Senator Stephen Conroy jumped the gun by 107 days, announcing that the Government would table legislation to mandate filtering of RC content hosted outside Australia during the autumn 2010 parliamentary sittings.
Depending on the technology, you can bypass the filter by changing your DNS servers, using an encrypted VPN service, or installing Tor (among other solutions). But some of these workarounds can take up to 60 seconds to set up. And using an encrypted tunnel, like a VPN or Tor, will slow your access while you’re using it.
Thankfully, you can also bypass the proposed mandatory filter more conveniently. Just add ?NoCleanFeed or &NoCleanFeed to the end of the blacklisted URL. If the URL doesn’t already contain a ?, add ?NoCleanFeed to the end. If it does contain a ?, add &NoCleanFeed to the end.
For example, if you try to access www.bannedsite.com/page.htm, but you’re blocked, try accessing www.bannedsite.com/page.htm?NoCleanFeed.
If you want to watch a YouTube video that was deemed too shocking for Australian citizens, like www.youtube.com/watch?v=tMiEagk2qN8, you can just try www.youtube.com/watch?v=tMiEagk2qN8&NoCleanFeed instead.
Why It Works
The proposed mandatory filter is to block individual pages containing RC content, and only those pages. It will not block all traffic to a particular IP address or to a particular website. That is, when www.youtube.com/watch?v=tMiEagk2qN8 is inevitably blacklisted as RC content, access will only be blocked to that URL, and not to any other page on www.youtube.com.
That means that you can still view Government-approved YouTube videos, like www.youtube.com/watch?v=03OJvZhU-3M.
To get that result, the filter must block access only where the host and path in the URL (the part before any ?) and the query string (the part after any ?) all match the blacklisted URL. If the filter blocked access where only the host and path matched, all YouTube videos would be blocked when any YouTube video was blacklisted because the host and path for all YouTube videos is the same (www.youtube.com/watch).
Web servers, however, normally ignore unrecognised query string parameters. For example, YouTube looks for a v parameter, which contains the ID of the video to play. You can also optionally specify a fmt parameter to specify the desired video format. And there are several others that YouTube understands. Changing these parameters will change the page that YouTube returns.
But if you pass YouTube a parameter in the query string that it doesn’t recognise, like NoCleanFeed or some other arbitrary string, it will just ignore it, and display the same content as if it were absent. But since the URL is no longer the same as the blacklisted URL, the filter won’t block it.
The same is true for most other web servers. For example, try www.google.com/search?q=test and www.google.com/search?q=test&NoCleanFeed. You should get the same page both times (though ads and other dynamic content may change).
When It Won’t Work
Most servers will ignore unrecognised query string parameters, but not all will. Where the server doesn’t ignore unrecognised parameters, you may get an error or an unexpected page. In that case, you’ll have to fall back to one of the other methods for bypassing the filter.
And, of course, if all else fails, you can still send your favourite RC content by carrier pigeon. It’s faster than Australian Internet access anyway.
{ 6 comments… read them below or add one }
there’s an opening here for a bookmarklet…
So simple, so effective. Excellent!
I don’t know why I didn’t think to include a bookmarklet. I’ll update the post with one as soon as I have a few minutes.
The government is stupid. If you’re going to waste my takes doing something inane, do it properly.
So basically if you set your own DNS servers (takes about 10 seconds to do) the filter no longer works? Why bother with this filter? Why bother making it manditory and not opt-in? This is just stupid Conroy.
@Peter: That depends. Some filters work by sending clients the IP address of the filter server when a client makes a DNS request that relates to blocked content. For that to work, the client has to be configured to use the filter’s DNS server. And changing the DNS configuration on the client circumvents this type of filter.
However, there are other filtering technologies that don’t rely on DNS spoofing. The best of these relies on BGP. It redirects traffic to IP addresses that host blocked content so that that traffic passes through the filter. The filter then analyses that traffic and decided whether it is meant to be blocked. Traffic to IP addresses other than those hosting blocked content never even passes through the filter.
Because that method doesn’t rely on DNS spoofing, you can’t bypass this method by changing the DNS configuration on the client. But you can still circumvent the filter by using a VPN service, Tor, or the method described in this post.