Net neutrality proponents flagrantly lie about Craigslist blockage

Net neutrality proponents flagrantly lie about Craigslist blockage

Summary: Craigslist's alleged blockage is being raised as an example of why Net neutrality is needed. The only problem with this accusation is that it is flat out wrong, yet and are flagrantly lying about it. Even though they have been repeatedly notified of the real situation, they refuse to retract their stories and continue peddling the lie. As Richard Bennett says, "Craig Newmark’s site is screwed up and he’s blaming Cox for it - and seeking a new law. That’s taking Internet retardation to a whole new level."

TOPICS: Networking

[Update: Now we have US Senator Wyden propagating the lie that this was a Cox conspiracy to block Craigslist because they have their own classified service.  We now have proof and a retraction that this was never the case]

It appears that the Net neutrality proponents have been caught in a flagrant lie in their effort to scare the public (thanks to The Original Blog and The Lippard Blog for pointing this out). and along with many other Net neutrality activist sites have accused Cox Communications of deliberately blocking the website Craigslist by quoting a report from our own Tom Foremski.  This alleged blockage of Craigslist was supposedly an example of what would happen without the passage of an extreme version of Net neutrality being pushed by Congressman Markey and Senator Snowe and big Internet companies such as Google.  The only problem with this accusation is that it is flat out wrong, yet and are flagrantly lying about it.  Even though they have been repeatedly notified of the real situation, they refuse to retract their stories and continue peddling the lie.

The accusation is that Cox communications using a firewall from Authentium is blocking Craigslist and that Authentium failed to remove Craigslist from their text based blacklist.  Here's a quote from Tom Foremski's original report.

"Back on February 23rd Authentium acknowledged that their software is blocking Craigslist but it still hasn't fixed the problem, more than three months later. That's a heck of long time to delete some text from their blacklist."

Now this is a fairly serious accusation, because it only takes a few minutes to remove something from a blacklist.  If this had really been a simple blacklist issue and a simple text string wasn't removed from the so called blacklist for three months, there would be some serious legal liability on the part of Authentium and Cox Communications since either one of them could have modified a simple text based blacklist.  Furthermore, there is insinuation that there had been some collusion on the part of Cox Communications and Authentium to benefit Cox's own classified ads service.  Here's a continuing quotation from Tom Foremski.

"Jim (CEO of Craigslist) wasn't aware that Cox had its own classified ads service. 'That changes things,' he said."

But the real story is that this has NOTHING to do with blacklists and is actually the fault of Craigslist's own web servers.  Craigslist web servers return a TCP ACK window size of 0 which in plain English tells the entire world "don't talk to me, I'm very busy right now" whenever anyone tries to talk to it.  This is VERY unusual behavior on any website because they would just be asking for problems if they did this.  If anyone follows RFC 793 (the official rule book of TCP/IP) to the letter, they simply won't try to talk to Craigslist at all or they'll talk to it very slowly.  Many devices on a TCP/IP network will be a little less stringent and play a little looser with the RFCs and be a little more aggressive in trying to connect to a server that says "don't talk to me", but the Authentium firewall product honored the reply from Craigslist and responded by sending data one byte at a time.  Authentium has been working on a newer driver for their Firewall to accommodate these rare situations, but Craigslist could save themselves a lot of problems by not telling the world "don't talk to me" in the first place.

The CEO of Authentium John Sharp gave this interview where he confirmed the issue.  Here's a quotation from Sharp:

"The beta of the fix was made available almost immediately - in mid-March. The final version of this new driver is now shipping in our OEM firewall products, and the beta version is available to Cox subscribers via Cox High Speed customer support. This new driver will enter general availability at Cox as part of their summer product release."

Understandably, Cox isn't going to implement a beta driver on a production Firewall that could adversely affect millions of users just because Craigslist can't configure their servers properly.  How this was interpreted as a blacklist issue is beyond me, but it's clear that a correction needs to be issues as soon as possible and the deliberate lying needs to end.  As Richard Bennett says, "Craig Newmark’s site is screwed up and he’s blaming Cox for it - and seeking a new law.  That’s taking Internet retardation to a whole new level."

