The author: Robert John Morton.
Robert John Morton

World icon. The Internet

Who Owns
Cyberspace?

Website Hosting
Internet Insecurity
Spam Email
Digital Exclusion
Security Warnings
Modern Websites
Semantic Indexing
Router Problems

About ISPs
Introduction
W@y Internet
NET, Oi, Blink
Claro, GVT
Conclusion

Home Page/Email

My Experience of Internet Services in Brazil: Introduction

They arbitrarily block listening ports, thus relieving you of your freedom to interact with other Internet users as you wish. Trying to cancel an ISP's ser­vice is synonymous with a declaration of war. And I strongly suspect that they also engage in other more sinister shenanigans. [Português]

There are many good and commendable things I can say about Brazil. But from my experience, its Internet service providers [ISPs] have deteriorated into what is un­doubtedly its worst advertisement and a significant detriment to its on-going devel­opment.

The first thing I must emphasis is that, over the 18 years I have been in Brazil, my Internet connection has been extremely unreliable and prone to failure at any time.

I am positioned not too far from the centre of a conurbation of around three million people. Yet the best Internet service (known here as Bandalarga) that I have been able to obtain gives me a 90 Mbps download speed and a 40 Mbps upload speed, with a total block on all unsolicited incoming IP packets. That is: all my list­ening ports are blocked. My Internet connection is deaf. And the ISP flatly refuses to open them, despite this block­ing being contrary to Brazil's Internet Bill of Rights and also the suggested practices of the Broadband Internet Tech­nical Advisory Group.

Quite frankly, in the year of 2022, I would have expected better. The speeds don't bother me. They are perfectly adequate for my needs. But the blocked ports most certainly do bother me. All the ISPs, who could provide a service to me, take the same line. They all block all listening ports. So as a mere customer, I either have to like what I'm given, or lump it. For me, their high-handed attitude is unacceptable. Hence this series of articles.

The Internet Concept

The Internet provides a path for the exchange of files between terminal computers that are distributed throughout the world. All computers on the Internet are peers of varying size and processing power, but of equal access rights and status.

The Internet exists to facilitate the free and open exchange of files between each and all. The intended content of the files is primarily intellect­ual. Exclusivism and security are therefore of no concern. Consequently, the Internet, does not readily lend itself to trade and commerce.

Of course, commerce has now long since invaded the Internet. Non-technical minds have overridden good sense, going wide-eyed and legless into ventures without a moment's thought for the ramifications of what they were doing, while ignoring qual­i­fied advice. The catastrophic results speak for themselves, although the ill con­se­quences always fall squarely on the shoulders of the powerless isolated individual rather than on those of the corporate perpetrators.

An Internet Connection

A bona fide Internet connection provides me, as a user, with a symmetrical data transmission and reception path [based on the Internet Protocol] of a pre-defined speed [given in bits per second], through which I can:

  1. download and view, at will, files made available by others,
  2. make files available for others to download at will,
  3. send emails to others [possibly with attached files]
  4. receive emails from others [possibly with attached files]

All the above must be achievable via direct peer-to-peer interaction without the need for an active intermediary. Of course, the Internet necessarily contains inter­vening nodal routers. Notwithstanding, these must not in any way block, divert, scrutinize, record or modify the content of peer-to-peer data packets.

Items (1) and (2) above must be achievable through a variety of protocols such as HTTP, HTTPS and FTP, plus whatever other universal protocol I should choose such as eDonkey or Gnutella. Item (2) is essential in order that I may leave files ready for colleagues to pickup if and when they wish to do so. Items (3) and (4) use whatever universal email protocol may be convenient for my peers and me.

Items (2) and (4) require listening ports. These are address ports within my com­puter on which free-running programs [generally called daemons] listen for incom­ing re­quests for data transfer operations. To fulfil my requirements, I need standard ports 21, 25, 80 to be open for listening. I also need 4 listening ports above 4096, al­though their numbers can be arbitrarily re-set from time to time. But without access to my modem configuration area I can't open these ports at all on my Claro NET service.

The content of a file can be text, audio, video or whatever other kind of content I desire to send or receive. In place of the term 'file' one could substitute 'stream' for real-time audio and video. However, the practicality of this depends on the pre­scribed speed of my Internet connection.

If I wish the content of a file I am sending to a particular person to be secure from being intercepted en-route and read by others, I shall have the inalienable right to encrypt it with a strong encryption method such as PGP. For this purpose, I create and encrypt the file using an off-line computer. Then, when finished, I transfer the en­crypted file to an on-line computer via a memory stick for sending. I do the same in reverse for receiving an encrypted file.

To be able to fulfil the above requirements, a bona fide Internet connection supplied by an ISP must have the following minimum necessary and sufficient specification:

  1. Fixed IP address IPV4 [and possibly IPV6]
  2. Full duplex: data can flow at equal speed in either direction.
  3. Data transfer speed ≥ 2 Mbps
  4. All ports closed for listening by default but selectively openable by the user.

