Thursday, May 15, 2008

Cox blocking P2P traffic

A new study out of the Max Planck Institute flatly states that Cox is interrupting P2P traffic over the internet...and is one of only 3 large service providers worldwide for whom this is undeniably true. What's more appalling is that it appears that Cox is blocking traffic without any obvious regard to the sorts of traffic congestion that are used to justify such blocking. This is a worldwide phenomena with local implications: take a look at the map and see if you see a red dot where you live. I think I see two in South Louisiana...BR/Lafayette and New Orleans.

While Comcast is the poster boy — and the whipping boy in Congress and at the FCC — for this behavior it is merely the first company to have been caught with its hand in the cookie jar. It also came in for more than its share of attention because it had the poor grace to first deny it altogether and then to claim that what it was doing was not "blocking" traffic but merely delaying it with the intent of managing traffic in order to improve the experience of its customers. The trouble is that, unknowable intent aside, what Comcast and Cox in the US and Starhub in Singapore are doing is clearly and obviously denial of service—blocking—of a perfectly legal file transfer protocol. (The first time Comcast was caught interferring the file being transfered was the King James version of the Bible!) These companies are using their control of the routers over which you send messages to another net user to dip into the flow of bits between two people and alter that stream to indicate to both sides that the other side has dropped the connection. They lie to both ends. The inevitable and intended result is that after a few retries the two pieces of software drop the connection because the cable company has successfully used its control of the network to convince the users that the other side has hung up. The critical terminology, should you care to google it is: "forged TCP/IP packets with the RST (reset) flag set" or some such...

An analogy from elsewhere in the telecommunications world that illustrates what is wrong with this sort of deceptive practice: The phone company does not send the caller a ring that never gets picked up when their network gets congested. They forthrightly tell you that all their circuits are busy and that you should call back later. They don't lie and tell you the other person is busy. The phone companies are owning their problem. In contrast the cablecos are lying to you and telling you that they don't have a problem--the person you want to talk to has gone offline.

Comcast continues to deny that this is blocking but the raw fact of the deception necessarily involved has lead to a renewed interest in Net Neutrality by Congress and a series of very uncomfortable investigatory hearings by the FCC.

The immediate response of the net media to this latest study has been to react with surprise that Cox is also included. That's just because they've not been paying close attention—as readers of this space will know. In fact the fellow that exposed Comcast quickly made the same accusation against Cox whose non-denial defense slipped under the radar in uproar surrounding Comcast's mishandling of the issue.

The meaningful bits from the AP story:
A study released Thursday found conclusive signs that file-sharing attempts by subscribers of Cox Communications were blocked, along with customers at Comcast and Singapore's StarHub....

The percentage of blocked connections for Comcast and Cox subscribers did not appear to correspond to periods of high congestion, despite Comcast's assertions to the FCC that the filtering only happens at certain times. Subscribers were roughly equally likely to be blocked at all times of day and night. FCC Chairman Kevin Martin told Congress in April that testimony collected by the agency indicated that Comcast's filter was active even when there was no congestion.
What should be at the top the news is that substance of the report:
  1. the interference is undeniably occurring
  2. It is NOT normal practice and it can only be reliably show for a very few cable companies worldwide.
  3. It is NOT being used to decongest the network in any systematic way. (Network congestion is very predictable and occurs in 24 hour cycles. If this technique were honestly being used to limit congestion you'd see increasing percentages of blockage during periods of high usage like when the kids get home from school or early evening. There is no such pattern in the data.)
Comcast, under intense pressure has pledged to stop this practice soon.

I wonder if Cox will do the same?

If you'd like to know if your connection is being lied to you can run the Max Planck test on your own connection; just click on over. Try a couple of times. Cox's is apparently blocked about half the time, for instance, so you'll need to run multiple tests to see if your local network is one that is being "managed." PS: When I tried it was busy...and told me it was too busy. At least they're honest about it. ;-) I'll try again later.


Anonymous said...

Not sure about anyone else but I don't seem to have any issues using any P2P clients when I need to.

Personally I have no qualms with this if it is true for two reasons. One I have yet to notice an impact because of this and have not had any known problems with using any P2P clients. Two, if it is true I am actually for it as I don't want others polluting the "intertubes" with all this junk traffic.

You can't deny that probably 90% or more of P2P traffic is for warez and pirated music / movies.

