My ISP is deciding what I can access...

My ISP decided that:

Dear Customer,
We have a legal obligation and a responsibility to ensure that our subscribers are not able to reach sites which are barred by law or that are likely to cause malicious damage to their online reputation or devices.
You have tried to access a site at https://******** which we consider to be harmful.

and that's it.
It's neither illegal not malicious, but it is ISP not I who decides what I can do.
I can appeal, but...
it definitely feels like police state

What do you think?

In reply to a post by bambuko:

My ISP decided that:

Dear Customer,
We have a legal obligation and a responsibility to ensure that our subscribers are not able to reach sites which are barred by law or that are likely to cause malicious damage to their online reputation or devices.
You have tried to access a site at https://******** which we consider to be harmful.

and that's it.
It's neither illegal not malicious, but it is ISP not I who decides what I can do.
I can appeal, but...
it definitely feels like police state

What do you think?

Without knowing what type of site you was trying to get to, its hard for anyone to really comment.

sorry, you are right:

It's a transfer webpage:
https://filetransfer.io

I am guessing that it is not the website but the fact that download data is in.zip format?

I wouldn't mind a warning, at which point I say I know what doing, thank you but get lost.
But to simply stop me having access to files I need is a bit over the top?

Change ISP (unless it’s the legal requirement) or read up on DOH or DOT.

Which ISP? Their legal basis seems pretty weak.

In reply to a post by DrBob:

Change ISP ...

I would but,
a - I worry that most of them behave nowadays in similar manner
b - where I live there are not that many options...

In reply to a post by behuk:

Which ISP? Their legal basis seems pretty weak.

Agree, about legal basis...
that's why I am asking here

https://www.airband.co.uk/

I am on Airband FTTP. I have just clicked on your link only visited ther homepage,, now I wonder if I will get a letter...

Thanks for the warning, I must remember to enable my VPN before visiting "dodgy" sites.

In reply to a post by TimJ:

Thanks for the warning, I must remember to enable my VPN before visiting "dodgy" sites.

Unless I am having senior moment, I don't know what warning are you talking about.
The transfer site I have linked is not "dodgy"

and... I am still waiting for Airband to pull their finger out of their [censored] and reply to me

They shouldn't know what sites you're accessing if it's HTTPS, maybe they can if you're using the ISP DNS servers or they are intercepting DNS traffic somewhere. Look at DNS over HTTPS.

If the 'dodgy' site is the only thing on a certain IP address then that might make it easier, but the message they sent you seems to suggest they know what domain you visited.

Edited by jpm (Tue 25-Apr-23 17:56:52)

I'm sort of guessing here, but it sounds to me that you are talking about Mobile phone operators. not actual broadband providers ?

In reply to a post by jpm:

They shouldn't know what sites you're accessing if it's HTTPS,...

yes, it is HTTPS and site loads fine, it is only when I try to download the transfer file that I get this message.
First time it ever happened (and I am using them a lot)

In reply to a post by kitfit1:

...sounds to me that you are talking about Mobile phone operators. not actual broadband providers ?

no, they are broadband providers for rural location (wi-fi)

Just a sanity check,
using 4G hotspot and my tablet I was able to download the file with no drame...

AIRBAND sucks

and one more thing...
I wondered what this "Whalebone" thing is:

https://www.whalebone.io/

to quote from the blurb:
"...Whalebone is a cybersecurity company developing zero-disruption products for Telcos, ISPs, and enterprises..."

In reply to a post by jpm:

They shouldn't know what sites you're accessing if it's HTTPS, maybe they can if you're using the ISP DNS servers or they are intercepting DNS traffic somewhere. Look at DNS over HTTPS.

I don't think you will find that is correct. Wikipedia states

HTTPS encrypts all message contents, including the HTTP headers and the request/response data. With the exception of the possible CCA cryptographic attack described in the limitations section below, an attacker should at most be able to discover that a connection is taking place between two parties, along with their domain names and IP addresses.

