Somebody Think Of The Children

It’s good for government accountability that these blacklists are revealed, however clicking on any of those hyperlinks to check if there’s something there that shouldn’t have been blocked renders one liable to criminal prosecution if it turns out to be child porn.

By Fermista on Dec 23, 2008

too right mate, im shit scared to click on any of those links

By Jarrod on Dec 23, 2008

I wouldn’t group “these blacklists” togethe. I’m not sensitive to the plight of the poor Thai monarchy, but the idea that a public list could act as a central directory for child porn sites makes the Danish situation a little more complicated.

Still needs judicial oversight and formal review, though.

By random on Dec 23, 2008

There is bound to be enough opposition to mandatory ISP filtering from within ACMA and/or any other relevant authorities to ensure that the exact same thing happens in Australia.

By Heath on Dec 23, 2008

I know of the Dutch site vanbokhorst.nl (being Dutch). Van Bokhorst is a family name and this is the site of a well known Dutch commercial driver training company – ie for learning how to drive trucks and sail ferries etc.
What it’s doing on the Danish blacklist though I have no idea LOL.

By Daniel on Dec 23, 2008

I won’t be surprised if WikiLeaks ends up on the Australian blacklist for linking to child porn sites.

One benefit of these lists being leaked is it may make it easier for people creating voluntary filtering software to compile lists of unwanted sites. Although I would think filtering URLs from a blacklist would be pretty inefficient considering how easy it is for sites to change domain or for new sites to spring up.

By Robbie Clarken on Dec 23, 2008

The only reason that secrecy is required is the fact that filters don’t work, and even those backing them know it. If your filter does work, then there is little harm in publicly listing a URL and a reason for blocking it.

I’m glad that these lists are getting published, because it demonstrates the folly of filtering and the sham that is these organisation’s security policies – if they cannot keep a top secret list in house then what good are they? I wouldn’t want these bumbling dolts in charge of filtering, I wouldn’t trust them to tie their own shoes.

By Stuart on Dec 23, 2008

Stuart,

That’s a very good point you make about the reason for the secrecy. It is so blindingly obvious, but so very good.

In light of this, one could argue that the safest possible list is one that doesn’t exist or has nothing on it.

jon.

By Jon Seymour on Dec 24, 2008

Actually, it is almost a very good point.

The problem is that because there is no universal filter that applies everywhere, publishing the list here would enable access everywhere else on the planet.

So, even if the filter was 100% effective here, it would still have to be secret elsewhere.

By Jon Seymour on Dec 24, 2008

Secracy is a tool used to blindfold people.

A reality fed into your brain.

Its used to control people without them being aware there being controlled.

You cant object to things you dont know that exist.

You are a slave to those who control the infomation.

By John on Dec 25, 2008

Er… has anyone else actually clicked on any of the links on the Danish banned list to see what happens?

I can’t say I’ve done an exhaustive test, but I’ve clicked on maybe 40+.

I found only two links pointing to live porn site (one is the first in the list).

All the other links I tried are broken or lead to an innocuous placeholder homepage. One pointed to an innocuous genuine website.

My (provisional) conclusion is that the list was probably generated by associating random naughty words with domain suffices. This can be done by computer. I’d expect a success rate of something like what I got – may one in 20 links actually point to a ‘real’ porno site; sometimes the link leads to a non-porn ‘real site; mostly the links lead nowhere.

I’d suggest two likely explanations for the Danish banned list:

(a) either, it’s a hoax by persons unknown
(b) or, it’s a publicity stunt by the first website on the list.

If I had to bet, I’d choose theory (a)

This experience provoked my interest to check out the Thai banned list. I’ve only spent a few minutes there, but it also seems odd if taken at face value.