This specification is necessary if, as Marco Civil da Internet requires, all users are to be treated the same, except for the data transfer speed, which is set according to the price paid for the connection.

I specified full duplex because, with the advent of cloud computing and backup, asymmetrical dataflow is no longer the norm. It is now much more balanced.

There needs to be provision for a wide range of speeds so that, while high cons­umption users like vast websites can have a very high contracted transfer rate, there can be a range of progressive entry level fully functional connection options [preferably including a free one] so that nobody can be digitally excluded.

In order to facilitate full direct interaction between users of the Internet, it is vital that the user have full control of listening ports, with simple, easily understandable means of selecting listening ports according to purpose.

Concerning IPV6 Addressing

My concern in this introduction is that my Internet access service should implement the requirements of Marco Civil da Internet on IPV4. This is because, at the present time [Wed 30 Nov 2022 07:33:38 -03], the vast majority of Internet activity is exclu­sively on IPV4. The number of users operating — or indeed capable of operating — on IPV6 at this time is a minuscule minority.

IPV4 is critical to the oper­ation of the socio-economy at this time. Any pressure from ISPs to force a migra­tion to IPV6 is bound to be catastrophic. It is not possible to function on the Internet using IPV6 alone: not unless you interact exclusively within a closed private group of users. Of course, ISPs are vast corpora­tions and so have the power to apply this force. Catastrophe ensues. But only for members of the irre­levant majority. So it doesn't matter. To avoid socio-economic disruption — or even collapse — any changeover to IPV6 must be a long term parallel process: not a sud­den unilateral ultimatum enforced by ISPs.

I have witnessed this cavalier approach in Brazil to the adoption of new technology, going in wide-eyed and legless, burning the bridges of the old technology as they go, without a moment's thought for the ramifications of what they are doing. This is especially relevant when it comes to con­sider­ing the plight of less able users such as the old and disabled. Not­with­standing, those affected generally have no voice or power to counter or put the brakes on this juggernaut of false progress.

A prime example of the above was when the ISP Oi left me high and dry without an Internet connection in October 2022. Oi decided to abandon ADSL Internet service and migrate to fibre optic delivery. In so doing, Oi arbitrarily terminated my ADSL service on 03 August 2022. After much complaining, Oi reinstated it intermittently until they cut my signal definitively on 21 September 2022, leaving me totally with­out Internet service. At this time, Oi didn't even have fibre optic service available in my street and gave no date as to when it would be available. On 14 October an Oi technician turned up at my apartment building and said he could install my fibre optic service. It had just been discovered by the ISP Blink that there was no physical way to install fibre optic cable into my building. So I was still totally without service. That's when I contracted Claro NET, who had a coax service already in the building.

A fixed IPV6 address can be allocated to every leaf node [terminal computer] on the Internet. This would practically eliminate malicious activity on the Internet, because the source of any misdemeanour would be im­mediately identified and located.

Experiments I have conducted with my present Claro NET service verify that at least some of the listening ports I require are open on IPV6. I was able to interact with IPV6 servers. For this reason, I expect Claro NET could argue that I have open ports on IPV6, therefore by migrating to IPV6 my complaint will be assuaged.

Notwithstanding, my listener kept crashing, which led me to suspect that my IPV6 address was dynamically allocated and changed frequently, although the same ad­dress was reallocated each time. This is absurd. An IPV6 address should be fixed and stable. That's the whole point of it. And that is what my listener rightly expects. In any case, the number of peers operating — or indeed capable of operat­ing — on IPV6 were seen to be very few and far between. And of course, none of them was a peer that belonged to any of my colleagues around the world: they are all on IPV4.

The practice by ISPs of forcing customers to make an immediate change to the ex­clusive use of IPV6 for activities that require open listening ports is a very disruptive form of instant digital exclusion. This is indeed what I suffered when, in the middle of a project, I was suddenly cut off from the Internet by Oi and then on changing to Claro NET, finding that open listening ports were only available on IPV6.

Governed by A Bill of Rights

The bona fide Internet connection described above is what I request and require from my Internet Service Provider [ISP]. As far as I have been able to understand from my research, my requirement does not conflict with the Brazilian Law on the subject, namely LEI Nº 12.965, DE 23 DE ABRIL DE 2014, which is well expounded in English in the PDF file: Brazil's Internet Bill of Rights: A Closer Look.

LEI Nº 12.965, DE 23 DE ABRIL DE 2014 appears to me to be well drafted, although I was unable to find anything I could call a concrete minimum necessary and suf­ficient definition of a bona fide Internet connection such as I have described above, although 'Marco Civil: CHAPTER I: PRELIMINARY PROVISIONS: Art. 3.' states that:

"The following principles underlie Internet governance in Brazil:
...
V – ensuring stability, security, and functionality by technical means con­sistent with international standards and by encouraging the use of best practices;"

A prime example of such international standards and best practices is the published summary of the Recom­mendations of the Broadband Internet Technical Advisory Group's Suggested Pract­ices, which state:

  1. ISPs should avoid blocking ports unless they have no reasonable alternatives available to avoid unwanted traffic and protect users.

