While it is the upcoming Australian federal elections that has prompted this post, it is not intended to be either political or parochial. I’ll be very surprised if everybody everywhere doesn’t find this interesting, enlightening and maybe even a little bit frightening.

This coming Saturday, August 21, 2010, Australians go to the polls to elect their Federal government for another three-year term. It’s basically a two horse race between the Labor Party and the Liberal/National Coalition, with a bunch of odd-bods thrown in to confuse the issue.

The incumbent Labor Party has committed to a A$43 billion fibre-based National Broadband Network (NBN) providing speeds of up to 100Mb per second. Additionally, there was a recent announcement by the NBN Corp that the same equipment and infrastructure will be capable of delivering 1Gbps.

The technological downside to Labor Party policies is their insistence on pursuing a ridiculous and unworkable compulsory Internet filtering scheme. However, I think we can deal with that in due course by constantly educating the general public in how to bypass it. Render it useless and our pigheaded, self-aggrandizing and clearly technologically challenged Communications Minister will be left with egg all over his face. He’s been warned repeatedly by every expert in the country, so he deserves it.

On the other side of the political divide we have the Coalition, unfortunately led by a complete Luddite. Prime Ministerial aspirant Tony Abbott, who has proudly proclaimed on national TV that he is “not a tech head”, has promised to cancel and dismantle the NBN. His solution is 12Mb (peak) delivered via a mish-mash of wire, cable, DSL, wireless, fibre — and maybe even string and tin cans for all he knows. In other words, more of the same old same old.

Speaking at a recent People’s Forum in Sydney, Abbott said:
“For me, broadband basically is about being able to send an email, receive an email”

And, for his daughters (he claims)
“it’s about downloading movies, songs, all that kind of thing”.

I would like to think his daughters are a bit smarter than dad, but with that intellect as a role model, who knows?

So the man who wants to lead this country on into the 21st century doesn’t understand the critical importance of quality, world-class Internet connectivity to commerce, health and education. And yes folks, this really is AUSTRALIA that I’m speaking from and about, not Afghanistan.

Anyway, back to my reason for this post…

If you have trouble visualizing the limitless potential that lies ahead, if you think the Internet is just about e-mail and downloading movies, this short five-minute video is a real eye-opener.

As I said in a another post recently (Dreaming the Future), “One way to free up your imagination to roam unrestricted is to compare the past with the present.”

And if you think that’s amazing, those facts and figures are already two years out of date. The video was posted in October 2008. If you found it interesting your friends probably will too, so send them over here for a look. Here is a convenient shortened link you can copy and send to someone else: http://budurl.com/CAOS1

Agree? Disagree? Got something to say? There’s a comment box below this post.

PR: wait… I: wait… L: wait… LD: wait… I: wait… wait… Rank: wait… Traffic: wait… Price: wait… C: wait…

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Is the Internet censorship filter proposed by the Australian government really about protecting children, or is it just a politically motivated waste of money and resources?

I keep seeing in various magazines and newspaper articles, letters to the editor and suchlike, people declaring themselves in favor of a government mandated Internet filter implemented at the ISP level.

Invariably their position is that the government’s line of “protecting children” can only be a good thing.

Rather than condemn these people for their belief we should be striving to educate them. They either have no knowledge of the situation and are simply taking protection at face value or, more likely, they are amongst the many who have been conned by the the lies, obfuscation and misdirection that have emanated in a steady stream from the office of the Federal Communications Minister.

Many thousands of gullible people have fallen for a carefully woven and very intentionally devised fabrication.

It is neither commonsense nor logical to introduce an extremely expensive scheme that simply cannot provide the protection that is claimed for it, yet that brings with it many negatives. Every technically aware person in this country knows that to be the case, and thousands of them, from top-flight IT professionals on down, and from both sides of the political divide, have done their best to convince a pigheaded communications Minister of this fact.

The well-publicized shortcomings of the proposed filter are far from speculation. The results of the recent tests conducted by ISPs under the government’s direction revealed a very different picture to that which the communications minister and his spin doctors have put forth.

Consider also that every single participant in those tests (the ISPs themselves) acknowledged that bypassing the filter will be relatively simple.

In the early days only a few technically able Internet users will know how to bypass the filter. But in a very short space of time these techniques, which are trivially simple to implement, will become common knowledge and widely used.

Further, the tests themselves were a complete sham, as they did not assess real-world conditions in relation to bandwidth and traffic volumes. The government deliberately mandated that the tests be conducted at speeds below those available right now, and significantly below those to be available under the proposed National Broadband Network.

