Limitations of "Freedom"

[SuzeFagRag]

[Admin note: this comment was broken out of another thread where I had mentioned that I was developing new sites and the content on here would eventually be moved to those other sites. But the the question of "free speech" and "freedom" comes up a lot and is worth a separate discussion.]

What, if any, are the limitations going to be on this site for discussion-total freedom, or more PC skirting!

[rawTOP]

On 12/11/2019 at 6:32 PM, SuzeFagRag said:

What, if any, are the limitations going to be on this site for discussion-total freedom, or more PC skirting!

It's not about being "PC". There's A LOT on this site that isn't PC. It's about staying within the limits of the law.

I've said it before and I'll say it again (over and over)… Who you vote for makes a difference in your sexual freedoms. Who your friends and family vote for makes a difference in your sexual freedoms. Don't think you can ignore politics and then come on a board like this and complain that your freedoms are being limited. You, your friends, and your family members limited those freedoms when you voted the wrong lawmakers into office.

Oh, and it's just going to get worse. About a week ago 4 Senators asked Attorney General Barr to do more obscenity prosecutions (conservative source, liberal source). Obscenity isn't just about images – text can be "obscene" as well. Barr was a big proponent of obscenity prosecutions when he worked in the Justice Department in the Bush (Sr) administration. If Trump gets a second term we're likely to go back to those rather dark days. And it's not just a problem in the US. Britain is trying to regulate porn (though it's temporarily failed), Australia wants to regulate porn, etc.

The rules on this site are there to keep things legal and to keep the site off the radar of aggressive conservative groups. This is why the moderation of this site is "somewhat aggressive" and why that will continue to be the case with the sites I'm building. I don't need problems. If you become a problem, then you're no longer welcome here. This is a private site, there is no right to free speech. Free speech means you can start your own site and possibly face lawsuits and jail if you don't police it properly.

[BrazAlex]

So I put the work [deleted] in a message and the system changed it to [deleted]. This site is doing censorship? Really?

w i c k r

[rawTOP]

On 12/21/2019 at 5:49 AM, BrazAlex said:

So I put the work [deleted] in a message and the system changed it to [deleted]. This site is doing censorship? Really?

w i c k r

Yup. Certain words were generating too much discussion that was borderline illegal. Because of that the words are banned. 

[ErosWired]

For those of us who wish to avoid stumbling into offensive territory, yet have only a very short window in which to edit a post, is there any way we might be informed which terms are forbidden? I realize the inherent problem with this question, in that the act of listing the forbidden words would make yet another use of them on the site, so if there were some other means of conveying the information it would assist our efforts to comply.

[rawTOP]

2 hours ago, ErosWired said:

For those of us who wish to avoid stumbling into offensive territory, yet have only a very short window in which to edit a post, is there any way we might be informed which terms are forbidden? I realize the inherent problem with this question, in that the act of listing the forbidden words would make yet another use of them on the site, so if there were some other means of conveying the information it would assist our efforts to comply.

There’s no penalty for using a banned word. Don’t worry about it. But also don’t try to circumvent it when you see it’s banned. That I might give a penalty for because it shows intention. 

[Pozlover1]

  You touched on Barr so here goes.... I don’t have a problem with restricting kiddy porn, even Hentai,  but factual discourse involving the age at which one’s sexual orientation solidifies could be considered “porn” by extreme religious nuts. As we enter a new chapter of surveillance, any reference to sex between underage people - or any exposé on corruption or question about, say, what really happened in Vegas for instance - will certainly be labelled “insane” a la Soviet Russia. A Chinese style Social Credit score is inevitable and probably already here. Their current focus  is mainly threats to their authority by exposing their bullshit. In a possible Theocratic regime, or even one looking for a new scapegoat to replace illegal aliens,  being Gay will bring restrictions on jobs, especially those dealing with people from 0 to 21 years old, to limit our toxic influence on the vulnerable, and evaporate any promotions to positions of responsibility.

  A lot of reasonable Trump supporters just want the US to restore the Constitution. That should be a net gain for LBGT people. Even if it allows discrimination in hiring and apartment rental, that would keep us from inadvertently helping our enemies.

