|
Description of filter system Von Alvar Freude, Dragan Espenschied; Translation by Trixy Gawe, 03.04. 2001, 07:36:20 |
||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
[1] See also »standardisation of censorship« (german) |
In order to prove that the Internet ist not »naturally« a free media, but one in which hierarchys and power structures can be pictured and created,[1] we notelessly manipulated the network at our academy, the Merz Akademie. At the same time we wanted to verify if the fear of Filter-Systems actually is justifiable, how fast the manipulation is detected and with how much effort filtering would be feasible. | |||||||||||||||||||||||||||||||||||
With a self-developed filter Software it was possible for us to record almost any websites visited by students, and to change all web topics at will.
1. The filter software Exacting specification of functioning and facilities of our software 2. Changing of network architecture How we were able to route all web access through our software, unnoticed 3. Manipulations and reactions Temporary drain of the experiment, exacting specification of the conducted manipulations and students reactions on it. 4. Collected e-mails Three mails concerning the experiments uncovering (german) Our speculation that the manipulation would hardly be noticed and accepted uncritically has mostly been validated. Universally tolerated unawareness does not support the ability of criticism, but the acceptance of sanctions from »above«. More about this in »Filter/Zensur/Kontrolle«. |
||||||||||||||||||||||||||||||||||||
The Proxy |
||||||||||||||||||||||||||||||||||||
[2] Exacting explanation about Proxy: »What is a proxy server?« [3] How we did that you can read in »Changing the network structures« |
Our filter-software is based on a proxy server[2] with which we rerouted all web access unnoticed.[3] As our basis we used Apache Webserver, and modulated it over the optional integrated interface mod_perl about the programming language Perl to our needs.
For administration we provided our system with a web surface. It was our aim to posess a host system, reachable from every computer, that should possibly shut out maloperations by ourselfs and from where we would be able to realize any needed procedures. |
|||||||||||||||||||||||||||||||||||
The monitoring tool |
||||||||||||||||||||||||||||||||||||
[4] For experts: the IP-adresses of the user and contents of post-requests are not saved in our summary-database, the content of POST-requests is not recorded anywhere [5] Whereas the official proxy server of Merz Academy is trying to find out the users identity using the Ident-protocol and saves it with every invoiced document, this is very critical concerning data protection. The network administrators didn't answer our request for information about this subject. |
To reach the aim manipulating the websites invoked by students of our academy we primarily had to find out, which websites are popular at all. For this purpose the proxy records all web inquiries and enters it in a data base. We attach importance to not collecting personal data.[4][5]
|
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
Different kinds of filtering |
||||||||||||||||||||||||||||||||||||
[6] The URL-adress of a document is, in addition to (hardly to see through) digital signatures, the only real proof for its authenticity and is used as an authenticity certificate in the domain of art (Olia Lialina: »Location = Yes« at teleportacia); the control over the URL is the most remunerative starting point for falsifications in the web. [7] We took the Blast-Engine from our project Assoziations-Blaster [8] Introduction to HTML: »Selfhtml« by Stefan Münz |
The great difference between the invoiced sites was getting to us at first, but soon trends arose for web based freemail services, search engines, design sites, students' own projects and download sites.
