Score:2, Informative)
a) You need a registered business to have a
b) Hosting within Australia costs a ridiculous amount of money, like anything to do with the internet in Australia
Now of course this is only speaking for myself, but the average internet user I know doesn't use many Australian s
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
The old saying still holds (Score:5, Insightful)
A wise man once said: "The Internet interprets censorship as damage and routes around it."
(And if you don't know who, turn in your Slashdot account by tomorrow morning.)
=Smidge=
Re:The old saying still holds (Score:5, Insightful)
A wise man once said: "The Internet interprets censorship as damage and routes around it."
In fact, the original quote was that "Usenet interprets censorship as damage and routes around it," although the saying is widely misquoted.
(Note how incredibly useful the uncensored usenet has become.)
Re:The old saying still holds (Score:5, Insightful)
It has been said that prostitution is the oldest profession, but before they could be prostitutes they had to advertise their services.
Re: (Score:2)
A wise man once said: "The Internet interprets censorship as damage and routes around it."
Then it seems that this wise man did not forsee Cogent blackholing Sprint's traffic.
Re:The old saying still holds (Score:5, Funny)
(And if you don't know who, turn in your Slashdot account by tomorrow morning.)
Translation:
(And if you don't know who, I'm too lazy to google it for you as it has slipped my mind also.)
Re: (Score:3, Funny)
Routing around Australia as a whole is probably not the intended nor desired outcome. The rest of the Internet will be fine. Just nothing in or out of Oz.
Re: (Score:2)
Yeah... a wise old man that knows nothing about networks or the way that the Internet works.
Tell that to the Chinese.
Positive aspect (Score:4, Insightful)
Disobedient (Score:3, Insightful)
you thought your actions were legal since there's a "foolproof" filtering system that should've properly protected you.
It's fool-proof, not criminal proof. Since you're reading material that's critical of the Australian government you've proven yourself a criminal.
Please come with us. *click-clack*
China! (Score:5, Funny)
Won't it be embarrassing when people start routing their traffic through China to get around American and Australian internet legislation?
Vik :v)
Re: (Score:3, Insightful)
What American legislation? It seems that France, China, Australia, and the UK are the ones spearheading big-brother Internet censorship.
Advantages to Censorship (Score:5, Funny)
As an Australian who fervently opposes Chairman Rudd's censorship bill...
There is one advantage I can see to all of this. Big Brother will block anything illegal and offensive to me, right? So I can download absolutely anything I DO find since it MUST be legal. After all, the censorship is perfect!
Pirate bay here I come!
Follow up (Score:4, Funny)
So far it's working out great! Haven't had my net cut off y
Re: (Score:2)
Re: (Score:2, Funny)
As an Australian who fervently opposes Fuer Rudd's censorship bill...
There, fixed that for you ;)
Re: (Score:2)
Actually it's Fuer Howards plan, voting out the Liberal government did nothing to stop such foolishness.
My vote counted for nothing.....NOTHING!
Re: (Score:3, Insightful)
As an Australian who fervently opposes Chairman Rudd's censorship bill...
I'm Australian too and I'm getting increasingly annoyed with Rudd. I find the man to be less than genuine, and it doesn't stop with his pandering to China or fearlessly taking on a dictatorial line. He seems to remind me of that every time he's in the news. Like yesterday saying that Obama had fulfilled Martin Luther King's dream. Tell that to almost all the southern states - they all voted for McCain. I can't even think how I'd be fee
Re: (Score:2)
I don't like Rudd because, with this censorship stunt, and that phoney outrage over the art exhibition featuring children - he has shown himself to be a person who believes that the public needs t
Re: (Score:2)
Not that I like Rudd but in his defence many people have said the same thing - its sort of the token sound bite you would come to expect, and is not exactly untrue - a half black man has taken the highest office in US government. While it doesn't mean that there is no more racism, its a very important milestone.
