Neocities, a free web hosting service, is hosting a site that has exposed a secret list of blocked websites kept by a German government agency, and used to make these sites inaccessible in Germany.
Germany’s federal censorship agency BPjM, whose full name translates to “The Federal Department for Media Harmful to Young Persons”, maintains a list of about 3,000 URLs which it distributes to the major search engines and router manufacturers to block websites in Germany. It is also reported that this there is no legal way for someone to argue that their site should be removed from the list.
Choosing to remain anonymous, the online activist behind the Neocities-hosted website BPjMleak was able to access and decrypt BPjM’s list of websites which was distributed in the form of MD5 or SHA1 hashes, known as “BPjM-Modul”. They put the methodology they used and plain-text list of censored websites on MPjMleak.
According to BPjMleak, the list mostly includes sites that show extreme pornography and violence, or involve suicide, neo-nazism and anorexia. But certain sites are wrongly placed on the list, such as French coupon site happytime.com, whose domain had been used by a porn website years ago.
The website states, “This leak proves that the BPjM-Modul is not a secure way to distribute a secret Internet censorship list. It is not difficult at all to extract the list from different sources and calculate the cleartext URLs of the hashes. It proves as well that secret Internet censorship lists are of bad quality, with many outdated and absurd entries harming legitimate businesses.”
The German government has told Neocities to take the site down, claiming it is breaking German law, and possibly US law. While Neocities has a policy of removing content when it is warranted, Neocities founder Kyle Drake notes in a blog post that the BPjMleak site “is fundamentally about disclosing insecure, unfair, and unaccountable government censorship on the web.”
Drake wrote, “As far as I see it right now, the BPjM leak is a responsible and justified disclosure to highlight the glaring security problems with the German government censorship system. But much more importantly than that, it highlights the chilling implications of allowing an unelected, anti-judicial government censorship agency to publish an arbitrary, secret blacklist with no public inspection or due process of law for those who have been falsely accused.”
Drake worries that all sites hosted by Neocities could be banned in Germany if the site remains online, and that publishing this secret list could violate US law. Drake requested that BPjMleak remove the list of sites for the moment as he seeks out legal opinions. Meanwhile, he says, the disclosure of the vulnerability will remain intact, and BPjMleak will only be barred from Neocities if US law forces him to remove it.
With a mandate to support free speech on the web, Neocities has a history of challenging authority. When Net Neutrality was being discussed in Washington earlier this year, it made headlines when it began throttling all connections to the sites it hosts from the Federal Communications Commission to illustrate the effect that abandoning Net Neutrality could have on the open internet.
To continue its effort to keep BPjMleak online and keep the debate over online censorship alive, Neocities is seeking donations to fund its legal defense.