Dealing with Optus, Part 2

Just to finish the story I started in the last post, here’s what transpired (just in case you’re interested). The good news is that Optus finally found the reason for this blog being blocked on their network and have restored things to normal. You should now be able to access this site, even on the Optus network, but the nonsense I had to wade through to get things resolved was quite ridiculous.

After that last blog post describing the problem with my site being blocked by Optus for reasons unexplained, I posted it out on Twitter and Facebook. It’s amazing how quickly that gets a response. To their credit, I heard back from Optus’s Social Media Team very quickly offering to help resolve the issue. I’m not sure why tech support problems can’t just be resolved by calling Tech Support, and why it takes a very public skewering on social media to get any action these days, but apparently that the way it works now.

After a series of very promising back and forth tweets, I eventually got a call from a member of Optus’s Social Media Team, and her response was basically that this was not an Optus issue and there was nothing they could do about it, and that I needed to refer things back to my web host, GoDaddy.

Despite the fact that they admitted that Optus was blocking my blog on their network – in fact they were blocking an entire IP range, which just happened to include my blog – she insisted it was not something Optus could do anything about. She told me that I had to ask my webhost to deal with it, and get them to fix the “malicious behaviour” on their servers, even though she could not tell me what kind of malicious behaviour was causing the problem. She seemed unwilling to entertain the logic of my argument, that if Optus was the one blocking the site – and she admitted it was – and if Optus was the only ISP that was causing this problem, then asking my web host to fix a problem that was invisible to them was not likely to be very successful. We went around and around in circles, arguing about this for about 25 minutes with me trying to explain that this was a problem that only Optus could fix, and her insisting that this was a problem that Optus could not fix. She stayed on the script, robotically insisting that Optus could not manually remove the block and I needed to call my web host and get them to deal with it.

Eventually, I gave up trying to reason with her, since she had obviously made her mind up that Optus could do nothing to fix the problem, so I went home and called GoDaddy. They guy I spoke to there, Mark, was very helpful and spent over an hour on the phone with me troubleshooting, trying different things, searching the Optus website for a form that would let GoDaddy get in touch with Optus to talk about the problem, but eventually he came to the same conclusion that I was trying to tell the woman from Optus – GoDaddy cannot fix a problem they cannot see, and that they have no control over.

I got a followup tweet the next day from the Social Media Team at Optus, which led to another phone call from them. This time it was someone who actually sounded like they understood networks, and they simply told me to email a copy of the traceroute and a quick explanation of the problem to [email protected] and they would try to deal with it, no promises.

Less than an hour later I got an email which said, in part…

“I have removed the IP address block that was on our systems. Please try again. Many apologies for the inconvenience this has caused and lack of coherent information on our side.”

I tried again and all was back to normal.

Suggesting that Optus provided a “lack of coherent information” is somewhat of an understatement. All up, I probably spent 5 hours on the phone to both Optus and GoDaddy trying to get this issue resolved. From Optus I was told several stories about why the problem existed, many of them contradictory. I had both a tech support supervisor and the social media team person tell me flat out that there was nothing that Optus could manually fix, or that they had any control over. I was told to speak with my web host and get them to sort it out. I was given this advice repeatedly, and even though I argued fairly strongly that I didn’t think this was very good advice, they were insistent that there was nothing else they could do on their end. Despite supplying them with all the information on my very first support call, including traceroutes and network information, they still insisted that it was out of their control.

And then one guy from Optus fixes it. Just like that.

It’s ridiculous that I had to make phone call after phone call to get this resolved. It’s crazy that an actual tech support line achieves almost nothing, even when you escalate the issue to a supervisor, and that you need to go all social media on them just to get attention. It’s ludicrous that someone from that team will then argue in circles with you, insisting that Optus can’t fix a problem they are so obviously in control of, and that it seemed like there was little will to explore any possibility of fixing it.  And it’s damn annoying that getting it resolved was as simple as sending an email with traceroute details, but it took many days and many phone calls to even be told that this option existing.

