UK Internet Censorship


Latest

2013   2014   2015   2016   2017   2018   2019   Latest  


 

A cryptic question...

Tom Watson asks in parliament about which internet browsers plan to implement censor busting DNS Over HTTPS technology


Link Here 19th May 2019
Full story: DNS Over Https...A new internet protocol will make government website blocking more difficult
Tom Watson asked a parliamentary question about the censor busting technology of DNS over HTTPS.

Up until now, ISPs have been able to intercept website address look ups (via a DNS server) and block the ones that they, or the state, don't like.

This latest internet protocol allows browsers and applications to bypass ISPs' censored DNS servers and use encrypted alternatives that cannot then be intercepted by ISPs and so can't be censored by the state. (note that they can offer a censored service such as an option for a family friendly feeds, but this is on their own terms and not the state's).

Anyway Labour Deputy leader has been enquiring about whether browsers are intending to implement the new protocol. Perhaps revealing an idea to try and pressurise browsers into not offering options to circumvent the state's blocking list.

Tom Watson Deputy Leader of the Labour Party, Shadow Secretary of State for Digital, Culture, Media and Sport

To ask the Secretary of State for Digital, Culture, Media and Sport, how many internet browser providers have informed his Department that they will not be adopting the Internet Engineering Task Force DNS over HTTPS ( DOH ) protocol.

Margot James The Minister of State, Department for Culture, Media and Sport

How DOH will be deployed is still a subject of discussion within the industry, both for browser providers and the wider internet industry. We are aware of the public statements made by some browser providers on deployment and we are seeking to understand definitively their rollout plans. DCMS is in discussions with browser providers, internet industry and other stakeholders and we are keen to see a resolution that is acceptable for all parties.

 

 

Website blocking blocked...

House of Lords: Questions about DNS over HTTPS


Link Here 15th May 2019
Full story: DNS Over Https...A new internet protocol will make government website blocking more difficult
At the moment when internet users want to view a page, they specify the page they want in the clear. ISPs can see the page requested and block it if the authorities don't like it. A new internet protocol has been launched that encrypts the specification of the page requested so that ISPs can't tell what page is being requested, so can't block it.

This new DNS Over HTTPS protocol is already available in Firefox which also provides an uncensored and encrypted DNS server. Users simply have to change the settings in about:config (being careful of the dragons of course)

Questions have been raised in the House of Lords about the impact on the UK's ability to censor the internet.

House of Lords, 14th May 2019, Internet Encryption Question

Baroness Thornton Shadow Spokesperson (Health) 2:53 pm, 14th May 2019

To ask Her Majesty 's Government what assessment they have made of the deployment of the Internet Engineering Task Force 's new " DNS over HTTPS " protocol and its implications for the blocking of content by internet service providers and the Internet Watch Foundation ; and what steps they intend to take in response.

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, DCMS is working together with the National Cyber Security Centre to understand and resolve the implications of DNS over HTTPS , also referred to as DoH, for the blocking of content online. This involves liaising across government and engaging with industry at all levels, operators, internet service providers, browser providers and pan-industry organisations to understand rollout options and influence the way ahead. The rollout of DoH is a complex commercial and technical issue revolving around the global nature of the internet.

Baroness Thornton Shadow Spokesperson (Health)

My Lords, I thank the Minister for that Answer, and I apologise to the House for this somewhat geeky Question. This Question concerns the danger posed to existing internet safety mechanisms by an encryption protocol that, if implemented, would render useless the family filters in millions of homes and the ability to track down illegal content by organisations such as the Internet Watch Foundation . Does the Minister agree that there is a fundamental and very concerning lack of accountability when obscure technical groups, peopled largely by the employees of the big internet companies, take decisions that have major public policy implications with enormous consequences for all of us and the safety of our children? What engagement have the British Government had with the internet companies that are represented on the Internet Engineering Task Force about this matter?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

My Lords, I thank the noble Baroness for discussing this with me beforehand, which was very welcome. I agree that there may be serious consequences from DoH. The DoH protocol has been defined by the Internet Engineering Task Force . Where I do not agree with the noble Baroness is that this is not an obscure organisation; it has been the dominant internet technical standards organisation for 30-plus years and has attendants from civil society, academia and the UK Government as well as the industry. The proceedings are available online and are not restricted. It is important to know that DoH has not been rolled out yet and the picture in it is complex--there are pros to DoH as well as cons. We will continue to be part of these discussions; indeed, there was a meeting last week, convened by the NCSC , with DCMS and industry stakeholders present.