  Those same proponents of Constitutional Liberty might be shocked to find out William Barr’s stated recommendations for full and complete gun registration via background checks on all private purchases and the strict prohibition of ownership by anyone the Government decides is “unfit”. 

  Given their record of both overt and covert military interventions, the rampant printing of basically counterfeit money, and their failed attempts to outlaw alcohol, homosexuality, porn and drugs, it is WE who should deem THEM unfit to have weapons. 

[sluttony]

On 12/16/2019 at 3:56 PM, rawTOP said:

It's not about being "PC". There's A LOT on this site that isn't PC. It's about staying within the limits of the law.

I've said it before and I'll say it again (over and over)… Who you vote for makes a difference in your sexual freedoms. Who your friends and family vote for makes a difference in your sexual freedoms. Don't think you can ignore politics and then come on a board like this and complain that your freedoms are being limited. You, your friends, and your family members limited those freedoms when you voted the wrong lawmakers into office.

Oh, and it's just going to get worse. About a week ago 4 Senators asked Attorney General Barr to do more obscenity prosecutions (conservative source, liberal source). Obscenity isn't just about images – text can be "obscene" as well. Barr was a big proponent of obscenity prosecutions when he worked in the Justice Department in the Bush (Sr) administration. If Trump gets a second term we're likely to go back to those rather dark days. And it's not just a problem in the US. Britain is trying to regulate porn (though it's temporarily failed), Australia wants to regulate porn, etc.

The rules on this site are there to keep things legal and to keep the site off the radar of aggressive conservative groups. This is why the moderation of this site is "somewhat aggressive" and why that will continue to be the case with the sites I'm building. I don't need problems. If you become a problem, then you're no longer welcome here. This is a private site, there is no right to free speech. Free speech means you can start your own site and possibly face lawsuits and jail if you don't police it properly.

As a brit, I've never seen the government's attempts to block access to porn as just that.

It is absolutely about controlling information, generally.

A few years ago, as my fellow Britons will remember, we had quite a large political scandal around members of parliament and their expenses - we had some pretty hard core fraud happening.

I've always maintained that if there was a "porn filter" that it would soon be used to hide information such as the above.

And from there, there's nothing stopping us emulating the great firewall of China.

It's a downhill slope.

[rawTOP]

1 hour ago, sluttony said:

As a brit, I've never seen the government's attempts to block access to porn as just that.

It is absolutely about controlling information, generally.

A few years ago, as my fellow Britons will remember, we had quite a large political scandal around members of parliament and their expenses - we had some pretty hard core fraud happening.

I've always maintained that if there was a "porn filter" that it would soon be used to hide information such as the above.

And from there, there's nothing stopping us emulating the great firewall of China.

It's a downhill slope.

So some good news… The UK gave up on their porn filter because emerging technologies were being deployed that would make it impossible to enforce the law. Here's a basic run down of how things can be blocked now and how that's all changing…

When you type in something like https://breeding.zone what happens is that your computer asks a DNS server for the IP address of the server. That request happens in clear text, so the DNS provider (probably your ISP) and everyone between your computer and the DNS provider know that you asked for the IP address for Breeding Zone. The DNS provider probably won't have the IP address, so they then have to ask my DNS server for the IP address. That's also done in clear text, but it's less of an issue since it's server-to-server. No one can tell that YOU made the initial request (unless you're dumb enough to run your own DNS server that only you use).

OK, so next your browser has the IP address and it connects to BZ's server. You entered HTTPS at the beginning so it knows the connection needs to be encrypted. That sounds great, the problem is on the first, initial connection, it needs to send the domain name of the site in clear text because my server handles multiple sites on the IP address. Each one could possibly have a different encryption certificate, so the domain name has to be sent in clear text so it knows which site's certificate should be used. This is called "SNI" (Server Name Indication). Before there was SNI you could only have one encrypted site per IP address. So once again, everyone between you and my server knows you asked for a page from Breeding Zone.

After that point everything is encrypted. The only thing anyone can tell is that you're talking to some site on a particular IP address. They can do a query and find out what sites are on that IP, but they can't tell which site you're on or what it is that you're viewing.