This is particularity significant since the whole case for the extreme versions of Net neutrality is based on the premise that Internet sites will be blocked without it.  Craigslist is the only example of a website being blocked for prolonged periods of time being cited by the Net neutrality crowd and the fact that it has been proven to be a big lie speaks volumes about their position.  This isn't surprising given the fact that almost all of the Net neutrality proponents never even read the very proposal that they're pushing for.

On the other hand, the existing laws have proved to be effective when the FCC stopped Madison River Communications of blocking Vonage last year and handed them a $15,000 fine.  If this wasn't enough, the House of Representatives have passed a bill that mandates FCC oversight for any complaints of sites being blocked or degraded with fines of $500,000 per incident.  But this wasn't enough and the Net neutrality extremists are seeking is an end to all tiered services and a ban on charges for enhanced QoS services.

Topic: Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • People hear what they want

    Apparently if one feels that a bias exists, they will continue to fight against the bias even though no such problem ever existed.

    I haven't heard of another situation where a site was blocked. Nor do I really count the Cox/Craigslist battle.

    ZDnet appears to be chiming in quite often with this matter. I can see where Google is lobbying to get out of paying for Quality of Service. I don't know if they realize that they could very easily be lobbying for what un-does their business.
    • Craigslist has been their rallying cry

      Craigslist has been their rallying cry against the big telcos, though Cox isn't a "telco" in the traditional sense.
      • Nice to know where they stand.

        Craigslist feels like it has been violated and is seeking revenge for its own ineptness. So they want to look like avengers for the people instead of morans.

        This is much like some of these lawsuits that have no basis in common sense. "I'm a victim for being a moron," is the rally cry of some of these people. "Pay me money for my suffering," is their resolution to the problem.

        I am amazed at the opinions of the uneducated when discussing matters that they do not know about. Or those who knowing have a bias in a matter.

        All in all, I just have to sit back and make fun of ignorant people.

        Unfortunately, now it appears the ignorant people are voting on an issue they know very little about.
  • ACK of 0?

    Authentium shouldn't change the drivers, the servers need to change. It's not a good idea to do so much processing at kernel level for special cases like this.
    • I agree with you

      But I think Authentium didn't want to be seen as unresponsive. By providing the drivers, it's up to Cox to implement them if they wish.

      I had a similar issue with a Checkpoint firewall with bogus DNS requests. It had a new feature that made sure DNS requests were properly formed. It intermittently blocked DNS requests from a significant number of DNS servers from the world that issued bogus DNS packets intermittently. I couldn't get the whole world to change their DNS configuration for me so I had to turn that feature off on the firewall. It sometimes doesn't matter what the RFC says and you have to be flexible if you want to avoid problems. The intermittent nature of this bug took me half a night trying to figure it out.

      I agree with you that Craigslist should have fixed their end long ago.
  • Flagrant Hyperbole

    The only thing flagrant about this whole piece is Ou making a mountain out of a molehill. (If Rush ever retires George, you're next in line.)
  • There are subtler ways of circumventing net neutrality.

    It's like the difference in pay between a "cleanning lady" and a "sanitation engineer." That's not supposed to happen either, but it does.

    For Authentium to take three months to do something that takes only a couple of seconds is highly suspect, lest we (conveniently) forget [url=]AOL's "anti-net neutrality issue" involving[/url]

    Time to wake up, sleepyhead. Censorshi* has hit the net, only "they" don't want you to know it. "They" will blame the problem on "glitches" and then take forever to "correct" them while "they" enforce their own theology by blocking contrarian sites and establishing "multi-tiered" access to use against them. Any opinion against net neutrality is a sure sign that one has become a tentacle of "them."

    But with the way you've been drinking the Vi$ta kool-aid recently, I should have guessed this would get blogged sooner or later.
    Mr. Roboto
    • Exactly...

      This problem was [b][i]acknowledged[/i][/b] 4 months ago (and god knows how long it took them up to that point to admit it). George's accusations notwithstanding, their failure to fix it over a long period of time demonstrates the profoundly misaligned incentives of the parties here. Does anyone seriously think that a blockage of Cox newspapers or one of their affiliates for the exact same technical problem would have lasted 4+ months?
    • Craigslist should fix it on their own end

      Craigslist should fix it on their own end and stop telling everyone on the Internet "don't talk to me I'm busy".

