Thursday, October 22, 2009

You Already Knew This, In Your Heart You Knew This

Somebody confirmed today that all HTTP internet traffic coming into Singapore (that is those that address Port 80) gets routed to a proxy server in the bowels of the Media Underdevelopment Authority, where content is monitored by a near infinite array of men in dark brown suits staring through oblong magnifying glasses at small TV monitors. (Hey, looking for a job? MDA is hiring TODAY!)

The port is the default for HTTP, and set by the site you visit so there is nothing you can do about it. HTTPS, secure sites, use Port 443 for example. They don't get screened.

So if you're in Singapore and your address bar starts with "http://" then you're not the first person to browse this page today...

Several pron sites are blocked already. My favorite ones are still working, thankfully. But for who knows how long?

And who know what they'll block next? That rabid socialist Rupert Murdoch's The Far Eastern Economic Review? Oops, no point in doing that, it's almost gone anyway.

So... Hmm. Does anonymous browsing actually work? Do they know where the page is going???

Somebody who knows more of how these things works might like to elaborate.

Meanwhile, I'm re-reading 1984 and re-watching Brazil on my new TV. (Retail price $3299, E@L price $600 - have I mentioned this already?)



Skippy-san said...

So you are saying that by working for MDA, I could have a job: In Singapore; where it would be my job to surf porn all day.

Where do I sign up?

Of course its probably like being a gynecologist. For every great one you get to see, you have to see four that are hideous.........

expat@large said...

Skip: mmm now you point out what I said, I'm convinced! Where do WE sign?

BTW when I say "new TV" I mean "ex-demo stock TV"...

dibabear said...

Yep, it's quite transparent to you. Using something called WCCP a router fobs all web requests to a special caching server. Said server logs the request and fetches the page returning it to you. The logs can then be trawled looking for questionable web pages.

The concept (transparent caching redirect) started as a way to save bandwidth back before there was fiber everywhere. Then someone figured out you could log this stuff for forbidden content.

I once had a job as you describe where I'd review the cache reports in the morning to weed out any false positives. On the ones where I just wasn't sure I had a Sun workstation with unfettered access so I could check the questionable site.

While it might sound like a dream job, as Skippy points out there's a downside. I thought I was pretty worldly until I got that job. Did you know that there are sites out there that showcase women with nasty surgical scars? Or women with more body hair than sasquatch? There are and while I did that job it was the anti-viagra.

One funny highlight though was a military exercise. The commander, one of those ultra-christian types, called demanding I block access to pron and other illicit sites. Every morning I'd pull the logs, update the forbidden list and go about the rest of my day. The first days they were relatively tame sites, nothing (much) to see there. By the 10th day they were starting to cruise the hard core gay sites. I told the commander (who was a right pain in my arse in his own right) that they'd better call off the exercise because the boys in the foxholes were starting to look good to each other.

Anyone who thinks that they are anonymous to big Sino-Malay brother on the internet are deluded.

(And apology for the length...thought you'd like the story though.)

expat@large said...

Diba: no don't apologize, that was excellent!

Unknown said...

Anonymous browsing works but only in two scenarios:

1) you are using SSL (https://somwwebsite) to access. Encrypted content is really hard to re-direction on because the keys are known only to you and the real server. It's not impossible but not easy either.

2) if using an anonymous server the server would have to be upstream of the MDA server doing the monitoring [b]and[/b] if MDA are not doing deep packet inspection.

If all the MDA are doing is logging the http: destination request then all they will see is the URL to the anonymous site. If, however, they are checking the packet payload or there is any redirection involved then big Sino-Malay brother will see your request to or whatever.

expat@large said...

Jay: that's again what I had assumed... cheers for that.

Free Podcast

Related Posts with Thumbnails