Can I suggest respectfully that you go and read the MLK speech. He was talking about a world where a black man being president would not even draw media attention. What we have instead is a world whe
Re: (Score:2)
Re: (Score:2)
The first time a black person wins the presidency of course it will be a big deal - and assassination attempts (despite everyone talking about it) have been a no show. Next time a black person runs for president there will be much less talk about him being black. If MLK was alive what do you think he would say?
Trying to predict what a dead man I barely knew would say is difficult but I would guess that he'd be very pleased with this step but that he wouldn't be declaring victory.
As for assassination attempt
Re: (Score:2)
Tell that to almost all the southern states - they all voted for McCain.
wow! redneck racists voted for the white guy. colour me surprised!
Re: (Score:2)
Re: (Score:3, Interesting)
Given that this whole thing looks to be a pander to Steve Fielding and Family First, I think the better solution will be to start blocking things they care about. That and downloading porn and asking them to grade it for me.
I've had just about enough of FF. Rigging Australian Idol didn't bother me, but now they're trying to shut down the web.
Re: (Score:2)
That argument is stupid, and a strawman. Censorship doesn't have to block everything, it just has to have no false positives. What you actually can assume, in that ironic way, about this censorship is that anything censored will be illegal. Nothing more, nothing less.
Re: (Score:2)
Not very good blocking software (Score:5, Interesting)
Re: (Score:2)
Any decent blocking software also blocks all the popular proxy lists and proxies too
But they can't block proxy ports or they will make it very difficult to do business in Australia. How do you get secure email without a tunnel?
Re: (Score:2, Insightful)
Re:Not very good blocking software (Score:4, Informative)
My college uses websense, but Tor goes right through it, and with ready-packaged stuff like xB Browser [xerobank.com] and OperaTor [archetwist.com], it's readily available for practically anyone as long as you can grab the program once (long live the sneakernet).
Re: (Score:2)
Re: (Score:2)
Just out of curiosity, which blocked legal sites could we test this on?
Re: (Score:2)
At my college, games.slashdot.org is blocked.
Or a quick way to find something blocked is to simply google the title of a blocked websense category.
Or this page is quite likely to be blocked on most configurations : http://www.peacefire.org/censorware/WebSENSE/ [peacefire.org]
Re:Not very good blocking software (Score:4, Informative)
Any decent blocking software also blocks all the popular proxy lists and proxies too (and it constantly updated). Software that does this (like Websense [wikipedia.org]) may not be impossible to get around, but it makes it damn hard (and I know, this is what my school uses and even with my knowledge it's still hard to find a proxy).
Bypassing Websense:
1. Have a PC running on a high-speed Internet connection on the other side of the Websense proxy.
2. On that PC, you need to run OpenSSH and an HTTP proxy server, say at mypc.example.com. In this example, I my proxy server will be using port 8080. Run SSH on Port 443 (works every time) on this box.
3. Using PuTTY or Plink or one of the front-ends for plink, forward 8080 through an SSH connection to this PC from the inside of the Websense firewall. Putty and Plink can tunnel right through the proxy connecting to port 443 just like an HTTPS connection would do.
4. Set your browser to use the proxy on localhost at port 8080
5. Done. All Web accesses will go through the SSH proxy and all of this data will be encrypted as a result.
I will leave the details as an exercise to the reader.
Doesn't seem 'damn hard' to me at all.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
I use my dreamhost [dreamhost.com] shell at work to get around work's s filter. Especially since in the last week they really tightened down the firewall.
I suppose if you had the extra cash $10 a month for no filtering might be worth it. There are plenty of other ssh enabled hosts out there.
Re: (Score:2)
You can get a VM or a cheap old box at some colo for $30/month and run whatever kind of proxy you like. It's not free, but it's not exactly expensive either, and you could share the cost with others users without much hassle.
Re: (Score:2)
You don't even need the HTTP proxy, only OpenSSH.
