Reading the latest version of Congressman Ed Markey’s (D-MA) Internet Freedom Preservation Act of 2009 is like going to your high school reunion: It forces you to think about issues that once appeared to be vitally important but which have faded into the background with time.

When the first version of this bill appeared, in 2005, the Internet policy community was abuzz with fears that the telcos were poised to make major changes to the Internet. Former SBC/AT&T chairman Ed Whiteacre was complaining about Vonage and Google “using his pipes for free,” and former BellSouth CEO Bill Smith was offering to accelerate Internet services for a fee.

Our friends in the public interest lobby warned us that, without immediate Congressional action, the Internet as we knew it would soon be a thing of the past.

In the intervening years, Congress did exactly nothing to shore up the regulatory system, and the Internet appears to be working as well as it ever has: New services are still coming online, the spam is still flowing, and the denial-of-service attacks are still a regular occurrence.

Enjoy.

net neutralty, Markey, Internet Freedom Preservation Act

A decade ago, when dial-up Internet access was the norm, you could choose from dozens of providers. With so many rivals, you could find Internet access at a reasonable price all by itself, without having to buy a bundle of other services with it.

There was competition because regulators forced the local phone giants to allow such services on their networks. But regulators backed away from open-access rules as the broadband era got under way. While local phone and cable companies could permit other companies to use their networks to offer competing services, regulators didn’t require them to do so and cable providers typically didn’t.

Wolverton’s chief complaint is that the DSL service he buys from Earthlink is slow and unreliable. He acknowledges that he could get cheaper service from AT&T and faster service from Comcast, but doesn’t choose to switch because he doesn’t want to “pay through the nose.”

The trouble with nostalgia is that the past never really was as rosy as we tend remember it, and the present is rarely as bad as it appears through the lens of imagination. Let’s consider the facts.

Back in the dial-up days, there were no more than three first-class ISPs in the Bay Area: Best Internet, Netcom, and Rahul. They charged $25-30/month, over the $15-20 we also paid for a phone line dedicated to Internet access; we didn’t want our friends to get a busy signal when we were on-line. So we paid roughly $45/month to access the Internet at 40 Kb/s download and 14 Kb/s or so upstream.

Now that the nirvana of dial-up competition (read: several companies selling Twinkies and nobody selling steak) has ended, what can we get for $45/month? One choice in the Bay Area is Comcast, who will gladly provide you with a 15 Mb/s service for a bit less than $45 ($42.95 after the promotion ends,) or a 20 Mb/s service for a bit more, $52.95. If this is “paying through the nose,” then what were we doing when we paid the same prices for 400 times less performance back in the Golden Age? And if you don’t want or need this much speed, you can get reasonable DSL-class service from a number of ISPs that’s 40 times faster and roughly half the price of dial-up.

Wolverton’s column is making the rounds of the Internet mailing lists and blogs where broadband service is discussed, to mixed reviews. Selective memory fails to provide a sound basis for broadband policy, and that’s really all that Wolverton provides.

net neutrality, Internet, broadband

Similarly, the sessions on technology featured a diverse set of voices, but emphasized speakers with actual technology backgrounds. Despite the technology focus, a good number of non-technologists were included, such as media historian Sascha Meinrath, Dave Burstein, Amazon lobbyist Paul Misener, and veteran telephone regulator Mark Cooper. A number of the technology speakers came from the non-profit or university sector, such as Victor Frost of the National Science Foundation, Henning Schulzrinne of Columbia University and IETF, and Bill St. Arnaud of Canarie. The ISPs spanned the range of big operators such as Verizon and Comcast down to a ISPs with fewer than 2000 customers.

Given these facts, it’s a bit odd that some of the public interest groups are claiming to have been left out. There aren’t more than a small handful of genuine technologists working for the public interest groups; you can practically count them on one hand without using the thumb, and there’s no question that their point of view was well represented on the first three days of panels. Sascha Meinrath’s comments at the mobile wireless session on European hobbyist networks were quite entertaining, although not particularly serious. Claiming that “hub-and-spoke” networks are less scalable and efficient than wireless meshes is not credible.

The complaint has the feel of “working the refs” in a basketball game, not as much a legitimate complaint as a tactical move to crowd out the technical voices in the panels to come.

I hope the FCC rolls its collective eyes and calls the game as it sees it. Solid policy positions aren’t contradicted by sound technical analysis, they’re reinforced by it. The advocates shouldn’t fear the FCC’s search for good technical data, they should embrace it.

Let a thousand flowers bloom, folks.

Cross-posted at CircleID.

