Recentralizing the Internet
A few weeks ago I was minding my own business, flicking through
twitter on my phone. Someone had linked to the appalling government
surveillance story of the day and I was preparing to
feel disgusted and helpless. Only this time, my mobile data provider
took offense before I had a chance to.
Well, that’s one way to keep the people in line! I let the linker
know that the entire
privacysos.org site was blocked by my service provider, but it turns
out the blockage was a little more complicated than
that. Most people using T-Mobile weren’t having problems. And when I
tried the same site using Chrome instead of Firefox, it loaded normally. What gives?
I figured that parental control settings were the differing factor
between me and other customers, and indeed that seems to be the
case. Though I never turned on a filter for my account, my phone company assumes I’m a
“young adult” at that special age 17-18 when one must be
sheltered from information about civil rights. Pre-paid
customers are presumed to be juveniles, while grownups who pay more
for traditional subscriptions get unimpeded net access (for now).
At that point I could have adjusted my account settings, but I still
wanted to know why the site wasn’t blocked in Chrome, and why an ACLU
site was considered “offensive content” in the first place.
Digging into the Chrome question, I found one clue: the site was
blocked in incognito mode, but not otherwise. A significant feature
of incognito mode is that browser cookies from other sessions are not
sent with requests — could it be that some cookie, like a login cookie
for the T-Mobile account management site, caused the filterware to
That shouldn’t have been the case, since cookies are only sent for the
domains they belong to. A T-Mobile login cookie shouldn’t be sent with
a request to
privacysos.org, so how would the filter know to handle
the request differently? Still, this was the best guess I had. I wanted to know exactly what Chrome was sending with those
requests, and since they weren’t passing through wifi or any other
network under my control, I couldn’t use Wireshark. Instead, I set up
Chrome remote debugging.
And finally, in the network inspector, I spotted the gremlin: Google’s
Data Compression Proxy.
via:1.1 Chrome Compression Proxy, 1.1 Chrome Compression Proxy
Aha. T-Mobile had been cut out of the web traffic filtering business as a
side effect of Google’s own web traffic optimizing business. To test
this theory, I looked for a switch to turn off Google
proxy. But surprisingly, it just wasn’t there.
Google has started to seed this option into the Android Chrome
application as a split test and most likely I did agree to turn it on
at some point, but in my case the settings toggle which should appear
afterwards, didn’t. I spent some time clearing app caches, uninstalling,
and reinstalling — nothing caused the option to appear. Eventually I
installed Chrome Beta, where the proxy option does reliably appear under the oblique label “Reduce data usage”. In addition to reducing data usage, I was able to confirm that it handily circumvents T-Mobile’s primitive content filtering.
But don’t break out the champagne just yet, 17-18 year olds! While I appreciate that Google’s
proxy is engineered to improve performance generally (like other proxies before it), it would be foolish to ignore that it is also a filter.
All I can really do here is change masters, from one single point of
control to another. Indeed, Google’s proxy is disabled when in
incognito mode — how is a “secure” mode unsuitable for
Ultimately this isn’t a choice between different levels of privacy, but a choice
between different vectors of exposure.
A lot of people still trust Google, with some justification. But as with any transfer of power we
should consider its implications not just for the current regime but to the
next one that will presume to inherit it, and the one after that. If
Google is slightly more “evil” every year, how do we feel about Google
having full knowledge and control over our web browsing in n years?
Google’s proxy stands to control increasing portions of web traffic,
eventually majorities. We can chuckle (and I do) at how it thwarts a crusty old
phone company’s content filter without even trying, but there will a
come a day when a carrier refuses to allow Chrome as a default browser
on their crapware phones unless their own content filtering is integrated with Google’s. And
Having solved the mystery of Chrome, I went back to my phone company
and asked why they were blocking an ACLU web site as “offensive.” They of
course asked me to email some blackhole instead
of making my requests in broad daylight. So I did that.
Subject: unblock request
Hi, I noticed that this site is blocked from “young adults” for its
“offensive content”: http://privacysos.org/
The site is published by the ACLU of Massachusetts and has
information about privacy rights online. It does not have any
offensive content that I have been able to discover. Could you
No one replied to my email, and
privacysos.org remains blocked to 17
year olds — or more specifically and ominously, it is not considered to be “content suitable for age 17 and up”. As such it’s likely blocked for far more people in the and up category, normal old people who
haven’t taken a deep dive into their account settings to assert their
adulthood multiple times.
Having satisfied my curiosity I finally did turn off T-Mobile’s sex/ACLU filter, but to do so I had to “prove” I’m at least 18 unwholesome years old by giving my name, address, and part of my social security number. So much for “you restrict access to adult web content on your family’s T-Mobile phones” — this step’s only purpose is to prevent young account holders themselves from disabling the filter.
Like all censorship schemes T-Mobile’s
is ruled by prejudice rather than consensus — it is “not foolproof”, in their cute phrasing. The first and only thing it has blocked for me is information that 17 year olds ought to know as they prepare to accept the responsibility to vote: their basic rights as citizens.