"Stealth blocking" refers to the practice of Internet Service Providers that do not advertise that their Internet service is "filtered", but block their users from reaching certain Web sites. When the user attempts to access a blocked site, they see only an error message saying that the site is not responding, so virtually all users are unaware that any blocking is going on.

Until recently, it was safe to say that even though some ISPs did this, it was probably not happening to you. But America Online announced in March 2004 that they are going to begin silently blocking Web sites as well, and there is a danger that the practice could spread to other major ISPs. AOL claims that they will block only spammer Web sites, but other ISPs which have engaged in the practice made the same claim, and ended up blocking a wide range of other sites as well, either accidentally or deliberately. And since AOL has a history of blocking emails that even contain any mention of a URL such as www.bushin30seconds.org, we think AOL users should have every reason to be skeptical of AOL's plans for "stealth blocking" of their Web access.

Background

In December 2000, Peacefire found out that that AboveNet and TeleGlobe, two large Internet backbone companies (which provide Internet connectivity for the ISPs that deal directly with the general public), were blocking their users from accessing Web sites on a "boycott list". Neither company publicized the fact, in their terms of service or elsewhere, that their users were filtered from accessing those Web sites. The boycott list itself was maintained by a group called MAPS, whose founders included two of AboveNet's board members, and was allegedly a list of spammer Web sites but was found to be much broader (even including a now-defunct site called ORBS, which was not a spammer but in fact one of MAPS's competitors!). When a Slashdot article publicized AboveNet's and TeleGlobe's Web-blocking practices, AboveNet did not formally respond, but immediately stopped blocking Web sites on the MAPS boycott list, although they continued to block other Web sites. TeleGlobe did not immediately stop blocking Web sites, but issued a statement indirectly criticizing MAPS, and phased out Web-blocking in August 2001. A coalition of free-speech groups including Peacefire released a coalition statement against "stealth blocking" in May 2001.

While the blocking was still in effect, for a time Peacefire ran a script on our site which detected when a person was connecting to our site from an IP address controlled by AboveNet or TeleGlobe. The script would then display a banner telling the person what Web sites they were blocked from viewing, so that they could click the links and see that the sites were inaccessible -- and then giving the user a link to access those sites through the Anonymizer so that they could see that the sites were not actually down; it was their provider that was blocking them. This earned the enmity of many blacklist supporters, but also raised more people's awareness that their providers were blocking them from Web sites.

After the rash of bad publicity that the "stealth blocking" practice received in 2001, we thought it was mostly a dead issue until America Online announced that they would begin silently blocking Web sites.

All ISPs that we are aware of that have engaged in stealth blocking, to the extent that they made public statements discussing the practice at all, justified as it as an anti-spam measure. This has led to much confusion about how blacklists are really used, and three major misconceptions in particular:

• Myth #1: Only email is blocked. Spam blacklists are most commonly used to block email, but AboveNet, TeleGlobe, and America Online have used them to block Web sites as well.
• Myth #2: Spam blacklists only target senders of spam. In fact, some spam blacklists will include sites solely because of the content of the sites. For example, the MAPS RBL lists one of their criteria as, "providing software or services for distributing spam". This would seem to be an arbitrary distinction because all mailing list software can be used to send to addresses in bulk, since the software doesn't "know" if the recipients opted in to receive it or not, but the criteria are not any more specific. This is not widely discussed, probably because of the potential to alienate large portions of the "cypherpunk" community, who are generally opposed to eradicating content from the Internet and have even developed software such as FreeNet for publishing content in a format that is completely censor-proof.
• Myth #3: Spam blacklists only target sites that meet their criteria. Some blacklist operators have a policy that if they blacklist a site and demand the ISP cancel that customer's account, but the ISP does not agree to shut down the customer, the list operator will blacklist other, unrelated sites at the same ISP, to apply additional pressure. It is a common misconception that blacklists single out their targets as narrowly as possible, and that any "collateral damage" is accidental or unavoidable, when in fact often the collateral damage is deliberate.

None of this applies to ISPs which make their customers aware of the fact that they are blocking Web sites that meet certain criteria. As much as it may be pointless to block customers' access to spammer Web sites, and doubly pointless to block access to Web sites of companies that simply do business with spammers -- if someone wants to use an ISP that does this, that's their privilege. However, this is purely hypothetical, as we are not aware of any ISP that engaged in stealth blocking and actually made their customers aware of it. And ISPs that engage in stealth blocking without informing their customers, are probably committing consumer fraud by claiming to sell "Internet access" but actually selling restricted Internet access, although courts have not yet addressed the issue.

Bennett Haselton
Last modified 3/21/2004