As if AT&T wasn’t already bad enough. In an act that is sure to spark internet rebellions everywhere, AT&T has apparently declared war on the extremely popular imageboard 4chan.org, blocking some of the site’s most popular message boards, including /r9k/ and the infamous /b/. moot, who started 4chan and continues to run the site, has posted a note to the 4chan status blog indicating that AT&T is in fact filtering/blocking the site for many of its customers (we’re still trying to confirm from AT&T’s side).

4chan, in case you didn’t know, is a picture-sharing site that serves as the on-line home to a lovable band of pranksters who like to launch DOS attacks and other forms of mischief against anyone who peeves them. The infamous “Anonymous” DOS attack on the Scientology cult was organized by 4chan members, which is a feather in their cap from my point of view. So the general reaction to the news that AT&T had black-holed some of 4chan’s servers was essentially “woe is AT&T, they don’t know who they’re messing with.” Poke 4chan, they poke back, and hard.

By Monday afternoon, it was apparent that the story was not all it seemed. The owner of 4chan, a fellow known as “moot,” admitted that AT&T had good reason to take action against 4chan, which was actually launching what amounted to a DOS attack against some AT&T customers without realizing it:

For the past three weeks, 4chan has been under a constant DDoS attack. We were able to filter this specific type of attack in a fashion that was more or less transparent to the end user.

Unfortunately, as an unintended consequence of the method used, some Internet users received errant traffic from one of our network switches. A handful happened to be AT&T customers.

In response, AT&T filtered all traffic to and from our img.4chan.org IPs (which serve /b/ & /r9k/) for their entire network, instead of only the affected customers. AT&T did not contact us prior to implementing the block.

moot didn’t apologize in so many words, but he did more or less admit his site was misbehaving while still calling the AT&T action “a poorly executed, disproportionate response” and suggesting that is was a “blessing in disguise” because it renewed interest in net neutrality and net censorship. Of course, these subjects aren’t far from the radar given the renewed war over Internet regulation sparked by the comments on the FCC’s National Broadband Plan, but thanks for playing.

The 4chan situation joins a growing list of faux net neutrality crises that have turned out to be nothing when investigated for a new minutes:

* Tom Foremski claimed that Cox Cable blocked access to Craig’s List on June 6th, 2006, but it turned out to be a strange interaction between a personal firewall and Craig’s List’s odd TCP settings. Craig’s List ultimately changed their setup, and the software vendor changed theirs as well. Both parties had the power to fix the problem all along.

* Researchers at the U. of Colorado, Boulder claimed on April 9, 2008, that Comcast was blocking their Internet access when in fact it was their own local NAT that was blocking a stream that looked like a DOS attack. These are people who really should know better.

The tendency to scream “censorship” first and ask questions later doesn’t do anyone any good, so before the next storm of protest arises over a network management problem, let’s get the facts straight. There will be web accounts of AT&T “censoring” 4chan for months and years to come, because these rumors never get corrected on the Internet. As long as Google indexes by popularity, and the complaints are more widespread than the corrections, the complaints will remain the “real story.” I’d like to see some blog posts titled “I really screwed this story up,” but that’s not going to happen – all we’re going to see are some ambiguous updates buried at the end of the misleading stories.

UPDATE: It’s worth noting that AT&T wasn’t the only ISP or carrier to block 4chan’s aggressive switch on Sunday. Another network engineer who found it wise to block the site until it had corrected its DDOS counter-attack posted this to the NANOG list:

Date: Sun, Jul 26, 2009 at 11:05 PM
Subject: Re: AT&T. Layer 6-8 needed.

There has been alot of customers on our network who were complaining about ACK scan reports coming from 207.126.64.181. We had no choice but to block that single IP until the attacks let up. It was a decision I made with the gentleman that owns the colo facility currently hosts 4chan. There was no other way around it. I’m sure AT&T is probably blocking it for the same reason. 4chan has been under attack for over 3 weeks, the attacks filling up an entire GigE. If you want to blame anyone, blame the script kiddies who pull this kind of stunt.

Regards,
Shon Elliott
Senior Network Engineer
unWired Broadband, Inc.

Despite the abundance of good reasons for shutting off access to a domain with a misbehaving switch, AT&T continues to face criticism for the action, some of quite strange. David Reed, a highly vocal net neutrality advocate, went black-helicopters on the story:

I’d be interested in how AT&T managed to block *only* certain parts of 4chan’s web content. Since DNS routing does not depend on the characters after the “/” in a URL in *any* way, the site’s mention that AT&T was blocking only certain sub-”directories” of 4chan’s content suggests that the blocking involved *reading content of end-to-end communications”.