Glad to back online, glad to have avoided bring the telecommunications Ombudsman in on it, glad to finally find a competent person who resolved the issue…. but so totally over Optus as an ISP.

Less than Optimal

If you’ve tried to access this blog lately from the Optus network, I’m going to make an educated guess and say that you haven’t been able to.

I have an Optus Cable Internet service at home and about two weeks ago I started to be unable to access my blog. At first I put it down to a temporary network glitch and didn’t worry about it. But the problem presisted and I started be become a bit stumped as to what was happening. Every other website on the Net loaded ok, but my own blog was inaccessible. I could get to it from work, and from my phone over Telstra 4G and pretty much anywhere except from home on my Optus service.

Then last week I got an email from a reader who said that she also couldn’t access the blog and, surprise surprise, she is also on the Optus network. Nor could a friend of hers, who is, you guessed it, also on the Optus network. So I put a note out on Twitter to ask who could access the blog and which ISP they were using. 100% of Optus users could not access it. Everyone else could.

I don’t think you need to be a network engineer to figure out where to problem lies here.

So I called Optus Tech Support and spend several frustrating hours over several frustrating calls, during which I was asked to reset my cable modem (clearly not the problem) and numerous other diagnostics that were also clearly not the problem. The Traceroute told the story, terminating in a black hole of Optus servers.

Optus eventually told me that their system had flagged my blog as having “malicious content”, but were unable to tell me exactly what that meant or identify the algorithms that might be flagging it. Nor could they suggest how to fix it, other than just wait until something might change.

On my second call to Tech Support I escalated it to a supervisor who was rudely insistent that the problem was not with Optus, and denied that Optus was blocking anything, which completely contradicted the information I was given on the previous call. I think that’s a technique used to just get the customer off the line, called Making Shit Up.

The battle continues. It’s no wonder so many people dislike Optus.

No Clean Feed!

I spent today, pretty much by accident, at a forum-style discussion of the issues surrounding the Australian government’s proposal to filter the Internet access of all Australian citizens.  I say “by accident” because the invitation to attend an “Internet Filtering and Censorship Forum” appeared in my email a couple of weeks ago, and without reading it too carefully, I thought it was going to be an educationally focused discussion about the filtering issues that schools face.  That would have been useful and interesting, but I didn’t realise that the discussion would actually be centred on the bigger issue of the Australian government’s proposed Internet filtering scheme.  I’m glad I went.
Look, there is no argument from me that we need to keep our children safe online.  We absolutely need to protect them from the things that are clearly inappropriate, obscene or undesirable.  I remember the first time I realised my son had seen things online that I didn’t think he should see, and it’s a horrible feeling.  But this proposal by Senator Stephen Conroy (the Minister for Broadband, Communications and the Digital Economy) is unrealistic, unworkable, naive and just plan stupid.

Let me put you in the picture.  In the leadup to the last Australian federal election, the Australian Labor Party (then in opposition) made a series of promises to try and get elected (as they do).  One of those promises revolved around a deal done with the powerful Christian Right, in which the Christian Right essentially said “we will give you our preference votes in exchange for you promising to put ISP-level Internet filtering in place”.  The Labor party, in a desperate attempt to get elected, said “yes of course we will do that!”.  Well, they went on to win the election and now they are in the unenviable position of having to meet an election promise that is just plain stupid.  The minister in charge of all things digital, Stephen Conroy, is either the most honorable politician at keeping his promises or the most ignorant, pigheaded, obstinate politician I’ve come across.  I suspect a bit of both.

The plan is to legislate for all Australian Internet Service Providers to supply mandatory content filtering for their customers, at the ISP level.  This would mean that every Australian ISP would have to maintain whitelists and blacklists of prohibited content, and then filter that content before it gets to their customers.  It means that every Australian internet user would have a filtered, censored, internet feed, removing any content that the government deems inappropriate.  Many comparisons have been made to the filtering that currently takes place in China, where the Chinese government controls what their people see.  I don’t think it’s quite that bad (yet), since the Australian proposal is only only really talking about blocking content that is actually illegal (child pornography, etc) but the fact is that filtering is a non-exact science, and there is little doubt that there will be many, many webpages that get either overfiltered of underfiltered.  Those of us in the education sector who have been dealing with filters for years, know exactly how frustrating this can be.