My bold but it needs this information to route the packet so whilst you won't be able to see the contents of a packet you will know the destination without having to do any specific deep packet inspection - just the fact it is going through their routers they will know the domain it is destined for.

In reply to a post by bambuko:

What do you think?

Bin them off. None of their business what you do unless it's a legal requirement to deny you access.

Not a police state, an ISP that seems to think they're either a business dealing with employees where they, rightly, control what the employees do with their network or a school where student Internet access needs controlling.

Would have thought a small ISP would have better things to do than snoop on customers and send them letters but apparently not.

In reply to a post by XGS_Is_On:

In reply to a post by bambuko:

What do you think?

Bin them off. None of their business what you do unless it's a legal requirement to deny you access...

Thanks,
exactly my sentiment... but in the wilds of Devon there are few alternatives available
and those that are, are unlikely to be any better.

In my book it is bigger than one single ISP
How many of them are using similar https://www.whalebone.io/ service?

In reply to a post by ian72:

... just the fact it is going through their routers they will know the domain it is destined for.

that's my understanding as well
but... what are the options to keep them out of my business???

(and I am using them a lot)

There might be your problem... heavy user? have you read their fair use policy?

https://www.airband.co.uk/wp-content/uploads/2016/02...

In reply to a post by bambuko:

In reply to a post by ian72:

... just the fact it is going through their routers they will know the domain it is destined for.

that's my understanding as well
but... what are the options to keep them out of my business???

AFAIK it's not just your business, it's theirs as well, they are legally obliged to keep records of your activity, I suspect in the small print you will have agreed to let them use your data for whatever they want.
The answer will be a VPN, this should mean the ISP can't tell what you are doing, although I would bet on 'others' still being able to view what you do.

In reply to a post by jpm:

They shouldn't know what sites you're accessing if it's HTTPS

Actually, HTTPS *does* reveal the domain name of the site you're talking to, in plain text, as part of the initial TLS negotiation (before encryption kicks in). It's called Server Name Indication (SNI). You'll see it with tcpdump or wireshark.

But more likely, the ISP is looking at DNS logs.

In reply to a post by ian72:

My bold but it needs this information to route the packet so whilst you won't be able to see the contents of a packet you will know the destination without having to do any specific deep packet inspection - just the fact it is going through their routers they will know the domain it is destined for.

At a routing level, they won't know what domain it's destined for; they will know what *IP address* it is destined for. These days, the same IP address can be shared by hundreds or thousands of sites - particular those being hosted on a content delivery network like Cloudflare. So from the destination IP address of the packet, all you can tell is that it's some site hosted on Cloudflare.

This is why you never use your ISPs DNS.
Spread your traffic around a bit. It won't stop tracking but at least it will not be concentrated with a single provider.

Look at using Pihole or Adguard home with blocklists for ads and dangerous sites and set those devices to use root DNS (Unbound) for their own lookups.

You could always add a VPN on top of that if you really want to stop them snooping on you and check with something like doileak.com to ensure none of your DNS lookups bypass the VPN.

Some of you guys (thank you) are suggesting VPN,
as far as I am concerned (feel free to correct me?)
this is not a "solution"

It simply shifts the point at which one can be snooped on,
from ISP to VPN provider...

I am afraid then that there isn't a solution. The domain you are accessing is in plain text - it is how the technology is designed. Without a massive redesign the destination domain is going to be visible by anyone that owns technology in the path.

In reply to a post by ian72:

In reply to a post by jpm:

They shouldn't know what sites you're accessing if it's HTTPS, maybe they can if you're using the ISP DNS servers or they are intercepting DNS traffic somewhere. Look at DNS over HTTPS.

I don't think you will find that is correct. Wikipedia states

HTTPS encrypts all message contents, including the HTTP headers and the request/response data. With the exception of the possible CCA cryptographic attack described in the limitations section below, an attacker should at most be able to discover that a connection is taking place between two parties, along with their domain names and IP addresses.

