Beating Censorship By Routing Around DNS

jfruhlinger writes "Last month, the US gov't shut down a number of sites it claimed were infringing copyright. They did it by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference — and now a number of projects have emerged to bypass DNS entirely."

Stupd move

[hedwards]

People tolerated the US controlling ICANN because we were viewed as impartial, or at least less partial than an international organization. But this raises considerable doubt as to whether or not the US should still be allowed that level of control. Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries, to throw that away now so that we can preserve a dieing industry is troubling to say the least.

Re:Stupd move

[Yetihehe]

In other countries this freedom of speech was just not so thoroughly tested as in USA.

Re:Stupd move

[nomadic]

There's no link or citation to what exactly these incidents involved. Just the big scary "oh noes the government did this" accusation. Was it say, pursuant to a court order after a copyright infringement trial?

Re:Stupd move

historically we've had a much better record on freedom of speech than most other countries
 
Yeah but...the US's recent record on supporting free speech (since 9/11) has taken a serious beating, both inside and outside the country. Wikileaks is just the latest issue. Now that the US Government has decided to actively censor the internet, it is inevitable that the geeks out there will try to do something about it. I would go so far as to predict that if US corporations continue to comply with these censorship demands, especially businesses that require an open internet in order to stay in business -- Amazon, Google, The Washington Post come to mind -- they will lose the trust of people in the know and those people will take their internet business elsewhere. The same thing happened at Yahoo a number of years back when people realized that searching for the "best price" for items only returned businesses with an affiliation with Yahoo.
 
If people feel that internet sites are being censored -- whether it be news or prices or whatever -- and trust is lost, it will be nearly impossible to regain that trust. Freedom of the press, and freedom of speech, is fundamental to a free society. The US Government itself needs that trust to function. This incident with Wikileaks is being touted as a "national security" issue, but it is obviously just an embarrassing behind-the-scenes look at government in action. Everyone already accepts that public statements by government in general are always only half-truths. For the US to crack down on Wikileaks like this blatantly emphasizes that you cannot trust government, and it will have ramifications for years to come. They would have been smarter to let it go.

Re:Stupd move

[DarthVain]

Exactly. My first though when I heard about the US ordering ICANN about was, "Yup, I guess its time to pull up stakes from the HQ in the US and move elsewhere, Belgium and Aus I suppose..."

I find it disturbing that one country and simply just get up and do this... time to show that famed internet redundancy the internet was created for in the first place!

Re:Stupd move

[Yvanhoe]

Here comes the first Web Schism...

Re:Stupd move

[microbox]

In other countries this freedom of speech was just not so thoroughly tested as in USA.

You have got to be kidding. Don't forget that the UK lost India because of freedom of the press. The public read about violent crack downs and sided with Ghandi. Freedom of the press did not suffer.

Contrast to the US military, which believes that Vietnam failed because of the media. So they start their own manage-public-perception operation to ensure the success of their missions. We can all see how that is going.

The reason why the press in the USA sucks is because the separation of powers is breaking down in the face of modern marketing techniques, and an integration of political and corporate interests into one. This is what conservativism has become, but it is not fundamentally conservative, because market fundamentalism if not a traditional idea, but a creation of the mind that certain Republicans are trying to stamp onto society. Thank Rand and Greenspan. This is freedom, and it is also totalitarianism, because it views any attempt to set rules as somehow out of sync with how things are. This is quite ironic, and non-conservative, because market fundamentalism is implemented as such a rule.

Re:Stupd move

[SuricouRaven]

They are both wrong: His correct name cannot be perfectly represented in the latin alphabet. Ghandi is a close-enough approximation, but essentially is speaking his name with a heavy english accent.

Old stand-by: hosts file

[noidentity]

There's always the old stand-by: the hosts file.

Re:Old stand-by: hosts file

[alexhs]

0x165 Have you memorized the HOSTS.TXT table?
0x166 ... Are you up to date?

(From the Hacker purity test

Re:Old stand-by: hosts file

[icebraining]

And then you need to rely on some service to update your file. And if that service is in the US, you'd end up with the same problem.
And you'd need to extend the Hosts file and get a daemon to update it, you'll just end up rewriting the wheel.

The problem isn't with DNS as a technology, it's with the general TLDs being centrally controlled by only one organization.

That's why the P2P DNS solution is based on the creation of a new TLD (.p2p) which wouldn't be controlled by the ICANN or any government.