As a network engineer and small business owner of a web hosting company I have often had to take steps restricting things for the greater good of my customers. Sure it upsets a few customers who are up to no good but it makes my long term customers grateful that I am protecting their interests.

John said...

Hi Anonymous,

Sorry, but I can't agree with your judgment about this.

If you tell your customers upfront that you are willing to dip into their bit stream of communications with others (who may well NOT be on your network--another ethical dilema, I'd think.) and alter what they say to others and what others say to them to suit your idea of right and wrong and/or network management my guess isn't the deal they thought they made with you. They wouldn't like it if they understood.

I don't. I trust that my communications are transmitted faithfully and don't like the idea that the network owner feels free to lie to me about what is being said.

The fact that worldwide NO teleco and only 3 cablecos follows this practice is proof positive that it is not necessary for good network maintenance.

But need is not the point.

It isn't your role to decide what is legal and illegal...especially when you cannot make a distinction between instances that are and those that are not.

I don't know what percentage of P2P traffic is questionably legal. But that doesn't matter. Unless you and Cox been deputized, which you haven't...or deputized yourself which is doesn't make your "enforcement" legal — quite the contrary in fact. You can't know and Cox can't know which bits might be "bad."

Comcast blocked the King James Bible, as I pointed out in the post. Pretty much out of copyright, I believe. Legal content is blocked.

But the legality of other people's actions or even yours is not the point either.

What is wrong is breaking the trust people have in you.

The only defense you (and Cox and Comcast) can seem to muster for blocking legal material transmitted by legal means is something along the lines of "The ends justify the means."

I've never been able to buy that reasoning--and notice that moral systems from the law to Christianity don't either.

I just can't see how abusing the trust that people have placed in you to transmit their messages truthfully can be justified. Neither your judgment that some content is illegal or your feeling that it would be more convenient for some customers if you altered communications between others will fly.

It's breaking the trust others have in their service that can't be justified.

Anonymous said...

The argument about the end justifying the means is no different then LUS and a handful of so called local leaders building out a FTTH system.

The FTTH system LUS is building is based pretty much entirely on a handful of people who believe they know what is best for the community and believe that the end will justify the means.

I say this contrary to the referendum results of course because I firmly believe that if one could have gotten a yes or no answer from every registered voter it wouldn't have passed.

But I digress, as for the whole P2P issue I believe your wrong on a few points.

1. None of the cable co's are "blocking" P2P. P2P works so they aren't blocking it completely.

2. None of the cable co's are altering the actual packets sent by the two hosts.

3. There testing is flawed. Why? Because of this statement from the Max Planck Institute site:

"If a flow is aborted by a control (RST) packet that was not sent by either of the end points, we report the flow as being blocked by some ISP along its path."

Why is that important? Like I said the servers are in Germany, and there are a lot of paths, hops between anywhere and there. And as their own site states, "we report the flow as being blocked by SOME ISP along its path".

So this means that the RST packet is not necessarily being sent by the actual ISP of the user.

4. The Max Planck Institute also states they are only seeing this affect the upstream and not downstream.

So go ahead and download away, which is what most do anyway on P2P.

Finally, this is OLD news. Cox acknowledged back in Nov. 2007 that they were doing this.

There was absolutely no point to this blog post. It is just another of many posts by the authors to discredit anyone who competes with LUS. You guys make drama out of anything you can if it makes you and your position on LUS FTTH look good or its competitors look bad.

Obviously that is the point of a "Pro Fiber Blog" of course.

Our country and laws are all about the end justifying the means and the whole greater good thing.

Patriot Act? Taxes and welfare? Waiting period on guns? Seatbelt laws? Speed limits? and on and on

All of this stuff is about the greater good, or the end justifying the means or what ever you wanna call it.

The only way we wouldn't need any of this is if everyone was good and we lived in a darn near utopian society.

Don't forget these are companies, for profit, service providers. They can or should be able to do what ever they want on their network. Why? Because its their choice and option, and if you don't like it just don't sign up or cancel your service its that simple.

You don't need it, you want it. No one needs the internet, cable tv or phone, you just want it.

If you don't believe go spend the weekend at my parents who have no internet, tv or phone. Drives me insane, but they could care less.

John said...

Anonymous, since your most basic tactic seems to be to attempt to throw doubt on my motives and commitments why don't you tell us who you are and why this is a concern of yours? You know who I am--my name is easily available on the site--and why I write. Why not buck up and tell us who you are and why you defend the indefensible?

