Journal Articles
| Browse in : |
All
> Journals
> CVu
> 283
(8)
All > Topics > Internet (35) Any of these categories - All of these categories |
Note: when you create a new publication type, the articles module will automatically use the templates user-display-[publicationtype].xt and user-summary-[publicationtype].xt. If those templates do not exist when you try to preview or display a new article, you'll get this warning :-) Please place your own templates in themes/yourtheme/modules/articles . The templates will get the extension .xt there.
Title: How to Block Russia From Your Website (and why you might want to)
Author: Martin Moene
Date: 04 July 2016 20:54:58 +01:00 or Mon, 04 July 2016 20:54:58 +01:00
Summary: Silas S. Brown takes a stand against indiscriminate legislation.
Body:
It’s 2025. ACCU publishes a negative review of a poor-quality programming book, a book that happens to be popular in Russia. The book’s publishers are big and powerful; they say the review is unlawful, because it is criticising popular opinion, thus causing disunity. That now counts as ‘extremism’. C Vu and Overload are added to the Federal List of Extremist Materials, ACCU is banned as an extremist organisation, and all ACCU members in Russia are imprisoned for 20 years due to their affiliation with this supposed terrorist threat.
That sounds ridiculous, but it’s legally possible. According to the Parliamentary Assembly of the Council of Europe (2012), Russia’s 2006 amendment to its 2002 Federal Law on Counteracting Extremist Activity (originally enacted in response to the 9-11 attack) removed the need for a group to be involved in ‘violence or calls to violence’ before it can be counted as extremist. It’s now extremist simply to promote any kind of ‘discord’, which is vaguely defined.
By the time this issue of C Vu goes to press, Russia will likely have finished banning a couple of minority Christian groups whose literature includes negative reviews of the Russian Orthodox Church. But there’s nothing in the legislation that restricts such bans to religious differences. Russia has basically outlawed the bad review, and anybody who recommends any journal that publishes bad reviews about anything popular will, according to the vague wording of the law, be subject to criminal conviction as a terrorist.
I’m reminded of Niemoller’s ‘First They Came’ poem [1]. The most prominent group they’re going for at the moment seems to be Jehovah’s Witnesses [2], but if you feel smug because you don’t like JWs anyway, how are you going to feel when the big software companies start talking to the Prosecutor’s Office in the same way that the Russian Orthodox Church talks to them today?
But Russia is a lot bigger than I am, and there doesn’t seem to be much I can do about it, especially as I don’t want to become a politician or anything like that. But I do have a website with free software on it – it may be a very small thing, but I decided to block Russia and display a message saying I won’t share my software with them because of this.
Now, when I say ‘block’, I don’t really mean it in the sense they do. I don’t really want to stop ordinary Russian citizens from using my software. I just wanted to make them have to jump through hoops to get it, in order to raise a little awareness. So I implemented the block as a piece of Javascript that plonks a big black box over the page. You can remove it by disabling Javascript, or by using browser developer tools to edit the DOM and delete that node, or by using a proxy, or by disabling its display in a user stylesheet, or any number of other ways. Furthermore the text underneath is still findable on Russian search engines (I’m hoping they won’t figure out how to interpret the box as a kind of ‘cloaking’ and down-rank the page for it).
The basic change is a surprisingly simple addition to an Apache htaccess file, requiring no support for server-side scripting:
<Files typography.js> ErrorDocument 403 http:// <url-of-russia-version> .js Order allow,deny Allow from all Deny from ru </Files>
where typography.js [3] is a piece of Javascript that gets included at the bottom of all my pages, basically to replace straight ASCII quotes and dashes with their nicer typographical equivalents if and only if the browser is known to support such (some old mobile and terminal-mode browsers still don’t, and my site still ‘gracefully degrades’ to ASCII, at least on its English pages; I wasn’t so worried on my Chinese pages because I’ve never seen a system that displays Chinese but not curly quotes).
The htaccess rule works by telling Apache to deny access to this one file for any domain ending .ru, and instead send the browser to another URL, which hosts a different version of the script that also includes the big black box (a div element with style "position:fixed" and "height:100%; margin:5em; left:0px; top:0px; z-index:9"; colour as you see fit). The easiest way to ‘hack’ it is:
if(document.createElement) {
d=document.createElement('span');
d.innerHTML='<div style="..."> ... </div>';
document.body.appendChild(d)
}
It’s important that the ErrorDocument line specify an absolute URL (even if it’s served from the same place); if instead it just specifies a file, Apache will return that file with HTTP status code 403, and browsers like Chrome won’t execute the Javascript body if the HTTP status code indicates an error. Since I’m not in Russia, I had to test this by temporarily placing my own address on the Deny line.
For this to work, Apache has to do a reverse DNS lookup on the IP address of anybody trying to retrieve that typography.js file, and this must complete before the page is served. It could take some time if the user’s ISP is one of the increasingly rare beasts that doesn’t set reverse DNS entries for its IP addresses. That’s not a major issue for the user if the only consequence is your straight quotes don’t become curved quotes for a while (just make sure that script is the last thing to load, in case they’re using HTTP pipelining). But it will hold up one of the Apache server threads, which could become an administrative issue if many such requests are received at the same time. (This won’t be a consideration if your web pages are served from an institution that uses a modern lightweight single-threaded server such as nginx instead of Apache, although its configuration would of course be different.)
Also it’s entirely possible that some ISPs in Russia have IP addresses that don’t resolve to .ru domains. I wasn’t worried about that; if you want to do a more thorough job, it’s possible to get a list of known Russian IP address blocks, but your Apache configuration will end up being quite large and probably slow things down for everybody, plus you’d have to periodically update that list.
Of course not every bad review is correct, and many reviews published by minority groups are biased to say the least. But intelligent readers should be able to decide for themselves about such things; outlawing non-violent negative reviews as ‘extremist’, and prosecuting anyone who mentions them, could have far too many unintended consequences. Besides raising awareness of this, I hope this article is also useful for any programmer who needs to place a temporary message for a particular region on a webserver without needing server-side scripting (which not all administrators enable).
References
[1] http://en.wikipedia.org/wiki/First_they_came_...
[2] http://www.jw.org/en/news/legal/by-region/russia/jw-religious-freedom-threatened/
[3] http://people.ds.cam.ac.uk/ssb22/typography.js
Notes:
More fields may be available via dynamicdata ..