It is abundantly clear that this filtering plan is much more about politics and control than about child protection, and that it actually introduces a new danger of its own.

Thanks to Sen Conroy’s lies, half-truths and unsustainable promises parents, carers, teachers and all manner of people who have responsibility for children will be lulled into a belief that their charges are protected, while in reality that will be far from the truth.

Sen Conroy has precious little support for his plan from any significant community group — not even from most child protection agencies and religious organizations (so often the unrepresentative vocal minority), and certainly not from the technical intelligentsia.

So before you speak out in favor of this ridiculous filter on the grounds of “child protection”, please educate yourself to the real facts. Follow the links below for more information. Conroy is doing his best to hide the truth and wants you to ignore those facts that he can’t hide. Never forget that this man is a politician first and foremost, and the only “truth” he is bound by is that which serves his agenda.

Oh, and one final thought: Who do you think are going to be the first to run a Google search for terms like “bypass Internet filter”?

It’ll be the kids of course, and they’ll find all the instruction they need. Checkmate, Stephen Conroy.

Related articles:

• Net giants query Australia filter
• Australia plans Chinese-style internet filtering
• All you need to know that the Australian Governments Censorship Plan is Bollocks (and more)
• Curiouser and curiouser: Aussie gov censors the censorship news
• Oz censorship debate censored on Comms minister’s website

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Yes, you can be spied on through your own webcam! Let this true story be a lesson in how otherwise fun and useful technology can be turned against you if you don’t stay constantly alert.

A Philadelphia School district is facing a class-action lawsuit bought by parents of its high school students.

In 2009 the Lower Merion School District issued  laptop computers — all factory-fitted with webcams — to its high school students. Commendable and progressive, no argument there.

Now for the “What what on earth were they thinking?” part of the story…

The computers were configured so that the webcams could be activated remotely by the school. See where this is going?

When I say “the school”, obviously I mean one or more persons at the school. As far as I know the individuals directly responsible haven’t been named yet, but lawyers representing the incensed parents have aimed their class-action suit at the school district, members of the Board of Directors and the Superintendent. Not specifically named, as far as I know, is the person who, by an act of sheer stupidity, let the cat out of the bag.

How Dumb Do They Come?

Apparently the Assistant Principal of Harrington High reprimanded a student for “improper behavior in his home” and presented a screen-shot from the WebCam built into the boy’s laptop.

Now, quite apart from the legal and security breaches, should anyone with an IQ low enough to try a stunt like that be entrusted with the education of children?

You would literally have to be as thick as a brick to think that (a) such action would be viewed as acceptable by the law and the community, and (b) that you would have any chance at all of getting away with it.

The school district has placed a response on its website, but their reasoning doesn’t stand up to inspection. Quote:

“The tracking-security feature was limited to taking a still image of the operator and the operator’s screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.”

Apparently the last sentence is completely false, hence the lawsuit. And as for the rest, well, a mugshot of the operator might be of use in prosecuting a thief if he could be identified and apprehended, but neither a screen-shot nor a photo of the operator is going to be of much assistance in actually locating a stolen computer.

This revelation raises another question…

Just how widespread is computer surveillance by schools?

On the surface the video below is a feel-good story about how the application of available technologies has been life changing for the students at one particular school.

But pay careful attention at the point starting at 4 minutes 37 seconds into the video. That teacher is using a remote desktop facility to eavesdrop on the screen of a student’s computer, including what the webcam sees because she has it running. Don’t you find the potential for misuse just a little bit disturbing?

Protecting yourself

As you might expect I’m extremely careful about all aspects of my computer security, and I believe the likelihood of anyone being able to take remote control of my webcams is very low.

Even so, when they’re not in use my desktop WebCam is turned to face a blank wall and the camera lens on my Netbook is covered by a strip of paper.

Now you might well ask “Why not just disable the webcam”? Good question.

Most webcam software is configured to load ready for use on Windows start up, then you or some appropriate applications software actually starts the webcam running when required. And as I’m sure you can see, therein lies the potential for abuse.

Even if the webcam software is not loaded ready for use during Windows start-up, there is always the possibility that an interloper or some malicious software could initialize it. So the best precaution is to not load the webcam software during the Windows start-up, and also to ensure it can’t see anything “of interest” if it is running, until you want it to. It’s a simple matter to click a menu item or double click an icon to load the software when you need to use it.

