How to beat the Net censors

Filtering software is designed to restrict access to websites which its manufacturers deem unsuitable. But now there's an easy way to bypass all that
Click to follow
The Independent Online

No matter whether you call it "internet filtering software" or "censorware", there's no doubt that it's full of more holes than Swiss cheese. Last week, Bennett Haselton, an American who has over the past few years discovered flaws in pretty much every piece of filtering software, found another one which can bypass almost any program.

No matter whether you call it "internet filtering software" or "censorware", there's no doubt that it's full of more holes than Swiss cheese. Last week, Bennett Haselton, an American who has over the past few years discovered flaws in pretty much every piece of filtering software, found another one which can bypass almost any program.

And, as if that weren't enough, in a separate development that suggests everyone is simply too wound up about profanity on the web, a woman who tried to join Blackplanet.com, a website dealing with black issues, was blocked and even human intervention couldn't get her on.

Her name? Sherril Babcock. You might guess which letters of the name the Blackplanet machines found offensive. She responded by saying, "Babcock was my father's name, and I am very fond of him." However, the site's owners decided not to block their own blocking software; Ms Babcock can't get on.

It was, in short, just another bad week for filtering software, which rarely has a good one. What Mr Haselton realised was that a lot of content from the internet is mirrored on the network of servers built by Akamai Technologies. He explained: "Akamai's servers are set up so that they allow anybody to use their Web servers to access other pages." So if you add the URL of the site that you (naughtily) want to access to the end of a long string beginning with a variant on www.akamai.net, you get a URL that isn't included on the blocking software's "disallowed" list, even if the URL at its end actually is.

It's a neat trick - but couldn't software companies simply block anything beginning with "akamai.net"? Not likely, because Akamai serves up the adverts for tens of thousands of sites. "They would raise hell about it if the censorware companies started blocking their ad servers," commented Mr Haselton, whose pages at www.peacefire.org contain details and links explaining how to exploit the "proxy" facility to get around most filtering products.

The implications are significant, since it would mean that, besides parents worried about total access for children, companies which try to restrict employee access have the option either of limiting their users to the slower, principal servers of named companies, or letting them connect to Akamai and potentially bypass any blocking system.

Recently, news has even emerged in the US to suggest that there is a significant problem with employees in the White House downloading pornography over the Net. If you can't trust the people who work for the President to behave responsibly, who can you trust?

When Mr Haselton released his findings, Akamai's vice-president of product management, George Kurian, said, "We don't commit to filtering. The filtering companies need to fix it."

Given that the workaround is to add your site's web address to the end of a long URL invoking Akamai.net, that might seem straightforward enough. But the fact that it isn't, is demonstrated by the filtering companies being unable to get their software straight, despite awarenessof the problem. Brave Face of the Week went to Ken Haggerty, vice-president of SurfControl. He told CNet.com: "Although it is a challenge to keep up with hackers who attempt to undermine filtering software, the result in the long run is a better product."

One company was quick to crow its content-based filter would prevent the proxy trick; Cybersitter pointed outthat its keyword filtering would stop such workarounds.

However, Cybersitter already has notoriety in the filtering world for blocking sites which are rude about it, and even Time magazine after it had criticised its blocking policies.

More to the point, though, is that filtering by keywords has the weakness discovered by Ms Babcock.

Yet Blackplanet, with more than 840,000 registered members, says it does not intend to stop using filtering software (which product it uses is not known; nobody from the site was available for comment).

However Omar Wasow, the site's executive director, told the US media that putting Ms Babcock's name in manually would simply be too much trouble. Just one per cent of the names needing manual assistance equals 8,000 entries.

This is not the first time. Politech's mailing list quickly saw responses from people unable to enter educational history ("because I graduated cum laude," explained Shana Skaletsky) and the hassles experienced back in 1995 when trying to set up bassandco.com. "I finally got to talk to a live body [at the Internet registrar] who agreed that just because three objectionable letters appeared in sequence in the proposed name there was no reason to refuse to register it," noted Kenneth Bass.

The end result is the same, though. Ms Babcock is not a member, and Blackplanet has won the 15 minutes of embarrassment that seems to accrue to anyone who uses a filtering program.

c.arthur@independent.co.uk

Comments