My bold but it needs this information to route the packet so whilst you won't be able to see the contents of a packet you will know the destination without having to do any specific deep packet inspection - just the fact it is going through their routers they will know the domain it is destined for.

Encrypted SNI in TLS 1.3 prevents the hostname being visible - https://blog.cloudflare.com/encrypted-sni/

Obviously if there's only one site hosted at an IP then you can make a good guess what is being accessed, but if you're making a secure connection to a website hosted behind load balancer infrastructure shared by thousands of other sites, and you didn't make the DNS request to a server that your ISP controls or via a protocol that they can see, then they can't tell what domain you requested.

There are obvious caveats such as requiring support in the client and server, but you'd think someone running a dubiously legal file sharing site might be on top of that.

Edited by jpm (Wed 26-Apr-23 18:16:49)

Have a read through this thread elsewhere on the forum, it provides the answer.

https://forums.thinkbroadband.com/fibre/t/4734682-su...

In reply to a post by Zarjaz:

Have a read through this thread elsewhere on the forum, it provides the answer.

https://forums.thinkbroadband.com/fibre/t/4734682-su...

That’s a different issue @Zarjaz - that’s about poor quality / out of date geo-location lookups for IP address blocks which ISPs buy / sell / rent / trade. The source blocks are assigned a different country region in various geolocation databases, such that a user when assigned such an address from said block could appear to be in say the USA or Australia or wherever those address were previously assigned.

The OP issue here is proactive black-listing of particular websites by their ISP.

They are quite different things.

In reply to a post by Pheasant:

The OP issue here is proactive black-listing of particular websites by their ISP.

indeed, thank you

BTW I have managed to get in touch with customer services at ISP.
They have raised a "case" and now I am waiting....

Righto. Thanks for the correction

Sometimes it's not so much your ISP but their 3rd party security vendor. In Infosec larger enterprises we subscribe to multiple security devices/layers. One of the providers could be blocking the website due to a variety of reasons. Sometimes malicious people will bot massive reports that a site is malicious and a security vendor has to confirm if it's legit or not after complaints/tickets to resolve the valid site. Anyways, there are many reasons to block a site. Bad actors will do this because they could have been hired to do so by a competitor, or someone is angry/jealous or for political reasons and/or financial gain.

Sometimes a legit site may have been hacked and a scheduled scan found malicious code somewhere or a security certificate expired, and many more reasons why this can happen to a legit site.

Try:
1.) changing your DNS servers. You can use many, Google's is 8.8.8.8 / 8.8.4.4 and another vendor is 1.1.1.1 (don't recall who this belongs to).
2.) You can also use the IP address directly in some cases depending on the hosting solution as this doesn't always work anymore.
3.) You can setup your Hosts.etc file to bypass DNS if you wish for any domain name
4.) Try different browsers and VPN tunnels. I use one built into my browser just in case and another provider for my entire device.
5.) Use the TOR network

Now, this is not for breaking laws anyone here wanting to get past your communist virtual blockades, that includes wannabe communists like the Biden administration, New York and California.

Stay cryptoPhunk and Pepish everyone

Use the TOR network and set your exit node to an enemy country who doesn't care about your "safety" and "security"

You can always use a Virtual computer on your device to do these things.

Lastly, you can set up a Proxy web server in the cloud. (I won't discuss how to do this, anyone who wants to know just Google/DuckduckGo it.

the noose is closing in on the world. By Bitcoin and work on your exit strategy. - Not financial advice -

I think this depends on the security configuration. From what I recall, a large corp I worked for had the option to decrypt https and re-encrypt it to the endpoint so that web traffic could be captured for malicious behavior from the outside and inside.

If I recall, this allowed for scanning for viruses, malicious uploads/downloads, malicious behavior like uploading/sending sensitive/private corp data, etc.

This person could be at home but working remote, or at home on a company computer, or at work.

Good luck everyone, and may the odds forever be in your favor. Let the games begin!