Related articles

• Full text of the class-action suite case filing (PDF)

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

First the UK government announces it is going to record and store everything about everything you do, then Australia reveals its Great (Chinese-like) Firewall plans, and now it’s the Yanks’ turn.

Back in November last year I published an article entitled “Right to Privacy? Hah!“  The opening paragraph went like this:

“This is a story about something positively obscene that is occurring in the United Kingdom. But if you think something similar, to some degree or other, isn’t planned for you right now, wherever you are, then dream on — be happy in your ignorance.”

Well, it didn’t take long for me to be proved right about the imminent spread to other nations of this insidious Big Brother disease.

It’s not really a new idea by the US overlords. It’s been on the back-burner for several years, amazingly without receiving much media attention. I suspect that most reporters just didn’t know what the bureaucrats were talking about when they mumbled “blah blah data retention blah blah”.

I doubt it would come as a surprise to anyone that the American alphabet agencies have become a law unto themselves in covertly practicing pretty much complete disregard for the communications privacy of individuals. The main difference now seems to be that they wish to enshrine into law their right to know all about everything you do online.

Making the ISP responsible

Like the UK, American law enforcement led by the FBI is pushing to force Internet Service Providers to record all of their customers’ online movements and to retain that data for up to two years.

This is inevitably going to be a cost on the ISP, and guess who they’ll be passing that cost on to!

Previous revelations along these lines have all been a bit vague, but just days ago FBI Director Robert Mueller made it plain that he wants all ISPs to keep complete records of your online activity. The FBI is supported in this quest by Homeland Security and all State computer crime investigators.

But unlike the UK, the FBI is not requesting that content (such as the actual body text of e-mails) be recorded. For now they just want data on your movements from site to site. Emphasis on “for now” — ever known a government to be satisfied with its current level of intrusion into your life? There’ll be creep, and you know it.

Of course a lot of complacent citizens will be quite happy to accept that whatever an agency such as the FBI does will be in the best interests of themselves and their fellow Americans. If you’re one of those people then perhaps you need a reality check, so read this.

Who’s next?

Oh, and if your country hasn’t been mentioned yet, be aware that the International Association of Chiefs of Police are right behind such moves. Check out this map for an idea of the extent of the reach of the IACP (mouse over the countries ).

Legitimate investigation is one thing, but we must all be on constant alert for unwarranted levels of bureaucratic intrusion. If law enforcement really needs further investigative powers then we must insist that they declare their full intentions openly and publicly and with plenty of time for public debate. Obfuscation with techno-speak (“data retention”) that is beyond the understanding of a large section of the community is simply not acceptable.

What do you think? Do you believe this is really about the familiar smokescreen of  “combating child pornography”?

Stay informed about future articles by subscribing to this blog.
The subscription form is top-right of this page.

Related articles

• FBI wants records kept of Web sites visited
• FBI Pushing For 2 Year Retention of Web Traffic Logs
• Report: FBI broke law to get phone records
• Report: FBI illegally collected phone records

• Internet Censorship I [Bill Hely]
• Internet Censorship II [Bill Hely]
• Right to Privacy? Hah! [Bill Hely]
• Conroy’s Folly: The Great Australian Firewall [Bill Hely]
• A Worthy Goal Doesn’t Justify a Stupid “Solution” [Bill Hely]

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

It’s Patch Tuesday again, that day each month when Microsoft releases software patches and updates for their various products.

Patch Tuesday is a very important day for all Windows users who are concerned with their privacy and security.

Not infrequently a Microsoft patch or update will close a vulnerability that, if left unaddressed, could allow an attacker to take complete control of an affected system.

And that’s something you REALLY don’t want!

Keeping your installation patched up-to-date is so important that, whether or not you have Automatic Updates enabled, at this time of each month it’s still wise to manually double-check that everything that matters has been installed. Don’t be put off by the word “manually” — it’s a quick and easy process.

HERE’S HOW:

• Point your web browser to: http://www.update.microsoft.com
• Click the Custom button.
• Install any high-priority updates that are reported.

But Don’t Stop There!

In the column on the left-hand side you will see links for:

• Software, Optional (n)
• Hardware, Optional (n)

The number in brackets indicates how many updates of that type are applicable to your computer. If the number is anything other than (0) then click that link and investigate, installing the update if necessary (or if in doubt). Similarly, you may find relevant updates in one of the links under “Select by Product”, so do the same with any of those.