This link, for instance, is a video on YouTube about how the Thai Royal Family are being set up by an allegedly corrupt general who heads the Thai Privy Council. This raises my suspicions that this list may be part of partisan maneuvering within Thai politics. I’m also curious why the subtitles of the videos I checked on the list always seem to be in English. Is that normal in Thai videos? Perhaps someone with more time and knowledge of Thai politics can take a look at this list. But they may also need to be armed with a sense of humour. Given the apparently inexplicable inclusion of a Charlie Chaplin website, I’d say it’s entirely possible that the Thai ‘banned list’ is (also?) a joke.

Perhaps Nick Minchin’s office dreamt these up for us as holiday brain-teaser?

Overall conclusion: to approach the truth, one sometimes need to click, even if the link is: http://www.clickhereandsirenswillwailatonce.com

Whether Senator Conroy – or a modern Australian judge – would agree in another matter.

As Voltaire said: “it is dangerous to be right in matters on which the established authorities are wrong”

And a Merry Christmas to all!

By Syd Walker on Dec 25, 2008

Had a look at the URL list there. Going by most of the domain names there, the websites look to host some sick stuff. Not brave enough to click on any of the links though.

I did notice that there was a domain name with a .com.au suffix, didn’t check it out though. Surely if it was hosting some sick stuff it would have it’s name taken away? Could actually be no longer active.

3863 seems like a big number, do they ever remove the domains after they are no longer hosted or relevant? Should think so as a bigger list would cause performance problems compared to a smaller list.

By Kyle on Dec 26, 2008

OK, anonymous to the rescue.

acaciastoneworks.com.au could not be found. Please check the name and try again.

Maye it used to belong to http://www.homeimprovementpages.com.au/professional/14286

Syd; these lists (most of which are commercial) are famed for their poor quality, the ease of being listd and the difficulty of being removed. Check out http://www.boingboing.net/2006/02/27/boingboing-banned-in.html for an example.

The reason truckers and stoneworkers show up is scanning by software meant to identify porn; it is not flawless, to say the least.

By Anonymous on Dec 26, 2008

>>> Going by most of the domain names there, the websites look to host some sick stuff. Not brave enough to click on any of the links though.

Kyle, I find your repsonse mystifying.

Are you disputing the results I obtained? Or are you committed on principle to a fact-free discussion?

It’s as though an Emperor walks past, stark naked. Everyone chatters about his cloak. Then a kid points out there is no cloak…. Next they all start chattering about the cloak, just like before.

I imagined someone might well dispute my very quick survey of the so-called ‘Danish banned list’ – or come up with a better analysis. I did not expect it to be completely ignored by people who apparently think otherwise but choose not to experiment in order to find out.

Clearly my knowledge of human pyschology is rudimentary.

By Syd Walker on Dec 26, 2008

Syd, without knowing which links you tried, it’s hard to say, but it’s possible that if the contents of the websites are/were such that hosting ToS were being violated, then the providers have taken them down. Or, if the webmasters became aware that they were on the Danish blacklist, and therefore known to authorities, they might be inclined to move somewhere else. If the list is now 10 months old, as the wikileaks article implies, then I would think the aforementioned possibilities would account for at least some of the URLs being dead now. Porn sites that aren’t big, slick, commercial operations are often a bit fly-by-night.

Of course, if they’re dead, why are they still on the list?

I’d be interested to test from a Danish proxy with an Internet link behind the filter…

By James on Dec 26, 2008

I spent a little time on the Wayback internet archive and got a clearer picture. My apologies to Kyle; I was unnecessarily ratty earlier.

I checked about 25 URLs from the ‘Danish banned list’ at
http://www.archive.org/web/web.php

Most of the listed URLs DO seem, for a while over the last few years, to have been live websites. VERY few are still live. Some have not been picked up by Wayback for years (eg since 2003 or 2004)

A few URLs aren’t in Wayback at all – I came across four like that out of the number I checked. Maybe they were never indexed? Maybe they are mis-spelt. Who knows?

It looks more likely to me now that this list is authentic. If so, all the more embarrassing, I think, for advocates of this type of censorship.

