huh, never really thought of using a puzzle game to send coded messages
thanks for the idea, maybe it will come in useful if i ever get arrested in florida
I hear that Three (the UK ISP) will block archive.org using BGP hijacking if parental controls are enabled, redirecting all traffic to a proxy that serves a HTTP response.
Trouble is, it will still do that even on a HTTPS connection, leading to HTTP traffic appearing in the middle of a TLS handshake, which the client really dislikes.
It only really takes 1 Google/DuckDuckGo/Searx/(insert search engine here) search for a kid to start to figure out how to get around a firewall. Back in primary school, I learned how to use a commercial VPN offering, then later on I learned about onion routing. At the time, I had admin access on a personal laptop. Now, I could bypass nearly any firewall you could configure, using a variety of means (WireGuard, OpenVPN over TCP port 443, SSH tunneling over TCP port 443, Tor, Tor with Snowflake (short-lived proxies distributed over a domain-fronted web site), and I could likely set up more unusual tunnels (IP over DNS and IP over ICMP) should I need to).
Why did I learn this? Because firewalls inconvenienced me (overblocking). At secondary school, the domain used for Ubuntu PPAs was blocked, breaking software updates on my computer. The workaround was to configure apt to access those repositories over Tor so as to bypass the firewall. At home, a lot of Minecraft servers were blocked by the ISPs content filter for some reason. My parents literally gave me the credentials to override the filter because when I encountered it, it was getting in the way rather than actually blocking age-restricted content, as I had no desire to search for such content. Eventually, they stopped using the firewall since it got in their way once (it broke payments for an indoor skydiving centre they were booking) and I immediately busted out Tor Browser and was able to get a working version of the website.
Children have intelligence, and if your cotton wool covering gets in their way, they will gain a huge reservoir of motivation to find a way around your cotton wool.
Yes, that is trivial.
However, this ignores the fact that you can get control of a computer at a lower level. Most parents won't even know what UEFI (or BIOS) is. Even if they do lock out booting from external media in the firmware, some firmware is backdoored (most notably Dell firmware, but others as well) so the firmware password can be reset if it is forgotten. Multiple such backdoors have been reverse engineered and code generators made. It only takes one motivated or tech-savvy kid to get a live USB out.
Plus, even if developer tools are turned off through "trivial" means (usually enterprise policy, which can be somewhat difficult to set without some tech knowledge and motivation) the headers can be modified before the browser sees the response using tools like Burp Suite or mitmproxy.
This seems like it could actually have some benefit. For people who want to opt out of seeing such content, it would work with far fewer false positives.
For people who actively seek out such content, it would be trivial to bypass should it be enforced by the endpoint through any of the following methods:
1)Replacing some or all of the software on the endpoint. Most parents don't bother to lock down the firmware of the computer (even when it is not backdoored by the manufacturer) and it would be trivial for a child to boot a live DVD or USB image with software they control. Even if they can't flash one themselves, they may be able to get one from a friend - additionally some computer-related magazines give out free live DVDs (this is how I obtained my first live DVD).
2)Tampering with the header at the network level. This would be trivial to do with something like Burp Suite or mitmproxy, assuming HTTP(S) is being used. Both of these tools could be scripted to remove the header automatically.
3)Transferring the content using a different method. If someone tech-savvy was willing to help, they could set up their own server that did not set the header. Additionally, HTTP(S) is not the only protocol out there - a FTP server could also distribute content. Plus, large hard drives will always exist and can always be passed around - headers don't really apply to a sneakernet.
Despite these flaws, this system would still provide benefit over existing systems (mainly a reduction in overcensorship), as far as I can see. After all, if someone wants to view blocked content, they already can, as flaws 1 and 3 already apply to existing content filters (with control of the endpoint client-side filters are negated and network-level filters can be bypassed with software like Tor Browser, and most filters will not be aware of a sneakernet, FTP, or your friends web server). For someone who wants to avoid age-restricted content (such as young me), the system you propose would work far better. Then again, there is quite possibly something I have missed with this system.
I'm pretty sure that I have seen a server implementation that uses features intended for DRM to attest that the server is running the code its operators say it is (and that they open sourced).
Think it was Signal doing this, but not absolutely certain.
