Dear Network Admins, Stop Blocking Non-HTTP/HTTPS

17 Jul 2014 by ggreer

One of the biggest problems we’ve had at Floobits is network filtering. Many network administrators block outbound connections that use protocols besides HTTP/HTTPS. It’s not uncommon for this to happen in schools, large companies, government offices, and hotels. This is troublesome.

We recently released new versions of our plugins that detect port blocking and work-around it. If our plugins can’t connect to on port 3448, they try on port 443. All of our plugins communicate over TLS, so the network traffic looks like HTTPS. Unless the connection is man-in-the-middled, it should work without users noticing. Building this took weeks of planning, development, and testing. This was time that should have been used for more productive purposes.

Network admins make various excuses for this censorship. It prevents abuse. It stops people from using protocols associated with piracy. These points are valid, but there are better ways to address them. More importantly, the costs far outweigh the benefits. Unfortunately, these costs are paid by users and developers, not network admins.

To give a concrete example: I recently vacationed in Canada with my parents and siblings. We stayed at one hotel that restricted outbound network access. This was particularly frustrating at the time, because my grandmother had passed away recently, and my mother was trying to get grandma’s headstone made. Because outbound SMTP was blocked, she couldn’t change a message on the headstone. She fortunately managed to find a different connection, but the point is made: one cannot fully anticipate the consequences of restricting outbound Internet access. Many users hardly notice the restrictions. Many are annoyed by them. And occasionally, someone’s quality of life is seriously affected by port blocking.

The Internet is more than just the web. There are thousands of protocols besides HTTP. Individually, each one may not be popular, but the majority of people use some of them. Blocking these protocols harms everyone. It frustrates users. It forces developers to build work-arounds. It stifles innovation in network protocols. Competent administrators can secure their networks and prevent abuse without resorting to such heavy-handed tactics. If you are a network administrator, I urge you to reconsider port blocking.

About the Author

I’m Geoff Greer, CEO & co-founder of Floobits.

About Floobits

Floobits lets you collaborate on code like you're in the same room. Think Etherpad or Google Docs, but in Sublime Text, Vim, Emacs, or IntelliJ.

If you're interested, sign up.