Private Censorship in Germany

Last Friday, 5 major ISPs signed a contract to commit themselves to forge DNS answers for names given by the federal police.

According to this article (which probably has it’s information from heise) Deutsche Telekom, Vodafone/Arcor, Hansenet/Alice, Telefonica/O2 and Kabel Deutschland are voluntarily implementing the censorship through DNS. The signing parties share 75% of the german ISP market. According to, Freenet, 1&1 and Versatel have denied to even talk about this censorship if there isn’t a legal foundation, i.e. a law which explicitly requires the ISPs to implement the censorship. While I don’t know the contract and according to the press conference, it remains secret. But it must be more or less like the leaked draft.

So the ISPs now have to implement DNS filter within six months and have to update the filter as soon as the federal police sends them a new list of to be blocked domains. The weird and absurd thing is, that *nobody* is allowed to access this list (because illicit content is explicitly referenced)! So you can’t control what exactly is banned and whether political enemies are censored as well. So it happened in Finland: A site, discussing the censorship, is on the list itself!

In the same period Wikileaks published the Finnish Internet censorship list. The Finnish National Bureau of Investigation has requested executive assistance from United States, but it is not known what precisely has been requested – whether the concern is only removing the list or whether they are trying to find out who leaked it. The list still includes the critical Finnish anti-censorship site

But, making it harder to access “child pornography” justifies the restriction of the constitutional rights, right? Well. Firstly, we mustn’t use “child pornography” when we want to discuss this issue seriously. We should use “documentation of child molesting” or something more technical. Secondly, we see, that it’s pretty simple to circumvent thus it’s only slightly harder to access the desired information. So it helps pretty much nothing in blocking the access, *but* offends 75% of the german internet population. I don’t consider this proportionate!

But the less a person watches children being molested, the less children she’ll molest, right? Because they get addicted and everything… Well. Besides the fact that we’re talking about a sexual disposition and not about drugs of any kind, this is just a claim with no justification whatsoever. An equally good argument is, that doing that virtually actually *prevents* people from doing that in real life. Also, the content available on the net is decades old, which might testify, that there is no need to produce more and thus newer content! By actually blocking access, you might risk people demanding newer stuff and a big market emerges.

Also, no child is molested through the internet. This is probably always done in the families! So blocking access doesn’t save a single child. Instead, fighting the roots would help. scusi analysed, where the blocked domains are actually hosted. It turns out, that pretty much every blocked domain is in a legislation that allows prosecution of child abuse. Including various servers in Germany! I propose, that it’s easier, more effective and less dangerous to actually ask the ISPs to shut the domains down and to prosecute the owners of these sites. Instead, the attitude of “once it’s blocked, we don’t have to care about anymore” is encouraged. Of course that doesn’t help anything, because the content is *still there* and people can circumvent cencorship to access it!

It is obvious, that other interest groups, like the music industry, will ask and fight for adding sites they don’t like to that blocking list. The technical implementation doesn’t and can’t know what’s “right” and what’s “wrong”. It blocks what it’s told to. So with that censorship being deployed, you introduce a general censor mechanism for pretty much everything you desire. Today it’s child pornography, but it is clear that this’ll change, like e.g. in Australia where a dentist has been blocked as well…

While I tried to argue against the official reasons for the “access blocking”, other people did it as well. There is a good article at Netzpolitik, which actually destroys nearly every exiting argument. Of course, heise has a pretty good article, too, which I really urge you to read.

What now? Well, first of all, you can quit your current contract with your ISP or sue them. Then you can use alternative dns server. As of writing, the list includes

  • (
  • (, ISC, USA)
  • 2001:4f8:0:2::14 (, IPv6, ISC)
  • (; anycast DNS!)
  • (

Of course, the parliament has free access and universities shall have unlimited access, too, so you might want to use their DNS servers as well, e.g. or
But again: The point is not, that the technical measure is nearly useless to filter content. The point is that censorship infrastructure is rolled out *now* and that it can (and my prophecy is, that it will) be (ab)used for other content as well.