But of course, as you said, it is entirely possible that the system is still sabotaged (e.g. the chip does not do what it says it does due to sabotage, which could be done by the manufacturer (in the aforementioned implementation it was Intel iirc) at the behest of a government or other sufficiently-powerful organisation).
I think that there are already DNS servers that blackhole them
They are designed to block updates and telemetry from their consoles (to prevent you getting banned for using fusee gelee or a modchip, and to prevent exploits from being patched)
"the problem is this prevents securely[sic] from working"
you don't need a vpn for that, dns cache poisoning will work fine (if it cant communicate with its backend it will soft fail for everything apart from sign-in, which is on a separate domain anyway)
"It was undeclared, as required when traveling with firearms or weapons"
This makes it sound like it is required that you do not declare weaponry (obviously not what the actual rules are)
Congratulations, TSA. You have proven yourself to be incompetent at even basic English.
State: Whats wrong with mass surveillance - nothing to hide, nothing to fear
Some dude: Agreed, which is why I'm leaking these top secret Government files online
Funny thing is, the UK prime minister very obviously has something to hide, and was not able to hide it. If you can't hide stuff even with encryption available, then why bother outlawing it?
This. Was DM'ed on discord by a prominent moderation bot with an invite link for a server offering nudes. Blocked said bot (later figured out that the owner of a server I had joined had set up a custom "welcome message" with the bot) and reported to Discord.
In fact, Discord staff can see these conversations if they want to (they are not E2EE, only encrypted up until they reach Discord servers, decrypted, stored, then re-encrypted and sent when other users who should receive them request them), which, according to these types of people who create moral panics is safer.
And sadly in the end it leads to kids that are more at risk of these things, because they cannot handle risks, having been wrapped in cotton wool for so long.
The key is to letting your kids "learn the hard way" when "the hard way" does not endanger them (unless it is something like them tripping up and grazing their knee/elbow after being told not to run) and letting them learn how to manage risks.
almost nobody would have even thought of that until now
huh, never really thought of using a puzzle game to send coded messages thanks for the idea, maybe it will come in useful if i ever get arrested in florida
on the subject of the most random stuff supposedly causing cancer
Who does Montana think they are - California?
Speaking of archive.org
I hear that Three (the UK ISP) will block archive.org using BGP hijacking if parental controls are enabled, redirecting all traffic to a proxy that serves a HTTP response. Trouble is, it will still do that even on a HTTPS connection, leading to HTTP traffic appearing in the middle of a TLS handshake, which the client really dislikes.
It only really takes 1 Google/DuckDuckGo/Searx/(insert search engine here) search for a kid to start to figure out how to get around a firewall. Back in primary school, I learned how to use a commercial VPN offering, then later on I learned about onion routing. At the time, I had admin access on a personal laptop. Now, I could bypass nearly any firewall you could configure, using a variety of means (WireGuard, OpenVPN over TCP port 443, SSH tunneling over TCP port 443, Tor, Tor with Snowflake (short-lived proxies distributed over a domain-fronted web site), and I could likely set up more unusual tunnels (IP over DNS and IP over ICMP) should I need to). Why did I learn this? Because firewalls inconvenienced me (overblocking). At secondary school, the domain used for Ubuntu PPAs was blocked, breaking software updates on my computer. The workaround was to configure apt to access those repositories over Tor so as to bypass the firewall. At home, a lot of Minecraft servers were blocked by the ISPs content filter for some reason. My parents literally gave me the credentials to override the filter because when I encountered it, it was getting in the way rather than actually blocking age-restricted content, as I had no desire to search for such content. Eventually, they stopped using the firewall since it got in their way once (it broke payments for an indoor skydiving centre they were booking) and I immediately busted out Tor Browser and was able to get a working version of the website. Children have intelligence, and if your cotton wool covering gets in their way, they will gain a huge reservoir of motivation to find a way around your cotton wool.
Yes, that is trivial. However, this ignores the fact that you can get control of a computer at a lower level. Most parents won't even know what UEFI (or BIOS) is. Even if they do lock out booting from external media in the firmware, some firmware is backdoored (most notably Dell firmware, but others as well) so the firmware password can be reset if it is forgotten. Multiple such backdoors have been reverse engineered and code generators made. It only takes one motivated or tech-savvy kid to get a live USB out. Plus, even if developer tools are turned off through "trivial" means (usually enterprise policy, which can be somewhat difficult to set without some tech knowledge and motivation) the headers can be modified before the browser sees the response using tools like Burp Suite or mitmproxy.