Lord Clement-Jones Liberal Democrat Lords Spokesperson (Digital)

My Lords, the noble Baroness has raised a very important issue, and it sounds from the Minister 's Answer as though the Government are somewhat behind the curve on this. When did Ministers actually get to hear about the new encrypted DoH protocol? Does it not risk blowing a very large hole in the Government's online safety strategy set out in the White Paper ?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

As I said to the noble Baroness, the Government attend the IETF . The protocol was discussed from October 2017 to October 2018, so it was during that process. As far as the online harms White Paper is concerned, the technology will potentially cause changes in enforcement by online companies, but of course it does not change the duty of care in any way. We will have to look at the alternatives to some of the most dramatic forms of enforcement, which are DNS blocking.

Lord Stevenson of Balmacara Opposition Whip (Lords)

My Lords, if there is obscurity, it is probably in the use of the technology itself and the terminology that we have to use--DoH and the other protocols that have been referred to are complicated. At heart, there are two issues at stake, are there not? The first is that the intentions of DoH, as the Minister said, are quite helpful in terms of protecting identity, and we do not want to lose that. On the other hand, it makes it difficult, as has been said, to see how the Government can continue with their current plan. We support the Digital Economy Act approach to age-appropriate design, and we hope that that will not be affected. We also think that the soon to be legislated for--we hope--duty of care on all companies to protect users of their services will help. I note that the Minister says in his recent letter that there is a requirement on the Secretary of State to carry out a review of the impact and effectiveness of the regulatory framework included in the DEA within the next 12 to 18 months. Can he confirm that the issue of DoH will be included?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

Clearly, DoH is on the agenda at DCMS and will be included everywhere it is relevant. On the consideration of enforcement--as I said before, it may require changes to potential enforcement mechanisms--we are aware that there are other enforcement mechanisms. It is not true to say that you cannot block sites; it makes it more difficult, and you have to do it in a different way.

The Countess of Mar Deputy Chairman of Committees, Deputy Speaker (Lords)

My Lords, for the uninitiated, can the noble Lord tell us what DoH means --very briefly, please?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

It is not possible to do so very briefly. It means that, when you send a request to a server and you have to work out which server you are going to by finding out the IP address, the message is encrypted so that the intervening servers are not able to look at what is in the message. It encrypts the message that is sent to the servers. What that means is that, whereas previously every server along the route could see what was in the message, now only the browser will have the ability to look at it, and that will put more power in the hands of the browsers.

Lord West of Spithead Labour

My Lords, I thought I understood this subject until the Minister explained it a minute ago. This is a very serious issue. I was unclear from his answer: is this going to be addressed in the White Paper ? Will the new officer who is being appointed have the ability to look at this issue when the White Paper comes out?

Lord Ashton of Hyde The Parliamentary Under-Secretary of State for Digital, Culture, Media and Sport

It is not something that the White Paper per se can look at, because it is not within the purview of the Government. The protocol is designed by the IETF , which is not a government body; it is a standards body, so to that extent it is not possible. Obviously, however, when it comes to regulating and the powers that the regulator can use, the White Paper is consulting precisely on those matters, which include DNS blocking, so it can be considered in the consultation.

 

 

Government minister blames online trolling for suicide...

It couldn't possibly be anything to do with her government's policies to impoverish people through austerity, globalisation, benefits sanctions, universal credit failures and the need for food banks


Link Here 15th May 2019
Jackie Doyle-Price is the government's first suicide prevention minister. She seems to believe that this complex and tragic social problem can somehow be cure by censorship and an end to free speech.