So the British government decided that the way they were going to enforce their law is to block sites that violated the law at the DNS level. They'd force everyone in the UK to use a UK-based DNS server and then they'd require everyone running a DNS server to block sites that were in violation. That's how most firewalls restrict access to particular sites (say a corporation that doesn't want you looking at porn on company time).

Then came encrypted DNS, which encrypts the DNS request so it's no longer sent in clear text (which is a VERY good thing). There are two leading contenders – DNS over TLS ("DoT") and DNS over HTPPS ("DoH"). Corporations and governments like DoT because the DNS requests are happening on their own port, so the corporation/governemtn can block people on a network from using anything but the approved DNS server. DoH however is a complete game changer because, to the network, the DNS request looks like a normal web request, not a DNS request. It uses the same port that you'd use to retrieve an encrypted web page. That means there is no way for the corporation or government to block you using DNS. That's what ended the idea of a porn block in the UK – DoH makes it impossible for them to block anyone. If you can't enforce the law, then there's no point going forward with it.

But actually, they could still enforce they law – they'd just have to listen to the web request and block requests based on the domain name that's passed in clear text in the initial request. So that means SNI can be used against you. A number of people tried to close that loophole, but no one could figure out a way that would actually work. Then the guys at Cloudflare (one of the big cloud hosting companies) devised a plan. They're calling it ESNI (encrypted SNI). Basically when you make an encrypted DNS request instead of just getting the IP address you'll also get an encryption certificate. Once you have that, you can encrypt the domain name in the initial request.

The issue is that governments and corporations could simply block anyone doing a request with ESNI, or they could block particular IP addresses that host the "problem" sites. That's where Cloudflare comes in. They're HUGE. They've committed to deploying DoH and ESNI for all their customers. And they plan on randomly hosting a variety of sites on any particular IP address. That means that any government that tries to block all requests that use ESNI or block any particular IP address will be blocking quite a few "legit" sites along with the problem ones. That means blocking will fail when granny can't get to her recipe site because the government blocked the IP.

The big companies like Clouflare and Google aren't pushing this stuff to help porn. They're doing it for people like the Chinese who are behind the "Great Firewall of China" and don't have access to balanced news sources. It probably irks Google to no end that they have to censor their results for the Chinese. This will end that. Sure, Google.cn will have the censored results. But when DoT and ESNI are widely deployed the Chinese will be able to go to Google.com for uncensored results.

And I should mention DoH is available now and easy to use. Simply use Firefox, go into preferences, search for "DNS" and turn it on. Hopefully soon Apple and Microsoft will make it an option so all requests done by your device are done via DoH, but for now it's just the requests done by Firefox. ESNI is still being tested, but will probably be ready for widespread deployment in the near future (~1-2 years).

[Guest bbffassslut]

Your thoughts on VPN?   I know I use it all the time for the protection of my privacy and the one I use has no logging either. 

[sluttony]

8 minutes ago, rawTOP said:

So some good news… The UK gave up on their porn filter because emerging technologies were being deployed that would make it impossible to enforce the law. Here's a basic run down of how things can be blocked now and how that's all changing…

When you type in something like [think before following links] [think before following links] https://breeding.zone what happens is that your computer asks a DNS server for the IP address of the server. That request happens in clear text, so the DNS provider (probably your ISP) and everyone between your computer and the DNS provider know that you asked for the IP address for Breeding Zone. The DNS provider probably won't have the IP address, so they then have to ask my DNS server for the IP address. That's also done in clear text, but it's less of an issue since it's server-to-server. No one can tell that YOU made the initial request (unless you're dumb enough to run your own DNS server that only you use).

OK, so next your browser has the IP address and it connects to BZ's server. You entered HTTPS at the beginning so it knows the connection needs to be encrypted. That sounds great, the problem is on the first, initial connection, it needs to send the domain name of the site in clear text because my server handles multiple sites on the IP address. Each one could possibly have a different encryption certificate, so the domain name has to be sent in clear text so it knows which site's certificate should be used. This is called "SNI" (Server Name Indication). Before there was SNI you could only have one encrypted site per IP address. So once again, everyone between you and my server knows you asked for a page from Breeding Zone.