We evolved six different filter techniques, as flexible as possible and kept generally, to reach every wanted effect through a combination of those:
|
|||||||||||||||||||||||||||||||||||
Conditions can be assigned to any filter concerning its termination, e.g. in subjection to the called up domain or file or any other suppositions like version of the Browser, daytime etc. ... | ||||||||||||||||||||||||||||||||||||
Center of filtering |
||||||||||||||||||||||||||||||||||||
For fast and easy administration we divided the surface into three levels:
|
||||||||||||||||||||||||||||||||||||
Protocol of manipulated sites and user entries |
||||||||||||||||||||||||||||||||||||
Naturally we had to be able to verify if the manipulations created by us would make an impact:
|
||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
Relationship of effort / resulting |
||||||||||||||||||||||||||||||||||||
[9] our proxy was running on a rather small PentiumII with 350 MHZ and 320 MB central memory, together with the highly frequented Assoziations-Blaster and other projects [10] For example: SmartFilter by Secure Computing and their Whitepaper »Education, the Internet, and SmartFilter: A Balanced Approach of Awareness, Policy, and Security« [11] For example see Stefan Krempl: »The big filter offensive« in Telepolis (September 1999) [12] See Michael Zielenziger: »In Philippines, Net is divine« in Mercury News (Dezember 2000) |
Although our tools don't offer everything you can think of concerning effectivity and comfort we have created the vital elements of a variable monitoring- and manipulating-system:
Networks in the size of a school are, in the United States, a market for filter systems[10], it is thought to do forced filtering at schoold in germany too.[11] The catholic church is using a forced proxy on the Philippines already.[12] *Our system even goes beyond the simple blocking of adresses, as it is practised until now. Through the manipulation of existing contents and adresses the illusion of a free net is still remaining. See also Progression of the experiment.* |
|||||||||||||||||||||||||||||||||||
Creation of a new netjoint |
||||||||||||||||||||||||||||||||||||
To win effective control over the data-traffic of the web, a central junction in the in-house network had to be occupied. (About the experiments background: »The Experiment«, »insert_coin«) | ||||||||||||||||||||||||||||||||||||
The processor used for connecting the seperate workstation computers with the internet is the Firewall. However, this is under absolutely administration of the technical assistants. So we had to reroute the information flow in a way that the students server would switch itself between the Firewall and the workstation computers. | ||||||||||||||||||||||||||||||||||||
Changing of Netscapes preferences half-automatically |
||||||||||||||||||||||||||||||||||||
The workstation computers are, with few exceptions, Macintosh-systems. The operating system, in the used version, does not provide reasonable safety against manipulation, e.g. like explicit rights to write for several users. The used system program MacAdmin doesn't allow to defend the parts of the systems-preferences we needed against changing without making work at such a computer impossible. The few left pc systems (with the expection of our workstation) use Windows 98 for operating system which also doesn't provide any safety against manipulation. | ||||||||||||||||||||||||||||||||||||
Most students use Netscape Communicator or Navigator as Browser. Indeed this offers independent adjustments for several users, but they are locally safed on the computers and therefore are freely accessible. There is the possibility to safe the users profile manually, in the private »Home«-index on the fileserver, and to provide it against general access. But this possibility is not used, for it is complicated, and the students hardly make personal adjustments. | ||||||||||||||||||||||||||||||||||||
Netscape safes its preferences on the Macintosh in Systemfolder:Preferences:Netscape Users:, in the folders, named clearly after the single users, there is a file »Netscape Preferences«. Under Windows 98, Netscape puts this identical built file in the folder »Users« in the family index of the program. They are easily found by automatic searchfunctions. | ||||||||||||||||||||||||||||||||||||
The wanted configuration files from Netscape are in ASCII-format. Therefore it was easily possible to write a programm named »Profile-Blaster« for automatic manipulation of the Browser preferences. We started this program out of our network indexes on every computer, and immediately the preferences of every local Netscape user were changed in a way that every web-access was routed over our server. User profiles, that were supervened or changed by time, didn't make big administration effort for we had the Profile-Blaster. | ||||||||||||||||||||||||||||||||||||
When there was Internet Explorer installed on a computer at the same time, we had to re-adjust the preferences of the Browsers manually. | ||||||||||||||||||||||||||||||||||||
[13] Exacting explanation on proxy: »Things worth knowing about Proxy Caches« by Jens Elkner [14] The academy's proxy on the firewall indeed sometimes hat massive perfomance problems, seemingly the amount of data was too much and acess times became anguishing slow. While our self developed filter was able to analyse and manipulate every data packet even on a quite slow Hardware, the mere split-lot transfer of data was too much for the officiell proxy, so we switched it off interim. |
The Browsers were configurated in a way that they used the students server as proxy. Among other things, the task of a proxy is latching data requested from the Internet in the in-home network, so that they are faster available on a new fetch. [13] For perfomance reasons we leave this task to the academy's firewall. The student server receives the requests of the workstation processors, requests the wanted data from the firewall and manipulates it before it is send to the workstation computers. [14]
In the Browsers preferences we stated the internal IP-Number of the student server as proxy adress, not its name student.merz-akademie.de or the short variant »student«. The IP-Number (192.168.1.37) differs only in two numerals from the IP-Number of the Firewall (192.168.1.1) and therefore is hardly to detect. |
|||||||||||||||||||||||||||||||||||
A new level of hierarchy |
||||||||||||||||||||||||||||||||||||
[15] subtle hackers would laugh away |
Within an already existing net it was now possible to insert a new level of hierarchy. If the cabling of the single computers, as seen from the central computer, was organized in traces or starlike (the network was reconverted respictevely at the start of term), didn't matter. That the computer we used normally is used as a (Web-)server also was no precondition. Any desired computer, associated to the home network, would have been able to fulfill this task with adequate software.
