Interview – Cyberdodge VPN service
An interview with Ross from Cyberdodge, a supplier of VPN services that enables internet users to hide what they do on the internet.
What inspired you to offer the service?
People will always choose the easiest way to get the latest movies and TV shows and downloading off the internet is it. Unfortunately options are now limited to VPN tunnels not only for p2p but also for using an American IP address to get access to TV sites like www.hulu.com.
Are you getting many customers and what do they want it for?
Yes I am. VPN tunnels have a number of uses that include getting an American IP address to watch tv sites such as hulu.com, encrypt internet traffic when they are using a public WiFi point and of course hiding their real IP address.
How do you feel about the fact that some of your customers will probably be using your service to break NZ law?
No Comment.
What sort of information do you keep about your customers?
We only keep the email address.
What sort of information do you keep about your customers connections? (Such as when they connect, how long they connect for, anything they do through the service.)
We do not log what the user does or transfers over our network but we do log the time of connection and disconnection. We use this data to strategically deploy network resources. We also log the country the user is logging in from, this helps us to detect hijacked accounts and abuse. We do not log IP addresses.
Do you think your business has an obligation under the Telecommunications (Interception Capability) Act to allow the NZ police or other enforcement agencies to monitor traffic?
No, I am not a network operator. A network operator means a person who owns, controls, or operates a public telecommunications network or a person who supplies (whether by wholesale or retail) another person with the capability to provide a telecommunications service. CyberDodge does not provide anyone else with the capability to provide a service and CyberDodge is not a public telecommunications network. Public telecommunications network means a public switched telephone network and a public data network. CyberDodge is not a public switched telephone network nor a public data network. A public data network means a data network used, or intended for use, in whole or in part, by the public and includes, without limitation, the following facilities: Internet access and email access. CyberDodge requires that you have internet and email access already. This law applies to ISPs, which CyberDodge is not.
Do you think your business has an obligation under the Copyright (Infringing File Sharing) Act to store customer IP addresses so that you can pass on notices?
No, I am not a IPAP. IPAP, or Internet protocol address provider, means a person that operates a business that, other than as an incidental feature of its main business activities, offers the transmission, routing, and providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing and allocates IP addresses to its account holders and charges its account holders for its services and is not primarily operated to cater for transient users. CyberDodge does not offer the transmission nor providing of connections for digital online communications. CyberDodge only routes digital online communications. This law applies to ISPs and CyberDodge is not a ISP.
Is this what the DIA filter looks like?
What we're seeing
A thread over on gpforums.co.nz has discussed problems Telecom users have had accessing content delivered by various CDNs (content delivery networks - used by many sites to handle video streaming).
Network traces showed a large amount of packet loss and the path taken by the data looked a bit unusual.
This appears to be the first sign of a site being either adversely affected or actually blocked by the DIA filter. We've also had confirmation of other ISPs (Internet service providers) believed to be using the filter having access blocked.
What we believe is happening
The filter works by creating alternative routes to particular network IP addresses and passing them onto the participating ISPs. Traffic to those IP addresses is then passed to the DIA and checked by the filter to see whether it is going to the blocked site or another site on the same IP address. If it is going to a blocked site, the user is redirected to www.dce.net.nz, or else it allowed through the DIA's ISP and out onto the Internet. (Read more in our Filtering Frequently Asked Questions article.)
Inspection of the traces shows that the traffic is going through an ISP with a relationship with the Department. The address 124.150.165.62 in the traces is from that ISP. The traffic is then going out through a link that the ISP has to Australia.
This ISP's link to the Internet appears to be either under considerable pressure or is simply broken. The level of traffic being dropped by it (as reported by users and our own investigation) is likely to be degrading access significantly to any site hosted - but not actually blocked - by any IP address the DIA is wanting to inspect.
What does this mean?
The site in question hosts anime (animated video from Japan and other countries). While we believe that some anime work has been found objectionable in New Zealand, we cannot find any reference to this site being banned by the Chief Censor.
Even if one video at the site has been blocked by the DIA, this blocking appears to be generally degrading performance to other material on that site or any other site hosted by the same content delivery network.
