|  | <<  
             ^ 
              >> 
            
              | Date: 1999-09-28 
 
 Internet/filter & warum sie nicht funktionieren-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
 
 Kristian und Marit Köhntopp [FITUG.de] über Versuche, das
 globale Spektrum im Netz vertretener menschlicher
 Ausdrucksweisen & Kulturformen in ein paar lächerliche
 Kategorien zu pressen. Zweck sind die Vor/selektion, die
 Eingrenzung, die Abschottung - Merkmale eines
 Herrschaft/sinstruments.
 -.-. --.-  -.-. --.-  -.-. --.-  -.-. --.-  -.-. --.-  -.-. --.-
 
 Why Internet Content Rating and Selection does not work
 
 Version 1.2 (Released 26-Sep-1999)
 
 by Kristian and Marit Köhntopp
 
 Content rating models such as PICS have been proposed as
 a solution to the problem of unwanted, harmful or prohibited
 content on the Internet. This document
 contains a number of Theses which support the claim that
 any Internet Content Rating and Selection (ICR&S) scheme
 including PICS cannot work as advertised.
 
 To our knowledge, most of the problems and objections here
 have not been addressed by PICS or any other ICR&S
 scheme.
 
 Identifying the parties involved
 
 This section tries to identify the parties involved in the
 process of running and rating the web and their roles (see
 below to understand why we concentrate on the
 web). In small installations, a single person may impersonate multiple roles.
 
 Server side roles
 
 The content provider is the role which is responsible for all content of a document. Often the content provider is the creator of a document, but on the Internet it
 is common that a content provider only provides means to create content, and does not actually create the content on a site. Examples are discussion boards,
 search engines, live video feeds, and similar installations. Depending on the size of this content, it is entirely possible that the content provider does not have direct
 knowledge of all content on a site and that much content on a site is not reviewed nor endorsed by a content provider.
 
 The presence provider or web hoster provides the means to serve this content to the Internet by running the machines, the server software, and maintaining a
 network connection.
 
 Recipient side roles
 
 An access provider runs the systems and network connections for the recipient of content. For small office and home use, this is currently often a dial-up service,
 a proxy server, and similar hard- and software.
 
 The recipient is either a person to be protected against harmful content, or an adult, which still should be able to access harmful, but not prohibited, content. The
 recipient's hard- and software is maintained by system services which is a separate department in a school or library situation, in an Internet Cafe, or within a
 company. The recipient's system may be a single system or a network of systems with proxy servers and intranet servers.
 
 Internet Content Rating and Selection (ICR&S) roles
 
 Developers of rating systems define the dimensions of a rating system and create rules how to apply values along these dimensions to content. They promote
 their rating systems so that they become popular and are widely used.
 
 A rating service will apply the rating system and the rules
 that come with it to create ratings. These ratings, an identifier
 for the rated content, a date, an identifier
 for the rating source, and additional information (i.e. a
 checksum against the rated content and a digital signature)
 are collected to form a content label.
 
 Content filter vendors create software which can regulate
 access to content, depending on local settings (filtering
 rules) and content labels.
 
 Content filter control is often exercised by the party who
 controls a machine, that is, the adult party in a household,
 the dean of a school, the directorate of a
 library, and so on. These filter settings are then deployed,
 often by system services mentioned above, sometimes by an
 access provider located upstream.
 
 Attackers may be content providers, recipients, or other
 parties who want to communicate outside of the control of a
 filtering system.
 
 Methods for content selection
 
 Principle of Operation
 
 The basic idea behind Internet Content Rating and Selection
 is to attach a kind of machine readable description, called a
 Content Label, to all Internet Content.
 The Content Label contains a set of ratings which make up a
 formal description of the rated content in a formally specified
 system of ratings. Finally, the recipient
 has to have a filtering mechanism before or on the recipients
 machine which allows or intercepts reception and display of
 requested content depending on the
 Content Label and some local configuration.
 
 Taxonomy of Rating Systems by Source of Rating
 
 The Content Labels may be provided by different parties. In
 Third Party Rating, a party that is neither the recipient nor the
 sender creates content labels and
 distributes them via a Label Bureau. Third Party Rating
 requires a method to uniquely identify content components,
 and Third Party Rating cannot be finer grained
 than this identification system. Currently, all identification
 systems are URL-based which implies that all Content
 Labels refer to either URLs or coarser grained
 objects (such as subtrees of a web server or an entire site).
 
 In Second Party Rating, the recipient provides ratings and
 shares them with other recipients. This is sometimes referred
 to as a Community Rating process. Since
 the sharing of ratings again involves a Label Bureau, for the
 purpose of this discussion Third Party Rating and Second
 Party Rating can be treated alike.
 
 First Party Rating is different because here the sender
 provides a Content Label with the content itself. Usually, this
 label is embedded into the content or sent with
 the content. A Label Bureau is not needed in this context.
 
 Taxonomy of selection mechanisms by point of interception
 
 The selection process at the recipients end can either be
 implemented directly on the machine of the recipient, or it
 can be part of a proxy solution upstream of the
 recipients computer. In the latter scenario, the selection
 process will not happen on a machine controlled by the
 recipient and it is much more difficult to manipulate
 by the recipient. A proxy-based selection requires that the
 recipient is forced to use this particular proxy to be able to
 access content at all (otherwise the recipient
 could elect not to use a proxy at all or to use a different
 proxy) and that the content can be identified and read by the
 proxy.
 
 More
 http://www.koehntopp.de/kris/artikel/rating_does_not_work.html
 -.-  -.-. --.-
 BIG BROTHER AWARDS AUSTRIA 1999
 Fuer Lauschangreifer, Spitzelfirmen, Datenhaendler,
 gestzlich ermaechtigte Ueberwacher
 Reichen Sie Ihre Nominierung ein:
 http://www.bigbrother.awards.at
 -.-. --.-  -.-. --.-  -.-. --.-  -.-. --.-  -.-. --.-  -.-. --.-
 - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
 edited by
 published on: 1999-09-28
 comments to office@quintessenz.at
 subscribe Newsletter
 - -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
 <<  
                   ^ 
                    >>
 |  |  |  |