Wikipedia censorship 'easy to evade'

Summary:The recent blocking of two Wikipedia pages was ineffectual, according to computer security expert Richard Clayton

The blocking mechanism used to censor Wikipedia has been described as "fragile" and "easy to evade" by Cambridge University security expert Richard Clayton.

Access to Wikipedia was restricted between 5 and 9 December after child-abuse watchdog the Internet Watch Foundation (IWF) recommended that ISPs block two Wikipedia pages. The pages contain an image of the 1978 Virgin Killer album cover by German rock band the Scorpions, which shows a naked girl.

According to Wikipedia, the UK ISPs which enforce the IWF list include Be, BT, Demon, Eclipse, Orange, PlusNet, Sky Broadband, T-Mobile, TalkTalk, Telefonica O2, Tesco.net, and UK online. However, Clayton said there was "some confusion" as to which operators had blocked access to the Wikipedia page. Virgin Media, Plusnet, and Be Broadband all made statements this week saying they had blocked the site.

However, much of the blocking was ineffectual, wrote Clayton in a blog post on Thursday, due to case sensitivity. Whereas the IWF had recommended that a URL ending in 'virgin_killer' be blocked, the two Wikipedia pages that the ISPs attempted to censor were listed as "Virgin_Killer" and "Virgin_killer". At ISPs where the URL matching was case sensitive, the pages were not blocked.

Users could also unintentionally circumvent the blocking mechanism if they used their own DNS server or a remote proxy mechanism, Clayton added. They could then report that they could see the page, further "muddying the waters", Clayton said. Further confusion was caused over whether ISPs showing 404 error pages were blocking the pages deliberately, or whether the error messages were being returned for another reason.

Clayton said ISPs don't block entire websites, but instead pass the traffic to suspect sites through a web proxy. The proxy checks the web request and blocks specific URLs that are on the IWF list.

However, as part of its policy to prevent vandalism on the site, Wikipedia blocks large numbers of requests from limited IP addresses. The use of proxies meant that all Wikipedia visitors using major ISPs appeared to have "one of a handful" of IP addresses, and so were blocked from editing.

Clayton said it is unknown why the IWF chose to block the web page URLs instead of the image URLs. However, future attempts at blocking images would probably be ineffectual, wrote Clayton.

"The bottom line is that these blocking systems are fragile [and] easy to evade (even unintentionally)," wrote Clayton.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.