This manipulation is one example, and even a very simple[15], how hierarchies in the net can be changed. With other means, e.g. the integration of a filter software in the Router, the compulsory use of special proxys or the manipulation of news- or E-mail-services one can create, with more effort, even far reaching hierarchies. |
|||||||||||||||||||||||||||||||||||
The interesting question is: who has the possibility and the interest to make such manipulations? Although quite extensive technical knowledge is needed for a manipulation and also for its avoidance, automatically a dependence of persons or institutions origins, who do the technical work. Several interests, embodied in efforts for filters we specify in the chapter »Filter/Zensur/Kontrolle«.
Onwards to the specification of with the filter proxy realized manipulations |
||||||||||||||||||||||||||||||||||||
The Academy's situation |
||||||||||||||||||||||||||||||||||||
The Merz Akademie is a private, national accepted academy for design in Stuttgart. From the Programmatics: | ||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
There are about 240 students at the Academy, approx. 150 turn up daily. The seminar rooms are equipped with computers and net-access, how many students use the web regularly we can only guess. Every day there were 100 to 300 MB data going through our proxy, at peak periods it was up to 2 GB. | ||||||||||||||||||||||||||||||||||||
The experiments progression |
||||||||||||||||||||||||||||||||||||
[16] specification see chapter »Software« [17] How we manipulated the network you can read in chapter »Changing the network structure« |
From the release of the diploma on 16. July 2000 until the first working version of our monitoring tool[16] on 10. September passed almost two months.[17] On the basis of the urls which were retrieved mostly we decided the further manipulations. Web-based freemail services, search engines, design sites, students' own projects and download sites were most popular. | |||||||||||||||||||||||||||||||||||
The filter was completely ready for action in November, at first with only few changings, by time we changed more and more websites. The sumptuary manipulation of search engines and therewith the last filter was completed not until 27. November 2000.
In the afternoon of 4. Dezember our server failed completely because of a defective storage module, involving the impossibility of www-acesses on almost any computer of the academy. Although we hurried to set up an alternative proxy on a NT-workstation, the network-technicians nabbed us on 6. December 2000. Prof. Olia Lialina enlightened the technical assistance about the project, nevertheless the provost of the media workshop wrote an E-Mail to the whole Academy in which he indicated that we had been able to record personal data of the students. On 8. December we wrote anadjustment. For the general interest about technical stuff doesn't seem to be very distinct under the students the filter was deactivated only sporadic and is running on many computers until today. Althoug we published a Guidance for deactivating. |
||||||||||||||||||||||||||||||||||||
Reactions of students |
||||||||||||||||||||||||||||||||||||
The described reactions on the manipulations are not represantative or levied after scientific criteria. We didn't realize a survey of all students. Any resultings come from private talks with about 20 students which either came to us because they heard of the manipulations, or who we talked to. Therefore the descriptions of the reactions are anecdotal and don't lay claim to be plain. Names of students were not termed. | ||||||||||||||||||||||||||||||||||||
Reactions processed different from our speculation. At first we were very cautios and made rare manipulations or those with a low probability. But we soon noticed that we could pull out all the stops without anyone suspecting. | ||||||||||||||||||||||||||||||||||||
Filters for self-testing too |
||||||||||||||||||||||||||||||||||||
Following an unsubtle description of the used content filters. Who wishes to try for himself only needs to justify the respective proxy for HTTP (not HTTPS, FTP etc.) in the Browser preferences:
Proxy: proxy.odem.org Port: 7007 |
||||||||||||||||||||||||||||||||||||
Replacing of single words |
||||||||||||||||||||||||||||||||||||
[18] Olia Lialina is professor and the only person inducted |
Our filter is able to replace any desired number of words by others, therewith it is possible to change contents slightly or strong. If there are failures, the surfer would shift the blame on the carrier of the site, how could he know somebody else manipulates the data. We utilised this unassertive at first, but more often later. Rather early we replaced the names of Gerhard Schröder and Helmut Kohl, even if only the surname was termed. One student was taken aback and printed a page from Spiegel Online for his private collection of curios: he of course thought that Spiegel Online has made a mistake.
