BitTorrent hole in ISP filter tests

BitTorrent hole in ISP filter tests

Summary: The results of ISP-level content filtering tests released today by the federal government have revealed that the products tested could filter websites with illegal content or block entire peer-to-peer networks such as BitTorrent, but could not identify illegal content shared on peer-to-peer networks.


The results of ISP-level content filtering tests released today by the federal government have revealed that the products tested could filter websites with illegal content or block entire peer-to-peer networks such as BitTorrent, but could not identify illegal content shared on peer-to-peer (P2P) networks.

The report, released today by the Department of Broadband, Communications and the Digital Economy, showed ISP filtering technologies were improving, however it also highlighted significant holes in current technologies to automatically filter content shared over peer-to-peer networks.

While all six tested products, which were not named, were able to block entire networks of non-Web protocol traffic, such as instant messaging and peer-to-peer networks, none could identify illegal or inappropriate content over those networks.

However, the report showed that new filtering technologies imposed far less network degradation when turned on than under previous tests using older technology.

Under previous tests, network performance degradation was no less than 75 per cent, while this round of tests ranged between two per cent for the best product and 87 per cent for the worst. Products also performed better in accurately blocking blacklisted content.


Current technologies can block entire P2P networks, but not specific content. (Credit: ACMA)

"It is very encouraging to see that the industry has made significant progress with ISP filtering products and we are heartened that many of the products tested are commercially available, with many of them already deployed overseas," Communications Minister Senator Conroy said.

"The next step is to test filter technologies in a real world environment with a number of ISPs and internet users," Senator Conroy said.

A spokesperson for Conroy's office said the department expected a live test to begin before the end of the year. The government will release an expression of interest to ISPs for the tests.

A range of filtering techniques were tested at Telstra's Broadband eLab by testing company Enex Testlabs, which compared Domain Name Service poisoning, packet filtering and analysis-based filtering.

The trials are aimed at determining whether broad-scale ISP level filtering would be feasible for the purpose of boosting online safety laws.

Topics: Broadband, Censorship, Government AU, NBN

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Filtering

    Ugh there any hope of killing this net filter project at all ? :(
  • ISP now a security adversary

    Great ... they're seriously considering DNS poisoning as a filtering mechanism. If they go ahead with that your own ISP will be a security adversary to be avoided. Then again, that looks like the trend no matter what approach they take.

    I know how to set up an encrypted tunnel to a remote, trusted DNS server. It'd be easy to distribute canned products to do so, and blocking them would be an ineffective arms race. So, as usual, only the very casual offenders will be hampered, and all legitimate users will pay the price for ineffective and heavy-handed filtering.


    I know, how about we rate-limit or block all encrypted traffic. After all, you could never have any security concerns that you couldn't trust your friendly government and ISP with! And of course there's no possibility that they or individuals within them could be corrupt, untrustworthy, or incompetent - never! So why encrypt your communications? Do everything unencrypted so we can "protect" you. What's that about people caught selling illegal access to police records, welfare databases, etc? Ah, completely different to the issues around 'net filtering, of course. I believe you. Really.

    This whole scheme is a stunningly bad idea. Even opt-in it's pretty dodgy. If made opt-out then opting out will be taken as evidence that you intend to do illegal things (rather than that you don't trust your ISP, you like your 'net access to be fast and reliable, etc). If made mandatory, .... ugh. Speed and reliability right out the window.

    In my work it's part of my responsibility to ensure that the journalists can get reliable, trustworthy 'net access to the greatest extent possible. I *really* don't like the idea of having to add my ISP to the list of untrusted hops to be worked around.
  • Nazi's

    Yes I am glad we had WW2 to remind us of the facists.
    Its strange how our Australian governments over the last 25 years like to tell us how we should live our lives, what we should look at on the internet, and what we should think.
    The Nazi's succeeded in 1939 and just like then we just don't notice them protecting us from ourselves.
  • YAY!

    Safety of content...oooouh!

    Can anyone say, mind police?
  • Not legal

    How is it legal to block access to legitimate content. I vote, i vote for party x, my vote isn't automatically "censored" and made invalid. If the australian government wants to "poison" dns they can get lost. Opendns has provided this for some time-- Here is a great idea lets sign australia up on an open dns account FOR ALL OF AUSTRALIA and have ALL the isps sent ALL their data to the ONE location. --- get lost its about providing a) a reliable b) open c) access to legal content. It is not about blocking 99% of the internet just so we can be safe from the 1% of bad bad bad content that we cannot be told about and will be illegal to disclose for fear of us trying to access those sites. I have said in the past and will continue to say again .... DNS filtering is ok and is a good solution. However, you start to run into security and ethical problems. If you want to attack next generation networks that have the potential to have a world of good then you can go and shove your head in the sand and go no no no no NO we are taking australia back into the DARK AGES its for the BEST.
  • When will they learn

    Welcome to the age of OPENDNS. The systems they are talking about using only work if you don't know any better. If you really were looking at child pornography (the basis for the introduction of this, and yes i have it in writing from the minister) then simple and older technologies such as TOR/Onion Rings would make this pointless.