This seems like it could actually have some benefit. For people who want to opt out of seeing such content, it would work with far fewer false positives. For people who actively seek out such content, it would be trivial to bypass should it be enforced by the endpoint through any of the following methods: 1)Replacing some or all of the software on the endpoint. Most parents don't bother to lock down the firmware of the computer (even when it is not backdoored by the manufacturer) and it would be trivial for a child to boot a live DVD or USB image with software they control. Even if they can't flash one themselves, they may be able to get one from a friend - additionally some computer-related magazines give out free live DVDs (this is how I obtained my first live DVD). 2)Tampering with the header at the network level. This would be trivial to do with something like Burp Suite or mitmproxy, assuming HTTP(S) is being used. Both of these tools could be scripted to remove the header automatically. 3)Transferring the content using a different method. If someone tech-savvy was willing to help, they could set up their own server that did not set the header. Additionally, HTTP(S) is not the only protocol out there - a FTP server could also distribute content. Plus, large hard drives will always exist and can always be passed around - headers don't really apply to a sneakernet. Despite these flaws, this system would still provide benefit over existing systems (mainly a reduction in overcensorship), as far as I can see. After all, if someone wants to view blocked content, they already can, as flaws 1 and 3 already apply to existing content filters (with control of the endpoint client-side filters are negated and network-level filters can be bypassed with software like Tor Browser, and most filters will not be aware of a sneakernet, FTP, or your friends web server). For someone who wants to avoid age-restricted content (such as young me), the system you propose would work far better. Then again, there is quite possibly something I have missed with this system.
I'm pretty sure that I have seen a server implementation that uses features intended for DRM to attest that the server is running the code its operators say it is (and that they open sourced). Think it was Signal doing this, but not absolutely certain. But of course, as you said, it is entirely possible that the system is still sabotaged (e.g. the chip does not do what it says it does due to sabotage, which could be done by the manufacturer (in the aforementioned implementation it was Intel iirc) at the behest of a government or other sufficiently-powerful organisation).
We are talking about the UK here
Section 230 is a US law. Your argument is invalid.
Well, by that logic
Could someone from the EU (hypothetically) hit them with a cyberattack with impunity?
I think that there are already DNS servers that blackhole them They are designed to block updates and telemetry from their consoles (to prevent you getting banned for using fusee gelee or a modchip, and to prevent exploits from being patched)
The bee movie script, of course, floods the form anyway because bees don't care what fascists think
"the problem is this prevents securely[sic] from working" you don't need a vpn for that, dns cache poisoning will work fine (if it cant communicate with its backend it will soft fail for everything apart from sign-in, which is on a separate domain anyway)
He actually transmitted on military radio frequencies? This kid must've been crazy!
Beautifully simple, yet meaningful 10/10 prose
nah, someone will just use it to rickroll the entire world (honestly, that would be pretty hilarious)
Second, the best defense the cop shop could offer was basically “just following orders.” Huh, seems oddly familiar
"It was undeclared, as required when traveling with firearms or weapons" This makes it sound like it is required that you do not declare weaponry (obviously not what the actual rules are) Congratulations, TSA. You have proven yourself to be incompetent at even basic English.
State: Whats wrong with mass surveillance - nothing to hide, nothing to fear Some dude: Agreed, which is why I'm leaking these top secret Government files online Funny thing is, the UK prime minister very obviously has something to hide, and was not able to hide it. If you can't hide stuff even with encryption available, then why bother outlawing it?
This. Was DM'ed on discord by a prominent moderation bot with an invite link for a server offering nudes. Blocked said bot (later figured out that the owner of a server I had joined had set up a custom "welcome message" with the bot) and reported to Discord. In fact, Discord staff can see these conversations if they want to (they are not E2EE, only encrypted up until they reach Discord servers, decrypted, stored, then re-encrypted and sent when other users who should receive them request them), which, according to these types of people who create moral panics is safer.
And sadly in the end it leads to kids that are more at risk of these things, because they cannot handle risks, having been wrapped in cotton wool for so long. The key is to letting your kids "learn the hard way" when "the hard way" does not endanger them (unless it is something like them tripping up and grazing their knee/elbow after being told not to run) and letting them learn how to manage risks.