»Al Gore« became »Al 'Bundy'«. The words »and«, »or« and »but« were replaced with a certain possibility. The term »designer« became »Olia Lialina« with a possibility of 20 percent.[18] On Netscapes starting page a blinking textlink leading to a porno site accoured. Standard termes of the web like »download« or »free« were reversed. Names of politic charges like »President« or »Chairman« were changed to Nazi-ranks like »Obersturmbannführer«. (List with every changed word) |
|||||||||||||||||||||||||||||||||||
Although replacing single words seemed to be the least spectacular it was inducing quite many reactions. Those filters had the biggest scope of covering because they occur on any website, even in mails read via freemailing services linke GMX or Hotmail. Simple search/replace-actions can change the meaning of a text completely. With these manipulations we wanted to demonstrate that contents can be manipulated easily, unnoticed and area-wide. | ||||||||||||||||||||||||||||||||||||
The students remarked beeing concerned of manipulation soonest if it was their own homepage. A few days after publication of our activities two students wanted to know if the real existing data or only the display had been changed. One student wanted to apply for a practical with the works presented on his homepage and his only interest was that outside the Academy everything was as visible as he wanted it to be. He didn't care about the whole other webtraffic of the Academy, which was involved too. Other students picked up the guidance for deactivating the proxy. One student, who filed his homepage on a server outside the Academy had properly visions of the filtersystem and was interested in details. | ||||||||||||||||||||||||||||||||||||
Even one week after the enlightenment about the manipulation one student regarded Prof. Olia Lialina for beeing the sounddesigner of Star Wars, episode 1 to 3. One female student wanted Olia Lialina to help her contacting a photographer, because her name occured on his website. | ||||||||||||||||||||||||||||||||||||
Guest lecturers and net artists entropy8zuper were surprised about Netscape beeing in the need to advertise for sex offers, but soon they realized that the concerned link only occured on computers inside the Academy. Two other students remarked the sex links in Excite. | ||||||||||||||||||||||||||||||||||||
Finally we have to mention that even we were taken in by our own word manipulations. | ||||||||||||||||||||||||||||||||||||
Web-based Freemail-services |
||||||||||||||||||||||||||||||||||||
In the four most popular freemail services at the Academy (GMX, hotmail, mail.com und Yahoo!) we inserted the »Global Penpals Association« ein: in a highly visible box, suited to the services in color and layout, a »penpal« with photo and a short description is presented. By a button you can send this person a message from the freemailer. Also in the button is a pointer, that this person has been chosen »for you because of your private preferences and your surfing behaviour«. We invented seven different persons with e-mail-adresses at different freemail services, who were displayed incidental and that repeated rather fast. We also offered a simple possibilty for feedback via a form, supposed to reach the initiators of the Global Penpals Association. | ||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
We wanted to test if somebody was suspecting from where the freemailers would know the surfing usages or why they supposedly seemed to be connected and have transposed the private preferences, which supposedly never will be transposed. | ||||||||||||||||||||||||||||||||||||
[19] see Richard M. Smith: »The RealJukeBox monitoring system«, Oktober 1999; and Florian Rötzer in Telepolis: The penitent sinners want to become saints in Privacy, 9. November 1999 |
Two students said they generally wouldn't believe any promises in the web and would always enter false data, so they wouldn't care. But indeed they realized the danger of less warily people beeing defraud of their data. We constructed the situation according to the case in which the Real-Player and the Real-Jukebox transferred information about passed movies and music underhand to RealNetworks. RealNetworks, which for a long time offered with Realplayer, RealAudio and RealVideo the only really working solution for Streaming Media, recorded which Video and Audio stremas the visitors looked at and transferred this data back to their own server.[19] No mailer thought of changing to an other product because such a handling of data security just like when it was about RealNetworks. | |||||||||||||||||||||||||||||||||||
One student wrote e-mails to two of our invented characters and asked questions how they had come into this supposedly penpal program and if it would only be an sales promision. The same student said to us that he was interested to know how they had learned about his surfing usages. | ||||||||||||||||||||||||||||||||||||
The Global Penpals Association was under discussion in a small group of students, in the face of GMX beeing involved in such a stupid campaign. | ||||||||||||||||||||||||||||||||||||
The »official« possibility for feedback was only used once. One female student was expressing herself positively about the service, but she only wanted to pull our leg. | ||||||||||||||||||||||||||||||||||||