  2. ISPs that can provide their users with opt-out clauses or exceptions to their port blocking policies must do so.

  3. ISPs must publicly disclose their port blocking policies.

  4. ISPs should provide communication channels for feedback on port blocking policies.

  5. ISPs should review their port blocking policies regularly and re-evaluate whether threats that required port blocking rules remain relevant.

  6. Port blocking (or firewall) rules for consumer devices must be user con­figur­able.

I would like to see the above explicitly included within the Marco Civil da Internet.

In the present state of my Internet connection, my present ISP, Claro NET, does not im­plement any of the above 6 points. The flagrant disobedience of legal requ­ire­ments by ISPs in Brazil, plus the prohibitive cost of litigation for the individual user, means that LEI Nº 12.965, DE 23 DE ABRIL DE 2014 is adhered to voluntarily only in Fairy Land. As far as the real world is concerned, it has to be enforced by the user through a government watchdog.

The Current 'Compromise'

Currently, not everybody is treated the same. The vast majority find themselves extremely short-changed regarding the rights with which they have been imbued by the Marco Civil da Internet. The typical workable Internet connection of today pro­vides the following:

  1. A dynamic IP address [IPV4 only]
  2. All ports open for listening except as chosen by the ISP.
  3. Asymmetric data flow with upload speed from ¼ to ½ of download speed.
  4. Data download speed ≥ 100 Mbps.

A dynamic IP address is an IPV4 address that is allocated from time to time by the ISP to the user. The reason given for this is the so-called shortage of IP addresses, with the implication that there are simply not enough IPV4 addresses for everybody to have one at any given time. On the other hand, most ISPs request that users keep their modem/routers switched on all the time. One reason for this is said to be so that the ISP can update the modem/router software remotely when it chooses.

But if everybody's modem/router is always on, it must have a dynamic IP address allocated. So every user must have a dynamic IP address concurrently. So there must be enough for every user to have one at the same time. So why not give them all a fixed IPV4 address? It cannot be through a lack of IP addresses, otherwise lots of users would be caught without one — at least at peak usage times such as 11 AM on any working day. And this doesn't appear to happen.

Besides, the dynamic allocation of IP addresses to end-users has been around a long time — long before the notion of IP address exhaustion. Before 2004, I had a dial-up Internet connection. With this, dynamic IP is essential because an IP address is only relevant to me while I am dialled-in. However, since 2004, when I went over to a permanent coax connection, dynamic IP allocation continued. At this time there were far fewer people using the internet that in 2022. Consequently, the reason for being allocated a dynamic IP address rather than a fixed one cannot have been because of a shortage of IPV4 addresses.

Another excuse is that, although the 32-bit IPV4 address has the numerical capacity for everybody to have one at the moment, that 32-bit number is not simply a label. It contains geographic information about the user's location. Yes, originally it did. But I understand that this is no longer the case. It is now merely a label, the geo­graphic aspects of constructing a route to it is now embodied in more complex software in backbone routers. Hence the push towards IPV6 addresses, which have sufficient numerical capacity to embed geographic routing information.

There exist techniques used in navigation [such as constructing an opti­mal list of waypoints for an air route] that would alleviate the need for an IP address to contain geographic routing information. The IP address itself could then remain simply a label identifying an internet destination. All this would require is that the latitude and longitude of the destination's edge-router be known, which could be got by simple look-up.

I notice through my monitoring facilities that my dynamically allocated IPV4 address changes arbitrarily from time to time, even during a session: that is, during any con­tinuous period that my modem/router is switched on. Any particular IP address is thus 'leased' to me for an arbitrarily specified period. At the end of this 'leasing' period, I am allocated another one. And so on. Why do this? Why not just leave me with the same address? Why not give me a fixed one?

I beg to suggest that the reason for this complicated and convoluted rigmarole is nothing to do with a shortage of IPV4 addresses. I think it can only be a ploy to disrupt any attempt by an ordinary [non-business] user to set up daemons within his computer that can 'listen' for incoming requests. This works because even if the user has listening ports open, it is no use anybody sending an unsolicited re­quest to a colleague's computer if he does not know what that computer's current IP address is [because it can change without warning at any time]. Thus, at least in principle, dynamic IP violates the Marco Civil da Internet.

Since unsolicited requests cannot be sent to a user's computer because the origin­ator cannot know the user's computer's current IP address, there is no point having listening ports open for standard servers such as HTTP, HTTPS, SMTP, FTP etc.. So the ISP shuts them at the Distribution [or Edge] Router. The ISP also shuts ports that are used only for operations relevant within the same user computer or local area network, which is reasonable but unnecessary.

Fortunately, able programmers, at various times, have managed to devise means of circumventing these illegal restrictions imposed by ISPs. The circumvention is done by each participant in a peer-to-peer communication community being allocated what is termed a 'session ID' [session identifier]. The session ID is constant during a connection session within a peer-to-peer community with a central reference server or a stream of signalling packets continuously circulating to notify any peer of any other peer's current IP address. It is nonetheless a messy and resource-consuming overhead that should not have to be.