Re:Old stand-by: hosts file

[Z00L00K]

It is still possible to set up a separate set of DNS servers to serve your dark net machines. And those DNS servers are your business, not the governments business.

But as you noted - a hosts file usually works pretty well.

Re:Old stand-by: hosts file

[shmlco]

And why the P2P DNS solution is going to have serious trust issues.

Without a trusted issuing authority or external verification, how to I know that the IP address being returned for PayPal or Amazon is actually pointing to the real PayPal or Amazon?

And not to some site in Russia that's sitting there just waiting to collect credit card numbers?

Hell, how would I know that wikileaks.p2p is even wikileaks? Might as well hijack that one too, and ask for donations.

Re:Old stand-by: hosts file

[JWSmythe]

... but ...

The root servers hold the root zones (oddly enough)

ftp://ftp.internic.net/domain/root.zone

In that, there are entries for each tld.

za. 172800 IN NS za1.dnsnode.net.
za. 172800 IN NS disa.tenet.ac.za.
za. 172800 IN NS nsza.is.co.za.
za. 172800 IN NS za-ns.anycast.pch.net.
za. 172800 IN NS sns-pb.isc.org.
hippo.ru.ac.za. 172800 IN A 146.231.128.1
hippo.ru.ac.za. 172800 IN AAAA 2001:4200:1010:0:0:0:0:1
disa.tenet.ac.za. 172800 IN A 196.21.79.50
disa.tenet.ac.za. 172800 IN AAAA 2001:4200:ffff:a:0:0:0:1
daisy.ee.und.ac.za. 172800 IN A 146.230.192.18
nsza.is.co.za. 172800 IN A 196.4.160.27
ns1.coza.net.za. 172800 IN A 66.135.62.20

The InterNIC can givith, and takeith away. Just as they provided the glue of the IP's of those nameservers, they could provide alternative information.

evil.hacker.example.za. 172800 IN A 127.0.0.1

Even without such deliberate and obvious (and potentially dangerous) methods, they at very least have the IP's for that NIC. The TLD p2p still must have records with InterNIC. It's not a matter of "we're distributed, we're safe", it's a matter that there can be pressures on some or all providers to make sure things stop.

The only way around this is methods that have been tried before. Alternative NIC's, with their own systems. Build a system, and you can hope that things will work better. In all reality, you or I or 99% of the folks on here could put up their own nameservers and say "hey, use this instead". That's all fine and dandy, but the truth is it will not be financially viable.

Say I set up my nameservers with the tld's of .xxx, .p2p, .torrent. I could advertise it as loud as I could (and my budget doesn't go much beyond posting this). Get your ISP's to change over to our dark side. It's not going to happen, even if we properly respect the legitimate zones. You might get a few. You'll never get the majority. There's too much liability. Think if all the fiber and cable broadband providers said "sure, we'll use you instead." That would be all fun and games until the first lawsuit came down.

So you won't get the ISP's to switch. Run your own nameserver at home, you say. Great. Again, you, I, and 99% of the readers here can do it. What about the other billion people on the Internet. So you have the next killer site, freewarez.p2p. You and your group of friends who did it can get to it. You'll never make a penny on it. Why think about money? Because it costs money to keep your server up.

And of course, you'd have to pay whoever is being authorative for the tld's. Those machines take a beating all day every day. It's not just one machine on a residential line. It's clusters of machines distributed world wide to ensure reliability.

So you retool the way DNS works. Hey, that's a great idea. Until you realize that you have to gain acceptance from every OS distro out there. You may get segments of the Linux and *bsd crowed involved. Good luck getting Microsoft and Apple to sign into it. You'd have a better chance creating your own SSL signing authority and getting them to add those to their browsers (again, good luck there).

I'm not saying it won't happen. It can and should happen. It just isn't likely any time soon. It will be years from rollout of a working platform, to acceptance by even a part of the Internet. It will be quite a few years from that to getting the end users to accept it. Look at the tld .com, a

Re:Old stand-by: hosts file

[ep32g79]

It took me over a fucking week to get wifi working on linux. Then I gave up. Linux and Mac OS are the biggest fucking kludges I've ever seen.

Then you were doing it wrong, or doing it in 1997.

Re:Old stand-by: hosts file

[BlueStrat]

And those DNS servers are your business, not the governments business.

Until the government decides otherwise.

The FCC is already bypassing Congress to implement NN and the EPA is also bypassing Congress to implement Cap & Trade, both through just writing regulations with the power of law, effectively creating laws without legislative participation or oversight.