WEBCAST:
Each month, in association with PatchTuesday, Microsoft presents an online Webcast to address customer questions on the bulletins for that month. Webcasts are usually initially presented on the Wednesday, the day after Patch Tuesday, at 11:00 AM Pacific Time (US & Canada). They are also recorded and available for later viewing.  To register for a Webcast or to view Webcasts that have passed, click this link.

By the way… SymmTime is a great on-screen world time utility for anyone who needs to check or convert times around the world. It’s free and highly configurable.

Did you know…

Many of the malware threats that you are frequently warned about in the various news and information media, on and off-line, should never be the slightest threat to you.

How come? Well, because…

If you made a habit of applying the patches & updates that are issued by Microsoft every month, you would be IMMUNE from infection by many of the tens of thousands of threats currently circulating on the Internet, with more being churned out by the cyber-grubs on an almost daily basis.

The vast majority of these threats get into your computer by exploiting some known vulnerability in Windows. When one of these vulnerabilities is patched by Microsoft, the threat becomes benign — but only if you have applied the free patch to your version of Windows.

So remember…

You Ignore Patches & Updates at Your Peril!

Related articles:

• Adobe patches PDF zero-day, other critical bugs
• Microsoft urges Windows XP users to ditch old Flash version

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Minister for Communications Curtailment, Business Obstruction & Child Endangerment

Sorry folks, as much as I’d like to drop this Internet filter business, more proof of government deceit keeps surfacing. If this story doesn’t wake you up to their real motivations then I’m afraid you are blinkered beyond any help.

As regular readers will be aware, I have repeatedly accused the Australian government of using “child protection” as a bogus excuse to introduce oppressive and inappropriate censorship measures to the Internet access of the Australian public.

It has been my contention that the government’s real aim is not child protection, but to prevent adults from viewing information that they would prefer be kept secret.

The following quote, often incorrectly attributed to Adolf Hitler, succinctly expresses my belief as to what is happening:

“As long as the government is perceived as working for the benefit of the children, the people will happily endure almost any curtailment of liberty and almost any deprivation.”

In fact that quote originated with one Rabbi Daniel Lapin, in a fictional letter written from the grave by Hitler. But the words ring true and the ruse is currently being used by the Australian government to justify the implementation of Internet filtering and censorship.

In reality it’s not child exploitation or abuse they are interested in, not pornography, not hate or terror. What they are really trying to restrict are exposures that would adversely impact the government’s credibility; all the grubby little incidents that politicians and bureaucrats generate by the thousands and do their damnedest to keep secret. This is entirely political, not moral.

Here’s just one more example of why the “child protection” justification is a crock of crap. On January 5, 2010 there was a small article in The Courier Mail (major Australian newspaper) which in part read as follows:

A Queensland (Australian state) man caught in an international child pornography sting will be out of jail much more quickly than his American counterparts.

Despite being identified as a ringleader of a group trading in hard-core child porn, council father of three Derek Richard Mara, 30, was ordered to serve just 32 months of a six-year term.

A Victorian (Australian state) man also involved in the network known as “The Group” was sentenced to just 15 months jail.

In contrast, 14 Americans are all serving sentences of between 13 and 30 years. One was also ordered to pay $3.2 million restitution to one of the child victims despite never meeting her.

Does that inequality of sentencing not disgust you? The thing is, I’ll bet you won’t find a single American (with the exception of their fellow deviates) complaining that the US pedophiles have been dealt with too harshly.

Now I’m not a lawyer, and I don’t claim to have any real knowledge of the law, but my research indicates that under Australian Commonwealth law the crime of “producing, possessing or supplying child pornography” carries a maximum penalty of 10 years. Yet it seems that Mara’s 6 years is the longest sentence ever dished out under commonwealth law for that particular offence. And as if 60% of the maximum isn’t disgraceful enough, he only has to serve 32 months of it.

Is that a government acting against predators in the best interests of children and to the expectations of society in general?

On the other hand it would seem that the US government, which (as far as we know) is not currently planning to introduce an expensive, damaging and useless Internet filter under the guise of “child protection”, is genuinely serious about cracking down on predators.

Equally as obvious is that the various Australian governments aren’t nearly as concerned.

So again I ask: What is the real goal of the Great Australian Firewall? You are free to decide for yourself, but I can’t for the life of me see how you could possibly arrive at the answer “child protection”.

Australian lawmakers, hang your heads in shame.

Stephen Conroy, extract your head from your nether regions. Those of us who are already awake to your deceptions fully intend to do our best to educate those who, through technological naivete, are inclined to believe the rubbish that comes out of your office.