Nonetheless, for these to be able to work so that any peer can serve requests from others, that peer must have at least one open listening port. This need not be any particular standard port because its number is provided at initial handshaking at which that peer's 'session ID' is allocated. Since most ISPs leave the user with the option to open most non-standard listening ports, the above 'compromise' Internet access specification is at least workable.

The ISPs with which I have had direct experience still use asymmetrical data flow. That is, the upload speed is only a fraction of the download speed. This was indeed proper in the days when Internet activity for the end user was mainly accessing web sites. A small amount of up-data in the form of an HTTP request precipitated a much larger amount of down-data; namely, the web page content. However, with the advent of cloud-client computing and other legitimate Internet activities, this is no longer the case. The up and down traffic is much more balanced. Thus the original duplex data flow has returned as the more appropriate regime.

Of course, data transfer speeds have increased tremendously. This is welcome. But, for me at least, it is not of pivotal importance. What is important in an Internet connection is necessary and sufficient functionality as specified by Marco Civil.

My Present Frustration

Unfortunately I inadvertently signed up recently for a service from Claro NET, which provides me with the following:

  1. A dynamic IPV4 Internet address delivered as a dynamic Sub-net address.
  2. All 65535 listening ports blocked by the ISP. My connection is deaf.
  3. Asymmetric data flow with upload speed about ½ download speed.
  4. Data download speed averaging about 90 Mbps.

I cannot make a definitive judgement, but it certainly appears to me to be in flag­rant violation of the requirements of the Marco Civil da Internet.

The Unfortunate Reality

I have had an Internet connection in Brazil since I arrived in 2004. However, the type of connection to which I was able to subscribe met my requirements for only 4 years from 2008 to 2012. Notwithstanding, I think that this, together with my appar­ently fixed IP address, was really due to an oversight by the ISP's technicians.

The singular central issue with ISP services in Brazil is blocked listening ports. This, to me, seems to be in flagrant disobedience of Marco Civil da Internet: Section I: Net Neutrality:

Art. 9º The agency responsible for the transmission, switching or routing has the duty to treat all data packets equally, without distinction by con­tent, origin and destination, service, terminal or application.
...
§3. Subject to the provisions of this article, the content of data packets may not be blocked, monitored, filtered or analysed in Internet con­nections, either paid or free of charge, or in transmission, switching and routing.

But ISPs are very large corporations and so, it would seem, that they are able to flagrantly disobey the law with impunity.

Over the years, this situation has steadily worsened, becoming evermore restrictive to the individual Internet user. At first, only certain standard listening ports were blocked. This was presumably to stop every Tom, Dick and Harry setting up com­mer­cial web sites and thereby clogging low-speed connections with heavy traffic. Later, all ports were blocked for listening but I was able to configure my modem to open any except certain standard listening ports. Finally, my present ISP, Claro NET, will not even permit me access to my modem's configuration area to open anything. All ports are permanently blocked for listening. Thus, requirements (2) and (4) above are im­possible to implement in peer-to-peer form.

The majority of Internet users don't interact with each other directly. They have, en masse, been inductively gaslighted into corresponding only via vast web, email and social media servers, where their interactions can be monitored and analysed for the sole benefit of the corporate proprietors of those servers. Consequently, most users don't need open listening ports. But there are people, like me, whose legitimate use of the Internet requires direct peer-to-peer interaction. I don't concur with the idea that because a majority chooses not to exercise a particular right that it may be arbit­rarily removed from everybody by unelected corporate interests, because it is to their commercial advantage and because they have the power to do it.

But with the very high speeds provided today by fibre optic cables, what could be the reasons for these Draconian restrictions imposed upon the individual Internet user? A candidate could be extreme commercial pressure from the global film and music industries to remove means that could be used by individuals to circumvent purchase of content by downloading it via peer-to-peer networks. A valid concern but valid the solution is not. It is not legitimate to thwart the doings of a few crimi­nals by taking away the freedom of everybody. It is a case of American Carpet Bombing: "Never mind the collateral genocide, so long as we get the few bad guys".

The other excuse, of course, is anti-terrorism. To prevent a few terrorists from com­municating directly and privately to plan attacks, let's stop everybody from com­mun­icating directly and privately. Not valid. Perhaps the pertinent question to ask is why the terrorists are terrorists in the first place. Then act to remove their under­standable motive for so being. If ISPs are concerned about customers misusing the Internet, then they must realise that proper and considerate use of anything in­volves the practice of good manners by all. And you cannot legislate good manners: they can only be imbued through universal education.

My use of the Internet over the 18 years I have been in Brazil has been blight­ed by the Draconian — and I would wager, illegal — restrictions imposed upon my con­nection by ISPs. The so-called 'connection' supplied by my current ISP, Claro NET is, in its present state, not a whole lot of use to me in the purpose for which I bought it.