Congress does not have the power to delegate, "loan out", or "sub-contract" the power to legislate and create law according to most plain language Constitutional interpretations. Not that the SCOTUS and/or lower courts might very well have decided Congress could delegate it's powers, I'm not aware of any decisions regarding it. Besides, just because 9 lifetime political appointees in black robes pronounce something from on high makes it neither Constitutional nor a fact, neither does it make it right and/or just.

That is the job of We the People. We are the oversight on government. And for the last 100 years or so, we've really sucked at it, because it was easier to ignore and just bitch.

Strat

Re:Old stand-by: hosts file

[arth1]

Developers are, in general and these days, users, and tend to know little about low-level or system operations, at least not outside their own field of expertise.

I would venture a guess that not one in five typical Windows programmers has the faintest idea of "cacls" is, or can tell why it's bad to give full access to the root of a share.
This doesn't mean that programmers are stupid, but it's just not within their daily field of work, and likely not within their field of interest either.

Re:Old stand-by: hosts file

[SuricouRaven]

If you edit it on Windows Vista or Seven, the little Windows Defender utility will start to pester you about once a day claiming the system has been compromised and a virus detected. One of the things malware often does is edit the hosts file to prevent AV applications updating or redirect websites to the author's own fakes - but Windows Defender assumes that all edits to the hosts file must be caused by malware.

Re:Old stand-by: hosts file

[shmlco]

Until the government, like China, starts blocking specific IP addresses.

Re:Old stand-by: hosts file

[sjames]

Certificates used in https signed by someone you trust?

Same way you know when you go to your favorite site now it's not actually a DOJ server? (that is, you don't).

On;y use p2p when .com doesn't work anymore?

Re:Old stand-by: hosts file

[apoc.famine]

I was thinking about this the other day. I wondered if we could use some sort of PGP setup with a public and private key to verify who we were connecting to. It wouldn't help upon first connect, but you could definitely ensure that you were connecting to someone you'd connected to before. Starting from our current DNS, we could build a web of trusted p2p DNS entries, no matter the current or future name. It'd be interesting to redo DNS and drop both http and the TLD. I don't know that either are needed if you're doing a p2p DNS setup.

Re:Old stand-by: hosts file

[Nursie]

Which is exactly what a certificate authority is for - to give you some expectation of trust on that first connect.

Re:Old stand-by: hosts file

[the_womble]

Why should you have to edit a config file at all? Isn't that what you always complain of? Mandriva provides a hosts GUI.

Also, open as admin, then drag and drop is not obvious, and the location of the hosts file is not either (it varies between XP, Vista and 7). Why can you not have an "edit as admin" on right click like Linux?

It took me quite a long time to edit the hosts file on Vista, so I know exactly what he is talking about.

Usually wi-fi and everything else works you of the box with Linux, and there is no hunting around for drivers (because they are all either pre-installed or are in the repos and auto-installed when your hardware is detected). Any OS can have installation problem: the way to avoid them is to buy a PC with it pre-installed.

Re:Old stand-by: hosts file

[SuricouRaven]

The problem here is that no CA can be trusted - and that is the point of having a CA at all. There are currently no certain ways to confirm an identity without a trusted CA or pre-shared secret(s). There are some P2P approaches, the web of trust, but they can be shown mathematically to be only 'good enough', not perfect.

how is it censorship?

[alen]

the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods. selling a pirated copy of a movie is not the same thing as sharing it. it's a real criminal offense

Re:how is it censorship?

[sehlat]

As has been noted elsewhere, a number of the sites seized were, in fact, quite legitimate ones.

Bypassing due process is quick and cheap in the (very) short term, but an expensive disaster over the long haul.

Re:how is it censorship?

[MozeeToby]

I'd put money on it that somewhere in Amazon's thousands of listings there are a handful of counterfeit or pirated goods. Should the DNS providers go along with a government order to have Amazon de-listed? You might argue that these sights knew what they were doing and Amazon does not, but I would respond with the argument that there should be some due process there, not just a random bureaucrat making the decision.

Re:how is it censorship?

[alen]

i'd say something like 99.999% of amazon's listed products are legit and they will take action of if informed of pirated goods. the domain names seized clearly had names that used other brands to make people think they could get luis vutton for cheap

Re:how is it censorship?

[gnuASM]

the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods.

