Home › Forums › Decaffeinated Coffee › What can the company running a kosher Internet filter see?
- This topic has 3 replies, 4 voices, and was last updated 4 years, 6 months ago by SchnitzelBigot.
-
AuthorPosts
-
May 28, 2020 10:14 am at 10:14 am #1865415Yserbius123Participant
I am a little concerned about something I was reading the other day. I was always under the impression that Internet filters worked by either a “whitelist” of websites that are allowed, blocking all others, or by just sending the list of visited websites to a shomer. But I’ve heard that some new kosher Internet Service Providers (ISP) are requiring full unrestricted access to everything. (I’ll write up the technical details in the bottom paragraph if that’s something you’re interested int). This is really worrying to me. Not only do they see what websites you visit and what content is on those websites, but they have all of your passwords, can read all of your emails, bank statements, access online purchases, credit cards, etc. This is extremely problematic for people who are running home businesses, do you really want Shprintze the IT person at KTech to look be able to look at your medical history?
In my opinion, these companies need to offer a course in Internet safety when people sign up for it. And not just safety in terms of not using the Internet for divrei tumah, but knowing that any and all information you put online will end up in the hands of someone who you don’t want to have it.
And now for a watered down version of the technical side, skip this if it bores you.
If you know computers, what they are doing is installing their own root cert authority on the users computer then overwriting the root CA with their own.
To explain for the layman:
Most Internet connections are secure. What that means, is that when you connect to a website, email server, VPN, or whatnot, the two computers that connect exchange encryption locks. These locks are then used to encrypt the data before its sent to the other computer. And only the computer that sent the lock has the key that can be used to decrypt and read it. So when you login to YWN, your web browser receives an encryption lock from the YWN server that it uses to turn your username and password to gibberish before sending it over. YWN then takes that gibberish and unlocks it to see the real password. This way, no one can intercept the message and read what it says. In technical terms, the lock is called a certificate.
Now, what some Kosher ISPs do is intercept the certificates exchanged between the two computers, and put their own their instead. The logic is fine, because they need to be able to see what your looking at, otherwise the shmira doesn’t work. But they can see everything because they literally have the keys to your kingdom.
May 28, 2020 12:13 pm at 12:13 pm #1865735akupermaParticipantAn alternative method, which probably requires a VPN, is to have the “censor” block any and all sites until the site in approved. When someone goes to a new site, the program (probably a human is required) looks at the site and according to know rules unblocks it. The first a user (anywhere in the system) looks at a site they get a note saying it is blocked, and asking if they want it unblocked, in which case there is a delay while the “censor” checks it out.
May 28, 2020 2:28 pm at 2:28 pm #1865765JosephParticipantJust because they have the technical ability to do so, does not indicate that they are actually looking at or recording passwords, bank statements or transactions.
May 28, 2020 5:45 pm at 5:45 pm #1865755SchnitzelBigotParticipantI am a little out of things, can you name names?
-
AuthorPosts
- You must be logged in to reply to this topic.