Related article:

• Aussie net filter satire site back after domain deletion

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

I’ve posted several times on plans by the Australian government to introduce mandatory Internet filtering at the ISP level. Since these plans first came to light it has become quite clear that one of the biggest obstacles we face is uninformed contributions by technically ignorant people, especially people who have some degree of influence over the thinking of others.

Would somebody please explain to me why the “professionally religious” always seem to feel the need to attempt to mould the opinions of their followers, regardless of the topic, and regardless of whether or not they have any specific expertise to backup their position.

Recently a major Australian newspaper published a Viewpoint article by one Ruth Limkin, described as a “pastor and writer”. The general gist of Limkin’s article was wholehearted support for the proposed filtering/censoring legislation. The arguments presented by Limkin were typical of those repeated ad nauseam by the technically illiterate expressing wish lists and personal opinions and ignoring facts and practicalities. Such action is all the more harmful, deceptive in fact, when the commenter is someone who could be perceived as a community leader.

Obviously Limkin is relying heavily on the veracity of the assertions made by communications minister Senator Stephen Conroy. Yet most claims relating to the Internet filter that have emanated from Conroy and his office have been at best a misrepresentation of the facts and in many cases a blatant lie.

Some of the main (but by no means all) objections of qualified observers are as follows:

1. Circumventing the filter will be trivially easy. The official Enex report into the testing phase states “A technically competent user could, if they wished, circumvent the filtering technology”, and further “Telstra did not test circumvention, because it considers that filtering can be circumvented by a technically competent user”. What isn’t admitted is that the level of technical competence required is itself trivial, and would in fact qualify pretty much any pre-pubescent old enough to manage a keyboard.It’s an inescapable fact that ease of circumvention and impact on performance are directly related. The only way to reduce performance degradation (a very big concern regarding this filtering regime) is to reduce the security, which in turn simplifies circumvention.
2. The list of websites which will be blocked will be secret and there is no avenue of appeal should your site be inappropriately listed. There have already been numerous instances of inappropriate listing, as has been publicly demonstrated (did a dentist get blocked because of his root canal work?). How can secret lists be justified? If the government was confident that its content filter worked there would be no purpose in secrecy, as banned websites would be inaccessible.
3. Law enforcement agencies the world over are well aware that peer-to-peer is the medium of choice for trafficking in the really nasty and unacceptable material, such as child porn. Conroy’s filters will have no impact whatsoever on this traffic.
4. The proposed filters will present no impediment to paedophiles and deviates who use social networking sites such as FaceBook, or any of the tens of thousands of chat rooms, to get access to their targets.
5. Conroy’s big claim that performance will not be impacted by the introduction of a mandatory filter. This claim is misdirection built upon fabrication based upon lie, over and over again. The Labor Government’s much touted National Broadband Network (NBN) promises 100 megabit per second performance, but filter testing contractor Enex was only required to consider the likely impact on the currently available 12 megabits per second system. Yet Enex didn’t even go that far. The report shows that they only ran their tests up to 8 megabits per second. This clearly violates the government’s own already inadequate and deceptive Technical Testing Framework, and produces results that bear no relationship to reality.

That’s not all of the anti-filter argument by a long shot — it would be very easy to fill pages with all the things that are wrong with this plan. Many technical commentators have done just that if you care to search further.

Many facts and arguments can be presented to indicate convincingly that this filtering and censoring plan is not about child protection, but much more likely to be about preventing adults from viewing material which the government would prefer they not have access to.

Australia, you are being conned. Senator Conroy has repeatedly deceived the Australian public on practically every aspect of his Internet censorship plan since it was first announced. How could we possibly take at face value anything that comes out of his office on the subject?

The bottom line is this:

There is no upside to this plan because for very sound technical reasons it cannot achieve its stated aims (which, incidentally, may be very different to the government’s real aims). Every competent technologist in the country knows this.

There is however substantial downside. This country’s Internet capabilities are already far enough behind the rest of the Western world, without stupid people bogging it down still further with stupid implementations.

My New Year wish is that the Ruth Limkin’s of this world either get a sound education in the technology, or cease giving their opinions on topics they know nothing about.

It’s one thing to have an admirable goal in mind, but to realize that goal you must have a practical and workable solution. And this isn’t it.

