breaking PICS in NS4.06
Dan Lester
dan at 84.com
Thu Aug 20 13:53:24 EDT 1998
NOTE that this Wired article has permission for redistribution....see
text/copyright notice at end of article.
dan
Filtering Out the Filters by Chris Oakes
A 20-year-old college student took a stand against what he felt was Net
censorship on Tuesday, and his protest took the form of code.
University of Massachusetts student Brian Ristuccia posted software on his
Web site designed to disable a Netscape browser feature that allows parents
and others to block certain sites from view.
"I think the only surefire way of not seeing content on the Net you don't
want to see is by not going to [it]," he said. "No amount of technology
is ever going to be the substitute for common sense."
Ristuccia targeted the first implementation of a site-blocking feature in
Netscape Communicator 4.06, called the Platform for Internet Content
Selection, or PICS.
Using PICS, a parent, librarian, teacher, or employer can deem Internet
sites inappropriate on a particular browser. The feature uses a
password system to prevent users from disabling PICS.
After tinkering with his Unix version of Communicator, Ristuccia found he
could edit the browser's preferences file and easily override the
password scheme. Since making the modification is too tricky for some users
or may not be technically feasible, Ristuccia posted a script to do
the work automatically. The trick works on Unix, Windows NT, and Windows 95,
but he said it had not been tested on either a Mac browser or Microsoft's
Internet Explorer.
Ristuccia had already created a proxy server that, if visited before the
blocked sites, allowed users to view "censored" content. He posted the code
for the server software so others could establish other filter-defeating
proxy servers, he said.
Netscape has not verified Ristuccia's claims, said product manager Edith
Gong. If they are true, she said, the vulnerability doesn't necessarily
amount to a flaw. If it is verified, she said, Netscape would address it by
informing customers about preventing changes to preferences or by providing
browser updates.
Gong said that in supporting PICS, Netscape "is saying ... 'Look, it's an
optional feature in the product. If you want to control sites, it's your
choice.'"
Even optional filters don't sit right with Ristuccia. PICS, and related
software can be used to censor political and religious views, he said. "It's
a full-fledged censorship tool."
Barry Steinhardt, president of the Electronic Frontier Foundation and former
associate director of the ACLU, agreed. Ristuccia's move spotlights
an important freedom of speech issue in the Internet age.
"I'm not saying individuals should be prohibited from using [PICS and
filtering software] for personal use," said Steinhardt. "But its use in
public institutions like libraries is inappropriate and, I think,
unconstitutional.
"[Ristuccia] has identified our greatest fear, which is that these protocols
will be used by libraries, by schools -- by government in general -- to
censor information."
Wired Copyright Notice
Copyright © 1993-98 Wired Ventures, Inc.
Compilation copyright © 1998 HotWired, Inc.
All rights reserved.
This article is copyrighted by Wired Ventures, Inc.
and may be redistributed provided that the article
remains intact, with this copyright message clearly
visible. Under any circumstances, this article may
not be re-sold or re-distributed for compensation of
any kind without prior written permission from
Wired Ventures, Inc.
If you have any questions about these terms, or
would like information about licensing materials
from Wired or HotWired, please contact us via
telephone (Wired: +1 (415) 276 5000; HotWired:
+1 (415) 276 8400) or email info at wired.com or
consent at hotwired.com.
HotWired is located on the Web at
http://www.hotwired.com/.
"Wired" is a trademark of Wired Ventures, Inc.
"HotWired" is a trademark of HotWired, Inc.
--
Dan Lester, 3577 East Pecan, Boise, ID 83716-7115 USA 208-383-0165
dan at 84.com http://www.84.com/ http://www.idaholibraries.org/
http://library.idbsu.edu/ http://cyclops.idbsu.edu/ http://www.lili.org/
Sent me a postcard of a library yet? You'll get something nice in return.
More information about the Web4lib
mailing list