HTTPS Foiling Piracy Blocks by BT, EE, Virgin Media and TalkTalk

Broadband customers of BT, EE, Virgin Media and TalkTalk are allegedly still able to directly access (i.e. no Proxy or VPN required) some of the Internet’s most prolific piracy websites (copyright infringement) simply by typing https:// in front of the domain instead of http://.

Strictly speaking this news isn’t new and indeed we’ve raised the issue of how some blocking systems are ineffective against HTTPS on quite a few occasions since 2012 (when court ordered blocking first started), although it’s a surprise to find that some of the major broadband ISPs still haven’t closed that loophole.

The ordinary Hypertext Transfer Protocol (HTTP), which underpins how you access web servers and exchange files so as to load a website onto your screen, is not secure and so generally only used for public (read-only) information display. By comparison HTTPS is the secure / encrypted alternative, which is what many websites will switch to when you need to enter personal or financial details; some also use this as their general default.

Naturally HTTPS can present a problem for ISPs because some URL / Domain Filtering systems, which are so often used in the process of blocking a website from view, may struggle to recognise related sites because the data packets being exchanged have been encrypted.

One solution is to employ more aggressive Domain Name System (DNS) filtering or to block by the website’s IP address, although the latter is risky because websites can use more than one IP address and some piracy sites have in the past been able to poison block lists by associating with an IP address that legal sites also use (e.g. Sky’s infamous EZTV blocking fail).

At present Sky Broadband appears to employ an approach that allows them to block both the HTTP and HTTPS versions of a website, although TorrentFreak claims that BT, EE, Virgin Media and TalkTalk are still allowing their customers to visit websites that have been blocked by a court order, but only if those sites make full use of HTTPS (e.g. The Pirate Bay and KickassTorrents).

We contacted three of the ISPs listed above this morning, but have yet to receive an official comment. Unfortunately we’re not currently on a connection that suffers from such filtering and so cannot easily test the claims, but hopefully some of you out there can do that for us and post your findings (but not the URLs) in the comments below.

However we have been able to ask others to conduct a few quick tests with some BT and Virgin Media connections, which appeared to still be preventing access to some HTTPS piracy domains. In that sense the outcome may not be uniform, or perhaps the ISPs have simply seen the reports and responded to them.

The problem with this for Rights Holders is that it’s incredibly simple for end users to just type https:// instead of http:// in front of a domain (website name), which is easier than using a Proxy Server or VPN to circumvent the blocking. Mind you it should be said that the aforementioned ISPs should be able to tackle this and indeed we’ve seen BT block HTTPS sites before, so we suspect that the loophole may not last; but then that’s what we assumed 3-4 years ago.