Trivial DNS change defeats Optus filter

Trivial DNS change defeats Optus filter

Summary: Optus this afternoon confirmed that users would be able to defeat its implementation of a blacklist filter of sites containing child pornography merely by changing the DNS settings on their PC.

SHARE:

Optus this afternoon confirmed that users would be able to defeat its implementation of a blacklist filter of sites containing child pornography merely by changing the DNS settings on their PC.

Along with Telstra, Optus has pledged to implement a voluntary filtering framework developed by the internet service provider (ISP) industry's peak representative body, the Internet Industry Association (IIA). The filter, which is being seen as a more moderate industry approach developed in reaction to the Federal Government's much more comprehensive mandatory filter scheme, will see the ISPs block a "worst of the worst" list of child pornography sites generated by international police agency Interpol.

However, in a brief statement this morning, Optus confirmed industry speculation that its filter could be defeated through a minor setting change on internet users' PCs. "That's correct," a spokesperson said, when asked if users could circumvent Optus' filter by setting their PC to use a different DNS server than the default. "It's a feature of the Interpol list."

The circumvention technique relies on the fact that the ISPs' filtering scheme sees them blocking Interpol's list of sites at the domain name layer, in a different and less complex technique than the models that have so far been proposed under the Federal Government's much wider scheme.

Asked about the same issue, Telstra was less willing to comment than Optus. "We do not intend to explain how motivated people with technical skills can access child abuse content by circumventing blocking of the Interpol worst-of list," the company said this morning. "This would undermine our efforts to reduce the incidence of victims being publicly identified in Australia."

Telstra's filter went live late last week, while Optus' will be implemented over the forthcoming weeks. Other ISPs have not yet clarified whether are definitely planning to implement the IIA's framework, although several have specified that they will cooperate with legal requirements if necessary.

Responding to Optus' revelation about how easy it is to circumvent its Interpol filter, Electronic Frontiers Association spokesperson and board member Stephen Collins said he had to wonder why Optus would even bother with the filtering system. "With such a trivial circumvention, Optus' implementation of this block list is worse than ineffective; it's also misleading on a grand scale," said Collins.

"Nobody will be protected from criminals by this, and worse, for those customers who believe they are protected, their kids or anyone else using their internet connection will bypass this with less than 30 seconds' effort. Optus should be ashamed of themselves; first for implementing this list and trying to have their customers believe it would work, and second for doing such a half-baked job."

Last week, Collins labelled the IIA's blacklist approach as "security theatre", a term coined by US security consultant Bruce Schneier to describe a security approach intended to provide the feeling of improved security, despite a lack of actual measures that will impact security outcomes in practice.

"Our recent comments as to this move being security theatre hold even more strongly now," said Collins today.

After hearing of Optus' implementation, however, the IIA defended its scheme. In a phone interview this afternoon, former IIA chief executive Peter Coroneos — who finished up in the role last week, but is still acting as a spokesperson on the Interpol scheme — defended the organisation's framework.

"If someone's determined to get to child porn websites, then they will get there ... this has never been positioned as an absolute solution in all cases," the executive said. "But people need to be aware that if they are going to actively go and search out child pornography on the internet, they do so at some legal risk. The steps that industry are taking here, not to prevent the determined criminal, but for everyone else, we think the measures will be understood for what they are hoping to achieve."

"I don't think it's theatre to suggest that we are going to make it harder for the non-criminal to access child pornography," Coroneos added. "I don't really endorse the view that this is a completely worthless effort."

The former IIA chief reiterated the organisation's view that implementing the Interpol filter would bring Australia into line with other countries in Europe and Scandinavia. In addition, he pointed out that many technologies were devised with safety features in mind. "If people turn off the safety features, that doesn't lead you to conclude that the safety features were of no use," he said.

Coroneos said that those who were technically minded and able to circumvent the filter were not likely to be representative of the majority of people using the internet. "If they wish to, they could route around the scheme, but it doesn't invalidate it for the vast majority of internet users," he said.

Topics: Censorship, Government, Government AU, Telcos, Optus, Telstra, Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • this is just a silencer....I am sure we have all done something that we knew was a waste of time but it's far easier to just do it and keep the people above in their ignorant happiness
    seano2101
  • "Coroneos said that those who were technically minded and able to circumvent the filter were not likely to be representative of the majority of people using the internet."

    That is true, however the circumvention technique is hardly a huge technical challenge, you can get to your DNS server settings in about 8 mouse clicks, or about 30 seconds to explain to someone non-technical, it's then the matter of simply copying/typing out a new IP address from one of many websites (some of which would be specifically designed to provide information on circumventing this). That's not a technical challenge at all, that's something most people could easily do with about 5 screenshots and some instructions.

    You also really need to ask what it's purpose is? It wont stop people who want to look at this stuff from looking at it, and people not looking for it don't just stumble upon this stuff, it's pretty well hidden, seems to me like it's nothing more than a show piece to say "hey your family is safe here, we filter out all the bad kiddie porn on the internet".
    m00nh34d
  • To put the "Technical Skill" required into context, I feel it the same as "Hacking" your car to improve performance by using Premium Unleaded.
    glennst
  • Perhaps Optus is bowing to public concerns over the filter. I've already asked them how I can opt out of their 'voluntary' filter. If not, I'm looking for suggestions of ISPs that don't/won't filter.
    Scott W-ef9ad
  • Clearly Optus and Telstra are smart, and are trying to protect freedom of speech in this country and avoid a government firewall. By implementing an illegal only block list voluntarily which is kept by Interpol, they remove the governments case to implement an "anything Stephen Conroy doesn't like" block list. Because illegal content is now being blocked. And Interpol's list is no messing about they don't make mistakes and put non illegal sites on it.
    bobwilson364