Wednesday, 19 October 2016

Taboo and privacy...

There are things we all do that are considered private.

Because they are private, and we have a right to privacy, that information is valuable. What people do in private can be used against them and information used to harm them - to extort from them.

We have seen the case of the Ashley Madison leak where people committed suicide, and marriages were ruined.

But the UK government is trying to create a system that will put in the hands of companies the details of the private sexual preferences of a lot of the adults in the UK.

They are proposing a system of "age verification" for access to pornography web sites, and such a system can only serve, by some means, to associate a real life identity of an adult with a sexual preference.

That data will be valuable, and will be hacked or leaked, and there is no doubt about that.

And why? Well, to reduce the risk of children accessing porn. Even though the filtering of porn sites is standard on so many mobile and fixed internet access in the UK, this is a step to go further.

Personally, in my opinion, this is silly. Young children have no interest in porn, and existing filters, and safe search and parental controls, stop access. Older children, teenagers, will find a way to access porn regardless. There really is no need for any change in this.

I am lucky - I am not in any sort of sexual minority as far as I am aware, liking conventional straight sex, and watching porn of such occasionally. But a lot of people would not be prepared to say that, and a lot of people are "in to" something more controversial. For a lot of people their sexual preferences can be a financial or political level and create a lot of problems.

Why is the UK government so keen on such a system - who knows. From news reports it is MPs that may have the most to fear from such a system.

Of course, any such system, will be flawed, and foreign sites will ignore these new laws as proposed. Kids of any age will have no issue accessing porn. But adults - normal people - will have their sexual preferences profiled and logged and hacked and abused.

Not a law yet, but close - the Digital Economy Bill - it is happening now.


  1. What would actually be useful is legislating that UK websites include HTTP headers indicating whether the content is porn - that would be very helpful to the web filters. There are even standards to do this, but no one bothers to use them.

    Sites like Tumblr and Twitter are a big problem for schools, since you end up with porn mixed in with useful content, and often virtually impossible to filter one without also blocking the other.

    (Disclaimer: I run Opendium, who supply online safety systems to schools. I certainly support freedom of speech, and am under no illusions that kids will go out of their way to find this stuff. Keeping an eye on what minors are doing is important too though.)

    1. It doesn't work to try to label "porn" because there's no consensus as to how to define it. A US Supreme Court even said as much if I recall correctly.

      Speaking of the US, did you know the _idea_ of conception was considered obscene there just a century ago? Not movies of using a condom, or even a diagram in a textbook, but just explaining the idea of using technology (drugs, physical barriers, anything) to prevent pregnancy was considered an obscenity and prosecutable.

    2. > It doesn't work to try to label "porn" because there's no consensus as to how to define it.

      There may not be consensus, but that has not stopped a definition from appearing in the bill:


  2. Aaah but maybe it's more insidious...

    Foreign sites will ignore it, so they now have "justification" to ban foreign sites. It's a method to expand the blocking, to make the thin end of the wedge slightly thicker.

    We have to block these sites as they break the law. It's only a matter of time until people get used to seeing a page saying "THIS SITE HAS BEEN DECLARED BADTHINK BY GOD EMPEROR MAY". Then she can roll that page out to more and more sites.

  3. As a tech-head, I'd prefer to see the UK say that accessing a site via a `` domain (or equivalent) permits the site to assume that it's being viewed by an over-18, and is an affirmative defence to certain types of legal action relating to obscenity and pornographic content.

    It's not challenging to configure a web server to only serve the "real" content to users with a suitable `Host:` header, and to serve an inoffensive "we're a porn site at - use a modern browser to access us" page to users without such a Host: header.

    It's also not hard to then have parental control systems prevent browsers from even thinking about accessing domains, and for networks to block DNS lookups for, preventing accidental access.

    If you really wanted to go to town, you could also require that anyone hosting an domain put it on an IP address that's only shared with other hosts, and had to publish the IP blocks in use for porn in a central registry, making it trivial to blackhole route them (if the registry says "2001:db8:0:69::/64 is used for domains", you put an unreachable route in for 2001:db8:0:69::/64).