Think of the children!

I just read a rather odd story in arstechnica, on Starbucks banning porn on their free wifi.

Now, please, don't get me wrong. It is crazy that anyone would be watching porn on a phone or device in a McDonalds or Starbucks. That is just daft and nonsense.

It is pretty much as crazy that someone would sneak a porn magazine in to such a venue and "read" it there.

Now, I am not saying there are not crazy people out there, sorry, but there are, and they could do either of those, or strip naked and run through the store, or whatever. Shit happens, but I really do not think this is an issue that needs any special technical measures like blocking porn on the wifi.

It is totally pointless.

But, what is the down side? There are many!
  • Once you have technical measures to block some types of content it becomes easy to block other content, and this can be added with far lower levels of justification and almost no costs. How long before Starbucks blocks access to Costa's web site? What about blocking some political web sites?
  • Once you try and block something it is quite hard to do it right and "catch 'em all". The WiFi cannot be assumed to be "safe" by parents letting kids use the wifi, but they may assume it is.
  • Once you try and block something it is quite hard to do it right and not over block. We see a lot of over blocking were legitimate web sites are blocked by mistake. This makes the wifi less useful, inconvenient even, and is bad for PR. The blocked web sites have big issues knowing they have been blocked and getting the block removed as they have no contract with Starbucks.
  • This does not stop someone accessing porn! Lots of people use VPNs on public wifi, and can then access what they like. So this is bad PR if someone is accessing porn on a device on the wifi in Starbucks after they claim to have blocked it.
  • Obviously someone could take porn on paper or stored on a phone or device or use 3G or 4G, and access it without the wifi being involved. Again, bad PR.
As I say, who the hell would access porn in a Starbucks? Well, if you make publicity over this there are slightly more people that will! This is because you have now increased the pool from just the nutters to people that deliberately want to create bad PR for them. There are many of those, some cross over the way companies pay tax, etc. People that will create embarrassing scenarios, using the supposedly "safe" WiFi to do it, just to cause bad PR for Starbucks.

One could even be cunning, find a site not blocked (or create one using a proxy) and then use DNS injection on wifi to cause people's phones in a Starbucks to actually serve up porn sites when people try to access normal things like Facebook. Technically easy, and really really bad PR!

And all of this flies in the face of net neutrality and may not even be legal in such places under EU or US laws.

When will people learn, communications systems are neutral (or should be), and they are not there to filter or police what people communicate. We understood this for the postal system for hundreds of years - even having laws to prohibit interference. Most people understand it with telephone - not filtering what people say on the phone. Why do people think it is any more sensible, useful or reasonable to think of filtering communications over IP?


  1. Nothing new for McDonald's in the UK. They are the only place I have ever seen a "Family Friendly Wi-Fi" sticker, and that was after I went looking for one for a photo for a presentation.


  2. In terms of legality under the Open Internet directive (http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32015R2120&from=EN), the rules in Article 3 apply only to Internet access provided by "publicly available electronic communications service" - and, for reasons I have yet to fathom, BEREC has (seemingly) carved out restaurant / shop Wi-Fi from this definition in its draft guidelines (http://berec.europa.eu/eng/document_register/subject_matter/berec/press_releases/6082-berec-seeks-views-on-guidelines-to-implement-new-net-neutrality-rules). These are under consultation, and may change, but this would be quite a significant shift in terms of the position in the UK.

  3. We here at $Bookmaker_A provide free WiFi, and like many (most?) free WiFi providers, require customers to register in order to use it. They can log into it with a customer account ID, or they can fill in a typical form that requires name, email address or phone, with the default 'spam you? []' ticked, and a 'I am 18+ years old []' unticked.

    Access to the company website is possible without registration, but even with registration, access to a whole number of sites is blocked. You cannot, for instance, compare odds between bookmakers, because $Bookmaker_B (...$Bookmaker_Z) sites are all blocked, plus a number of other sites.

    I recently went looking for information on scottish banknote security features, as we get quite a few down this way due to the nature of one particular local employer, however access to all bank sites is blocked as the site is categorised as 'Finance'. Well, Duh, but why block it?.

    The usual plethora of other sites are blocked due to miscategorisation. YouTube and iPlayer and similar are blocked to keep traffic down, as most shops are connected to the BackOfBeyond exchange on ancient copper which might, at a push, manage 1Mbit on occasions.