Wisdom is supreme, therefore get wisdom.
Though it cost all you have – get understanding.
Proverbs 4:7

• Internet Censorship I – by Bill Hely
• Internet Censorship II – by Bill Hely
• Conroy’s Folly: The Great Australian Firewall – by Bill Hely

Related articles:

• Reporters Sans Frontières – Open letter to Australia’s Prime Minister
• Australia Edges Us Towards the Digital Dark Ages
• China arrests 5,000 for internet pornography offences
• China Nabs 5,400 People for Online Porn in 2009
• All you need to know that the Australian Governments Censorship Plan is Bollocks (and more)

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

Well, it’s finally out in the open — the duplicity and insanity that we knew would prevail. The clown prince of the Australian Internet regulatory system, Communications Minister Stephen Conroy, has announced that compulsory content filtering at the ISP level is to receive his blessing.

Duplicitous because right from the start Conroy claimed impartiality, and maintained that no decision would be made until thorough testing had been carried out, and the Australian people had been consulted. Yet all along his real intent has been plain to anyone following this sorry saga.

Conroy in particular, and the Australian government as a whole, know full well that there is negligible informed support for this ridiculous scheme, yet he has chosen to pig-headedly steamroll ahead regardless of what the majority of Australian voters think.

Even the usual coterie of fringe element ratbags, the Big Brother, mind-your-business-for-you crowd, have given him the thumbs down. But that won’t stop Steve — he knows exactly what’s best for everyone else.

What unmitigated arrogance!

We may all only have one vote, but some of us have long memories and very loud voices.

Australian readers, please take a moment to go to this webpage and send your thoughts to Senator Conroy via the web form made available there

I also urge you to read the right-hand column of that page and click the link to the fact sheet on Conroy’s plans for a Great Firewall of Australia.

And to our friends in other countries: Don’t Get Complacent! Be assured your government would love to do the same, and if they can find a way to sneak it through, they will.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

This is a story about something positively obscene that is occurring in the United Kingdom. But if you think something similar, to some degree or other, isn’t planned for you right now, wherever you are, then dream on — be happy in your ignorance.

Listen to this…

The UK government is about to require all telecoms companies and ISPs to store the following end-user communications:

• Every phone call
• Every text message
• Every e-mail
• Every website visit

This mass of data must by law be STORED FOR A FULL YEAR and be available for perusal by “authorized” bodies.

And you’ll never guess who’s included under the “authorized bodies” tag…

According to the London Telegraph newspaper, 653 public bodies (so far!) are going to have access to all of your personal communications information showing not only who you have contacted but also when and where you contacted them. And just in case that isn’t obnoxious enough, a record of all the websites you visit will also be stored. The 653 public bodies includes police, councils, fire & ambulance and prison governors. Huh? What could possibly justify giving a prison governor the right to delve into the affairs of someone who’s not in prison? Or are we now all criminals until proven innocent?

Now, you might reasonably expect that there would be some oversight in place. Well there is.

Before any of the thousands of  “authorized” people in any of those 653 “authorized” bodies can delve into your personal and private (???) communications, they will need the approval of no less a trained and trustworthy personage than – wait for it – a senior police officer or the *deputy* head of a local authority department.

Feel better now?

As one government opposition spokesman has pointed out, the British government has a history of granting themselves new powers which they claim are needed to tackle terrorism and organized crime, but which inevitably end up being used for quite different purposes. Could not the same be said of practically every government everywhere?

See, here’s why the terrorism-and-crime justification doesn’t wash:

Law enforcement organizations the world over are well aware that the terrorists and the professional crims are already using advanced encryption technologies to keep their communications hidden from authorities. So about the only people affected by this disgraceful invasion of privacy will be the average citizen.

And that includes you, when it comes to your country’s turn, so don’t feel too superior about living wherever it is you live. Knowledge is power, and governments the world over crave both. Only your refusal to accept such objectionable intrusion will keep the power hungry overlords and the shadowy alphabet agencies in check.

You will have just one chance to put a stop to this.

As I understand it the proposed law will not come before the UK Parliament until after the general election, so British citizens do at least have a chance to demonstrate at the ballot box just how little public support there is for this incredibly intrusive plan.

Wherever you live, be on the alert for such moves by your government, and let your elected representatives know that such invasion of privacy is neither acceptable nor justifiable, and that the future of their jobs depends on their listening to you.

So-called “people power” works just fine in any society where government representatives are elected, but only if enough people make enough noise.

You can start right now by spreading this warning to any social media sites you frequent — see the buttons below…

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.

In previous posts I’ve made mention of the Australian government’s attempt to introduce mandatory, countrywide censoring of the Internet, not at all dissimilar in scope and effect to the oppressive restrictions which pertain in countries such as Communist China.

