@arc99 @SpaceCadet thats basically allowing the Government to force ISP to build a solution which is able to sensor every content. Sorry there is alot of reasons why you should be against it.
Comment on UK households could face VPN 'ban' after use skyrockets following Online Safety Bill
arc99@lemmy.world 5 days agoThat’s a problem is for ISPs and content providers to figure out. I don’t see why the government has to care other than laying out the ground rules - you must offer and implement a parental filter for people who want it for free as part of your service. If ISPs have to do deep packet inspection and proxy certs for protected devices / accounts then that’s what they’ll have to do.
As far as the government is concerned it’s not their problem. They’ve said what should happen and providing the choice without being assholes to people over 18 who are exercising their rights to use the internet as they see fit.
glog78@digitalcourage.social 5 days ago
arc99@lemmy.world 4 days ago
Deep packet inspection already happens on encrypted traffic (Fortigate Firewall) so it’s eminently possible for filtering software to do the same.
glog78@digitalcourage.social 4 days ago
@arc99 please inform yourself about end to end encryption and decryption.
All i say is you haven't understand what is happening on this firewall and what this firewall can do and what i can't do.arc99@lemmy.world 4 days ago
I’m intimately aware about what it can and cannot do. And it can intercept and man in the middles any https traffic
SpaceCadet@feddit.nl 4 days ago
No, there are very good technical reasons why this approach can’t work.
There is no deep packet inspection on properly encrypted TLS connections. I know TLS termination and interception and recertifying with custom certificates is a thing, but even if it were feasible to implement this on millions of client computers that you don’t own, it is an absolutely god awful idea for a million reasons and much worse for privacy and security than the age-gate problem you’re trying to work around.
arc99@lemmy.world 4 days ago
Actually it can be done and is being done. Software like Fortigate Firewall can do deep packet inspection on encrypted connections by replacing certs with their own and doing man in the middle inspection. It requires the browser has a root cert that trusts the certs issued but the proxy but that’s about it.
And if Fortigate can do it then any filtering software can too. e.g. a kid uses their filtered device to go to reddit.com, the filter software substitutes reddit’s cert for their own and proxies the connection. Then it looks at the paths to see if the kid is visiting an innocuous group or an 18+ group. So basic filtering rules could be:
This is eminently possible for an ISP to implement and do so in a way that it ONLY happens when a user opts into it on a registered device while leaving everything open if they did not opt into it.
And like I said this is an ISP problem to figure out. The government could have set the rules and walked away. And as a solution it would be far more simple that requiring every website to implement age verification.
SpaceCadet@feddit.nl 4 days ago
I know how it works, so spare me the explanation. It’s not that as easy as you make it out to be. OS and browser companies are actively fighthing “rogue” root CAs and making it harder and harder to use custom CAs, especially on mobile devices.
And for good reason, because by accepting a rogue root CA you’re basically undermining the whole trust system that SSL is based on and surrendering all your online privacy and security to the government and your ISP. Whoever has control over that custom root CA has the keys to your online life.
Rolling such a system out countrywide is utter madness.
arc99@lemmy.world 4 days ago
You obviously didn’t know how it works if I had to explain it was already possible.
And it isn’t “madness”, it’s a completely workable way to offer filtering for people who want it for kids and have no censorship otherwise. It is a vastly better option than oneroulsy demanding adults provide their identity to random and potentially adult themed websites where they could be victims of identity theft or extortion