Blockwart-Service: Never before it was so easy to denounce |
||||||||||||||||||||||||||||||||||||
[20] This link shows an adress visible even without the filter. With the filter activated it is available under http://netzgegenrechts.yahoo.de/ |
The campaing »Net against violance« by the CDU was still on our minds, when we manipulated search engines used mostly (Altavista, Google, Lycos and Yahoo) in a way that every found site contained a form by »netzgegenrechts.yahoo.de« with which you were able to report anonymous to the carrier of the search engine if the site is pornographic, rassistic, blasphemous, maring for business, infringing a copyright or displeasing. There was also a possibility for feedback via a form or the email-adress. We also have pennedbad statements[20], in which you can read about »No dirt in the Internet« and »Moral courage«. | |||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
Most of the students we asked didn't notice the frame with the many logos of search engines at all. For two students it was hard to allocate if it would come from the search engines or from a plugin by Netscape. A website containing underwater photography was reported as »sodomy«. One student said the only thing that interested him about the frame was how to get it away. One female student said she was used to rubbish in the Internet and hadn't worried much about this. An other student even said the service is reasonable because he wouldn't know what to do when seeing illegal contents, so the system would be helpful. But he never would have seen illegal contents before. | ||||||||||||||||||||||||||||||||||||
Commercial Break |
||||||||||||||||||||||||||||||||||||
Two percent of all web accesses were rerouted to a commercial advertise. This was supposedly made by InterAd.gov, a fictitious union of ICANN, Corenic, Internic, Network Solutions and the american ministry of economy. The statement was: For the US government runs every Core-server they have to be financed somehow. Every ad also requested the surfers to input how much US-Dollar they would spend for a certain product. Which product that is levelled by the ad, advertised were the US-Marines, the National Rifle Association, Novartis, Garth Brooks, a Burger-chain etc. Only when they entered a value the surfer arrived at the site they had been looking forward to. This is stated in the code of practice clearly. Without this input the Browser was struck on the advertisement-site, even the back button didn't work anymore. Even her feedback was possible. | ||||||||||||||||||||||||||||||||||||
[21] The URL of thise site with activated filter was http://www.interad.gov/ad.epl |
|
|||||||||||||||||||||||||||||||||||
[22] More in »The network is peripheral« |
We created this manipulation after the Vote-Auction-affair, in which the CoreNic by american behest has deactivated a registration for domain names of an austrian server.[22] For organisations with control over root-servers inevitablely work off a certain part of all requests for adresses, such an advertising campaign would technically be possible. | |||||||||||||||||||||||||||||||||||
Although the advertisements are interfering the surfing strongly, the normal way of acting by the students was closing the Browsers windows. Two students said they never would enter anything because they had made bad experiences with it. One student was complaining in the »official« feedback form about the advertisements and called attention to the technical assistance of Merz Academy. | ||||||||||||||||||||||||||||||||||||
Many students didn't know that the advertisements had nothing to do with a Browser PlugIn. The supposedly initiating organisations (ICANN, CoreNic, Internic and Network Solutions) and their tasks were unknown to the students. | ||||||||||||||||||||||||||||||||||||
Napster and Bertelsmann |
||||||||||||||||||||||||||||||||||||
We could change the program Napster because the Windows-Client for starting the program is depicting a site of the Napster Homepage via an imbedded Internet Explorer. From there we opened a window without frame over the whole monitor, in which you are requested by Bertelsmann to enter absurd private data for participating the Bertelsmann music network. Unfortunaetly this manipulation could work only on a computer which is running under Windows and used for Napster at the same time. | ||||||||||||||||||||||||||||||||||||
[23] The URL of this site is not visible with activated filter, because the displaying window fulfills the whole monitor |
|
|||||||||||||||||||||||||||||||||||
We wanted to see how credulously data is entered as long you get a »free« offer for it. | ||||||||||||||||||||||||||||||||||||
The key combination Alt+F4 for closing windows of all kind in Windows was known at 100 percent by the users of this computer, and nobody did enter even one letter. | ||||||||||||||||||||||||||||||||||||
Advertisement-Popups |
||||||||||||||||||||||||||||||||||||
Inserted on all sites of the official Academy server, therewith on the homepages of tutors and students too was a Javascript code which provokes an ugly popup window with the slogan »Merz Academy, Click Here for good Education!« | ||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
Nobody complained about those windows. The windows first occured in a presentation of weekly projects in the middle of term before all students, and they were closed in a reflex.
