undefined | Better HN

0 pointssnug9y ago0 comments

> Many ISPs

I think that's a bit sensationalist.

0 comments

Verizon, Comcast, and Rogers have done it, that we know of. In North America that's a very large proportion of traffic.

ucho9y ago

Maybe it is even worse when it is just few - people won't know that website creator isn't responsible for all of its content. And sometimes is hard to know who is the culprit like in https://news.ycombinator.com/item?id=12091900 .

Is there any solution other than totally killing HTTP that protects from HTTPS stripping attacks? HSTS won't protect first visit and STS preload lists can only be so large.

mrkurt9y ago

It's not, it happens at a ton of coffee shops, on airplanes, etc, etc. Probably not ISPs you buy home internet from, but there are a lot.

afandian9y ago

Vodafone in the UK did this to me.

chatmasta9y ago

Vodafone is the worst. Although it's really the U.K. surveillance state that is the problem.

When I popped my SIM into my iPhone it forced me to download a configuration profile with a self-signed Vodafone cert, which means they can mitm any connection. I think this is required by the government so they can block adult websites by default? (I've also seen torrent websites also fail silently with misleading "server not found" errors)

I haven't looked into if they're doing the filtering via DNS or mitm, but I avoid the censorship by connecting to a vpn.

Symbiote9y ago

I have never heard of the self-signed certificate, that would be interesting to report to the Open Rights Group [1]

The filtering in the UK is by inspecting HTTP requests, so when a single image on wikipedia.org was blocked, every request to Wikipedia ended up going through each ISPs hidden proxy. [3]

According to [2], HTTPS sites aren't filtered -- but it references a page from 2004. I suspect HTTPS sites are now simply blocked outright at either DNS or IP level, but I don't have a way to verify this, and can't find any details.

[1] https://wiki.openrightsgroup.org/wiki/Internet_censorship

[3] https://en.wikipedia.org/wiki/Child_abuse_image_content_list...

[2] https://wiki.openrightsgroup.org/wiki/Cleanfeed#cite_note-LI...

1 more reply

JimDabell9y ago

I don't know why Vodaphone are doing that, but you shouldn't go around telling people that it's because of "the U.K. surveillance state" because other UK ISPs don't do that.

The "server not found" errors sound like DNS blocking, which they can do without MITM.

j / k navigate · click thread line to collapse