Categories
Apps End User Regs security surveillance & privacy

how to get round your school’s web filter #deappg #DEAct

Somewhat a contentious title for a post? Provocative? It is topical though with all the discussion in the media regarding the government’s review on whether web blocking really works or is cost effective (re Digital Economy Act), and also MP Claire Perry calling on ISPs to implement filtering to stop kids reaching online porn.

I just did a Goole search on “bypassing school proxy”. It came up with 847,000 results including a link to “answers.yahoo.com”. I followed one of the links and found a ton of advice on how to get around a school’s filter system. These ad-funded sites are very youth orientated. One of the posts had 198 discussion comments!

My(oft repeated)  point is that blocking ain’t going to work and anyone that naively thinks that most kids will not know how to go about circumventing a block on websites, whatever their flavour, needs to spend some time in a playground.

PS the answers.yahoo.com discussion had been deleted but most of these sites do not have the integrity or the corporate image to uphold. All most of the 847,000 sites (pages) are interested in is your money.

DEAct

Trefor Davies

By Trefor Davies

Liver of life, father of four, CTO of trefor.net, writer, poet, philosopherontap.com

10 replies on “how to get round your school’s web filter #deappg #DEAct”

Wouldn’t be hard to lock down a school computer esp if you chose the right operating system. If they can’t change OS settings they’re screwed. OpenDNS etc will block proxies and proxy related sites.

Is it better to do nothing, or something imperfect, I wonder ?

@Phil
You are correct – you can very easily block proxy requests if you use the correct technologies. My company manages a national education network covering some 350,000 students in 1500 schools and we do a pretty good job of blocking proxies using our signature analysis technology. We need to ensure that our students are accessing appropriate material at our schools as they are acting in loco parentis.

@Trefor
I’m sorry but I disagree. Internet filters can work if implemented correctly. My company specialises in doing that. You may remember that we met a couple of years ago as we are running an IWF filtering system for UK ISPs and this works very well. No, it’s not perfect, but no technology is.

I was recently at a symposium in South Africa where their government is considering filtering pornography at ISP level. We presented that it could be done for around $1 per user per year. There are those that are suggesting that the internet is a public place as it invades nearly every home and the same rules that apply out in the community should apply there. I am inclined to agree if we wish to retain the civil society that we are quickly losing.

As Phil says, I suggest that it is better to do something imperfect than nothing. Fences around swimming pools do not stop all accidental drownings – but most.

Naturally a company that develops internet filters will say that it can work :), even though the IWF filter is one of the easiest to avoid. There’s certainly an argument that some people might lack the ability to get around it but those usually aren’t the ones hunting for such content in the first place.

Tref love this stuff. We have to keep our feet on the playground… keep it real and the kids will follow, theyre not a bad lot.
ex school teacher and coordinator for deappg @digecon
martin

@Peter

Short answer,

It is my professional opinion that you are grossly oversimplifying the challenges of filtering when responding to @Phil. My company provides filtering for schools and implements an IWF filtering system (both of which I co-designed) and I have a totally different opinion.

The filtering technologies for home DSL and schools are very different. Saying that what you do in a controlled environment would work on a mass DSL platform is a very dangerous simplification.

Intercepting encrypted (SSL or other) traffic is a challenge, and none of the solutions applicable in a corporate/school environment work for the case of DSL (but I am sure you will tell me otherwise, how can you not do 😀 !)
Schools can fully proxy, or transproxy their web traffic, filter _outgoing_ connections, block any ports other than web, mail, SSL, etc. and prevent any form of vpn, and prevent the installation of ad-hoc applications on the local computer.

Working filtering of products breaks many applications (skype, p2p, voip, …). This is the cost to pay for a working solution. I am not sure this is what our average DSL consumer wants to happen.

@ Thomas

Thank you for your response. I certainly agree with you that the filtering technologies for a closed school network and an ISP network are very different. I never oversimplify this – It is certainly fit for purpose and that is what my company specialises in – providing the right technologies for the best outcome. As well as our national school network filtering, we have also implemented large ISP-based filtering systems for the filtering of DSL customers and they do not restrict the traffic through proxies etc – just ask the 300,000 users in Telefonica in Spain who opt for the service on their connection. They enjoy unlimited Skype, VPNs etc but also get the ISP to block the traffic that they consider undesirable. As well as this, we have installed two nationwide filtering systems blocking CSA (like the IWF list) across millions of users over multiple ISPs.

Again, I hear all the counter arguments about filtering all of the time, and yes, again I admit that they are not perfect and will not stop all users accessing blocked content. But again I say, is that a good reason not to do it? I think not.

BT’s Cleanfeed has been operating for over 6 years now, and although it is not perfect, it continues to block tens of thousands of requests to illegal child sexual abuse sites every day. But I’m sure there are requests that it misses due to proxies etc. But, should a responsible ISP decide that they should turn it off and knowingly allow that illegal activity to resume just because it is not stopping all the requests?

@Peter

Asking anyone who have no desire to bypass a filtering solution they have decided to opt-in for is not going to provide any meaningful statistics regarding the difficulty to bypass it. I am sure pupils do not brag to their teachers when they find a way to see blocked content neither.

For the success of Cleanfeed, I feel the need to put the number you quoted in perspective. As BT’s cleanfeed technical details are not public, it is hard to get into details. It is however obvious that some of the very high traffic websites which are currently on the IWF list and are the reason for the monstrous number of interception seen even if no illegal image have been then visited for those hits.

For people interested in the topic, I recommend the following documents from Richard Clayton from the Cambridge University http://www.uknof.org.uk/uknof13/Clayton-IWF.pdf and
http://www.cl.cam.ac.uk/~rnc1/talks/050607-CleanFeed.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.