Wrong. The article says that the "ICE said" that these sites were "engaged in the illegal sale and distribution of counterfeit goods and copyrighted works". These are allegations, not "facts". Preponderance of evidence proving a crime has been committed is accomplished only through proper due process. There were no references to a court order, no references to a court trial, nor any reference to admittance of a crime. It is apparent to me that the DNS redirects were accomplished under duress of an executive agency without judicial oversight:

The seizures were accomplished by getting the VeriSign registry, owner of the .com and .net top-level domains, to change the authoritative domain-name servers for the seized domains to servers controlled by DHS.

I would call this unconstitutional, regardless of any supposed law that may be reference to the contrary. If these actions were done under a court order with judicial oversight accomplished through a supportive affidavit of the specific crime and specific circumstances, it would be different.

At this point in time, it is simply one government agency (or rather a group of related agencies), all this is is the effective removal of someone's publication of information. Until the judiciary orders its removal, it is nothing less than censorship.

We won't even go into the allusion in the article that the government is apparently deceptively redirecting site traffic to its own servers.

Re:how is it censorship?

[SuricouRaven]

Amazon, maybe... but what about eBay?

Re:how is it censorship?

[HiThere]

Not Amazon either. I'd go along with 99.9%. If they tack on another 9, then I want proof. If they tack on two or three more nines, then it had better be damn good proof, and I'll still be dubious. When they claim 99.9999%, then I claim hogwash. And I won't be likely to believe any proof they offer.

I note that neither proof, nor even an argument for plausibility was offered. Merely an assertion. I suspect an astroturfer charged with defending "Amazon's good name". Either that or a troll.

Re:how is it censorship?

[silas_moeckel]

Completely clean? The companies are not run out of the US. Would it be illegal buy a billboard and put come to something that's illegal in your is legal here? By that logic the Indian casinos should not be able to advertise outside of there res since gambling is generally not legal elsewhere? Should we seize there domain names?

Re:how is it censorship?

[SuricouRaven]

I was only arguing that while Amazon may be almost entirely legitimate, eBay probably has a very substantial portion counterfit.

Re:how is it censorship?

[BobMcD]

The seizures were accomplished by getting the VeriSign registry, owner of the .com and .net top-level domains, to change the authoritative domain-name servers for the seized domains to servers controlled by DHS.

I would call this unconstitutional, regardless of any supposed law that may be reference to the contrary. If these actions were done under a court order with judicial oversight accomplished through a supportive affidavit of the specific crime and specific circumstances, it would be different.

At this point in time, it is simply one government agency (or rather a group of related agencies), all this is is the effective removal of someone's publication of information. Until the judiciary orders its removal, it is nothing less than censorship.

And I'd agree. In the meat-space USA they never actually take away your ability to speak. They can punish you each time you decide to do it, but they can't usually 'de-list' you from the planet unless you've done something really, really bad.

So why is it in cyberspace that they suddenly gain such powers?

Re:how is it censorship?

[gnapster]

A few years back, I read a rant by someone who took issue with DRM, and corresponded with representatives at the record label. Maybe they were annoyed that some CD they purchased made it super-hard for them to rip tracks to play on their MP3 player. Anyhow, they asked the company, "Why do you make it so hard to convert files?" The rep said, "Because it's illegal." The consumer rejoined, "But it wasn't back when you were distributing things on audiocassette!" The rep's reply was basically, "Oh, it was illegal back then, but we couldn't stop you."

At this point, I would expect an analogous response from ICE on why they have these powers in cyberspace: "You should not have been speaking back then, but we could not stop you from doing so!"

Up next

[wiredlogic]

Up next... BGP. We can't let the Chinese upstage us in our censorship efforts.

Due process anybody?

[spectro]

The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.

Re:Due process anybody?

[LordThyGod]

... unless it is ordered by a court of law.

Who's court though? Iran's? China's? The US's where many judges are elected, or are vetted by politicians first?

Re:Due process anybody?

The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

Which is exactly what happened in the domain seizure case. There was a court order under 18 USC 2323 (Forfiture, destruction, and restitution) served upon VeriSign. A court order, signed by a judge.

Re:Due process anybody?

[gnuASM]

However, this is not that particular domain seizure. This is a redirect to government servers ("spoofs", if you will) with no judicial oversight. Furthermore, there was no judicial order for VeriSign to act in such a deceptive manner in support of a government actor.

Your post only goes to prove the GPs issue on due process. If they were able to follow the rules then, why not now? This simply constitutes censorship until evidence and affidavit are submit to a judge in due process of law to obtain a writ. Only then does this become an injunction and not censorship.

Re:Due process anybody?

[Junior+J.+Junior+III]

The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.

