Sky blocks Newzbin, important legal and technical questions need answering

Richard Clayton richard at
Wed Dec 21 12:23:29 GMT 2011

In article <CAEWR3kuTD=ZwDa4Ey1QrHeVc3OpF7Mxx8VSu5XsmzP3=Rgy1GA at mail.gma>, Francis Davey <fjmd1a at> writes

>No, that's not how it works (as I understand anyway). First there is a
>filter on IP addresses, then those that match the IP list are passed
>through to a proxy that filters on specific URLs.

That's a correct description of BT's "CleanFeed" ...  in fact all of the
UK ISPs who filter out sites on the (ever-decreasing) IWF list currently
operate two stage systems with URL-specific proxies; they differ in how
they arrange for traffic to reach those proxies.

>> Further, the BT injunction is not limited in time either, is it?
>Yes - though there is liberty to apply if circumstances change (and
>third parties have a right to apply for variation if they are

An important part of the injunction is that if Newzbin moves (for
example to another IP address or hostname) then the movie studios can
tell BT the new location and BT will add that to their CleanFeed

... AIUI (from private conversations) the rather patchy blocking so far
has been due to some IP address mobility by Newzbin -- but that changes
of what resolves to will now be tracked rather more
promptly; and I am certainly hearing that blocking is rather easier to

Note that the blocking is solely on port tcp/80, so changing "http" to
"https" is sufficient to entirely evade the BT scheme.

Other ISPs generally use a DNS poisoning approach, so if you are one of
these other ISPs then using an alternative DNS server (eg Google's, or even BT's recursive resolvers (which are currently openly
available for general use!)) will prevent your traffic reaching the
other ISP's proxy, and there will be no blocking. On these other ISPs,
https will probably also evade blocking.

>> generic blocking mechanism... The judge made no assessment of the
>> rights of privacy of BT's users as a whole, merely he was "satisfied"
>> that the curtailing of Art. 10 rights was proportionate. For example,
>> I wouldn't be surprised if Cleanfeed logs every referral regardless of
>> whether that referral is subsequently blocked.

BT have generally avoided generating any logs on the CleanFeed system so
that they do not have to deal with the policy and PR issues involved if
they were approached by Law Enforcement asking for copies of the logs.

However, they do seem to have some anonymised information (useful I've
no doubt for troubleshooting when systems fail).

They have in the (rather distant) past reported on the total number of
accesses that pass through their proxies -- the numbers were absurdly
high, probably because of the complexity of the pages accessed
(rendering a single page can often involve dozens of HTTP accesses)
combined with the use of banners from bad places on (relatively) good
sites -- and of course various prefetch mechanisms.

>Hmmmm. BT almost certainly have to log traffic data and then have to
>destroy it after a fixed period of time under the data retention
>directive. I'm not sure what Cleanfeed logs or may lawfully log. 

There is no statutory obligation to log traffic on a web proxy.

>is where Richard Clayton would be useful to us.

I do my best :)

>All moot though since https appears to get around the block (if not,
>I'd be interested to know, I'm taking a particularly keen interest in
>website blocking at the moment).

I understand (again from private conversations) that the ineffectiveness
of CleanFeed has been noticed by the movie studios. We may see them
suggesting that IP-based blocking would be more effective (it's still of
course straightforward to evade, but not inanely so). I wonder how that
will square with the judge's view that he didn't actually care if the
mechanism works in general provided that it blocks just one view...

richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
URL: <>

More information about the ukcrypto mailing list