Skip to main content

Alpha This is a new website theme. Help me improve it and give your feedback (opens in a new tab).

Overblocking

Published:

Tags:

Internet Tor Censorship
This blog post is more than two years old. It is preserved here in the hope that it is useful to someone, but please be aware that links may be broken and that opinions expressed here may not reflect my current views. If this is a technical article, it may no longer reflect current best practice.

Last week when I found myself with my Internet connection down, I tried to use my EE LTE connection to work instead. This plan fell apart quite quickly when I discovered that *.torproject.org was blocked as 18+ content.

I found using the Open Rights Group’s tool, blocked.org.uk, that in fact a large number of UK ISPs have these wildcard blocks in place. This tool also provides a means to report misclassification and so I submitted requests to unblock the following domains:

  • metrics.torproject.org
  • onionoo.torproject.org
  • collector.torproject.org
  • collector2.torproject.org

It is important to note that none of these domains host copies of Tor clients, Tor Browser or anything that would enable to use Tor. They only host data about the public Tor network.

Sky Broadband were the first to respond to say that they had passed on the queries to Symantec, but I’ve not heard anything back from them yet.

Then EE responded today and it seems they also use Symantec to provide their block lists:

I have checked the classification of http://collector.torproject.org with Symantec who classify websites on EE’s behalf and they say that the site is correctly classed as a ‘Technology and Anonymizer’ website which means it can only be seen by adult EE users who have turned their parental controls off.

I’m not sure about the classification here, does this include all “Technology” websites?! They go on to say:

Symantec says the website offers Tech solutions and mainly the download of Tor browser. From their website: “Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content.” There will be no change at this point.

I hope this helps clarify the situation and that you understand that EE does not decide what sites are behind parental controls but follows guidelines drawn up by the BBFC.

This is nonsense. These sites provide recent and historical data relating to the public Tor network and do not provide access to circumvention software.

Symantec has not checked the domains that I have reported. While there may be a case for blocking the homepage, blocking all subdomains is a case of overblocking and general laziness.

I was interested to see the guidelines from the BBFC, so I looked up their website. I noticed that I could participate in a survey to influence the guidelines for the future, so I thought I’d have a go at that:

So that’s not a great start. I click next and then:

Thanks for answering those questions, unfortunately based on the answers provided you do not qualify for this survey. We appreciate the time taken to provide us with your opinions.

I guess that a secure connection wasn’t required after all.

Contact