Although those plans to apply compulsory censoring to everyone have been overwhelmingly condemned by Australian Internet users, no reasonable person would claim there should be no control over the content that is accessible to children.The sensible position is that control should be in the hands of and managed by parents, guardians, schools and the like. But the usual objection to that policy is that it’s all too difficult, too technical, for the average parent to come to grips with.

In this article I’ll show you just how easy it is to apply your own filters to your home Internet connection. This very same technique is used by literally thousands of schools across America and around the world to protect students from dangerous, obnoxious or otherwise unwanted content.

In the process I’ll give you a few tips that will help protect your PC against infection by the many nasties that are always looking for an opening into your privacy.

Difficulty Level

This article is intended to alert readers to certain possibilities. Although there is enough information here to allow users who know their way around Windows to implement the project without further assistance, it is not a step-by-step tutorial. There just isn’t the space here to cover all the nuances of the various versions and possible configurations of Windows XP and Windows Vista. However, it is quite a simple project to implement even if you do need to engage in a little research to figure out how to access certain settings.

And speaking of research, always keep in mind that “Google is your friend”. The Google search engine’s ability to find information highly relevant to what you’re looking for is quite incredible, and it gets better all the time.

What You Will Need

Just two things; one of them is free and the other dirt cheap.

I’ve said many times that if you never do anything else to protect your computer from hackers, viruses, worms and various other malware, the one thing you should do is install a router.

A typical wireless router

It’s an established fact that a new Windows computer with a broadband Internet connection will be probed by automated hacker-bots within minutes, and repeatedly probed ad infinitum. For maximum safety you really need other mechanisms as well, such as anti-virus and anti-spyware software, and a good software firewall, but a router is an excellent start.

A router is just a small fifty-dollar box that you plug your broadband modem and your computer(s) into, instead of plugging them into each other.

These days most Routers come with clear installation instructions and near-foolproof software to set them up. They really are no big deal to implement. Speak to any reputable dealer about a “4-port wireless router”.

The free component you need is a service called OpenDNS. Again, no complexity here — just browse to OpenDNS and sign up for a free account. But before you do, consider this…

Both the router and the OpenDNS service require you to nominate a password for access to configuration and settings. It is EXTREMELY IMPORTANT that in both cases you use long, complex, unguessable, uncrackable passwords — a different one in each case. These two passwords are what will prevent the minors in your care from circumventing the safeguards you will put in place.

And for some insight into creating and using strong passwords see my article: How to Choose Use and Recall Strong Passwords. However, contrary to the recommendations in that article, DO NOT store the passwords for the router or OpenDNS in Roboform. Write them down clearly and store that paper somewhere safe and secure — somewhere the children will never be able to get at them.

Oh, and there’s another advantage to the OpenDNS service. They have the capability to detect and block major malware attacks, before the vermin gets anywhere near your PC.

How Will It Work?

Now if you’re a technophobe, don’t let the following explanation or any of the terminology put you off. You can still implement your own customized in-house Internet filtering without understanding a word of this section. But read it anyway — you never know, it just might help.

Here we go…

Whenever you type a Website URL (e.g. www.playboy.com) into the address bar of your browser, a sequence of events takes place that is invisible to you, but critically important for the success of your request.

A message is sent from your PC to a special computer “out there” called a DNS server, where DNS stands for Domain Name System. The message tells the DNS server what domain it’s looking for and asks where to find it. After consulting its database of domain names the DNS server replies with the IP address of the requested domain. If you don’t know what an IP address is just consider it a complex number that uniquely identifies every Internet-connected device.

There’s no way around this process. The Internet doesn’t understand requests for something like “www.playboy.com”, it only understand IP addresses. So until an IP address is obtained from a DNS server, no request for a domain webpage can be satisfied.

There are many DNS servers “out there” and your Internet Service Provider (ISP) almost certainly has at least a couple that your system is configured to send such requests to.

Now, official DNS servers don’t discriminate; when asked for the IP address of a domain they provide it honestly and without question. Asked for the IP address of playboy.com the reply will be 208.67.216.131 (at the time of this writing anyway — IP addresses can change), and the home page of the Playboy website will be loaded into your browser.

But consider this…

What if inquisitive young Johnny Junior enters the Web address www.playboy.com, and the DNS server finds a note in its database that this domain is forbidden to the particular computer making the request (that is, your home PC). Then, instead of returning the real IP address of playboy.com, the DNS server returns something like this: http://208.67.219.135. It’s OK, go ahead and click that link.

