Wikipedia censorship 'easy to evade'

Wikipedia censorship 'easy to evade'

Summary: The recent blocking of two Wikipedia pages was ineffectual, according to computer security expert Richard Clayton

SHARE:
TOPICS: Security
2

The blocking mechanism used to censor Wikipedia has been described as "fragile" and "easy to evade" by Cambridge University security expert Richard Clayton.

Access to Wikipedia was restricted between 5 and 9 December after child-abuse watchdog the Internet Watch Foundation (IWF) recommended that ISPs block two Wikipedia pages. The pages contain an image of the 1978 Virgin Killer album cover by German rock band the Scorpions, which shows a naked girl.

According to Wikipedia, the UK ISPs which enforce the IWF list include Be, BT, Demon, Eclipse, Orange, PlusNet, Sky Broadband, T-Mobile, TalkTalk, Telefonica O2, Tesco.net, and UK online. However, Clayton said there was "some confusion" as to which operators had blocked access to the Wikipedia page. Virgin Media, Plusnet, and Be Broadband all made statements this week saying they had blocked the site.

However, much of the blocking was ineffectual, wrote Clayton in a blog post on Thursday, due to case sensitivity. Whereas the IWF had recommended that a URL ending in 'virgin_killer' be blocked, the two Wikipedia pages that the ISPs attempted to censor were listed as "Virgin_Killer" and "Virgin_killer". At ISPs where the URL matching was case sensitive, the pages were not blocked.

VIDEO

Dialogue Box

Dialogue Box 7.4: The expanding digital universe

How much data will be created and stored in 50 years' time? Rupert and Charles make some extrapolations and come to a startling conclusion

View full video+

Users could also unintentionally circumvent the blocking mechanism if they used their own DNS server or a remote proxy mechanism, Clayton added. They could then report that they could see the page, further "muddying the waters", Clayton said. Further confusion was caused over whether ISPs showing 404 error pages were blocking the pages deliberately, or whether the error messages were being returned for another reason.

Clayton said ISPs don't block entire websites, but instead pass the traffic to suspect sites through a web proxy. The proxy checks the web request and blocks specific URLs that are on the IWF list.

However, as part of its policy to prevent vandalism on the site, Wikipedia blocks large numbers of requests from limited IP addresses. The use of proxies meant that all Wikipedia visitors using major ISPs appeared to have "one of a handful" of IP addresses, and so were blocked from editing.

Clayton said it is unknown why the IWF chose to block the web page URLs instead of the image URLs. However, future attempts at blocking images would probably be ineffectual, wrote Clayton.

"The bottom line is that these blocking systems are fragile [and] easy to evade (even unintentionally)," wrote Clayton.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Oh, it's worse than that

    They blocked the text page on en.wikipedia.org talking about the album itself. They blocked the text page on en.wikipedia.org describing the image, its source, copyright, etc.

    They did NOT block the image itself, served from upload.wikimedia.org.

    Apparently the concept of high-traffic websites using a separate image server completely few over their heads.

    Hamfisted AND incompetent.

    There is no evidence to suggest they have not fouled up as badly in any other image blocking. zdnet.co.uk might like to indulge in some rather pointed questions to IWF on this matter.
    David Gerard
  • What he said ...

    While the page was blocked I did some experiments of my own. I already have my own DNS server, so I would question the assertion that this would bypass the block. I got a very bland 404 page. It certainly didn't protect me from the block on my Eclipse account.

    However, the "Tor" onion routing proxy works an absolute treat.

    For further info see
    https://www.torproject.org/

    Firefox users also see
    https://www.torproject.org/torbutton/
    Andrew Meredith