After that point everything is encrypted. The only thing anyone can tell is that you're talking to some site on a particular IP address. They can do a query and find out what sites are on that IP, but they can't tell which site you're on or what it is that you're viewing.

So the British government decided that the way they were going to enforce their law is to block sites that violated the law at the DNS level. They'd force everyone in the UK to use a UK-based DNS server and then they'd require everyone running a DNS server to block sites that were in violation. That's how most firewalls restrict access to particular sites (say a corporation that doesn't want you looking at porn on company time).

Then came encrypted DNS, which encrypts the DNS request so it's no longer sent in clear text (which is a VERY good thing). There are two leading contenders – DNS over TLS ("DoT") and DNS over HTPPS ("DoH"). Corporations and governments like DoT because the DNS requests are happening on their own port, so the corporation/governemtn can block people on a network from using anything but the approved DNS server. DoH however is a complete game changer because, to the network, the DNS request looks like a normal web request, not a DNS request. It uses the same port that you'd use to retrieve an encrypted web page. That means there is no way for the corporation or government to block you using DNS. That's what ended the idea of a porn block in the UK – DoH makes it impossible for them to block anyone. If you can't enforce the law, then there's no point going forward with it.

But actually, they could still enforce they law – they'd just have to listen to the web request and block requests based on the domain name that's passed in clear text in the initial request. So that means SNI can be used against you. A number of people tried to close that loophole, but no one could figure out a way that would actually work. Then the guys at Cloudflare (one of the big cloud hosting companies) devised a plan. They're calling it ESNI (encrypted SNI). Basically when you make an encrypted DNS request instead of just getting the IP address you'll also get an encryption certificate. Once you have that, you can encrypt the domain name in the initial request.

The issue is that governments and corporations could simply block anyone doing a request with ESNI, or they could block particular IP addresses that host the "problem" sites. That's where Cloudflare comes in. They're HUGE. They've committed to deploying DoH and ESNI for all their customers. And they plan on randomly hosting a variety of sites on any particular IP address. That means that any government that tries to block all requests that use ESNI or block any particular IP address will be blocking quite a few "legit" sites along with the problem ones. That means blocking will fail when granny can't get to her recipe site because the government blocked the IP.

The big companies like Clouflare and Google aren't pushing this stuff to help porn. They're doing it for people like the Chinese who are behind the "Great Firewall of China" and don't have access to balanced news sources. It probably irks Google to no end that they have to censor their results for the Chinese. This will end that. Sure, Google.cn will have the censored results. But when DoT and ESNI are widely deployed the Chinese will be able to go to Google.com for uncensored results.

And I should mention DoH is available now and easy to use. Simply use Firefox, go into preferences, search for "DNS" and turn it on.

Until the ISPs are forced to use a MITM "bluecoat*" type of proxy.

I have a VPN router. Anything even vaguely "wrong" (using that very loosely) uses that as a gateway. Everything is encrypted and the VPN DNS servers are DoH by default to stop DNS leakage.

Also have a pi-hole to shut down advertising etc. and I have noscript and ghostery etc on my browser of choice.

You're right though- it failed because, like the dumb attempts to force a "legal backdoor" into encryption technologies, it is flawed ideas being constructed by people who dont understand the technology of what they're talking about.

*other vendors are available 😉

Edited January 28, 2020 by sluttony

[rawTOP]

16 hours ago, bbffassslut said:

Your thoughts on VPN?   I know I use it all the time for the protection of my privacy and the one I use has no logging either. 

If you trust the proxy service, yes proxy services are a good idea. I've actually been meaning to start advertising a few. But a bad proxy service can put you in a worse position than no proxy service at all.

And a corollary to that is there is no trustworthy "free" proxy service. They need to make money and they'll do it by selling your data.

16 hours ago, sluttony said:

Until the ISPs are forced to use a MITM "bluecoat*" type of proxy.

Man in The Middle (Transparent Forward) proxies fail completely when they encounter a site like this one. I have HSTS enabled on all my sites. If there's a transparent forward proxy you'll get an invalid certificate error warning you that the connection is not secure. It will look like this…

I went through this the other day with a user who didn't want to believe he was being spied on by his ISP.