IF it is a genuine list that’s been leaked, and IF it really is the current banned list for Denmark, it mainly blocks dead websites.

Say out of the ~1,300 on the list 15% are current links (I doubt it’s that many). That means there are ~200 current sites on the Danish list.

Any parent relying on that to ‘protect’ themselves or their kids from porn would be delusional.

IF this list IS genuine, Conroy will certainly not be able to assume that drawing on overseas banned lists will be much use. The best that can be said about the Danish list is it’s woefully out of date.

I suppose if Conroy gets his way, our public servants will have to check this stuff, link by link. It’s kind of interesting as a ten minute intellectual exercise, but the idea of doing this 9-5 is too revolting for words.

Is there a term for ‘public servant abuse’? I think we may need one.

By Syd Walker on Dec 26, 2008

I come bearing significant news.

According to Wikileaks, this list is alleged to contain nothing but child pornography.

Of course, it has already been determined that non-pornographic sites have also been added to the list for reasons unbeknownst to anyone. However, I can now confirm that the list also contains several LEGAL pornographic sites.

It didn’t take me long to find this out, seeing as the very first site on the list in one of them! I was too scared to click on it directly, but I did a Google search for “teenbabes.ca” alongside “18 USC 2257″ (this is the standard legal compliance notice all US porn sites are required to display) and sure enough, I found the following:

http://teenbabes.ca/legal.html

Everything appears to be legal and legitimate. Therefore, I decided to enter the site itself and low and behold – there is no child porn! Everything is legal and mainstream and there are links to other commercial porn websites.

There are also sites listed which incorporate the number 18 in their titles such as “18teens” etc … go figure… I wouldn’t be surprised if they had Hustlers Barely Legal on the list somewhere too…

If a list which is supposed to contain only child porn also contains any porn sites where the ladies tits are too small, just imagine what we will end up with on our list which is SUPPOSED to contain porn!

By Heath on Dec 26, 2008

Some statistics !

using a simple ping test ( ping -n 1 domain )

1320 URLs do not resolve to an IP address
2543 URLs resolve to an IP address (of which all but 369 return a ping reply on the first ping ! )

1320 +
2543 = 3863

Test complete.. list deleted

I haven’t looked at a single page of content and do not intend to do so.

Bob

By Bob Bain on Dec 27, 2008

I would like to clarify the count above:-

1320 URL’s return “Ping request could not find host”

2174 URL’s return “Reply from IP Address” (immediate response to the ping”)

369 URL’s return “Request timed out” after identifying an IP Address. As the test was limited to a single ping it may be that the response was slow or being blocked.

Interestingly the 2174 URL’s resolve to just 483 unique IP Addresses. I’m not sure what that means other than that it’s possible the list is actually much smaller than it appears on the surface.

So we have 1320 that don’t resolve to an IP address and presumably can’t be contacted, 483 unique IP addresses representing 2174 URLs, and 369 URLs that were “timed out”.

So after this the list represents possibly 483 + 369 = 842 [could be] unique IP Addresses. If there are also duplicates in the 369 the number of active IP addresses on the list could be smaller than 842.

That’s somewhat smaller than 3863.

Bob

By Bob Bain on Dec 27, 2008

ok a bit more work on this…

483 + 369 = 852 (arithmetical error yesterday)

On testing the 369 for duplicates I find there are only 110 unique IP addresses so the possible number is reduced to 483 + 110 = 593 IP Addresses.

However combining all the IP addressed which resolved to a host and eliminating duplicates indicates that there are 587 IP Addresses returned as “resolved” from the list of URLs.

In summary URLs that do not resolve to a host name = 1320

Of those that resolve to a host name there are just 587 unique IP addresses within the list of URLs and presumably the majority of these could be contacted.

At least one is said to be legal content. I can’t comment on the remaining 586 as I’m not addressing content – only the ability to resolve a given URL to an IP Address and testing the uniqueness of that IP Address in the list.