For further information, there is which maps the current cencorship situation worldwide. For Germany, you might want to have a look at or

What about a consensus DNS resolver you install locally? It would ask, say, three different DNS servers and responds with the answer given the most. It could show a warning widget if it recognizes inconsistencies or if a DNS server fails to answer. The user then knows, that something’s fishy and can act appropriately, i.e. update the DNS server list or ask his provider whether it censors.

To summarize: The current  child pornography histeria is based on assumptions that are evidently wrong or can’t be proved. The methods to fight against child abuse have no meaningful effect besides deploying a general purpose censoring infrastructure (and help the people involved to improve their public image). Nobody is allowed to check whether the access block list includes any non illegal entry and political enemies can thus be eliminated. Circumventing is (still?) easy. We can further improve anti blocking mechanisms.

GemCraft 2 – Chapter 0

*Yay*! Armor Games released Gem Craft 2 – Chapter 0! I absolutely loved Gem Craft 1 and I couldn’t wait for the next round of that fabulous game. I don’t do much games on my computer in general as I have much better things to do, but I couldn’t stop playing Gem Craft.

It’s a fantastic Tower Defence with nice sounds, graphics and an amazingly entertaining gameplay. The major drawback is, that it’s flash based 🙁 (I wonder whether one could make swfdec to save the state of a flash game, like a virtual machine in QEmu…) I haven’t tried the new game extensively yet, but I’m sure that this game will cost me the next weekends 😉

If you like Tower Defence games, you’ve got to try CreepSmash as well. It’s an open and free multiplayer Tower Defence written in Java. It lacks nice graphics and sounds (and security 😉 ) but it’s definitely amusing to plan and play against other (real) player.

Happy playing!


Imagine a job as a Linux Kernel Developer; now imagine this job inside of Microsoft. Well, it looks like Hell has frozen over, if that sounds like something impossible and you like doing the impossible and you want to be part of an exciting change, than this job is for you.

see the original post. (The typo in the title was copy&pasted from there…)

I love the “looks like Hell has frozen over” part 😀

Got Linux? Trade MP3s for chocolate :)

If you happen to live in Germany and incidentally like chocolaty things, you might already have seen that you are eligible to download 20 MP3 files, with every bigpack Hanuta you buy. At least that’s what the ads say.

You are supposed to visit which doesn’t even run properly in my browser. It demands JavaScript, but even if you allow JavaScript for three domains, it wants to run a flash file… After managing that, I was  supposed to download and execute a strange Win32 binary. I was fed up and I searched for a contact address. I didn’t succeed in first place, but as I know that Hanuta is made by Ferero, I searched their website. The webform didn’t accept my email address because it thinks that “+” is an illegal character for email addresses *sigh*.

So I wrote that I assumed I could download MP3s somewhere but it’s not possible because they only offer a strange smelling binary and how I could get my music now. Of course they have to give it to me because they advertised it and didn’t say what is needed to get them.

After a few days, a nice woman called me and was very sorry that this MP3 thing doesn’t run with Linux and next time they’ll look after it and she was again very sorry. Then she offered me a chocolate package as kind of a refund ^^ Of couse I didn’t say no *yummie*

So, if you got this Linux thing and want some chocolate, go out and buy these Hanuta packs and complain to Ferero 😉 It’ll also help to bring Linux to the peoples mind.

Ferero Box

Ejecting IBMs UltraBay

If you run this linux thing, have an IBM/Lenovo Notebook and own a docking station as I do, you might want to undock your beloved laptop every once in a while. It turns out that the Thinkpad has to run, because you have to “eject” the notebook. So if your Thinkpad is suspended, you can’t just take it.

I have no idea why this is important though. I’d say that linux is smart enough to cover USB, Power, external VGA, etc. losses.

If the driver crashed and you don’t want to turn off your computer, you’re pretty doomed, especially because /proc/acpi/ibm/bay doesn’t exist (anymore?) and you have no obvious interface to eject your notebook. But there is good old sysfs for the rescue:
echo 1 | sudo tee /sys/devices/platform/dock.0/undock

Creative Commons Attribution-ShareAlike 3.0 Unported
This work by Muelli is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported.