[ogWiFi] Restrictions to public sites via ogWifi

[Jean-Pierre Fiset]

I am not advocating nor am I in favour of content filtering. I do not do 
it, and I wish nobody would. This is my personal opinion and is 
independent from the position of ogWifi, as a community group.

Do I think ogWifi should endorse content filtering? No, I do not. In 
fact, I think ogWifi should be content neutral. I do not think that 
anyone on this list would disagree with this perspective.

I believe that ogWifi benefits the community in a couple of ways:
- volunteers are working at deploying hotspots that are freely available 
to the community
- volunteers are helping owners in operating the hotspots using best 
practices, etc.
- as a group, we help the community with WIFI issues

In the second bullet, we must remember that what is readily apparent to 
those subscribed to this list might not be obvious to hotspot operators. 
Many hotspot owners are good business people with vast knowledge in 
customer service, know-how in building a brand, managing people, etc. 
However, we often provide a lot of information about network security, 
proper network topology, etc. In other words, this whole Internet stuff 
is often nebulous to the owners.

A case in point, one of the most difficult issues with adoption used to 
be the fear of bandwidth abuse. We have been working hard at setting 
abuse controls to appease those fears. Was it valid to develop the 
support and implement bandwidth constraints? Sure, and for a couples of 
reasons:
- There are abusers on the network (sad fact) and these measures help us 
deal with them. The burden on the volunteers to deal with these issues 
was growing.
- It removes one of the obstacles to adoption. I think this is really 
important (see first mandate)

Now, as we meet with potential hotspot owners, the next issue of concern 
is the use of bandwidth to access content that an owner is not ready to 
stomach. This is not new. For years, people have asked for it. However, 
the most pressing issue was bandwidth abuse. Content filtering remains a 
nagging point.

There are always other ways to deal with improper content, and we try to 
explain this to prospective owners. As with improper magazines, an owner 
can ask a client to refrain from displaying them in their place of 
business. The police can intervene if a client does not comply. Those 
laws are already in place and can be used for improper content being 
displayed on a computer screen. However, there is still the perception 
that one could get in trouble if one's connection was used to access 
illegal information found on the Internet. It is really hard to 
eliminate those fears.

So, after such a discussion, if a prospective owner is still concerned 
about the content being served on his/her connection, what do we do 
then? Should adopt an attitude of saying: "Too bad, so sad!" and let 
them forage for themselves? This hardly seems like an inclusive approach 
and does not help deployment / adoption.

My current opinion is that we should help them select a fair and 
appropriate technology to filter content. That technology should be 
managed by the hotspot owner and not by ogWifi. In fact, any owner or 
ISP can do this without involving ogWifi at all. If I was to recommend a 
technology, I would not want it to be disruptive to the users. By in 
large, ogWifi users are making use of the network in an appropriate 
manner. Most people are using the network to do some browsing and verify 
e-mails. I have not yet come across an instance where a user was 
downloading child pornography via the network.

My concerns in this matter have to do with the users. By not proposing a 
solution, we are missing out on great hotspots. By proposing an 
inadequate solution, we might end up with hotspots that are sluggish or 
unusable.

When, in an earlier e-mail, I proposed the use of OpenDNS, I was aware 
that this is not an air tight solution. First of all, anyone can set 
their DNS to any server they wish. If you are not happy with the DNS 
offered via DHCP, you can select your own. However, accidental browsing 
to seedy sites would be avoided. I like to think that this is a good 
middle of the road solution since it will hardly impact performance and 
take care of most issues. I was turning to the list to see if something 
better was out there.

If you have read so far, I thank you for your patience. I have a lot 
more I would like to say, but my fingers have had enough (it is Friday 
night and I hear something else calling me). Come on out at the meeting 
on Monday night, we can talk about all this behind a beer.

Cheers,

JP

Michael Richardson wrote:
> Doing filtering by DNS is inhierently insecure.
>
> The moment that DNSSEC is turned on (.gov is signed, .se is signed, .ca
> will be this year), then things like OpenDNS will appear like attacks on
> DNS. 
>
> I don't think ogwifi should endorse it.  Some may want to use it, and we
> shouldn't stop them, but they should be aware that it does not provide
> any actual protection against DNS attacks. In fact, it makes them
> easier.
>
>