The forum today, which was held at the Sydney offices of web-savvy law firm Baker and Mackenzie, raised many important issues surrounding the filtering proposal.  There were many experts in the room from organisation such as the Electronic Frontiers Australia, the Internet Industry Association, the Law School of the University of NSW, the Brooklyn Law School, the Australian Classification Board, the Inspire Foundation, and many others.   Many of these organisations had a chance to make a short presentation about their perspective on the government’s proposal, and there was a chance for some discussion from the larger group.  It was a great discussion all round.

This is a big issue.  Much bigger than I realised.  I’d read a bit about it in the news, but hadn’t given it that much thought.  On the surface, a proposal to keep children safe and to block illegal content seems like a reasonable idea.  In practice, it is a legal, political and logistical nightmare.

Here are just a few of the contentious issues that the Conroy proposal raises…

What are we actually trying to achieve? What do we really want to block? Stopping kids getting to a few naughty titty pictures is quite a different proposition from preventing all Internet users from accessing pornographic content. Are we trying to just protect children, or are we trying to prevent adults from seeing things that they ought to be able to have the right to choose whether they see or not?  The approaches for achieving each of these goals are probably quite different.

Who will make the decisions about what is appropriate or not? There are many inconsistencies in the way the Classification Board rates content.  There have been numerous examples where something that is rated as obscene is later reviewed and found to be only moderately offensive.  Who decides?  Why should a government be allowed to make decisions about what people are allowed to see or not see.  In Australia, unlike the US, we do not have a constitution that guarantees a right to free speech, so we cannot even use the argument that our government has no right to control what we see.  They can, and they are trying to enforce it.

Won’t somebody think of the children! Sure, filters are designed to keep children safe.  We all want that.  But what if I’m a childless couple?  If I have no children in my household, why should I have to be filtered and restricted for content that is aimed at adults?  As an adult, I should be able to access whatever content I like, including the titty pictures if that’s what floats my boat.  As an adult, I don’t need the government telling me what I can and can’t access online, especially if it has nothing to do with children.

How do you filter non-http traffic? Traffic moves around the internet using all sorts of protocols… ftp, p2p, https, email, usenet, bit torrent, skype, etc.  I was told by a reliable source today that there are hundreds of different internet protocols, and many new ones are being created all the time.  Filters generally only look at regular http traffic (webpages) and will therefore have little chance of catching content that uses other protocols.  Usenet News Groups are a huge source of pornographic material, yet they will be unaffected by the proposed filters.  There is nothing to stop child pornographers exchanging content over peer-to-peer networks, bit torrent, skype or even as email attachments…  and these would all go undetected by the filters.

Do we bend the trust model until it breaks? Although the http protocol is pretty easy to inspect for its contents, the https protocol is not. The https protocol, otherwise known as Secure http, is the same one used by banks, online merchandisers and so on to facilitate secure online ecommerce transactions.  Sending traffic via https instead of regular old http is trivial to do, so one would expect that if the filters eventually happen, then the child pornographers will just start to transmit their stuff using https instead.  This will lead to one of two possible situations…  either the filters will continue to ignore http traffic (as they do now) and the pornographers carry on with business as usual making the whole filter thing pointless; or instead, the people who create the filters get smart enough to come up with a way to inspect https traffic as well.  As clever as this might be, the whole idea of https traffic is that it is encrypted to the point where the packet contents cannot be seen.  To design filters that were smart enough to inspect encrypted packets, would, if it happened, also break the entire trust model for online ecommerce.  If https packets could be inspected for their contents there would be a major breakdown in trust for other transactions such as Internet banking, ecommerce and so on.  Would you give your credit card details if you knew that https packets were being inspected by filters?