She said society had come to tolerate behaviour online which would not be tolerated on the streets. She urged technology giants including Google and Facebook to be more vigilant about removing harmful comments.

Doyle-Price told the Press Association:

It's great that we have these platforms for free speech and any one of us is free to generate our own content and put it up there, ...BUT... free speech is only free if it's not abused. I just think in terms of implementing their duty of care to their customers, the Wild West that we currently have needs to be a lot more regulated by them.

 

 

Offsite Article: How The New UK Porn Block Could Put Independent Sex Workers At Risk...


Link Here 15th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Age verification measures pose a tangible threat to sex workers' income and safety.

See article from elle.com

 

 

Tubes banned on the Tube...

Government announces new law to ban watching porn in public places


Link Here 13th May 2019

Watching pornography on buses is to be banned, ministers have announced. Bus conductors and the police will be given powers to tackle those who watch sexual material on mobile phones and tablets.

Ministers are also drawing up plans for a national database of claimed harassment incidents. It will record incidents at work and in public places, and is likely to cover wolf-whistling and cat-calling as well as more serious incidents.

In addition, the Government is considering whether to launch a public health campaign warning of the effects of pornography -- modelled on smoking campaigns.

 

 

The Porn Channel...

The Channel Islands is considering whether to join the UK in the censorship of internet porn


Link Here 13th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

As of 15 July, people in the UK who try to access porn on the internet will be required to verify their age or identity online.

The new UK Online Pornography (Commercial Basis) Regulations 2018 law does not affect the Channel Islands but the States have not ruled out introducing their own regulations.

The UK Department for Censorship, Media and Sport said it was working closely with the Crown Dependencies to make the necessary arrangements for the extension of this legislation to the Channel Islands.

A spokeswoman for the States said they were monitoring the situation in the UK to inform our own policy development in this area.

 

 

Offsite Article: Careless lawmaking...


Link Here 6th May 2019
Full story: Online Harms White Paper...UK Government seeks to censor social media
Detailed legal analysis of Online Harms white paper does not impress

See article from cyberleagle.com

 

 

Tightening the purse strings...

BBFC warns that age verification should not be coupled with electronic wallets


Link Here 4th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The BBFC has re-iterated that its Age Verification certification scheme does not allow for personal data to be used for another purpose beyond age verification. In particular age verification should not be coupled with electronic wallets.

Presumably this is intended to prevent personal date identifying porn users to be dangerously stored in databases use for other purposes.

In passing, this suggests that there may be commercial issues as age verification systems for porn may not be reusable for age verification for social media usage or identity verification required for online gambling. I suspect that several AV providers are only interested in porn as a way to get established for social media age verification.

This BBFC warning may be of particular interest to users of the porn site xHamster. The preferred AV option for that website is the electronic wallet 1Account.

The BBFC write in a press release:

The Age-verification Regulator under the UK's Digital Economy Act, the British Board of Film Classification (BBFC), has advised age-verification providers that they will not be certified under the Age-verification Certificate (AVC) if they use a digital wallet in their solution.

The AVC is a voluntary, non-statutory scheme that has been designed specifically to ensure age-verification providers maintain high standards of privacy and data security. The AVC will ensure data minimisation, and that there is no handover of personal information used to verify an individual is over 18 between certified age-verification providers and commercial pornography services. The only data that should be shared between a certified AV provider and an adult website is a token or flag indicating that the consumer has either passed or failed age-verification.

Murray Perkins, Policy Director for the BBFC, said:

A consumer should be able to consider that their engagement with an age-verification provider is something temporary.

In order to preserve consumer confidence in age-verification and the AVC, it was not considered appropriate to allow certified AV providers to offer other services to consumers, for example by way of marketing or by the creation of a digital wallet. The AVC is necessarily robust in order to allow consumers a high level of confidence in the age-verification solutions they choose to use.

Accredited providers will be indicated by the BBFC's green AV symbol, which is what consumers should look out for. Details of the independent assessment will also be published on the BBFC's age-verification website, ageverificationregulator.com, so consumers can make an informed choice between age-verification providers.

The Standard for the AVC imposes limits on the use of data collected for the purpose of age-verification, and sets out requirements for data minimisation.