The Telephone Analogy

Probably the best way to explain the effect of blocked listening ports is to make an analogy between the Internet and the conventional public telephone system, which is more readily understandable.

I can make a direct telephone call to a friend. I dial his number. His telephone rings. He answers it. We converse and then terminate the connection. This necessitates that, while not currently engaged in a call, my friend's telephone be continually, in effect, "listening" for calls from other people's telephones.

With bona fide Internet connections, a program in my computer can send an un­sol­icited request directly to a program in my friend's computer that it update his copy of a file that I've just altered in my computer so that his copy be always up to date. This necessitates that the program in my friend's computer be always "listening" for such unsolicited requests. It needs ears. In other words, it needs to be listening on an open listening port. If the ISP has closed all 65535 listening ports somewhere up the line at a place that is inaccessible to the user, then the program in my friend's computer will never be able to "hear" the request sent by the program in my com­puter to update his copy of the file.

Even with closed listening ports, my friend and I between us can get his copy of my file updated. However, the process is complicated and cannot be done in real-time. And if the joint task, with which my friend and I are involved, requires that our copies of the file be kept synchronised in real-time, we cannot do our work. Such tasks could be as diverse as ticket booking and satellite tracking.

This is analogous to a telephone service in which a telephone cannot "listen" for calls. If I dial my friend directly, his telephone will not ring because it will be unable to know [hear] when I am calling it. So what can I do? The telephone system pro­vides everybody with a call answering service, which will record any call made to a person so that they can, perhaps once a day, dial into the answering service to list­en to messages left for them by callers. But the person cannot be called directly. The system doesn't support real-time end-to-end telephone calls.

Obviously, this would be very inconvenient. For all practical purposes it would be unworkable. It also means that everybody's conversations, instead of being direct point-to-point, are recorded — and perhaps even archived — on a central answering service. Obviously, here they are less private and could be monitored [listened to] by a state or corporate third party.

Likewise, with blocked listening ports, I could send my updated file to my friend as an email attachment. But I cannot send it directly from my computer to his com­puter because his computer cannot receive an unsolicited email connection on Port 25, which is blocked. So I must send the email via a large corporate email server, where he must look, perhaps once a day, to see if anybody has left any emails for him. Here again, what is sent to him is recorded — and perhaps even archived — on a central corporate server, where obviously, it is less private and could be moni­tored [read] by a state or corporate third party.

What About Dynamic IP Addresses?

Marco Civil da Internet [LEI Nº 12.965, DE 23 DE ABRIL DE 2014] defines an Internet protocol [IP] address as follows:

Internet protocol address (IP address): the code assigned to a terminal on a network to allow its identification, defined according to international parameters; — Marco Civil da Internet Art 5 III

To me, the term "international parameters" is a nebulous qualification. Is this ad­junct an attempt to say that an IP address is the code assigned to a terminal on a network to allow its identification: but only from time to time? In other words, the IP address that identifies any particular terminal now may not do so in, say, an hour or two's time. So does the addition of the qualifier "defined according to inter­national parameters", by devious implication, legally permit the practice of the dyn­amic allocation of IP addresses to terminals?

Keeping with the telephone analogy, a dynamic IP address is analogous to the tele­phone company arbitrarily changing my telephone number every minute or so all the time I am not actually engaged in a telephone call. Consequently, no caller will ever know what my telephone number is at the moment. So he will never be able to know what number to dial when he wants to phone me.

Notwithstanding, I can always dial into my answering service to see if he has rec­ord­ed any messages to me. He can always connect to my answering service on the answering service's corporate server because the answering service's corporate server is always able to "listen" for incoming calls.

Likewise, the program in my computer cannot send an unsolicited request to the pro­gram in my friend's computer because it can never know what my IP address is at any given time. It is liable to be changed arbitrarily at any time by the ISP. This means that, even if I have open listening ports, the program in my friend's com­puter still cannot receive an unsolicited file-update request from the program in my computer. We're stymied every which way.

There do exist complex protocols that can circumvent the problem of dynamically changing IP addresses. These work by both ends being assigned a Session ID num­ber at the initial handshake at the start of a communication session. Notwith­stand­ing, such protocols cannot circumvent the problem caused by all 65535 listening ports being blocked as in the case of my current ISP Claro NET.

Not a Bona Fide Internet Connection

Dynamic IP addresses with blocked listening ports is not — and never was — the way the Internet was designed to work. Neither, from what I can understand, does the provision of such an Internet connection to a citizen fulfil the minimum neces­sary and sufficient requirements of the Marco Civil da Internet [The Brazilian Inter­net Bill of Rights].

To my mind, it is high time the law were enforced — even upon the invincible and impregnable corporate Internet service providers, who currently seem to be able to flout the law with impunity.

Why Open Listening Ports?

Why would I want open listening ports? Most people don't need them. So they have no complaints about closed listening ports. And of course, in a democracy, erudite principles notwithstanding, the practical reality is that only the majority matters.

