May 25, 2005

Richard Clayton - "Failures in a Hybrid Content Blocking System"

Richard Clayton sent me a notice about his new paper on BT's (British Telecom) "Cleanfeed":

Failures in a Hybrid Content Blocking System

Abstract. Three main methods of content blocking are used on the Internet: blocking routes to particular IP addresses, blocking specific URLs in a proxy cache or firewall, and providing invalid data for DNS lookups. The mechanisms have different accuracy/cost trade-offs. This paper examines a hybrid, two-stage system that redirects traffic that might need to be blocked to a proxy cache, which then takes the final decision. This promises an accurate system at a relatively low cost. A British ISP has deployed such a system to prevent access to child pornography. However, circumvention techniques can now be employed at both system stages to reduce effectiveness; there are risks from relying on DNS data supplied by the blocked sites; and the system can be used as an oracle to determine what is being blocked. Experimental results show that it is straightforward to use the system to compile a list of illegal websites.

It'll "be presented at the Workshop on Privacy Enhancing Technologies, Dubrovnik, Croatia, 30 May 2005 -- 1 June 2005", and he say in email he'll also give a luncheon talk on the topic at the Berkman Center on June 7th. (sigh ...).

By Seth Finkelstein | posted in censorware | on May 25, 2005 05:35 PM (Infothought permalink)
Seth Finkelstein's Infothought blog (Wikipedia, Google, censorware, and an inside view of net-politics) - Syndicate site (subscribe, RSS)

Subscribe with Bloglines      Subscribe in NewsGator Online  Google Reader or Homepage