I honestly do not know what you are saying. Deep packet inspection through a firewall that does mitm interception demonstrably happens. It is not up for debate.
arc99
joined 1 month ago
What isn't made clear is if this had anything to do with him being a LibreOffice developer. Or just the usual Kafkaesque bullshit that happens when someone's account gets flagged for "suspicious activity" or whatever and they cannot get a real human being to help or reverse the problem.
I really do not know what you are saying. I have just told you that Fortigate Firewall can and does do deep packet inspection on https connections. It does so by man in the middle proxying. If one filter / proxy can do it then any other could too. There would be ways for kids to circumvent this, e.g via VPN but that is no different than with age verification.
I'm intimately aware about what it can and cannot do. And it can intercept and man in the middles any https traffic
Did you read the text? This guy was providing a package because the default one was broken and he's fed up of dealing with complaints. And the solution to that is just flatpak the thing and tell users to use that regardless of dist.
I'm sure when atheists and satanists start proselytising there will be outrage - "we really meant Christians should allowed to bother their co-workers not you guys"
The answer for this guy and other people stretched by supporting Linux is to say it's flatpak or nothing. Stop trying to build for each dist because it's not sustainable. If someone on a dist wants to maintain a package then let them take the heat if it is broken.
You obviously didn't know how it works if I had to explain it was already possible. And I am not aware of any mobile device that prevents you installing a new root CA.
And it isn't "madness", it's a completely workable way to offer filtering for people who want it for kids and have no filtering or censorship for anybody else. It is a vastly better option than onerously demanding adults provide their identity to random and potentially adult themed websites where they could be victims of identity theft or extortion
Deep packet inspection already happens on encrypted traffic (Fortigate Firewall) so it's eminently possible for filtering software to do the same.
Actually it can be done and is being done. Software like Fortigate Firewall can do deep packet inspection on encrypted connections by replacing certs with their own and doing man in the middle inspection. It requires the browser has a root CA cert that trusts the certs issued by the proxy but that's about it. Filtering software could onboard a new device where the root cert could be installed.
And if Fortigate can do it then any filtering software can too. e.g. a kid uses their filtered device to go to reddit.com, the filter software substitutes reddit's cert for their own and proxies the connection. Then it looks at the paths to see if the kid is visiting an innocuous group or an 18+ group. So basic filtering rules could be:
- If domain is entirely blocked, just block it.
- If domain hosts mixed content, deep packet inspection & block if necessary
- If domain is innocuous allow it through
This is eminently possible for an ISP to implement and do so in a way that it ONLY happens when a user opts into it on a registered device while leaving everything open if they did not opt into it.
And like I said this is an ISP problem to figure out. The government could have set the rules and walked away. And as a solution it would be far more simple that requiring every website to implement age verification.
That's a problem is for ISPs and content providers to figure out. I don't see why the government has to care other than laying out the ground rules - you must offer and implement a parental filter for people who want it for free as part of your service. If ISPs have to do deep packet inspection and proxy certs for protected devices / accounts then that's what they'll have to do.
As far as the government is concerned it's not their problem. They've said what should happen and providing the choice without being assholes to people over 18 who are exercising their rights to use the internet as they see fit.
view more: next ›
That could be it. What is certain is that these big corps really don't want to pay human beings to sort out issues so if you get caught in the middle of some BS you may have no recourse out of it.