Trivial DNS change defeats Optus filter

Optus this afternoon confirmed that users would be able to defeat its implementation of a blacklist filter of sites containing child pornography merely by changing the DNS settings on their PC.

Optus this afternoon confirmed that users would be able to defeat its implementation of a blacklist filter of sites containing child pornography merely by changing the DNS settings on their PC.

Along with Telstra, Optus has pledged to implement a voluntary filtering framework developed by the internet service provider (ISP) industry's peak representative body, the Internet Industry Association (IIA). The filter, which is being seen as a more moderate industry approach developed in reaction to the Federal Government's much more comprehensive mandatory filter scheme, will see the ISPs block a "worst of the worst" list of child pornography sites generated by international police agency Interpol.

However, in a brief statement this morning, Optus confirmed industry speculation that its filter could be defeated through a minor setting change on internet users' PCs. "That's correct," a spokesperson said, when asked if users could circumvent Optus' filter by setting their PC to use a different DNS server than the default. "It's a feature of the Interpol list."

The circumvention technique relies on the fact that the ISPs' filtering scheme sees them blocking Interpol's list of sites at the domain name layer, in a different and less complex technique than the models that have so far been proposed under the Federal Government's much wider scheme.

Asked about the same issue, Telstra was less willing to comment than Optus. "We do not intend to explain how motivated people with technical skills can access child abuse content by circumventing blocking of the Interpol worst-of list," the company said this morning. "This would undermine our efforts to reduce the incidence of victims being publicly identified in Australia."

Telstra's filter went live late last week, while Optus' will be implemented over the forthcoming weeks. Other ISPs have not yet clarified whether are definitely planning to implement the IIA's framework, although several have specified that they will cooperate with legal requirements if necessary.

Responding to Optus' revelation about how easy it is to circumvent its Interpol filter, Electronic Frontiers Association spokesperson and board member Stephen Collins said he had to wonder why Optus would even bother with the filtering system. "With such a trivial circumvention, Optus' implementation of this block list is worse than ineffective; it's also misleading on a grand scale," said Collins.

"Nobody will be protected from criminals by this, and worse, for those customers who believe they are protected, their kids or anyone else using their internet connection will bypass this with less than 30 seconds' effort. Optus should be ashamed of themselves; first for implementing this list and trying to have their customers believe it would work, and second for doing such a half-baked job."

Last week, Collins labelled the IIA's blacklist approach as "security theatre", a term coined by US security consultant Bruce Schneier to describe a security approach intended to provide the feeling of improved security, despite a lack of actual measures that will impact security outcomes in practice.

"Our recent comments as to this move being security theatre hold even more strongly now," said Collins today.

After hearing of Optus' implementation, however, the IIA defended its scheme. In a phone interview this afternoon, former IIA chief executive Peter Coroneos — who finished up in the role last week, but is still acting as a spokesperson on the Interpol scheme — defended the organisation's framework.

"If someone's determined to get to child porn websites, then they will get there ... this has never been positioned as an absolute solution in all cases," the executive said. "But people need to be aware that if they are going to actively go and search out child pornography on the internet, they do so at some legal risk. The steps that industry are taking here, not to prevent the determined criminal, but for everyone else, we think the measures will be understood for what they are hoping to achieve."

"I don't think it's theatre to suggest that we are going to make it harder for the non-criminal to access child pornography," Coroneos added. "I don't really endorse the view that this is a completely worthless effort."

The former IIA chief reiterated the organisation's view that implementing the Interpol filter would bring Australia into line with other countries in Europe and Scandinavia. In addition, he pointed out that many technologies were devised with safety features in mind. "If people turn off the safety features, that doesn't lead you to conclude that the safety features were of no use," he said.

Coroneos said that those who were technically minded and able to circumvent the filter were not likely to be representative of the majority of people using the internet. "If they wish to, they could route around the scheme, but it doesn't invalidate it for the vast majority of internet users," he said.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All