(Incidentally, aside from focusing on the person instead of the argument, you are missing the point of the study and my post...see below.)

As to your defense. Let's handle the least consequential first:

1) Your conviction that the referendum would have failed if all had voted is simply wrong.The will of the community was clearly expressed. You think them wrong. Ok. But denying the evidence is just foolish. What the claim amounts to is a weak attempt to find a way to deny that this community disagrees with you. It's the sort of self-indulgent reasoning that gives a reflective person reason to doubt the rest of your remarks.

2) Ends and means. Justifying the means in terms of the guess is that what you are really admitting in your defense of that concept is that you recognize that using your power to control network to lie to both ends of the connection by inserting information that purports to come from the endpoints really is a "bad" means. But that you still want to say that it is ok. It is not. And, I ask plainly: would your customers think that it was all right if they understood that you had taken it on yourself to lie to those they are communicating with on the behalf of your and your other customer's convenience?

3) Re the argument that no bit is altered. Surely any reader can see that first, I only said that the stream is altered. And it is. And,secondly, what is done is lying to both ends by presenting them with bits that falsely depict the status of those with whom they are communicating. You've tried to squeeze out of a moral failure. You've failed. I call it lying. It is.

4) 1) You say that blocking is not occurring because not _all_ P2P communications are being blocked. That's not what's required of the meaning of the word "blocking." When some ships are being prevented from entering a port it is being blockaded even when some ships sneak by. In this case no one is claiming--and I made it clear that no one should expect--that every connection would be blocked. Nonetheless, those that are, are.

5) You call it "old news." Yes, it is--as I clearly say in the text of the post. And link to the spot in this blog that I originally discussed that with my readers. (In fact I used the same source you do!) A more careful reading of the text would save you from such errors.

Actually consequential argument:

1) You argue that some _other_ bad actor might be altering the packet flow; that Cox, Comcast or Singapore might be innocent. That might sound superficially sensible to some. But recall that this is a statistical study. If the carriers on the way to Germany were the real culprits and not Cox (for instance) then the pattern would reveal itself clearly--other innocent users like the big telecos would have a similarly high percentage of these issues. They don't. The study authors make it clear that they are aware of the possibility of such error and refuse to label a few other (smaller) ISPs as blockers because they don't have a sufficient statistical basis to confidently say that such "misattribution" might not be be at work. But for the three they do label the only statistically reasonable explanation is that they are the source. Statistics is a well understood science. Intervening carriers are not the source of the pattern.

An even better reason to believe that the study is identifying a real "reset" phenomena at Cox and Comcast: both admit to it. :-)

2) You say they only block uploads so it doesn't matter. I can be charitable about the error you've made in 1 immediately above; you might misunderstand. But here I have to think you are just trying to mislead the reader. You know that P2P won't work if everyone takes and no one gives. (In this it is like life.) There will be no one to give you a file to download if all follow your advice. What is more interesting is that this is actually the best evidence that the perpetrators actually believe that they are trying to figure out a way to manage their network--even if they are apparently not doing so at appropriate times. (Maybe they are experimenting?) It also makes sense of the issue only coming up with cable companies. P2P works better if everyone can upload as fast as they download and such "give and take" is maintained...ideally you give the bits you have and take the ones you don't more or less equally. But cablecos don't have equal upstream and downstream capacities and it is upstream where they would first run into their own networks' limits. So it makes sense that they'd try and block usage where it hurts them most. Far from being a reason to doubt the study, it is just the sort of initially surprising but sensible finding that helps confirm research.

I Notice tacit admissions by neglect; Please note that the following two points were what I emphasized in the post as the important news from the study; by not addressing the real issues I assume you grant them:

1) This blocking is NOT necessary for good network management as only 3 cabelcos (and no telecos) worldwide are demonstrably employing it. Others find a better way to manage that doesn't involve breaking trust with their customers.

2) The blocking does _not_ occur at times of high congestion. So it cannot be argued that it is being done in response to congestion (misguided or not).

Those are the significant findings of the study (not whether or not blocking is real). No one reasonably believes the study is not identifying a real pattern--and, after all Cox and Comcast admit it. Directing attention to the interesting new data would be more useful than trying to throw doubt on what is already well-accepted and well-understood.