The AVC Standard has been developed by the BBFC and NCC Group - who are experts in cyber security and data protection - in cooperation with industry, with the support of government, including the National Cyber Security Centre and Chief Scientific Advisors, and in consultation with the Information Commissioner's Office. In order to be certified, AV Providers will undergo an on-site audit as well as a penetration test.

Further announcements will be made on AV Providers' certification under the scheme ahead of entry into force on July 15.

 

 

Offsite Article: How the U.K. Won't Keep Porn Away From Teens...


Link Here 4th May 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The New York Times takes a sceptical look at the upcoming porn censorship regime

See article from nytimes.com

 

 

Extract: Lords of Censorship...

Lords debate about Online Harms sees peers line up as supporters of internet censorship and each adds their own little pet suggestions for even more censorship


Link Here 1st May 2019
Full story: Online Harms White Paper...UK Government seeks to censor social media
The House of Lords saw a pre-legislation debate about the governments Online Harms white paper. Peers from all parties queued up to add their praise for internet censorship. And don't even think that maybe the LibDems may be a little more appreciative of free speech and a little less in favour of state censorship. Don't dream! all the lords that spoke were gagging for it...censorship that is.

And support for the internet censorship in the white paper wasn't enough. Many of the speakers presumed to add on their own pet ideas for even more censorship.

I did spot one piece of information that was new to me. It seems that the IWF have extended their remit to include cartoon child porn as material they work against.

Elspeth Howe said during the debate:

I am very pleased that, since the debates at the end of last year, the Internet Watch Foundation has adopted a new non-photographic images policy and URL block list, so that websites that contain these images can be blocked by IWF members. It allows for network blocking of non-photographic images to be applied to filtering solutions, and it can prevent pages containing non-photographic images being shown in online search engine results. In 2017, 3,471 reports of alleged non-photographic images of child sexual abuse were made to the IWF; the figure for 2018 was double that, at 7,091 alleged reports. The new IWF policy was introduced only in February, so it is early days to see whether this will be a success. The IWF is unable to remove content unless that content originates in the UK, which of course is rare. The IWF offers this list on a voluntary basis, not a statutory basis as would occur under the Digital Economy Act. Can the Minister please keep the House informed about the success of the new policy and, if necessary, address the loopholes in the legislative proposal arising from this White Paper?

Anyway read the full debate from hansard.parliament.uk

 

 

Who do you think the complainants were? BBFC, GCHQ, the police?...

ASA censors TV advert for VPN claiming that the internet is not as dangerous as the advert makes out


Link Here 1st May 2019
NordVPN
Are you UK internet censorship ready?
NordVPN
 

The ASA has banned an advert for the extra security provided by VPNs in response to 9 complainants objecting to the characterisation of the internet as dangerous place full of hackers and fraudsters.

It is not as if the claims are 'offensive' or anything, so these are unlikely to be complaints from the public. One has to suspect that the authorities really don't want people to get interested in VPNs lest they evade website blocking and internet surveillance.

Anyway the ASA writes:

A TV ad for NordVPN seen on 9 January 2019. The ad began with a man walking down a train cubicle. Text on screen appeared that stated Name: John Smith. A man's voice then said, Look it's me, giving out my credit card details. The ad then showed the man handing his credit card to passengers on the train. On-screen text appeared that stated Credit card number 1143 0569 7821 9901. CVV/CVC 987. The ad then cut to another shot of the man showing other passengers his phone. The man's voice said, Sharing my password with strangers. On-screen text stated Password: John123. The ad then cut to a shot of the man taking a photo of himself with a computer generated character. The man's voice said, Being hackers' best friend. The ad then cut to the man looking down the corridor of the carriage as three computer generated characters walked towards him. The man's voice then said, Your sensitive online data is just as open to snoopers on public WiFi. The man then pulled out his phone, which showed his security details again. The voice said, Connect to Nord VPN. Help protect your privacy and enjoy advanced internet security. On-screen text stated Advanced security. 6 devices. 30-day money-back guarantee. The ad cut to show the computer generated characters disappear as the man appeared to use the NordVPN app on his phone.

