Re: Workaround for filtering/cybersitter
Mark Rogaski <wendigo@pobox.com> wrote:
If I had experience with Netscape plugins and spare time, I'd try it myself. But here's my proposed solution.
A plugin in Netscape intercepts all requests, encrypt the URL with a pubkey algorithm, encode the string base64, send it as GET input to a proxy server.
The proxy server decodes and decrypts the URL, gets the requested page, and returns it. This beats out URL-based filtering.
Still need to figure out the specifics of key-exchange. If we use 40-bit encryption, it's exportable, and it still works in our threat model (ie. we don't care if the watchers figure out the URL a few hours later).
To beat out dropping packets with unacceptable pattern in them, we could use an SSL-based server as the proxy.
The plugin could even have a nice little on/off switch and a list list of available proxies.
Nice, but I can see one problem here. If I (as a censor) will want to block your communication to prohibited sites, I can block the access to the proxy computers. You will just move the blocking strategy one level up with your plug-in. The censor will block the web servers AND proxy servers. Because the list of proxy servers must be available somehow to users, it is very simple to write some kind of script running on the gateway which is blocking the acccess. The script will download the list of proxy servers, update the gateway tables and the gateway will be blocking acccess to all sites on the proxy list. Bye PavelK -- **************************************************************************** * Pavel Korensky (pavelk@dator3.anet.cz) * * DATOR3 Ltd., Modranska 1895/17, 143 00 Prague 4, Czech Republic * * PGP key fingerprint: 00 65 5A B3 70 20 F1 54 D3 B3 E4 3E F8 A3 5E 7C * ****************************************************************************
-----BEGIN PGP SIGNED MESSAGE----- In <199701301527.HAA05667@toad.com>, on 01/30/97 at 11:53 AM, Pavel Korensky <pavelk@dator3.anet.cz> said:
Nice, but I can see one problem here. If I (as a censor) will want to block your communication to prohibited sites, I can block the access to the proxy computers. You will just move the blocking strategy one level up with your plug-in. The censor will block the web servers AND proxy servers. Because the list of proxy servers must be available somehow to users, it is very simple to write some kind of script running on the gateway which is blocking the acccess. The script will download the list of proxy servers, update the gateway tables and the gateway will be blocking acccess to all sites on the proxy list.
In addition to this I (as a censor) would make it Illegal to access, read, possess the information on these "blocked" sites. Add some keyword monitoring to the gateway along with logging. This will allow me to selectively go after those who try to circumvent my censoring attempts. I would also want to make the ISP's liable for their users accessing this info. That way I can intimidate them into doing all the work for me. (You can see this approach in several areas of US law enforcemant. Arrest bartenders for serving minors, arrest store clerks for selling cigaretts to minors, shut down of BBS for users posting "dirty pictures", going after ISP's for pirated software and other copyright infringments by their users.) Whenever I did decide to prosecute someone I would make it a big public show for everyone to see with very stiff penalties. After several of these trails the "sheep factor" will keep 99% of the population in line (US Crypto policy is a prime example). The point I am trying to make is that for the censor his set-up does not need to be that sophisticated as fear and intimidation will keep 99% of the rank-and-file in line. As for the other 1%, well they already know who they are and new laws will only help take care of that "problem". - -- - ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. Finger whgiii@amaranth.com for PGP Key and other info - ----------------------------------------------------------- Tag-O-Matic: OS/2: Your brain. Windows: Your brain on drugs. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Registered E-Secure v1.1 0000000 iQCVAwUBMvDsPI9Co1n+aLhhAQFWQgQAsdoDpHejDa46iU2JKtCUvvpI2ee4Ok5z kLkXDWZUc2AkDJpmLYIVkyPUOzz18vNkUiXYlRVnrKzgAgmL/cAydcuyrqfN9czH 1OuujOlJ2t/OwXsSePRptcfDL6XeCQXww5stlS7UXKosG9w0ZWHYOxHvvV9FjDBi UqjkQwFtSVI= =t8Dr -----END PGP SIGNATURE-----
William H. Geiger III wrote:
Whenever I did decide to prosecute someone I would make it a big public show for everyone to see with very stiff penalties.
Like unsubscribing Dr. Vulis.
After several of these trails the "sheep factor" will keep 99% of the population in line (US Crypto policy is a prime example).
The cypherpunks-censored list is another example.
The point I am trying to make is that for the censor his set-up does not need to be that sophisticated as fear and intimidation will keep 99% of the rank-and-file in line. As for the other 1%, well they already know who they are and new laws will only help take care of that "problem".
No one seems to be calling Sandy's moderation overly sophisticated. Toto
participants (3)
-
Pavel Korensky -
Toto -
William H. Geiger III