Chapter 3. Politics of Web Caching

Chapter 3. Politics of Web Caching

In this chapter, we will explore some important and difficult-to-solve issues that surround web caching. The issues pertain to many aspects of caching but are primarily targeted at those of us who operate a caching proxy. For example, as an administrator, you have access to information that, if made available to others, can seriously violate the privacy of your users. If your users cannot trust you to protect their privacy, they will not want to use your cache. Hopefully, both you and your users will perceive the cache as something that protects, rather than violates , their privacy.

A particularly thorny issue with web caching involves the rights of content providers to control the copying and distribution of their works. Some people argue that existing copyright laws cannot be applied to the Internet, but most people look for ways to coerce the two together. By some interpretations, web caches are in gross violation of copyright laws. Various rulings by U.S. courts ^[1] seem to support this view, although none of them specifically address web caching. Similar issues surround so-called offensive material and the liability of system operators whose facilities are used for its transmission.

^[1] I'll talk only about U.S. laws here, but other countries ' laws are equally vague on the subject of caching.

Other issues explored here include dynamic pages, content integrity, and cache busting. When properly generated by origin servers, dynamic pages do not present any problems for web caches. Unfortunately, the problem of ensuring content integrity is not as easy to dismiss. Without a general-purpose digital signature framework, web users are forced to trust that they receive the correct content from both proxy and origin servers.

Something that makes caching politically interesting is the fact that many different organizations are involved in even the simplest web transactions. At one end is the user , and at the other is a content provider. In between are various types of Internet service providers. Not surprisingly, different organizations have different goals, which may conflict with one another. Some users prefer to be anonymous, but some content providers want to collect a lot of personal information about their customers or visitors . Some ISPs want to sell more bandwidth, and others want to minimize their bandwidth costs.

In a sense, these differences can lead to an "arms race." Content providers decide their pages should not be cached, so they add some headers to prevent it. Users and administrators get upset and configure their caches to store the pages anyway. Next, the content providers discover their pages are being cached anyway, so they take further, more extreme steps to prevent caching, and so on. A similar battle exists regarding the information sent in user requests . Some HTTP headers can reveal personal information or allow individuals to be tracked as they navigate within and between sites. If users filter these headers out or alter their values, some sites refuse the requests. Each side, it seems, wants to exercise some control over the information in web requests and responses. Who will win? My fear is that the commerce-driven content providers are already winning.