Nine complainants challenged whether the ad exaggerated the extent to which users were at risk from data theft without their service. Response

ASA Assessment: Complaints Upheld

The ASA noted that the ad showed the character John Smith walking around a train, handing out personal information including credit card details and passwords to passengers while he stated he was being hackers' best friend. The character then said Your sensitive online data is just as open to snoopers on public WiFi. Based on that, we considered consumers would understand that use of public WiFi connections would make them immediately vulnerable to hacking or phishing attempts by virtue of using those connections. Therefore NordVPN needed to demonstrate that using public networks posed such a risk.

With regards to the software, we acknowledged that the product was designed to add an additional layer of encryption beyond the HTTPS encryption which already existed on public WiFi connections to provide greater security from threats on public networks.

We noted the explanations from NordVPN and Clearcast that public networks presented security risks and that the use of HTTPS encryption, which was noticeable from the use of a padlock in a user's internet browser, did not in all circumstances indicate that a connection was completely secure.

However, while we acknowledged that such data threats could exist we considered the overwhelming impression created by the ad was that public networks were inherently insecure and that access to them was akin to handing out security information voluntarily. As acknowledged by NordVPN, we understood that HTTPS did provide encryption to protect user data so therefore, while data threats existed, data was protected by a significant layer of security.

Therefore, because the ad created the impression that users were at significant risk from data theft, when that was not the case, we concluded it was misleading.

The ad must not appear again in its current form. We told Tefincom SA t/a NordVPN not to exaggerate the risk of data theft without using their service.

 

 

Fundamentally flawed and not fit for purpose...

Well known security expert does a bit of a hatchet job on the BBFC Age Verification Certificate Standard


Link Here 27th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

Starting with a little background into the authorship of the document under review. AVSecure CMO Steve Winyard told XBIZ:

The accreditation plan appears to have very strict rules and was crafted with significant input from various governmental bodies, including the DCMS (Department for Culture, Media & Sport), NCC Group plc (an expert security and audit firm), GCHQ (U.K. Intelligence and Security Agency), ICO (Information Commissioner's Office) and of course the BBFC.

But computer security expert Alec Muffett writes:

This is the document which is being proffered to protect the facts & details of _YOUR_ online #Porn viewing. Let's read it together!

What could possibly go wrong?

....

This document's approach to data protection is fundamentally flawed.

The (considerably) safer approach - one easier to certificate/validate/police - would be to say everything is forbidden except for upon for ; you would then allow vendors to appeal for exceptions under review.

It makes a few passes at pretending that this is what it's doing, but with subjective holes (green) that you can drive a truck through:

...

What we have here is a rehash of quite a lot of reasonable physical/operational security, business continuity & personnel security management thinking -- with digital stuff almost entirely punted.

It's better than #PAS1296 , but it's still not fit for purpose.

Read the full thread

 

 

Is it safe?...

Does the BBFC AV kite mark mean that at age verification service is safe?


Link Here 22nd April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
The BBFC has published a detailed standard for age verifiers to get tested against to obtain a green AV kite mark aiming to convince users that their identity data and porn browsing history is safe.

I have read through the document and conclude that it is indeed a rigorous standard that I guess will be pretty tough for companies to obtain. I would say it would be almost impossible for a small or even medium size website to achieve the standard and more or less means that using an age verification service is mandatory.

The standard has lots of good stuff about physical security of data and vetting of staff access to the data.

Age verifier AVSecure commented:

We received the final documents and terms for the BBFC certification scheme for age verification providers last Friday. This has had significant input from various Government bodies including DCMS (Dept for Culture, Media & Sport), NCC Group plc (expert security and audit firm), GCHQ (UK Intelligence & Security Agency) ICO (Information Commissioner's Office) and of course the BBFC (the regulator).

The scheme appears to have very strict rules.

It is a multi-disciplined scheme which includes penetration testing, full and detailed audits, operational procedures over and above GDPR and the DPA 2018 (Data Protection Act). There are onerous reporting obligations with inspection rights attached. It is also a very costly scheme when compared to other quality standard schemes, again perhaps designed to deter the faint of heart or shallow of pocket.

