The blocking mechanism used to censor Wikipedia in the United Kingdom has been
described as "fragile" and "easy to evade" by Cambridge
University security expert Richard Clayton.
Access to Wikipedia was restricted between Dec. 5 and 9 after child-abuse watchdog the Internet Watch Foundation (IWF)
recommended that Internet service providers (ISPs) block two Wikipedia pages. The pages contain
an image of the 1978 Virgin Killer album cover by German rock band
the Scorpions, which shows a naked girl.
According to Wikipedia, the U.K. ISPs which enforce the IWF list
include Be, BT, Demon, Eclipse, Orange, PlusNet, Sky Broadband,
T-Mobile, TalkTalk, Telefonica O2, Tesco.net, and UK online.
However, Clayton said there was "some confusion" as to which
operators had blocked access to the Wikipedia page. Virgin Media,
Plusnet, and Be Broadband all made statements this week saying they
had blocked the site.
However, much of the blocking was ineffectual, wrote Clayton in
a blog post on Thursday, due to case sensitivity. Whereas the IWF
had recommended that a URL ending in 'virgin_killer' be blocked,
the two Wikipedia pages that the ISPs attempted to censor were
listed as "Virgin_Killer" and "Virgin_killer".
At ISPs where
the URL matching was case sensitive, the pages were not blocked.
Users could also unintentionally circumvent the blocking mechanism
if they used their own DNS server or a remote proxy mechanism,
Clayton added. They could then report that they could see the page,
further "muddying the waters", Clayton said.
was caused over whether ISPs showing "404" error pages were blocking
the pages deliberately, or whether the error messages were being
returned for another reason.
Clayton said ISPs don't block entire Web sites, but instead pass
the traffic to suspect sites through a Web proxy. The proxy checks
the Web request and blocks specific URLs that are on the IWF
However, as part of its policy to prevent vandalism on the site,
Wikipedia blocks large numbers of requests from limited IP
addresses. The use of proxies meant that all Wikipedia visitors
using major ISPs appeared to have "one of a handful" of IP
addresses, and so were blocked from editing.
Clayton said it is unknown why the IWF chose to block the Web
page URLs instead of the image URLs. However, future attempts at
blocking images would probably be ineffectual, wrote Clayton.
"The bottom line is that these blocking systems are fragile
[and] easy to evade (even unintentionally)," wrote Clayton.