How to bypass web content filtering programs.
January 20, 2001 4:58 AM   Subscribe

How to bypass web content filtering programs. It's easy, it works, and all you have to have is a Hex calculator. Strike a blow for freedom!
posted by Steven Den Beste (16 comments total)
Just so ya'll know. The calculator that comes with most versions of windows (start,run,"calc") can do hex/oct/dec conversions if you choose scientific mode. Some ISP can't understand the decimal notation, too.
posted by holloway at 6:02 AM on January 20, 2001

"Sick and tired of a nannying piece of filtering software preventing access to your favourites sites?"

No, actually this isn't a problem for me. I assume it's only a problem for kids who want to find porn sites.

I'm also not understanding how this is a blow for freedom.

I know that this software blocks lots of things that it shouldn't, but since you have to know the IP of the site to make this work I don't see how this helps anyone in terms of freedom.
posted by y6y6y6 at 7:06 AM on January 20, 2001

Filtering software only controls HTTP access. It doesn't block anything else, and it certainly doesn't prevent you from doing a DNS search on a name to get its IP.

The problem is indeed that a lot of filtering packages trap a whole lot more than they really ought to. In particular, they quite commonly block politically-oriented sites which express radical points of view not approved by "family values" (feh), such as the National Organization for Women. PeaceFire has been one of the leading web sites protesting this kind of thing. One of the things they've been doing is getting the different packages and trying all sorts of sites with them to see what gets blocked. In other cases they've worked out the encryption used on the datafiles and have decrypted them to get a complete list. They also provide programs which permit someone to remove or deactivate a blocking program. As a result, every blocking package blocks PeaceFire's site even though there's nothing there which is pornographic or violent.

They keep a Blocked Site of the Day page. It's worth looking at a few times.

The companies building the filtering packages claim that they don't add a site to their list until some human looks at it, or at least they used to claim that. (Cyber Patrol still makes that claim.) But the job's too big for that and they never really have exercised the kind of care. Sometimes they block an entire web hosting service, not just individual sites. The current version of CYBERsitter not only has a list of sites it blocks, but it looks at each HTTP document it loads for a list of keyphrases and if it finds any of them it won't let the page load. This results in curious effects, such as blocking a report at Amnesty International because it contains the phrase "least 21". I think if you go look at some examples of sites it blocks, you'll be a bit less complacent about it. All the others are similarly bad in certain regards.

A law has been passed requiring all computers owned by schools and libraries which get federal funds to use filtering software. The American Library Association, not exactly what you'd call a hotbed of radicalism, is challenging it in court.

One of the problems with that law, and probably the reason it will be struck down, is that the filtering software will be running at all times, even when the computer is being used by an adult. The courts have clearly stated, again and again, that if any law is passed to "protect children" also prevents adults from accessing constitutionally protected speech, then it is a violation of the First Amendment. That's how the critical portions of the Communications Decency Act were struck down by a three judge circuit court panel. Their decision was upheld by the Supreme Court on a 7-2 decison.

First Amendment freedoms vary depending on the medium involved. On the continuum, at one extreme is television, where the government has quite extensive rights to block material, and at the other end are newspapers and magazines, where the government's rights are very limited. In arguments before the circuit court, the Feds tried to claim that the Internet should be limited at the same level as television. The court didn't; on the contrary, they placed web and net access at a completely new point on the continuum which is actually even further on the "towards freedom" end than newspapers, establishing a new end point. That's now law.

Federally mandating use of filtering programs in public-access computers in many locations violates that, which is why the ALA is probably going to win its suit. In the meantime, however, that law is in force and you will be affected by it if you try to use a computer at any library (since they pretty much all receive federal funds).
posted by Steven Den Beste at 9:02 AM on January 20, 2001

The thing that annoys me is the fact that the hex calculator listed in the original post is a 24 kB download! It's true that hex conversions are easily done with the Windows calculator, but an equally robust calculator could easily be put together with JavaScript and HTML and still be a valid entry in the 5k contest.
posted by Eamon at 9:32 AM on January 20, 2001

That's because the browser supplies the interface and the math engine. Build those into an application and it's easy to add a few K. These days, 24K seems pretty stripped down.
posted by rodii at 9:37 AM on January 20, 2001

About a year ago I did some javascript for this very purpose. You can find it at: my page.
posted by sonofsamiam at 10:12 AM on January 20, 2001

A calculator? Just to do a hex conversion? Kids these days.
posted by kindall at 10:28 AM on January 20, 2001

Huh, too bad The Register didn't even bother to check their example. If you try the decimal-ip link they give you to their own site, you get a page with nothing more than a 0-second meta-refresh to ... - hm, what was the point, again?...

If you give it any url but "/", though, it will serve you the correct page... they don't mention that in the article, of course.
posted by whatnotever at 10:31 AM on January 20, 2001

This trick does not work in any Mac browser. Which browsers does it work in? I'm assuming IE 5+ for Windows is understood... Anything else?
posted by sudama at 12:08 PM on January 20, 2001

This article (via GeekPress) gives a lot more details about it, including the extent to which different browsers support some of the odd-ball ways addresses can be represented.
posted by Steven Den Beste at 1:40 PM on January 20, 2001

I don't know, kindall, with these 32-bit processors, I have yet to successfully convert 8 hex digits to decimal form in my head. Believe me, as a Comp. E. major, I've had plenty of opportunities to try.
posted by Eamon at 2:55 PM on January 20, 2001

Yeah, admittedly, I'd probably need the calculator for step two. But there's no excuse for any self-respecting geek not to be able to do the first part in their head.
posted by kindall at 4:56 PM on January 20, 2001

What? You mean these filtering programs are just keyed on the *name* of the server? And all this time I thought they'd actually been doing something at least moderately clever...
posted by Mars Saxman at 9:18 PM on January 20, 2001

Great! Now that the Secret to True Freedom has been discovered, the filtering software makers will have no problem thwarting it by running a simple check on the hex-encoded IP address!

Revolutionary, my ass. It's only revolutionary until they (the censors) wise up to it.

And 24 kb is ridiculous for a hex converter. I imagine that with a tight assembly language program, you could get it under 3 kb. But that's another issue.
posted by Succa at 12:05 PM on January 21, 2001

Yeah, this stuff never worked for me. Don't know why, but I guess it's the proxy. As far as it getting past URL-filtering, get with the program. I've been using Safeweb for ages, and it works a dream. Everything including the URL is encrypted so logs won't show the page you were on. (Let's face it, if you're at work, http://12345678/hotbananaaction/ is still going to look embarrassing).
posted by flimjam at 6:53 AM on January 22, 2001

On the topic of inappropriate filtering...

I heard once, I think from a talk by Bruce Sterling at the CFP conference in Austin in 1998, that at the J. Henry Faulk library in Austin, they use filtering software that prevents you from searching for (or getting results of or visiting sites returned from the search) "J. Henry Faulk". The guy the library's named for, in other words.

Ironic, eh.
posted by beth at 3:02 PM on January 25, 2001

« Older   |   Newer »

This thread has been archived and is closed to new comments