      Authentium had a beta driver within days as a workaround for Craigslist and they had a production driver within weeks. Why hasn't craigslist done anything on their end so that they wouldn't have this problem in the first place?

      Why hasn't Foremski fixed some simple "text" in his blog and retract this blacklist accusation, which is much easier than patching software.
      • Craigslist would have fixed it, IF it was on their end.

        I was able to access them (then again, I don't use Cox) and was able to get some whois info on them. I did try to ping their IP, but got no response. Somehow, I expected that their firewall (Craigslist's firewall) may be doing its job; Keeping potential hackers from finding them. I have no hacking experience, so if I was able to reach their site so should you...

        Unles Craigslist is blocking [i]you[/i] out for some reason, like they know what type of telco shill you are. ;)

        ... or maybe you were trying to reach that porn site with the similar name (minus one "s"). I stumbled upon it when I misspelled "craigslist" but closed it whem my SiteAdvisor turrned red. I'm sure your superiors would love to know why you were trying to access a porn site on company time.

        Mr. Roboto
        • Craig's list can fix it and so can you

          Anybody who ran into this problem back in February could have fixed it by removing their free firewall. Craig's List could have fixed it by updating their configuration. And Authentium did fix it by patching their firewall. But Authentium's fix doesn't do any good unless users update their software.

          The problem isn't inside the Cox network, it's in the interaction between the user's desktop system and Craig's List.

          It's obvious that everybody wants a fix except Craig Newmark; he'd rather whine.
        • troll or knob?

          Roboto, you're either trolling or in way over your head. What you say indicates utter ignorance. You should read what George says and bone up until you understand it, THEN try and post an intelligent response.
  • Explanation doesn't make any sense to me

    From what I've seen and read so far Craigslist is not really in this as one of the proponents of net neutrality, but only as a service provider with a problem.

    Given that, it must surely have some other valid practical reason for setting ACK at 0 on its servers...and sticking with it even though it gives them a problem. The fact that Authentium is changing its drivers to accommodate this supports this.

    Then again, why didn't Craigslist switch providers if it is that much of a problem?

    Either way, it seems a bit premature for anyone (including this columnist) to pretend they know the definitive answer to this yet.
    • No reason to always return 0

      "it must surely have some other valid practical reason for setting ACK at 0 on its servers"

      There is no reason to always say "don't bother me because I'm busy". That's just ridiculous. No one does that.
      • Re: No reason to always return 0

        It doesn't aways return 0. It only returns 0 on the first ACK reply.

        none none
        • Yeah, kind of like putting a "store closed" sign on the front door

          Yeah, kind of like putting a "store closed" or "gone for lunch" sign on the front door 24x7. That's really smart!
          • Re: Yeah, kind of like putting a "store closed" sign on the front door

            [i]Yeah, kind of like putting a "store closed" or "gone for lunch" sign on the front door 24x7. That's really smart![/i]

            I don't know if it's smart or not. But rpmeyers says below that the server behavior is a rfc-compliant attempt at performance optimization. Whether that's true, my own examination of the packets show that the win 0 length is only returned once.

            Since you are the one making the accusations, perhaps you can explain how this would cause any rfc-compliant client to fail to render the craigslist site, much less render it with anything approaching a noticeable delay.

            Because, I'm beginning to smell a rat.

            none none
          • "Back in 5 minutes"

            It's back in 5 minutes (well, 20-30 ms), not "store closed"
          • Depends on your interpretation

            But why put a bad sign up in the first place? Should craigslist wait for a million people to install a personal firewall software update or should they fix it on their server end and have the benefit global?
          • It's not a bad sign

            It can decrease the load on the server some, and reading the standard, it's perfectly allowed. You shouldn't send anything other than ACK but you are able to receive. Anything that doesn't keep a connection open is going to be rate limited by this, slightly easing the load on the servers.

            I retract my earlier statement about craigslist being a special case, it's not. The ball is totally in authentiums court to follow the standard.

            What other firewalls and OSes are affected by this? Why should craigslist change when Cox put out software without sufficient compliance testing?