You are reading a single comment by @Stonehedge and its replies.
Click here to read the full conversation.
London Fixed Gear and Single-Speed is a community of predominantly fixed gear and single-speed cyclists in and around London, UK.
This site is supported almost exclusively by donations. Please consider donating a small amount regularly.
Stonehedge
Velocio
At the ISP end, not the end user end.
First: You cannot trust anything from the end user even if you supply equipment. The same reason DRM fails is the same reason this fails, if you ship the device to the end user then the end user possesses everything they need to fake it or break it.
Second: It's long overdue, but the ISP should implement a per-customer software firewall. The defaults should be like a corp firewall, you have port 53 (DNS), 80 (HTTP) and 443 (HTTPS) outbound and everything inbound is blocked. It's severe, but it would work. Then the ISP should give a friendly page where you pick the services you want (Skype, Hangouts, some game, SSH, whatever) and it opens just those ports. The ISP should never give the option to disable the firewall.
That's what should happen.
Doesn't work, see above.