    Things like this is why I dont use my ISP's DNS, and incidentally why the methods they are talking about wont be very effective.

    Its kind of funny that they are evaluating it based on all sorts of other criteria, when they weren't in scope.
  • urgh

    why are they even bothering? is the internet such a big adversary to the plans of our government? aren't there lots of much bigger problems they have on there plate that they should be dealing with?

    what ever happened to parents?
  • Just don't force it on me

    I really don't care if they implement this, as long as it's an opt-IN system.
    Let the concerned mums & dads choose to ask (and hey, attach a fee to it too) for this and have it enabled, rather than slugging everyone with it.

    If not, there better be a way to turn it off. I'm an adult, the government can keep their sticky fingers out of my personal life.
  • why bother??

    They are bothering about doing this to get the support of the Family First senator..
  • Turning it off

    Aah, but if it's opt-out and you turn it off, that automatically makes you a person of interest - someone who "has something to hide", wants to do illegal things, etc.

    There is, of course, no chance that you might simply want your 'net access to be fast and reliable. These studies show false-positive rates of around 3%. That's a LOT of false positives, and would significantly impair general 'net use. Additionally, the fact that some of them even fail to use HTTP 403 error codes is stunning.

    I agree that it'd be fine as an opt-in service where traffic from users who've selected the service is redirected through the filter/proxy. But forcing *all* traffic through the thing is a terrible idea that's going to result in a significant degradation of service reliability, and probably performance, even if your particular account is set not to have any active filtering.

    The Australian government seems to be unable to learn from past efforts at Internet censorship. They get laughed at and ignored. Hopefully that'll happen this time too ... but it looks like this time they may actually be serious.

    These systems just don't work unless they're whitelist based and block all protocols they can't proxy at an application level. Otherwise it's trivial to tunnel through them. It's not like they haven't had it repeatedly explained to them, either ... but they're not really interested in whether it works, the costs, or the downsides - only the short-term political mileage.
  • Time for a War

    Looks like it is about time for another world war as people are putting up with this crap from the govenments around the world. Govements is supposed to be the voice of the people not the voice of a few with money.

    We voters do have the power to change things we must not be afraid to raise our voices and speak out agaist the govenment that is not listening to what the marjority of people want.


    People are forget how many millions of our father, grandparent, great grandparents that forght and died in the name of freedom.

    Yes we have should have basic laws but other than that what die millions die for becuase what freedom we had if being taken day by day.

    Rise up speak your mind!
  • Just how far does this go ?

    And I thought we were suppose to be fixing DNS poisoning, not creating it on purpose.

    Hang on, filtering email as well, do they plan to block yahoo/hotmail as well ?

    And just what IS unacceptable content ? Unacceptable to most people, or to the paranoid police force, or even to the old lady who goes to church on sunday and doesn't even watch TV.

    If you believe the police we should block all photography sites, because its obviously a crime to photograph anyone or anything. Same too for having chemistry as a hobby, your obviously making drugs.

    By all means block illegal content, but lets not have another Great Firewall of China.

    Anyone notice that the 6 filters can filter HTTPS. Which begs the question, how far it actually filters. URLS, or actual content. Since it says ticked and ticked means "Content filtered", it seems like a very very HUGE security risk.

    Just imagine accessing your bank through HTTPS and its being content filtered. Then imaging if the filtering device was hacked. That cracker will now have the ability to view anyone's bank account details that passes through that device. :(

    If for arguments sake the device cannot content filter HTTPS, then illigal websites will now just start putting their websites on HTTPS thereby bypassing the whole filtering system. :(

    On another note, some of the filtering methods being used (DNS poisoning for one) is just plain abusing what the standards bodies out there are trying to do. We are going to go from something that more or less works to something that will break systems all over the place due to the corruption of the protocols. Altering them is just going to cause software makers headaches and I can't imagine a software company adding exception code to their programs just for little ol' Australia.