SSH has a builtin SOCKS proxy you can use...
ie) ssh -D 1024 x.x.x.x
Where x.x.x.x is your remote SSH accessible host and 1024 is whatever random port number. Then set your browser to use the socks proxy localhost:1024 and you're all set.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
Again, this is why all these "it's easy to bypass blocking software" arguments are a crock of shit. Sure it's easy. All you need is a host outside the firewall (i.e., in another country if you're in China or Australia) and a way to find out the address of that host THROUGH the firewall that isn't already blacklisted (or soon to be), and the technical know-how to configure your computer to use a proxy. And those requirements, right there, make it all but impossible for 99.99999% of the population to bypass t
Re:Not very good blocking software (Score:4, Insightful)
It's becoming painfully obvious you're a highschooler trying to get around some stupid proxy. You don't "go find" hosts outside the firewall. You know what they are. They're your home computer, your home router (if you run ddwrt/tomato), your shell account provider (dreamhost for me). This isn't a proxy list, this isn't a list of proxies. It's a computer with OpenSSH running on it.
Everyone HAS told you how to do it, you're just so anxious about showing your l33t skills of haxoring to the Homecoming queen you aren't listening.
Re: (Score:2)
You can have a friend that has a computer, running linux, using DSL or a cable modem. They create a user for you on their PC. They go to a site like "whats my IP.com" and email you the IP address. then, ssh -l -D 1024 xxx.xxx.xxx.xxx then set your browser to use SOCKS on port 1024 (or whatever port).
Keep in mind that the types of filtering you are talking about is much, much different than the type that australia is talking about. Your school looks at the URL's you type, and decides weather or not to b
Re: (Score:2)
and some of these big file filters can even work on HTTPS connections
you were doing pretty well until here. how exactly does a filter inspect the contents of an encrypted ssl stream without performing a man-in-the-middle attack (which firefox would jump and and down about warning you they're fucking with your shit)
Re: (Score:2)
First the local IT admins make you install their certificate authority, so you trust certificates they generate.
Then they perform a man-in-the-middle attack on your SSL session using a dynamically generated certificate that you will trust because of the setup in stage one.
Obviously this only works when you can be convinced or required to trust their certificate authority. But in corporate environments that's the common case, and that's exactly where these kinds of devices are most likely to be deployed.
Re: (Score:2)
Re: (Score:2)
You could provide your own host. Pay a professional or ask a friend to let you run SSHD on some host outside the firewall. If necessary, install an HTTP wrapper to get your SSH data through the local proxy/packet inspector.
The remote box you're using won't be blocked because WebSense won't know anything about it. Even if your school noticed your traffic and reported it WebSense is unlikely to add your single-user, unadvertised node to their list of proxies. Your school could try to block you directly, but g
Re: (Score:2)
Re: (Score:2)
I realize that security is about raising the bar by increasing the cost or risks or decreasing the reward. And in that respect what you're doing is perfectly reasonably. But on any network where you let users send GET requests to port 80 and receive HTTP data back -- even through a proxy and/or deep packet inspection (and excluding very restrictive environments like whitelist-only web browsing) -- they can tunnel data in and out of your network.
They could use plain old HTTP on port 80 and run encryption in
Re: (Score:2)
I am browsing through a lolwebsense filter right now.
ssh tunnel... forward proxy port to local port... point firefox to local proxy port.... Done
oh wow, that was hard. ^_-
It can "work" (Score:2)
If Australia does what a lot of "secure web gateway" vendors are doing with their products - implement a man-in-the-middle attack against encrypted traffic by using a forged cert. So then Australians' choice becomes the same as employees of companies that deploy those systems - agree to being snooped on, or don't use the internet.
If Australia's government requires that PCs sold there include the root cert used to forge the other certs (again, like SWG vendors), most citizens wouldn't even notice the differe
Re: (Score:2)
What do you mean a forged cert? Won't firefox and the like complain loudly? If worse came to worse, the companies could send you a CD with the key on them.