It is an established freedom that each and everybody be able to communicate with­out let or hindrance. With closed listening ports, the only way people can do this is via vast central privately owned corporate email and social media servers — pract­ically all of which are American-owned — that can intercept, monitor, analyse, scru­tinise and store indefinitely their communications. And if they can, they will.

With blocked listening ports, the individual cannot have a free and open voice. He can only express himself publicly through privately owned social media servers that moderate what he may and may not say according to group rules or the policies and preferences of the corporate proprietor. Uncloistered radical thought is thereby suppressed. The diversity of human development is stifled.

"But does it matter?" my sister once retorted. Yes it does, for the reasons given here, here and here. The truth is that most people do not have the freedom they think they have. And it is being progressively eroded by undeclared state surveill­ance and corporate interests.

With open listening ports people have the freedom and privacy to communicate dir­ectly point-to-point: computer-to-computer without going through anything other than dumb backbone routers. That's private. But if you want more privacy, you can encrypt your communications as they pass across the Internet.

But these are not the only reasons for needing open listening ports. Consider the following scenario:

I am in Brazil. My colleague is in France. We are doing moon-bounce ex­periments. His computer needs to know when my computer has achieved moon-lock. My computer needs to know when his computer has achieved moon-lock. A program in each of our computers sends a signal to the other when it has achieved moon-lock. His computer receives my comp­uter's signal because he has open listening ports. But my computer can't receive the single UDP packet containing his signal because my ISP has arbitrarily decided to block all 65535 of my listening ports.

This is somewhat of an obscure case. Nonetheless, there are countless other situ­ations in which open listening ports are essential to legitimate uses of the Internet. For instance, a user working in a 'home office' situation will not, in many cases, be able to access his employer's proprietary database unless he has the appropriate listening ports open. So he cannot do his work. This is especially so when the home-based user needs to be constantly aware of real-time changes to his employer's database such as with event-booking.

Furthermore, a dynamic IP address greatly complicates the listening process. Along with blocked listening ports, it is a major adversity to home-based working. Is this acceptable in the present trend towards flexible employment?

Thus it would seem that, regarding Internet access, there are two classes of user: those with open listening ports and those whose are blocked. Those with fixed IPs and those with dynamic IPs. The privileged and the common. Those that matter and those that don't. And those that don't can only communicate by the leave of those that do. From what I can understand, this is directly contrary to the spirit of Marco Civil da Internet. But it is the present con­crete reality. It needs to change.

The Proper Role of The ISP

The true role of the Internet Service Provider [ISP] is to provide the Internet User with a bona fide Internet Connection, as previously described. In so doing, the ISP must not distinguish between users other than by the data transmission speed each contracts to buy.

The ISP's function is simply to transport Internet Protocol [IP] data packets from a source user to a destination user: nothing more. In so doing, the ISP must deliver each submitted IP packet to its specified destination, with packet loss only being permitted due to time-outs and intense traffic conditions, in which case, the packet can be re-sent until it arrives. The packet content is none of the ISP's business.

As such, the ISP has no jurisdiction to look anywhere inside an IP packet other than at its header data in order to determine is destination [and in some cases, its time-to-live]. The settings of the IP packet's flags are not part of this. Consequently, in­formation for implementing port blocking is beyond the ISP's given jurisdiction. The Marco Civil da Internet: Section I: Net Neutrality bears reiterating:

Art. 9º The agency responsible for the transmission, switching or routing has the duty to treat all data packets equally, without distinction by con­tent, origin and destination, service, terminal or application.
...
§3. Subject to the provisions of this article, the content of data packets may not be blocked, monitored, filtered or analysed in Internet con­nections, either paid or free of charge, or in transmission, switching and routing.

Anything beyond this is flagrant private interference with public communications. It is like sending a letter to a friend and the mail service opens your letter, reads it and then arbitrarily decides whether or not to deliver it. Thus, port blocking and dynamic addressing also constitute flagrant private interference with public com­munications.

If such antisocial practice continues for too long, public trust in the Internet as a means of communications will rapidly deteriorate and putrefy. Meanwhile, copyright infringers, criminals and terrorists will have long since found other means of com­municating.

A Question of Communication

A totally separate problem with ISPs nowadays is communication with customers. It is a mess. Over the past decade or so, I have become painfully aware of a vast det­erior­ation in the means by which I can report a fault to my ISP. Once upon a time, I could just dial a number given in my user leaflet, which would be immediately answered by a technician to whom I could describe the fault and he would fix it. Not so today.

Today, the hapless customer has to do all the work of categorizing the nature of the fault by wading through a convolution of automated menus. Some ISPs refer to these as AIs [Artificial Intelligences] or VAs [Virtual Assistants]. But they are neither. They are just automated lists, typically in 3 levels that provide around 350 options.

However, although the list options are written in a natural language like English, they do not have the vast expressiveness of a natural language. You can't just say what you like in order to describe your problem. On the contrary, these automated lists are merely microscopic subsets of the English language, comprising no more than 350 separate statements. So compared with free-form English, their semantic bandwidth — their ability to express — is vanishingly small.