Where these kind of windows usually come from, e.g. at freespace providers like Tripod, people didn't know. |
||||||||||||||||||||||||||||||||||||
Apparent finish of the activities was no finish |
||||||||||||||||||||||||||||||||||||
The manipulation was unhided for the first time because for a defective storage our whole server failed and therefore no web acess was possible for about half a day. The responsible technicians noticed that computers were concerned that had adjusted our server as proxy. | ||||||||||||||||||||||||||||||||||||
So Prof. Olia Lialina enlightened the technical assistance and the administration about the project. One day later the provost of the technical workshop send an E-Mail to all tutors and students in which he indicated that we would have been able to record numbers of creditcards and passwords. There was no reaction to this and in the evening we sent a message to all tutors and students explaining that we are manipulating the whole web traffic (we hardly explained details to single filters), how our project is working and what aim it has. | ||||||||||||||||||||||||||||||||||||
We offered a link to a guidance-site, that describes how to switch off the proxy. But this was hardly invoiced. From our statistics we can tell that the proxy has not been switched off on most of the computers until three months later, the amount of data was almost the same as before. The experiment was simply running and running, until the network topology in the academy was changed. | ||||||||||||||||||||||||||||||||||||
Students whom we have talked to had hardly read our E-mail to all. Either it was too long, to complicated or not interesting at all, by the »Computer freaks«. One female student said that she is deleting any unexpected mails or mails by persons that she doesn't know. The mail by the provost of the workshop concerning possibly stolen passwords and numbers of creditcards was treated in the same way. | ||||||||||||||||||||||||||||||||||||
But you have to regard the rather familiar atmosphere at the Merz Academy. Having only about 240 students, you run into each other sooner or later in the week and none of the students really thought us to be able to steal numbers of creditcards or passwords. Students we asked weren't interested or said they would not »enter vital data into the Internet«. The manipulation of displayed sites seemed more important to them. | ||||||||||||||||||||||||||||||||||||
Transferability of the results |
||||||||||||||||||||||||||||||||||||
Again we want to point out that our experiment is not based upon on scientific statistics or a representative target group. The Merz Academy is too familiar for this and too small, and furthermore we don't lay claim to the results beeing universal. Still we allow ourselfes to suppose that a similar manipulation in an other institution, e.g. an university with more than thousand students, would also be unnoticed resp. it would accepted in the same way. Only the possibility for 1 of 20000 students complaining should naturally be bigger than it was under 240 students. | ||||||||||||||||||||||||||||||||||||
Our experiment has shown that the net is not »naturally« a free media that can't be controlled by anybody and in which censorship and control are not provided and therefore impossible. Two persons could monitor the data from over 200 persons and foist any desired stuff to them, with, by comparison to the effects, small effort. | ||||||||||||||||||||||||||||||||||||
We don't want to call our self developed software bad or unsuited, but it has the potential to be upgraded for a more effective monitoring and more comfortable manipulation. The technical possibility is existing and the fitting public with insufficient net experience is even found in media academies. | ||||||||||||||||||||||||||||||||||||
|