Blocking as a way of stopping child sexual abuse material

Blocking as a way of stopping child sexual abuse material
27 June, 2018 NetClean

Blocking as a way of stopping child sexual abuse material

After our recent launch of the ‘Technical Model National Response’, which looks at the different technologies and methodologies that need to be in place to effectively fight the spread of online child sexual abuse material, we’re running a series of blog posts that will look more closely at some of these technologies. First out is blocking.

What is blocking – and how does it work?

Blocking works on the Internet Service Provider (ISP) level of the internet – that is, where data travels through providers’ networks. Blocking technologies can pick up and block domains and URLs that are known to contain online child sexual abuse material. However, these technologies cannot be used on other parts on the internet, such as the Darknet, social media networks and traditional emails. They can also not pick up content that has been encrypted.

Blocking - Technical Model National Response

Five different blocking technologies

1. Domain Name Server (DNS) Blocking

Also known as DNS poisoning, this is the most common way to block online child sexual abuse material on ISP level.

DNS blocking operates through name servers that find the right IP address when individuals look for specific web addresses. If DNS blocking is applied to these servers they can block access to domains where online child sexual abuse material is hosted.

DNS is informed by lists of sites known to contain child sexual abuse material produced by, amongst others, Interpol and IWF. In practice, when someone types in the name of a site that is known to host child sexual abuse material, the name server redirects to another server and a notice that informs the user that they have been stopped from accessing a page with illegal material. It also informs the person of a helpline that they can turn to and seek help.

This technology is cost efficient, however it comes with a few drawbacks. People who are technologically literate can easily point their computer to another name server that does not use blocking technology, or use VPN. Most businesses use their own DNS and not the ISPs, with the consequence that most traffic from businesses is not picked up by DNS Blocking.

Finally, a third drawback is that DNS Blocking is an all or nothing solution, with a huge propensity for overblocking.  Even if a small part of a website contains illegal material this technology will block the entire site. This makes it a rather blunt tool.

2. Deep Package Inspection (DPI)

This technology has the capability to look at all the traffic that flows through the ISPs networks, and in contrast to DNS Blocking, DPI is much more difficult to get round. This is because this technology works like a sledgehammer – it has the potential to look at all the data that is moving through the networks but can also be narrowed down to look at one bit string.

The drawback with this technology, and the reason why it is not used much, is that it is expensive and it can slow down traffic through the networks significantly by creating bottlenecks when data is being scrutinised.

This technology is also not widely used because it raises questions about the users integrity and how the Internet should or shouldn’t be policed.

3. URL blocking solutions

The third technology that is available is a hybrid between the two mentioned above. Instead of scrutinising all data, this technology looks at specific pages that have been put on a blocking list. With the help of Border Gate Protocol (BGP) the operator can send small amounts of data for inspection, which means that instead of looking at billions of IP-addresses the system is only looking at a couple of hundred, and it only looks at the traffic going to sites, the requests, and not traffic coming from sites, and not the information going to the sites.

The advantage of this technology is that it scales really well. In addition it also block URLs rather than domains. This means in practice that instead of blocking a whole domain e.g. and everything associated with this domain, this technology can block individual URLs, allowing but blocking

This means that not only does it avoid bottlenecking traffic, it also avoids overblocking, while still being difficult to get round. However, like the DNS and DPI this system has its limits. By using a different server, such as VPN or TOR, the blocking technology can be circumnavigated.

4. Proxys and firewalls

A fourth way of blocking child sexual abuse content is through blocking lists held in proxys or firewalls. This a technology that is frequently used by businesses.

The advantage of this technology is that it is possible, both theoretically and technologically, to look at encrypted material. In order to do this a certificate must be installed.

The disadvantage with this technology on ISP level, is that the quality of traffic will be heavily  reduced, and that it is expensive as it is difficult to scale down the volume that is being looked at.

There is an additional risk to using a proxy or firewall, and that is that it can look like the proxy is the sender for all traffic when a website is sought out. The volume of traffic can also be misconstrued as an attack by some servers, which can lead to the proxy’s IP address being blocked.

5. Blocking technology in the operators’ router

The final technology available to block online child sexual abuse, is the possibility of the operator blocking ip-addresses directly in their own routers. This is a cheap and simple solution, however also one of the more heavy-handed solutions that will block all pages on the ip-address, again leading to heavy overblocking. As a result it is hardly ever used, if at all.

Blocking is needed

Although encryption is being used more and more, and despite what could be construed as narrow perimeters, blocking covers a large part of the Internet and is very important in the fight to combat the spread of online child sexual abuse images, and the re-victimisation that happens every time an image or film is shared. Large amounts of child sexual abuse material is still stored, shared and distributed through the open internet and unencrypted websites.

About the Technical Model National Response

Inspired by the WeProtect Global Alliance Model we have set out to develop an initiative that looks at technology. We call it the Technical Model National Response.  It is an overview of the existing technologies that need to be applied by different sectors and businesses to effectively fight the spread of child sexual abuse material.

Learn about the other

  • Aug202018

    Hashing Technologies
    Read now

  • Aug192018

    Read now

  • Aug182018

    Artificial Intelligence
    Read now

  • Aug162018
    Blocking - Technical Model National Response

    Blocking Technologies
    Read now

  • Aug162018

    Web Crawlers
    Read now

  • Aug152018

    Filter Technologies
    Read now

  • Aug142018

    Keyword Matching
    Read now

  • Aug142018

    Law Enforcement Collaboration platform – Coming soon

  • Aug132018

    Notice and Takedown
    Coming soon