In Summary:

According to my results there are 587 contactible domains in the list (of which 1 is said to be legal) and 1320 non-contactible domains in the list (including a .com.au domain which isn’t currently registered)

Bob

By Bob Bain on Dec 28, 2008

Syd Walker has expressed some doubt if the list is genuine. I can tell that danish police has confirmed to danish press that this indeed is the censor list though an old one (from february this year). If you understand danish, the confirmation can be seen here: http://www.computerworld.dk/art/49524/

Most of the entries in the published list still exist in the current list, even when there is no website behind the domain name.

By Ole Husgaard on Dec 28, 2008

Thanks for the clarification Ole. I did have some initial doubts, but my second post on this thread indicated that I think it is probably genuine.

I’ll use this opposrtunity to clear up another error in my earlier post. For some reason I misread the total number of URLs on the list and cited a total of 1,300 instead of 3863. Apologies.

Bob Bain’s ping tests are useful info, but of course say nothing about the actual content of those sites that return a +ve result. My guess is that the great majority are not live sites with real content. Even a year ago, many of them were probably dead, given the Wayback results I got on a small sample.

By Syd Walker on Dec 29, 2008

Somebody has now used geolocation software to find out in which countries the censored domains are hosted: https://secure.wikileaks.org/wiki/User:Chlor/dklist

367 of the censored domains are hosted in Australia.

While the Danish police is refusing to talk about the procedures involved with their censorship, I suspect that they never notify the authorities in the country where a censored domain is hosted.

Perhaps you could get confirmation of this by asking australian police if they know about these 367 domains?

By Ole Husgaard on Dec 30, 2008

I just checked how many of the domains in the leaked list are still censored by querying a censoring danish DNS server.

Today 3859 of the 3863 domains are still censored. The four domains no longer censored are: loplz.com, rahman.fw.nu, realymodels.net and http://www.lolaa.nm.ru.

By Ole Husgaard on Dec 30, 2008

“367 of the censored domains are hosted in Australia.”

…but only 3 if you use unique IP Addresses

Here’s a country by country by unique IP address from the list provided (404 unique IP addresses on that geographic region list)

US 252
NL 27
DE 18
CA 17
KR 12
RU 11
GB 10
CN 8
CZ 5
FR 4
SE 4
AU 3
DK 3
ES 3
JP 3
RO 3
BS 2
BZ 2
HK 2
PT 2
A2 1
AF 1
AT 1
BV 1
CY 1
IL 1
IT 1
MX 1
NO 1
SA 1
SK 1
TW 1
UA 1

Total 404

I estimated 587 unique IP addresses in the “host name resolves to IP address” category. There’s 404 of them listed by geographic location.

Of the 1463 marked ?? 1298 are on my “cannot resolve to host name list”

Only 3 in Australia. The majority are seemingly located in the US (252).

Bob

By Bob Bain on Dec 30, 2008

And on further analysis

367 AU = 363 to one IP Address registered in San Diego California

+ 1 AU registered in Melbourne
+ 3 AU registered in Melbourne

363 + 1 + 3 = 367 – ip addresses that is

( recap 363 registered in San Diego California and 2 in Australia )

Bob

By Bob Bain on Dec 30, 2008

Bob’s ping tests are meaningless. Just because you can ping a hostname doesn’t mean that they are running a web server, just that there is a machine out there somewhere that is responding to pings. In addition, it is common security practice to not respond to pings, since crackers can use pings to perform denial of service attacks. If I were running a site to which people might object, I would definitely not give attackers a potential weapon again me by responding to pings.

A more meaningful test would have to tested for a running web server by attempting to connect to port 80 on those hosts, but even this method isn’t foolproof. This wouldn’t have to mean viewing the content of the pages, as there are tools that can be employed to verify a service listening on a port without viewing the page. At least if you had employed this type of test, the numbers might have been more meaningful. As they stand, they are not even worth considering.

By Tom on Dec 16, 2009