The evil bit is a fictional
IPv4 packet header field proposed in a humorous
April Fools' Day RFC
April is the fourth month of the year in the Gregorian and Julian calendars. Its length is 30 days.
April is commonly associated with the season of spring in the Northern Hemisphere, and autumn in the Southern Hemisphere, where it is the ...
from 2003, authored by
Steve Bellovin. The
Request for Comments
A Request for Comments (RFC) is a publication in a series from the principal technical development and standards-setting bodies for the Internet, most prominently the Internet Engineering Task Force (IETF). An RFC is authored by individuals or ...
recommended that the last remaining unused bit, the "Reserved Bit" in the
IPv4
Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. ...
packet header, be used to indicate whether a packet had been sent with malicious intent, thus making
computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
engineering an easy problem simply ignore any messages with the evil bit set and trust the rest.
Impact
A 2015 research done by network engineer Ben Cartwright-Cox revealed that a number of popular websites (436 websites out of
Alexa 20k at the time), such as those belonging to several universities and banks, to antivirus provider
Kaspersky
Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and A ...
and to remote desktop software provider
Teamviewer
TeamViewer is a remote access and remote control computer software, allowing maintenance of computers and other devices. It was first released in 2005, and its functionality has expanded step by step. TeamViewer is proprietary software that re ...
respect the "evil bit" by dropping the inbound request, making them compliant with RFC 3514.
Influence
The evil bit has become a synonym for all attempts to seek simple technical solutions for difficult human social problems which require the willing participation of malicious actors, in particular efforts to implement
Internet censorship
Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains (such as ''Wikipedia.org'', for example) but exceptionally may ...
using simple technical solutions.
As a joke,
FreeBSD
FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
implemented support for the evil bit that day, but removed the changes the next day. A Linux patch implementing the iptables module "ipt_evil" was posted the next year. Furthermore, a patch for FreeBSD 7 is available, and is kept up-to-date.
There is an extension for
XMPP
Extensible Messaging and Presence Protocol (abbreviation XMPP, originally named Jabber) is an Open standard, open communication protocol designed for instant messaging (IM), presence information, and contact list maintenance. Based on XML (Ext ...
protocol, inspired by evil bit.
This RFC has also been quoted in the otherwise completely serious RFC 3675, ".sex Considered Dangerous", which may have caused the proponents of
.xxx to wonder whether the
Internet Engineering Task Force
The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...
(IETF) was commenting on their application for a
top-level domain
A top-level domain (TLD) is one of the domain name, domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the DNS root zone, root zone of the nam ...
(TLD) the document was not related to their application.
For April Fool's 2010,
Google
Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
added an
&evil=true parameter to requests through the Ajax APIs.
A patch to add compatibility for
RFC 3514 in
Wireshark
Wireshark is a Free and open-source software, free and open-source packet analyzer. It is used for computer network, network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, ...
was proposed but never implemented.
See also
*
Technological fix
A technological fix, technical fix, technological shortcut or (techno-)solutionism is an attempt to use engineering or technology to solve a problem (often created by earlier technological interventions).
Some references define technological f ...
*
Do Not Track
Do Not Track (DNT) is a deprecated non-standard HTTP header field designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the ...
*
HTTP 451
In computer networking, 451 Unavailable For Legal Reasons is an HTTP status code used when the user requests a resource which cannot be served for legal reasons, such as a web page censored by a government. The number 451 is a reference to Ray B ...
References
{{IETF RFC 1st april
2003 in computing
April Fools' Day jokes
Computer network security
Computer humour
Censorship
2003 hoaxes