Consumers will likely be advised against using any systems or methods where the prominent green AV accreditation kitemark symbol is not displayed.

 

But will the age verifier be logging your ID data and browsing history?

And the answer is very hard to pin down from the document. At first read it suggests that minimal data will be retained, but a more sceptical read, connecting a few paragraphs together suggests that the verifier will be required to keep extensive records about the users porn activity.

Maybe this is a reflection of a recent change of heart. Comments from AVSecure suggested that the BBFC/Government originally mandated a log of user activity but recently decided that keeping a log or not is down to the age verifier.

As an example of the rather evasive requirements:

8.5.9 Physical Location

Personal data relating to the physical location of a user shall not be collected as part of the age-verification process unless required for fraud prevention and detection. Personal data relating to the physical location of a user shall only be retained for as long as required for fraud prevention and detection.

Here it sounds like keeping tabs on location is optional, but another paragraph suggest otherwise: 

8.4.14 Fraud Prevention and Detection

Real-time intelligent monitoring and fraud prevention and detection systems shall be used for age-verification checks completed by the age-verification provider.

Now it seems that the fraud prevention is mandatory, and so a location record is mandatory after all.

Also the use off the phrase only be retained for as long as required for fraud prevention and detection. seems a little misleading too, as in reality fraud prevention will be required for as long as the customer keeps on using it. This may as well be forever.

There are other statements that sound good at first read, but don't really offer anything substantial:

8.5.6 Data Minimisation

Only the minimum amount of personal data required to verify a user's age shall be collected.

But if the minimum is to provide name and address + eg a drivers licence number or a credit card number then the minimum is actually pretty much all of it. In fact there are only the porn pass methods that offer any scope for 'truely minimal' data collection. Perhaps the minimal data also applies to the verified mobile phone method as although the phone company probably knows your identity, then maybe they won't need to pass it on to the age verifier.

 

What does the porn site get to know

The rare unequivocal and reassuring statement is

8.5.8 Sharing Results

Age-verification providers shall only share the result of an age-verification check (pass or fail) with the requesting website.

So it seems that identity details won't be passed to the websites themselves.

However the converse is not so clear:

8.5.6 Data Minimisation

Information about the requesting website that the user has visited shall not be collected against the user's activity.

Why add the phrase, against the user's activity. This is worded such that information about the requesting website could indeed be collected for another reason, fraud detection maybe.

Maybe the scope for an age verifier to maintain a complete log of porn viewing is limited more by the practical requirement for a website to record a successful age verification in a cookie such that the age verifier only gets to see one interaction with each website.

No doubt we shall soon find out whether the government wants a detailed log of porn viewed, as it  will be easy to spot if a website queries the age verifier for every film you watch.
 

Fraud Detection

And what about all this reference to fraud detection. Presumably the BBFC/Government is a little worried that passwords and accounts will be shared by enterprising kids. But on the other hand it may make life tricky for those using shared devices, or perhaps those who suddenly move from London to New York in an instant, when in fact this is totally normal for someone using a VPN on a PC.


Wrap up

The BBFC/Government have moved on a long way from the early days when the lawmakers created the law without any real protection for porn users and the BBFC first proposed that this could be rectified by asking porn companies to voluntarilyfollow 'best practice' in keeping people's data safe.

A definite improvement now, but I think I will stick to my VPN.

 

 

Updated: Community Spirit...

It's good to see the internet community pull together to work around censorship via age verification


Link Here 22nd April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
A TV channel, a porn producer, an age verifier and maybe even the government got together this week to put out a live test of age verification. The test was implemented on a specially created website featuring a single porn video.

The test required a well advertised website to provide enough traffic of viewers positively wanting to see the content. Channel 4 obliged with  its series Mums Make Porn. The series followed a group of mums making a porn video that they felt would be more sex positive and less harmful to kids than the more typical porn offerings currently on offer.