Example: I describe my problem in terse English: "My Internet is down. Power ON, DS ON, US FLASHING, Online OFF, Ethernet ON." This tells the technician that the optical/coax unit on the street post isn't receiving and responding to my modem's upstream signal and so all he needs to do is fix it there in the street.

However, using the automated menu on the ISP's website [while battling to ignore the continuous barrage of glitzy adverts that are continually being pushed in my face], the closest I get is that I need a home visit by a technician for which I will be charged. A completely erroneous diagnosis.

But the ISPs are not alone in this. They have merely automated the ubiquitous and notorious bureaucratic idiocy known as the tick-box form, with the equal and inevi­table result.

The Unreliability of The Internet

Suffering from repeated Internet failures, I decided in November 2015 to begin rigorously monitoring my Internet downtimes. The summary to date is as follows:

  1. 96 days of total downtime from 17NOV2015 to 20SEP2022 comprising 22 separate periods of unadvised unpredictable downtime, ranging from an hour and a half to over 50 days. [ISP Oi]

  2. 49 days of intermittent Internet from 03 August 2022, never knowing when my signal would be cut again. [ISP Oi]

  3. 24 days with no Internet since Oi cut the signal definitively on 21 Sept­em­ber 2022 without any indication as to when fibre optic service would be available at my premises to replace the old ADSL service, [ISP Oi]

  4. 49 days with a deaf Internet connection from Claro NET since its instal­lation on 15 October to 03 December 2022. [ISP Claro NET]

  5. 16 days of downtime [totally dead connection] from 12DEC2022 to 27DEC2022. Note that this downtime started only 9 days after Claro NET had resolved the problem of my blocked listening ports. [ISP Claro NET]

From this, I think it true and safe to assert that the Internet is a wholly unreliable means of communication, especially for official and fiscal intimations.

Not being able to do what I was supposed to be doing during these periods, rather than do nothing, I naturally and understandably spent my time writing about why I couldn't do what I was supposed to be doing.

Ports Unblocked: But Only Some

Regarding the blocked listening ports [item 4 above] I made an appeal to ANATEL. As a result, some listening ports were made openable by me [the user]. None­theless, the standard ports were still blocked and my IP address was still dynamic. So I still did not have a bona fide Internet connection that could be used inter­actively peer-to-peer the way the Internet was originally meant to operate. But with this, I could at least work. After the conclusion of my appeal to ANATEL, I had only 1 of the 3 services [for which I had to pay monthly] actually working, with no prospect of im­provement:

BEFORE APPEALAFTER APPEAL
1 The modem not user-configurable
and all 65535 ports are blocked. 		Modem user-configurable, with
all but certain ports openable.
2 The landline phone doesn't work. Landline phone still doesn't work.
3 Streaming TV doesn't work. Streaming TV still doesn't work.

Of course, Claro NET still charged me for the fixed [landline] telephone and the TV streaming service. Its excuse was that these services are free additions and that the price is strictly only for the Internet connection. This is even though the fixed tele­phone service is charged as a separate item. But obviously, Claro NET is not a bene­volent society. Everything it provides is loaded into the final price of the service package. The 'free' business is just a deceptive sales ploy. It's a lie.

So I cannot truthfully say that the situation was resolved. In this case, as with earlier cases, the cost to me as a user was by no means insignificant. Why should I have to bear this? Why should I have to appeal to ANATEL in an attempt to get my basic rights under Marco Civil da Internet? Shouldn't ISPs fulfil each customer's basic rights as a matter of course, without them having to be enforced? I think so.

It should be noted that the Internet connection finally supplied to me by Claro NET, even with the now-openable listening ports, still does not meet the minimum necessary and sufficient requirements laid down by Marco Civil da Internet. But we can't expect miracles.

But the problems with Claro NET had only just begun. Within days, my Internet con­n­ection stopped working completely [item 5 above] and Claro NET delayed 16 days before sending technicians to fix it.

A Weakness of Marco Civil

Marco Civil da Internet is a laudable work. It lacks nothing in and of itself. Notwith­standing, I think — as a result of my experience — that it is extremely difficult, and in a lot of circumstances impossible, to enforce. At the very least, some of its re­qu­irements are extremely vulnerable to the private interests of ISPs and those who control and influence them, thereby leaving the individual user exposed to inap­pr­opriate investigation and data mining for commercial or political purposes.

Furthermore, most disputes under Marco Civil da Internet would inevitably be be­tween an individual user and the corporate Internet service provider: parties of vast disparity in size, power, influence and financial resources. In most cases an individ­ual user could not even contemplate taking an ISP to court. And I, for one, find both ANATEL and consumidor.com.br somewhat difficult to use and of limited effect due to the small semantic bandwidth of their user interfaces.

The law, of course, is necessary. But in order to be able in practice to fulfil its role universally as an effective instrument of justice, it needs help. This necessary and sufficient help is of two kinds and is each potentially available from its respective source.