So let me explain transparent forward proxies as well…

Basically if you use a device owned by your company and their tech "set up the computer for you" with their "standard build" before giving it to you, then there's nothing you can do about it. Your computer has probably been configured to let the corporate firewall spy on you. And it's probably been locked down so you can't stop it from happening. Bottom line, buy your own computer and phone!!

But if you use your own device (laptop, phone or tablet) and corporate IT hasn't touched it, then when your device hits their firewall (that acts as a transparent proxy) the firewall will attempt to "proxy" your request meaning you talk to the firewall, and the firewall talks to to the server. They can do this one of two ways – 1) present you with a fake encryption certificate for the site, or 2) force your browser to downgrade from HTTPS (encrypted connection) to HTTP (clear text connection). They'll then connect to the server on your behalf, request the page, examine it. If it passes their tests, they'll pass it onto you either in clear text or with a fake encryption certificate. If corporate IT has meddles with your device your browser can be taught to accept the fake certificate from the firewall as authentic. If they haven't meddled with your computer all they can do is downgrade you to clear text. The thing is the webmaster can configure their site in such a way that browsers know that the connection must be encrypted (the protocol to do this is called HSTS – HTTP Strict Transport Security). That means your browser won't allow the firewall to downgrade you to clear text. And if they try to present a fake encryption certificate your browser (because it hasn't been meddled with) will show you an "invalid certificate" error like the one above.

The problem is that it's up to the webmaster to configure HSTS. There's no way (that I know of) for a user to configure their browser so it only does encrypted connections. The browsers will tell you when a site is insecure, but it's just an icon above the page. You may miss the fact that you were downgraded to clear text.

[rawTOP]

17 hours ago, sluttony said:

Also have a pi-hole to shut down advertising etc. and I have noscript and ghostery etc on my browser of choice.

Off-topic question… Do you still see the banner ads on this site (they're "first party" ads, not part of any ad network). And which Javascripts are blocked on this site? (It would affect functionality – like you' wouldn't see how many people are in chat, etc.)

[Guest takingdeepanal]

On 12/17/2019 at 2:56 AM, rawTOP said:

It's not about being "PC". There's A LOT on this site that isn't PC. It's about staying within the limits of the law.

I've said it before and I'll say it again (over and over)… Who you vote for makes a difference in your sexual freedoms. Who your friends and family vote for makes a difference in your sexual freedoms. Don't think you can ignore politics and then come on a board like this and complain that your freedoms are being limited. You, your friends, and your family members limited those freedoms when you voted the wrong lawmakers into office.

Oh, and it's just going to get worse. About a week ago 4 Senators asked Attorney General Barr to do more obscenity prosecutions (conservative source, liberal source). Obscenity isn't just about images – text can be "obscene" as well. Barr was a big proponent of obscenity prosecutions when he worked in the Justice Department in the Bush (Sr) administration. If Trump gets a second term we're likely to go back to those rather dark days. And it's not just a problem in the US. Britain is trying to regulate porn (though it's temporarily failed), Australia wants to regulate porn, etc.

The rules on this site are there to keep things legal and to keep the site off the radar of aggressive conservative groups. This is why the moderation of this site is "somewhat aggressive" and why that will continue to be the case with the sites I'm building. I don't need problems. If you become a problem, then you're no longer welcome here. This is a private site, there is no right to free speech. Free speech means you can start your own site and possibly face lawsuits and jail if you don't police it properly.

I inadvertently was penalised for talking about something which is totally legal here (Melbourne, Australia) that isn't in any state except parts of NV. My fault. Can also see the banner ad btw ...

Edited January 30, 2020 by takingdeepanal

[sluttony]

23 hours ago, rawTOP said:

Off-topic question… Do you still see the banner ads on this site (they're "first party" ads, not part of any ad network). And which Javascripts are blocked on this site? (It would affect functionality – like you' wouldn't see how many people are in chat, etc.)

I typed a reply but I think I refreshed the page before submitting. 

I believe I see the ads. I'll confirm when I get back home - working away at the moment.

I don't really tend to use the chat but again, I'll do some playing and let you know what, if anything, breaks/doesn't appear normal.