The mums did a good job and produced a decent video with a more loving and respectful interplay than is the norm. The video however is still proper hardcore porn and there is no way it could be broadcast on Channel 4. So the film was made available, free of charge, on its own dedicated website complete with an age verification requirement.

The website was announced as a live test for AgeChecked software to see how age verification would pan out in practice. It featured the following options for age verification

  1. entering full credit card details + email
  2. entering driving licence number + name and address + email
  3. mobile phone number + email (the phone must have been verified as 18+ by the service provider and must must be ready to receive an SMS message containing login details)

Nothing has been published in detail about the aims of the test but presumably they were interested in the basic questions such as:

  • What proportion of potential viewers will be put off by the age verification?
  • What proportion of viewers would be stupid enough to enter their personal data?
  • Which options of identification would be preferred by viewers?

 

The official test 'results'

Alastair Graham, CEO of AgeChecked provided a few early answers inevitably claiming that:

The results of this first mainstream test of our software were hugely encouraging.

He went on to claim that customers are willing to participate in the process, but noted that verified phone number method emerged as by far the most popular method of verification. He said that this finding would be a key part of this process moving forward.

Reading between the lines perhaps he was saying that there wasn't much appetite for handing over detailed personal identification data as required by the other two methods.

I suspect that we will never get to hear more from AgeChecked especially about any reluctance of people to identify themselves as porn viewers.

 

The unofficial test results

Maybe they were also interested in other questions too:

  • Will people try and work around the age verification requirements?
  • if people find weaknesses in the age verification defences, will they pass on their discoveries to others?

Interestingly the age verification requirement was easily sidestepped by those with a modicum of knowledge about downloading videos from websites such as YouTube and PornHub. The age verification mechanism effectively only hid the start button from view. The actual video remained available for download, whether people age verified or not. All it took was a little examination of the page code to locate the video. There are several tools that allow this: video downloader addons, file downloaders or just using the browser's built in debugger to look at the page code.

Presumably the code for the page was knocked up quickly so this flaw could have been a simple oversight that is not likely to occur in properly constructed commercial websites. Or perhaps the vulnerability was deliberately included as part of the test to see if people would pick up on it.

However it did identify that there is a community of people willing to stress test age verification restrictions and see if work rounds can be found and shared.

I noted on Twitter that several people had posted about the ease of downloading the video and had suggested a number of tools or methods that enabled this.

There was also an interesting article posted on achieving age verification using an expired credit card. Maybe that is not so catastrophic as it still identifies a cardholder as over 18, even if cannot be used to make a payment. But of course it may open new possibilities for misuse of old data. Note that random numbers are unlikely to work because of security algorithms. Presumably age verification companies could strengthen the security by testing that a small transaction works, but this intuitively this would have significant cost implications. I guess that to achieve any level of take up, age verification needs to be cheap for both websites and viewers.

 

Community Spirit

It was very heartening to see how many people were helpfully contributing their thoughts about testing the age verification software.

Over the course of a couple of hours reading, I learnt an awful lot about how websites hide and protect video content, and what tools are available to see through the protection. I suspect that many others will soon be doing the same... and I also suspect that young minds will be far more adept than I at picking up such knowledge.

 

A final thought

I feel a bit sorry for small websites who sell content. It adds a whole new level complexity as a currently open preview area now needs to be locked away behind an age verification screen. Many potential customers will be put off by having to jump through hoops just to see the preview material. To then ask them to enter all their credit card details again to subscribe, may be a hurdle too far.

Update: The Guardian reports that age verification were easily circumvented

22nd April 2019. See article from theguardian.com

The Guardian reported that the credit card check used by AgeChecked could be easily fooled by generating a totally false credit card number. Note that a random number will not work as there is a well known sum check algorithm which invalidates a lot of random numbers. But anyone who knows or looks up the algorithm would be able to generate acceptable credit card numbers that would at least defeat AgeChecked.

Or they would have been had AgeChecked not now totally removed the credit card check option from its choice of options.

Still the damage was done when the widely distributed Guardian article has established doubts about the age verification process.

Of course the workaround is not exactly trivial and will stop younger kids from 'stumbling on porn' which seems to be the main fall back position of this entire sorry scheme.