    It's quite clear that the blocking process is based on categories, and entirely automated and outsourced, as every now and again, we can't reach our own company websites, because they get blocked as 'Gambling' until presumably, someone manually mangles the blocklist to include $Bookmaker_A.com

    The local bus companies have a 4G-based onboard WiFi network, but using it requires 'Free' registration, and I generally can't be bothered to fill out the form (or remember the obviously bogus details I entered into it last time*) so I generally give up and go back to 3G.

    At least the bus company doesn't block the sites belonging to the other competing bus companies, so you can still plan your journey and find timetables if your trip takes you over both company's networks.

    *Well, who knows what they are doing with that data, and the internet connection records that the session linked to that login is generating, possibly in line with future legislation, but more likely for data mining and marketing.

  4. I am usually completely with you net neutrality. there should be no *government mandated* blocking or lists.
    However, where a company is providing a communications service (particularly a "free" one, but I do not think that actually matters) and is not a monopoly (e.g. users can use their mobile or go to another cafe) then it is that companies right to allow, or block any website or service they see fit, and it is up to the customers to decide whether the service fits their needs.

    I just can't see this as a net neutrality issue.

    1. Out of interest, would you be happy if that filtered, limited, service was described as "Internet access", or would you want it described truthfully as "restricted Internet access"?

    2. If it allows my VPN I don't care what else it blocks. If it doesn't I won't be using it anyway.

    3. Hi Neil, an interesting question.

      For me it comes down to. Am I in contract/paying for it or not?

      If I am paying, I would want it described as "restricted".
      If it was free, I am therefore a guest and I would have to accept it was their rules or go.

      My analogy would be it like renting a house, or being a house guest.
      If you're renting you would want to know everything beforehand the electric only works 1 hour in every 4 and the shower is cold water only.(or if your service gets worse, you have a right to complain then too)

      If you're a guest, you either graciously accept whatever problems there are, or leave.

    4. It's a tricky one. My sense would be that, while the Wi-Fi is provided with direct charge, it is clearly part of the shop's economic operation, as with anything the shop advertises, it needs to be advertised truthfully.

      Although, actually, while I'm approaching it from the perspective of "if it is restricted, it should say so", as I don't want to spend money as a patron only to find that my VPN is blocked and I can't connect securely, I suspect that, from a shop's perspective, they are more likely to attract customers (with children, at least) if the Wi-Fi *is* filtered — and so, advertising honestly aside, it is probably in their commercial interests to be clear that it is filtered!

  5. Neil,

    "it is clearly part of the shop's economic operation" I have to concede that is a very good point.
    I guess I see "free" Wi-fi as a bonus, I do not generally go to places *only* because they offer free Wi-fi over a competitor, and expect that almost everyone these days would have access to mobile data should they *need* it (rather than just to kill time drinking coffee browsing BookFace).

    As you say, it's generally a good idea to be up-front about any service you offer your customers. Customers finding out and then complaining about, restrictions on any service provided is always an extra headache that any operation can do without.

    I still feel (as a personal opinion) that I thoroughly expect any open wifi would be filtered and restricted anyway, and use a VPN as a matter of course (or put up/move on if VPN is not allowed).

  6. Late to the party on this one, I know...

    I was travelling with Great Western Railway (a FirstGroup company) last week. I noted the WiFi on their regional-express services is provided by Icomera, which is different from the supplier on the high-speed services (unclear who provides that). The "signup" form (which was quite happy to accept a NXDOMAIN email address) noted that pornography was banned on the service. First time I'd seen a notice like that, so decided to prod.

    Turns out the blocking was entirely DNS-based - and was proudly proclaiming OpenDNS had blocked the service based on 'my' preferences.

    The big fail, of course, was that the wifi service was very happily proceeded to let port 53 to through. Problem solved.

    1. The joys of GWR's Wi-Fi. What gets me about it, at least on their high speed services, is that they set to their own DNS, then redirect to gwrwifi.com for the login page. Except they do not own gwrwifi.com, and just have a local DNS entry to redirect it to an (internal, I believe) IP. Not so bad when it works, but if the redirect should fail, and someone tries to visit the site manually, and is accidentally not connected to the on-train Wi-Fi, it resolves to a spam domain which serves up malware.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

TOTSCO changing the rules again

One of the big issues I had in initial coding was the use of correlationID on messages. The test cases showed it being used the same on a se...