If AT&T admits it was doing this, they should supply to the rest of the world a description of the technology that they were using to focus their blocking. Since AT&T has deployed content-scanning-and-recording boxes for the NSA in its US-based switching fabric, perhaps that is how they do it. However, even if you believe that is legitimate for the US Gov’t to do, the applicability of similar technology to commercial traffic blocking is not clearly in the domain of acceptable Internet traffic management.

What happened, of course, was that a single IP address inside 4chan’s network was blocked. This IP address – 207.126.64.181 – hosts the /b/ and /r9k/ discussion and upload boards at 4chan, and DNS has nothing to do with it. Reed is one of the characters who complains about network management practices before all the relevant bodies, but one wonders if he actually understands how IP traffic is routed on the modern Internet.

And as I predicted, new blog posts are still going up claiming that AT&T is censoring 4chan. Click through to Technorati to see some of them.

net+neutrality

Here’s the skinny. Often, if a user mistypes a domain name within a browser, he or she gets a very unhelpful and cryptic message.This message can sometimes lead users to believe that something is wrong with the computer or Internet connection and prompt a call to tech support. So, many ISPs have set up their systems so that such errors — especially on residential connections — redirect the user to a Web page that tries to help the user find the site that was intended. It may also submit what was typed to a search engine and display the results. The mechanism by which this is accomplished is known as “DNS redirection.”

Here’s how DNS redirection works. Whenever you type a domain name into a browser or other program on your computer, your computer must have it translated into a binary Internet address — an IP address. In most cases, your computer does this by submitting the name to a server called a “recursive domain name resolver” which is operated by your ISP.

But what happens if the domain name can’t be translated — because it was mistyped, no longer exists, etc.? Normally, your computer would receive a terse, unhelpful NXDOMAIN (“domain does not exist”) response, which the program you’re running sees as an error. Most programs, including Web browsers, likewise return a terse and completely unhelpful message to you, leaving you to figure out what went wrong… if you can.

With DNS redirection, however, the ISP’s domain name resolver instead returns the address of a server operated by the ISP — a server which might offer better help with the problem or links to sites which might be the one you actually meant to visit.

Should ISPs do this? Well, as an ISP myself, I can say with authority that 99.99% of all Internet users would not know what DNS (or a recursive DNS server) was if it bit them. They’re impatient and uninterested in becoming Internet gurus. They want things to “just work,” and want immediate help if they don’t. What’s more, they are often extremely confused by the unhelpful error messages which browsers provide when a domain name cannot be resolved.

For this reason, it’s a good thing (in my opinion) that ISPs provide this service, and it’s quite reasonable for them to do so by default (with an option to opt out).

Some people have claimed out that failing to return an NXDOMAIN response when a domain does not resolve properly can cause problems with certain software. However, since DNS redirection is a well known and common practice, any software which cannot handle it is clearly dysfunctional itself, and will experience problems on a growing number of networks — prompting software authors to fix the bug. So, any such problems, if they do occur, won’t be around for long. And allowing customers to opt out should handle any situation where a user must run software that cannot tolerate redirection.

What’s more, DNS redirection can offer some real benefits. It can be used, for example, to block access to sites (or even portions of Web pages) that contain malware, spyware, and “drive-by downloads.” It can be used to block domains publicized in spam, preventing spammers from profiting from spam or from scams (such as the infamous Nigerian advance fee fraud). It can also be used for parental content controls. And the RFC does recommend limits on what ISPs should redirect, and how they should do it.

So, what’s all the fuss about? My take is that most of the folks who are protesting this practice are either people who constantly brand ISPs as evil or “orthodox end-to-endians” — extremists who believe that ISPs should not add value to the connectivity they sell, regardless of how helpful this might be to users. A few of them complain about the fact that some DNS redirection pages are advertiser-sponsored, and accuse ISPs of profiteering from users’ typos. But so long as there’s a clear way to opt out of seeing the pages (and, hence, the ads), what’s the big deal?

Methinks that what we have here is a reasonable practice that a few cranks see as yet another opportunity to attack ISPs. What do you think?

– Addendum posted 2009-07-11 –

Since I wrote the original posting, it occurred to me that one way to satisfy the purists — if they really are purists and not just out to attack ISPs — would be to set up a mechanism that enabled a program to distinguish between a domain which was actually resolved and one that was redirected. For backward compatibility, we wouldn’t want to change the formats of existing responses from recursive domain name resolvers. But we could easily add a new kind of domain name query whose semantics were, “Resolve this domain, but don’t ever redirect me if the domain does not exist.” (Since, according to Comcast’s RFC, redirection is only to be done on A and AAAA records, implementing this would just involve special queries for these two kinds of records.) Would this proposed solution be adequate? Should it be added to Comcast’s RFC? Comments are welcome.