The Department has repeatedly denied access to the filter list in the expectation that hiding the list will prevent people from accessing it. As this story illustrates, it's not difficult to uncover the filter given the effects it has on an IP address being filtered/intercepted.
We're very interested in hearing from anyone else having difficulties accessing a site where 124.150.165.62 appears in a traceroute to the site. We're particularly interested in legal content being degraded by passing through the DIA's filter.
Dear Independent Reference Group – Do Your Job
Dear Independent Reference Group,
Please do your job.
Yours, Tech Liberty
We believe that secret censorship is a threat to our democracy. We need to be careful when giving our government the ability to limit what we can see and hear - which is why we require the Chief Censor to publish their decisions. This openness, the ability for anyone to review and challenge, helps prevent abuse of the censorship scheme.
One of our objections to the government's Internet censorship filter was that the Department of Internal Affairs has refused to release the list of censored sites. They say that they'll only censor certain types of material, but how can we know that they're sticking to this without being able to see the list?
The DIA did respond to these concerns by establishing the Independent Reference Group to provide at least some semi-independent oversight of the filter, although they had to be persuaded to let the IRG have access to the list of blocked sites. Then, from the minutes of the IRG's meeting on 15th October 2010:
Members of the Group were invited to identify any website that they wish to review. They declined to do so at this stage.
Now, we quite understand that members of the IRG don't want to look at those sites. But that's not the point - they have a responsibility to ensure that the filter "...is operated with integrity and adheres to the principles set down in the Code of Practice."
This oversight isn't going to work if the IRG don't exercise it. The filter list grew from 153 entries in June to 538 in November - surely it would have made sense to have a look at the list and select some of the additions for a brief review?
Recommendation
We recommend that at each meeting the IRG should randomly select a sample of newly added sites and review the content to ensure that the filter is not being abused. Anything less is neglecting their duty.
An Update on Internet Censorship in NZ
Yesterday Telecom announced that they were joining the DIA's Internet censorship scheme.
It seems that a lot has happened since we did our last update.
Increase in the number of ISPs
The ISPs using the system are now:
- Maxnet
- Watchdog
- TelstraClear
- Airnet
- Xtreme
Telecom are obviously next and Vodafone are also apparently well on the way to implementing it. According to the DIA, "Discussions are continuing with Ihug/Vodafone, Woosh, Orcon and 2degrees. Design changes are being investigated to adapt the system for performance on mobile devices." However public statements from Orcon have said they have no plans to implement the filter.
Even so, this means that most users of the Internet in New Zealand will be using a filtered connection.
Internet filtering – time to let it go?
It's been over 3 years since the Department of Internal Affairs started their internet censorship trials in New Zealand. Since then (data from June 29th 2010):
Internet filtering update
Update on internet filtering including which ISPs will filter, more information from the DIA, and links to the Australian anti-filtering campaign.
Department of Internal Affairs failing on open government
Last week we announced that the New Zealand internet filter had "gone live" and was now being used to filter the connections for users of two ISPs (Watchdog and Maxnet), with more expected to follow.
The obvious question has to be, why was Tech Liberty announcing something that the Department of Internal Affairs had done? Where was their announcement that the filter had gone live on the 1st of February? Don't civil servants have a duty to communicate to the people that they serve?
Guest article: Security risks of centralised filtering
We'd like to welcome our first guest author, Gerard Creamer. He's written an article that explains some of the security risks inherent in implementing a centralised filtering system. It's a little more technical than most of the articles we publish; we hope you find it interesting.
Media release: NZ government now filtering internet
The Department of Internal Affairs has admitted that the internet filter is now operational and is already being used by ISPs Maxnet and Watchdog. It appears that Maxnet have not told their customers that they are diverting some of their internet traffic to the government system to be filtered.
Thomas Beagle, spokesperson for Tech Liberty, "We're very disappointed that the filter is now running, it's a sad day for the New Zealand internet."
New Zealand’s government internet filter is already running
One of the big questions about the implementation of internet filtering in New Zealand has been ... when? We've made a number of Official Information Act requests to the Department of Internal Affairs and the answer has always been "in the next couple of months".
In a letter written on January the 20th, the DIA told us that they will be making an announcement regarding the implementation of the filter "in the near future". Well over a month later there has been no announcement.