The first is public will. Each individual must be educated to see the universal benefit that ensues from obedience to Marco Civil da Internet — including not only the vast number of Internet users, but also the fewer number of Internet service providers, their employees and directors. This will probably only be achievable over multiple generations and its bringing about thereby falls within the jurisdiction of education.

The second is system design. I can see clearly how relatively simple topographical and procedural changes could render many of the requirements of Marco Civil da Internet impossible to violate. These would consequently not need enforcing. But that is a long and rather technical story.

A Question of Social Inclusion

There are millions of people in Brazil who are exceedingly poor. On the other hand, the dominant elements of modern society have engineered it such that for the in­dividual now to be able to meet his minimum necessary and sufficient obligations and exercise his basic rights, he must have an Internet connection.

Internet Bill of Rights Chapter II: Users' Rights and Guarantees:
Art. 7º Internet access is essential to the exercise of citizenship, ...

Consequently, it must be incumbent upon society to make bona fide Internet access either free or comfortably affordable by the poorest.

My current Claro NET service does not meet this need. I therefore have to ask: does there even exist a universally available and affordable bona fide Internet access service that does meet this need? And if so, why could I not find it and subscribe to it? Does there even exist a formal specification of such? Should not all commercial ISPs be legally obliged to provide such an entry-level service? I think they should.

My prime endeavour in software development has always been to develop for the least able user with the slowest bare-bones Internet access. This is, in this day and age, the prime tenet for social inclusion.

On the other hand, contrary to the requirements of Marco Civil da Internet, to be fair to both user and provider, I do not think that an Internet connection should be 'essential to the exercise of citizenship'. As copiously evinced by my experience over the past 18 years, the Internet is a highly complex infrastructure that is sub­ject to frequent and unpredictable failure as a result of causes beyond the con­trol and just culpability of both providers and users. We are currently at the peak of the rainy season where strong rain penetrates even the most well protected post-mounted aggregation routers and fibre-to-coax node units. Both coax and fibre are also the frequent targets of organised robbery. Hence, suddenly finding oneself with no Internet connection for a week or two is strictly nobody's fault.

Yet, in today's society, one is deemed to be culpable and is therefore penalised if one does not meet legal, fiscal and civil obligations that require continuous and invincible access to the Internet. For example, my ISP, Claro NET only renders in­voices via the Internet. If their service fails, I cannot access the bills they send me. So I can't pay them. Consequently, I am charged interest and fined because my payment is late when they restore my Internet service. Is this fair to me? A fine is a punishment. What have I done wrong in this case that I should be punished? The same goes for the submission of an income tax return, plus many other official ob­ligations in modern society. It is flagrantly unjust. And this is what causes the law rightly to suffer an erosion of popular respect and encourages the justifiable break­ing and devious circumvention of its tenets. The law has an obligation to be just.

Conclusion

ISPs must become what the law requires them to be: transparent conveyors of IP packets from source to destination. Their prime directive must be unbiased public service that treats all users the same: not the maximization of shareholders' return on investment. For this reason, plus their flagrant high-handed attitude towards users, the administration of vital and critical public infrastructure like the Internet should never be entrusted to private hands. This is not a political statement. It is a systemic observation.

The demarcation of the ISP's jurisdiction should be clearly defined. Its boundary between the ISP and the end-user should be a simple link-level bridge, which con­verts between the ISP's point-to-point link and a standard end-user interface [such as RJ45 Ethernet]. The end-user equipment [lone computer or LAN router] must be the property of — and wholly under the control of — the end user.

I would like to see the emergence of a national — or even a world — standard speci­fication for an end-user terminal unit, built on the 'future-safe' principle of replace­able active components [printed circuit cards etc.] assembled in a standard enclo­sure of high-impact carbon plastic with built-in control of its internal environment. This standard specification could then be abstracted to form a standard framework for adapting to future technologies, while always being able to back downwards to older functionality to deal with periods of deteriorated communication conditions.

But for the time being in Brazil, [apart from the eternal infernal noise] there are 3 inconveniences that are hard to avoid: blocked lavatories, blocked wash basins and blocked listening ports. Plus, of course, extensive and unpredictable amounts of disruption and downtime. To me, it is like working under battle conditions, where any or all functionality can get knocked out by enemy action at any time.

I must now accept that I am a stranger in a strange land and so gratefully accept whatever I can get. Consequently, my revised quest is to obtain an Internet connec­tion in which the ISP condescends to give me all listening ports openable except for the standard blocked ports: 21, 25, 53, 80, 110, 135, 136, 137, 138, 139, 443, 445, 587, 1434. A Marco Civil compliant Internet connection is a futile dream.

I think it therefore incumbent upon anybody thinking of setting up any enterprise that could involve home-office based working with information techn­ology in Brazil to consider seriously my situ­ation here. My final verdict is that Brazil is not the place for work that involves anything other than a trivial use of the Internet.

The following series of essays documents exhaustively my experiences with each ISP that I have tried.

© August 2015, January 2020, November 2022 Robert John Morton