Comment

Comment on UK households could face VPN 'ban' after use skyrockets following Online Safety Bill

Actually it can be done and is being done. Software like Fortigate Firewall can do deep packet inspection on encrypted connections by replacing certs with their own and doing man in the middle inspection. It requires the browser has a root cert that trusts the certs issued but the proxy but that’s about it.

And if Fortigate can do it then any filtering software can too. e.g. a kid uses their filtered device to go to reddit.com, the filter software substitutes reddit’s cert for their own and proxies the connection. Then it looks at the paths to see if the kid is visiting an innocuous group or an 18+ group. So basic filtering rules could be:

If domain is entirely blocked, just block it.
If domain hosts mixed content, deep packet inspection & block if necessary
If domain is innocuous allow it through

This is eminently possible for an ISP to implement and do so in a way that it ONLY happens when a user opts into it on a registered device while leaving everything open if they did not opt into it.

And like I said this is an ISP problem to figure out. The government could have set the rules and walked away. And as a solution it would be far more simple that requiring every website to implement age verification.

source

Sort:hotnew top

SpaceCadet@feddit.nl ⁨4⁩ ⁨days⁩ ago
I know how it works, so spare me the explanation. It’s not that as easy as you make it out to be. OS and browser companies are actively fighthing “rogue” root CAs and making it harder and harder to use custom CAs, especially on mobile devices.

And for good reason, because by accepting a rogue root CA you’re basically undermining the whole trust system that SSL is based on and surrendering all your online privacy and security to the government and your ISP. Whoever has control over that custom root CA has the keys to your online life.

Rolling such a system out countrywide is utter madness.

source
- arc99@lemmy.world ⁨4⁩ ⁨days⁩ ago
  You obviously didn’t know how it works if I had to explain it was already possible.
  
  And it isn’t “madness”, it’s a completely workable way to offer filtering for people who want it for kids and have no censorship otherwise. It is a vastly better option than oneroulsy demanding adults provide their identity to random and potentially adult themed websites where they could be victims of identity theft or extortion
  
  source
  - SpaceCadet@feddit.nl ⁨4⁩ ⁨days⁩ ago
    
    You obviously didn’t know how it works if I had to explain it was already possible.
    
    If you read my comment properly, you’ll see that I wrote: “I know TLS termination and interception and recertifying with custom certificates is a thing”
    
    And it isn’t “madness"
    
    Yes it is. TLS interception should never be normalized because it breaks the chain of trust upon which TLS is based. It can be useful in some situations, like the fortigate firewall where you control the certificate, but ISPs nor the government should be trusted to wield this power over virtually the whole country. It is a very slippery slope.
    
    I am not aware of any mobile device that prevents you installing a new root CA.
    
    On Android, apps can’t install their own root CA. The user has to manually download it, then jump through a bunch of hoops and deeply nested menus to install it and in the process ignore all the scary warnings that they’re communication may be intercepted if they install and trust this certificate, and (at least on Pixel phones) they get a permanent warning in their notification tray that someone may be eavesdropping on them. Which is correct.
    
    It is a vastly better option than onerously demanding adults provide their identity to random and potentially adult themed websites where they could be victims of identity theft or extortion
    
    I’m strongly against age gates myself, but you’re objecting for the wrong reasons. You’re not providing your identity to the adult website. You’re providing it to the third party identity verifier, who then certifies to the adult website that you are an adult without passing on your actual identity. Keep this in mind when you’re arguing against it, because pro-age-gater puritans can use it to undermine your argument.
    
    I object to it first and foremost on principle. I shouldn’t have to request permission from a third party or the government to do perfectly normal legal adult things in the privacy of my own home.
    
    Secondly, there is still a privacy problem at the “identity verifier”. They may swear up and down that they do not store my identity data, but there is no way to prove that one way or another so I cannot trust that my data can’t be leaked through them.
    
    Thirdly, when viewing adult content, I don’t want there to be any association between my real identity and the adult content whatsoever, even through a third party, and I don’t want there to be anything that uniquely identifies me.
    
    Finally, I object to the (re)demonization of all things sexual in our societies. We seem to be backsliding into puritanism under the guise of protecting the children, while we’re doing nothing to protect them from real actually harmful online things that are damaging the younger generations beyond repair.
    
    I have a Gen Z stepson, and all the ways in which he is fucked up by the online world (no attention span, permanent online-ness, no real world friends, always seeking instant gratification, unrealistic expectations about life, an overly materialistic worldview, plenty of manosphere bullshit, … ) have precious little do do with viewing porn.
    
    source