Computers are not very good at being smart. There is no way that all Internet content can be inspected by human beings.  It’s just too big, and growing too fast.  There are about 5000 photos a minute being added to Flickr.  About 60,000 videos a day being added to YouTube.  There are thousands of new blogs being started every month.  Content is growing faster than Moore’s Law, and there is no way that content can be inspected and classified by humans at a rate fast enough to keep up with the growth.  So we turn to computers to do the analysis for us.  Using techniques like heuristic analysis, computers try to make intelligent decisions about what constitutes inappropriate content.  They scan text for inappropriate phrases.  They inspect images for a certain percentage of pixels that match skin tones.  They try to filter out pictures of nudity, but in the process they block you from seeing pictures of your own kids at the beach.  Computers are stupid.

The Internet is a moving target. The Internet is still growing much too fast to keep up with it.  There are new protocols being invented all the time.  Content is dynamic.  Things change.  If I have a website that is whitelisted as being “safe” and ok, what’s to stop me from replacing the content with images that are inappropriate?  If just the URL is being blocked (and not the content) then that makes the assumption that the content will not change after the URL is approved.  A website could easily have its content replaced after its URL is deemed to be safe.

The technical issues are enormous. The internet was designed originally to be a network without a single point of failure.  When the US military built the Internet back in the late 60s, its approach was to build a network that could route around any potential breakdowns or blockages.  Yet when the filtering proposal is mapped out, the Internet is seen as a nice linear diagram that flows nicely from left to right, with the Cloud on one side, the end user on the other and the ISP in the middle.  The assumption is that if you simply place a filter at the ISP then all network traffic will be filtered through it.  Wrong!  The network of even a modest sized ISP is extremely complex, with many nodes and pathways.  In a complex network, where do you put the filter?  If there is a pathway around the filter (as there almost certainly will be in a network designed to not have a single point of failure) then how many filters do you need to put in?  It could be hundreds!  The technical issues facing the filtering proposal are enormous, and probably insurmountable to do effectively.

Filters don’t work. The last time the government issued an “approved” filter (at the user end) it was cracked by a 13 year old kid in minutes.  We were told the inside story of this today and some say that this was an unfair claim since the kid was given instructions by someone online, but the point remains that the filter was easily cracked.  Over 90% of all home computers run in administrator mode by default, so cracking a local filter is just not that hard.  Schools that filter will tell you that students who really want to get around the filters do so.  They use offshore proxies and other techniques, but filters rarely stop someone who really wants to get past them.  All they do is hurt the honest people, not stop the bad ones.

Australia, wake up!  Conroy’s plan is a joke.  It’s an insult.  It’s nothing but political maneuvering to save face and look like the government is doing something to address a problem that can’t be effectively addressed.  Conroy is doing all this to keep the Christian right happy in exchange for votes. He won’t listen to reason, and he won’t engage in discussion about it. He is taking a black and white view of a situation that contains many shades of grey.  The problem of keeping our kids safe online is important and needs to be addressed, but not like this.  Please take the time to write to him and tell him what you think. Don’t use email, it counts for nothing (even if he is the Minister for Broadband, Communications and the Digital Economy!)  Write to him the old fashioned way… it’s the only format that politicians take any notice of.

The irony of the underlying politics and the involvement of the Christian Right is the disgraceful history of child abuse by the Church… Catholic, Anglican, you name it.  There is case after case after case of children being abused and taken advantage of by priests and other religious clergy.  If Senator Conroy is serious about “evidence based research” and wants to legislate against the most likely places that children get molested and abused, maybe he should be doing something about putting “filters” on the catholic church.  Or what about banning the contact of small children with older family members… because statistically that’s where most child molestation takes place.  Stupid idea?  Of course it is, but it makes more sense than trying to impose a mandatory “clean feed” of Internet access for all Australians.

It’s a complete joke and a bloody disgrace.