Note: in a real-world scenario “example.com” will be replaced by the forbidden domain name, such as “playboy.com” in our example.

In other words, by configuring your local system to send DNS requests to a special DNS server, and by telling that DNS server what not to serve up to your browser, you can control what the computer users in your household will see.

Okay, sounds simple enough but…

How Do You Do It?

As you may have guessed by now, the OpenDNS service you signed up for earlier provides the special DNS server, and your account with that service allows you to stipulate what domains, or type of content, is to be blocked.

The other part of the setup is to change your local computer configuration so that it is the OpenDNS DNS server that is queried for IP addresses, rather than your ISP’s DNS server or some other.

In a home setup that DOESN’T have a router:

The IP addresses of the DNS servers to be used are stored in Windows. These Microsoft articles describe how to locate and set DNS values:

Windows XP – - – Windows Vista

In either case you want to “specify an IP address”, NOT “obtain an IP address automatically”.

The IP addresses you will specify are provided by OpenDNS, and are as follows:

208.67.222.222
208.67.220.220

In a home setup that DOES have a router:

The IP address of the DNS servers to be used will be stored in the router, and Windows will be configured to use the router settings. These Microsoft pages describe how to locate and configure the appropriate DNS settings in Windows:

Windows XP – - – Windows Vista

In either case you want to “obtain an IP address automatically”, NOT “specify an IP address”.

In this scenario you also need to configure the appropriate DNS IP addresses into the router. Whereas Windows only offers fields for two DNS addresses (more if you go into advanced settings), most router’s offer three fields. Once again, the IP addresses you will specify are provided by OpenDNS, and are as follows:

208.67.222.222
208.67.220.220
208.67.222.220

Special Considerations

From a security perspective it is a very bad idea for users to login to their computers with Administrative rights. People working away at computers on a day-to-day basis with Administrative rights is one of the reasons that malware does so much damage. There should be one Administrative account that is used only for configuration purposes. All users should login for their day-to-day computing activities with only a basic User account.

Now, this becomes important for another reason when your aim is to protect your children by implementing parental controls against undesirable Internet content. Here’s why:

If little Johnny Junior has Administrative rights there is nothing to stop him from entering any DNS IPs he likes into Windows’ configuration. Ordinary users can’t make such changes, but Administrators can. Regardless of his Windows user level he won’t be able to change DNS settings in your router (if you have one) because you will have protected that with a very strong password.

But if Junior changes the DNS settings in Windows from “obtain an IP address automatically” to “specify an IP address”, and then enters some DNS IPs that aren’t from the OpenDNS service, the Windows settings will take precedence over the router settings. Then Johnny is straight off to playboy.com, sex.com or anywhere else that catches his fancy.

Summary

As stated earlier, although this is a fairly simple project, you may need some help in particular areas.

• For help with purchasing a router I suggest you locate and consult with an honest and reliable retailer. Don’t expect a retail salesperson to have the breadth and depth of knowledge of an IT professional, but they should know their product line well and be able to advise you on a suitable make and model to meet your needs. Before handing over your money ask the sales person to prove to you that there is a public Support or Users Forum online for the brand he recommends.

• For help with configuring the router the best place is usually the manufacturers Support Desk or a Users Forum.

• For help with configuring OpenDNS, there is both a company-operated support department and a very useful Users Forum. Login to your account at OpenDNS and have a look around — its use is simple, obvious and self explanatory.

From both a security and a parental controls perspective, it may be worth your while to reconsider how each member of the household accesses computer resources, even to the extent of creating new User-level accounts, one for each person, deleting any old user accounts that had Administrative-level access, and applying a secret and secure password to the main Administrator account. The following URLs may be of some use in this endeavour.

Windows XP – - – Windows Vista

Warning

Is OpenDNS 100% effective?

Unfortunately, no it’s not. It’s just a fact of life that no blocking technology of this nature can be 100% effective. And the more effective you make a blocking technology, the harder it becomes to implement and maintain.

Keep in mind also that some of the best minds on the planet are constantly striving to find ways around the onerous censorship policies implemented by some communist and fascist-like governments, so there’ll likely always be some software or technique available that will be able to circumvent your parental controls.

OpenDNS strikes a convenient balance between effectiveness and ease of use, but it should not be assumed to give parents, teachers or others in a guardianship role such peace of mind that they no longer feel the need to actively monitor the online activities of their charges.

©2012 Bill Hely's "Computer & Online Security" Blog. All Rights Reserved.