    In any case there are going to be a multitude of ways to bypass this system. For one if this system is implemented there will probably be an explosion of anonymous proxys, to the point which the blacklist database won't be able to keep up. For one, there is a firefox plugin that can auto select an anonymous proxy from a list of anonymous proxy's an can auto update that list.
    Another software that could be used is Tor (onion ring anonymizer), which from my knowledge will definitely not be filterable.
  • World Of Warcraft

    I can see their reasoning now. Child Porn proliferates via World Of Warcraft. That's why they have to block BitTorrent (WoW's update mechanism).

    P.S. I am aware of the ability of the Blizzard Downloader to use HTTP connections but that's beside the point of demonstrating a legitimate use of BitTorrent.
  • you can't filter HTTPS by content

    Unless ISPs are able to break strong encryption, or everyone using HTTPS kindly gives up their private encryption key (thus ending all e-commerce in the world), HTTPS is immune to and man-in-the-middle content-based filtering. The just leaves blocking by URL source etc.

    Thus sites and P2P using HTTPS can circumvent the filtering.
  • About time !!!

    Its absolutely essential the world starts to police the internet, whether this is deemed unfair, unsportsmanlike, a restriction on our freedom or big brother, who cares. It is needed for the safety of our children.

    At the end of the day, you're being monitored anyway, whether you like it or not, Google is doing it. You just need to get used to the idea.

    On a serious note, we need to bring integrity to the Internet and get rid of unnecessary violent and illegal sexual content that is not welcome in this world.

    More filtering should be put in place to automatically rule out any over 18 content and even filters applied based on age content, which can then only be applied once it is authorised by the correct person.

    I am all for freedom of speech but the world needs to make the internet and ISP accountable to only delivery content to the right age group.

    Finally, about time too. Lets face it, the Howard's government internet filter was never going to work, to rely on parents to download and install an application, just a crazy waste of money for an idea that was always going to fail. Good intentions absolutely shockingly bad idea and execution!

    Filtering at the ISP is the way forward. However, we still need to block all violent, sexual or any content base by age group by default unless unlocked by an adult.

    This is not an Australian problem this is a global problem and the Australian government needs to rally the world to do more to control the Internet.
  • HTTPS filtering vs Privacy Act

    I'd like to see the Privacy Commissioner's view on this invasion of privacy - decrypting traffic without the end user's knowledge or consent would surely violate the 'act, no? Especially since the privacy act requires some types of personal information to be encrypted in transit...

    Time we all moved from SSL to real encryption that we control, like hushmail's purpose built java encryption engine (I always wondered why they bothered to do that, now I guess we have the answer...)
  • Drivel

    One wonders if the US requires gun owners to secure their guns from their children or whether they try to do it for them? Is it the parent or the child's responsibility not to get their hands on their parents guns? This is no different.

    The internet is no place for children to be playing - do you let yours play on the road? Do you think it is someone else's responsibilty to care for *your* children? Should the rest of the internet users pay because *you* are unable to *monitor* your *own* children? Methinks not. Who at your home pays for the internet use - the kids or the adults? Who maintains the PC and ensures it is set up correctly? Oh, you want everyone else to pay for that because you can't be bothered - good luck...

    Filtering at the ISP will *never* be the way forward (unless you're keen to drop all rights to privacy that we have here) - we simply do not have the technology to differentiate photos, etc well enough - shadows, lighting, patterned clothing, skin textures, etc etc all contribute and automation will only define the boundaries better (which will make things worse). Remember that SPAM actually increased in the USA once spam was defined in legal terms... since it was very easy to create something that clearly was not spam under the definition given. Now apply this reasoning to photos and other content...

    I agree that it is a problem. But your children's (or anyone else's) access to online content is *not* my problem - it is *your* problem.

    So stop trying to make the rest of us pay for your problems and start monitoring your own kids.
  • xBeanie

    Slightly off topic, but you have to love the simple-mindedness that comes up with P2P = piracy.

    P2P has a promising future in the legitimate distribution of large software and update, on-line media etc e.g. World of Warcraft. Perhaps the threat of outright protocol banning is partially to blame for holding back development in this area.

    Banning P2P outright is like banning cutlery because it can be used to kill. Chopsticks anyone?
  • your kidding me right?

    i intend to sue if they implement this filtering software... its a breach of the privacy act. What if im doing some online banking, and a hacker manages to get into their database of archived sites that I've visited and pulls up the packets containing my password? or a very bored desk jockey decides he wants to make some cash on the side, so logs into the database, pulls up a few credit card numbers that the filter's captured and head on over to ebay... this 'filtering' software is performing a man in the middle attack on our internet connections, if anyone tried to implement this kind of crap the feds would be kicking down their door in a matter of moments!
    Instant messaging, email, P2P, newsgroups, all blocked, what the hell else is left for us to use?