Re: (Score:3, Interesting)
He mentioned adding it to the root certs to get around that. Just persuade Microsoft to add it as a "critical automatic update" and the majority of people won't notice a thing.
Re: (Score:3, Funny)
Re: (Score:2)
Well, they've listed patches for their music DRM system as such critical updates, so it doesn't seem very out of character.
Re: (Score:2)
Well, they've listed patches for their music DRM system as such critical updates, so it doesn't seem very out of character.
Which countries were targetted for those updates? If it was not targetted on a country-by-country basis, then my argument still stands.
Re: (Score:2)
Why would it need to be targeted only at AU users? If MS trusts (read: accepts enough money from) the AU government enough to add their CA to Windows why would they care if it was AU only or affected all versions of Windows?
First, We Take the Guns. (Score:2, Insightful)
Hrm, so 11 years after their Federal powergrab to start banning arms. Not as fast as some regimes, but fitting the pattern pretty well.
Remember what Paul Hogan says, "That's not a knife, this is a knife... that'll get you locked up for two years if you try carrying it in my country."
Australians used to be such bad-asses.
Misunderstanding (Score:5, Interesting)
The filter is there for people who don't want to bypass it.
The only reason there is no opt out planned for the "illegal material" filter is because a "reasonable person" should not want to opt out of it.
In other words: it's not malice, it's stupidity.
Or use OpenVPN! (Score:5, Interesting)
It's LZO compressed by default - not to mention encrypted and X509 authenticated - which probably means a net reduction in bandwidth. Go visit their site. [openvpn.org] It's truly excellent open source software.
But seriously. As a practical matter, anyone stuck behind state censorship can use a friend's OpenVPN and proxy in another country.
Re: (Score:2)
But seriously. As a practical matter, anyone stuck behind state censorship can use a friend's OpenVPN and proxy in another country.
You insensitive clod! I don't have any friends.
I just post on Slashdot so that I can pretend that I have friends.
Somewhat relative: (Score:2, Interesting)
"The state must declare the child to be the most precious treasure of the people. As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation."
-- Adolf Hitler
Sorry for Godwin'ing this article but it is quite relative. Senator Conroy is trying to argue this like a Christian, any time someone speaks against him about the filter he just puts his fingers in his ears and says "la la la can't hear yo
Geeks are missing the point (Score:2, Insightful)
Re: (Score:2)
Google 'Nolan Chart' (Score:5, Insightful)
The US voted out the religious right yesterday. Pitty our religious right goverment isn't due for re-election for another couple of years...
It has little to do with being religious or right. The problem is statists, no matter their views on God, Gods, no Gods, or economics.
Re: (Score:3, Insightful)
1. http://www.google.com.au/ [google.com.au]
2. 'Australia internet filter bypass'
3. 95% of the population can bypass the filter.
Re:Even though geeks and tech savy people can bypa (Score:4, Insightful)
Not if they block google.
Re: (Score:3, Insightful)
Re: (Score:2)
Re:Even though geeks and tech savy people can bypa (Score:4, Insightful)
Really? You might want to read up on California's newest constitutional amendment.
Re: (Score:3, Insightful)
Yep, and the DMCA was a bi-partisan effort here in the States. Neither side cares much for digital rights.
Re: (Score:2)
The last lot were 'looking at it,' but Howard realised that he would get hammered for it and he was too busy trying to stay in power to do any real damage, so they kept looking.
The current lot said they were looking at it too, but then they needed some help getting their economic plan through the Senate and suddenly we have a mandatory filtering plan.
Re: (Score:2)
My vote counted for nothing.
FUCK.
Re: (Score:2)
Re: (Score:2)
Set up some end points in the USA. Given that Barack Obama has stated that he is in favor of net neutrality, the USA is unlikely to start filtering its internet connections anytime soon. They may pass through NSA snooping gear though (but if its encrypted, even the NSA cant listen to it in real time)