 

 

Bad Research And Block Heads...

David Flint looks into flimsy porn evidence used to justify government censorship


Link Here 22nd April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust

 

 

Offsite Article: A government PR failure...


Link Here 22nd April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
John Carr, a leading supporter of the government's porn censorship regime, is a little exasperated by its negative reception in the media

See article from johnc1912.wordpress.com

 

 

Offsite Article: A good summary of where we are at...


Link Here 21st April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
Politics, privacy and porn: the challenges of age-verification technology. By Ray Allison

See article from computerweekly.com

 

 

Smart phones only for porn viewing?...

VPNCompare reports a significant increase in website visitors in response to upcoming porn censorship. Meanwhile age verifications options announced so far for major websites seem to be apps only


Link Here 20th April 2019
Full story: BBFC Internet Porn Censors...BBFC: Age Verification We Don't Trust
VPNCompare is reporting that internet users in Britain are responding to the upcoming porn censorship regime by investigating the option to get a VPN so as to workaround most age verification requirements without handing over dangerous identity details.

VPNCompare says that the number of UK visitors to its website has increased by 55% since the start date of the censorship scheme was announced. The website also sated that Google searches for VPNs had trippled. Website editor, Christopher Seward told the Independent:

We saw a 55 per cent increase in UK visitors alone compared to the same period the previous day. As the start date for the new regime draws closer, we can expect this number to rise even further and the number of VPN users in the UK is likely to go through the roof.

The UK Government has completely failed to consider the fact that VPNs can be easily used to get around blocks such as these.

Whilst the immediate assumption is that porn viewers will reach for a VPN to avoid handing over dangerous identity information, there may be another reason to take out a VPN, a lack of choice of appropriate options for age validation.

3 companies run the 6 biggest adult websites. Mindgeek owns Pornhub, RedTube and Youporn. Then there is Xhamster and finally Xvideos and xnxx are connected.

Now Mindgeek has announced that it will partner with Portes Card for age verification, which has options for identity verification, giving a age verified mobile phone number, or else buying  a voucher in a shop and showing age ID to the shop keeper (which is hopefully not copied or recorded).

Meanwhile Xhamster has announced that it is partnering with 1Account which accepts a verified mobile phone, credit card, debit card, or UK drivers licence. It does not seem to have an option for anonymous verification beyond a phone being age verified without having to show ID.

Perhaps most interestingly is that both of these age verifiers are smart phone based apps. Perhaps the only option for people without a phone is to get a VPN. I also spotted that most age verification providers that I have looked at seem to be only interested in UK cards, drivers licences or passports. I'd have thought there may be legal issues in not accepting EU equivalents. But foreigners may also be in the situation of not being able to age verify and so need a VPN.

And of course the very fact that is no age verification option common to the major porn website then it may just turn out to be an awful lot simpler just to get a VPN.

 

 

Offsite Article: User's Behaving Badly...


Link Here 20th April 2019
Full story: Online Harms White Paper...UK Government seeks to censor social media
An interesting look at the government's Online Harms white paper proposing extensive internet censorship for the UK

See article from cyberleagle.com

 

2013   2014   2015   2016   2017   2018   2019   Latest  

melonfarmers icon
 

Top

Home

Index

Links

Email
 

UK

World

Media

Info

US
 

FilmCuts

Nutters

Liberty

Advertise
 


Cutting Edge

Shopping

Sex News

Sex+Shopping

UK Internet
 



UK News

UK TV News

UK Censor List

UK Campaigns

BBC Watch

Ofcom Watch

ASA Watch
 

IWF Watch

Extreme Porn News

Government Watch

Parliament Watch

Customs Watch

UK Press Censor Watch

UK Games Censor Watch
 


Adult DVD+VoD

Online Shop Reviews
 

Online Shops

New  & Offers
 
Sex Machines
Fucking Machines
Adult DVD Empire
Adult DVD Empire
Simply Adult
30,000+ items in stock
Low prices on DVDs and sex toys
Simply Adult
Hot Movies
Hot Movies