<sarcasm>OMGtERRORism! In a clear/present danger situation do we want to really wait around for niceties like court orders and other mamby pamby stuff? Executive branch needs this right now or they cannot effectively tyrranize. Why do you hate America stop sympathizing and giving aid to terrorists.</sarcasm>

Re:Due process anybody?

[SuricouRaven]

Which is all well and good, except that the internet isn't just a US thing. By asserting the authority to revoke the domain of a site hosted outside the US, by non-US citizens, for a non-US business, the US government is essentially claiming limitless jurisdiction: If you do anything on the internet, you'd better obey American law.

Re:Due process anybody?

However, this is not that particular domain seizure. This is a redirect to government servers ("spoofs", if you will) with no judicial oversight. Furthermore, there was no judicial order for VeriSign to act in such a deceptive manner in support of a government actor.

Your post only goes to prove the GPs issue on due process. If they were able to follow the rules then, why not now? This simply constitutes censorship until evidence and affidavit are submit to a judge in due process of law to obtain a writ. Only then does this become an injunction and not censorship.

Okay, which "particular domain seizure" are you talking about? I had assumed we were talking about the Nov 29 seizure of 82 domains, which are listed here
http://www.ice.gov/doclib/news/releases/2010/domain_names.pdf (WARNING: PDF)

Click on any of them (the PDF is hotlinked) and you will be sent to a page that clearly says "This domain name has been seized...pursuant to a seizure warrant issued by a United States District Court..."

Yes, the page in question is doubtless hosted by a government server, but what do you expect the Feds do with a domain that they've taken control of? Redirect all traffic to 4Chan?

Re:Due process anybody?

[gnapster]

Well, if all the fuss is about selling counterfeit goods, it would be interesting to see them forward the domains to the producers of the authentic counterparts...

Re:Due process anybody?

[SuricouRaven]

Just to say how badly this could go, let's try switching the country. What happens if a court in, say, Iran were to rule that a site hosted in the US were infringing an Iranian law, and that as the internet does pass through Iranian equipment all of the internet is under their jurisdiction - and the government then, under a court order and fully in compliance with Iranian law, closes the site down through the use of DoS attack. Same thing, different country. That's the tricky part of governing the internet: Any site can be reached in any country, and thus *every* country has some grounds to claim authority over it.

What's really up next...

...is govt mandated DNS servers. You go thru theirs, so that can track every hostname you resolve and presumably visit, or if you try to circumvent then that'll become a crime.

Re:What's really up next...

SSSSSsssssshhhhhhh!!!

Anything of these good?

[nine-times]

It seems like there are potential problems here. With 4LW, I still need to memorize a set of 4 unrelated words for each site, and there's basically a single point of failure. Plus, as the article points out, it assumes a single domain name per IP address, and also IPv6 will complicate things.

P2P DNS seems like a good idea, but getting DNS from random services seems open to attack. One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing. I don't know that I really understand IDONS. I mean, to be totally honest, I'm not sure I really understand any of these alternatives.

Of course, you're going to need some kind of DNS. Things will only get worse when IPv6 gets going. Ideally I'd like to see something that is decentralized, includes record signing, allows for SSL public keys to be kept in DNS records (thereby eliminating most of the need for CAs), and does not allow for domain squatting or phishing to such an extreme degree. Anything fit that bill?

Re:Anything of these good?

[Magada]

Signing should work. One simply(?) has to keep track of trustworthy signers.

Re:Anything of these good?

[tramp]

At the moment there is nothing that fit that bill. At best you will get a shadow or underground system that will functioning concurrently with the current DNS-system. The impact will be too big for internet as a whole to kill off the current DNS-system imho.

Re:Anything of these good?

[tnovelli]

IDONS sounds promising, seeing how Lauren Weinstein was some sort of early ARPAnet architect. Van Jacobsen has also been talking about this kind of stuff the last few years -- essentially turning the internet into a global P2P CDN.

People are already using the PGP web-of-trust model. Long-term, I'm pretty sure that'll be central to internet freedom. Regular people will just have to learn it.

Re:Anything of these good?

[nine-times]

Well either each of us has to individually try to figure out which signers are trustworthy, or else you need something like an authority to tell you who to trust.

Re:Anything of these good?

[Magada]

Sure. It's a classical scenario for web-of-trust, i.e. you can be your own authority and rely on your friends to provide additional vetting.

Remember, WOT in this case is needed only to ensure that your peers group is somewhat trustworthy, on the whole, so that Byzantine protocols can work.

Get back in your Free Speech Zone

[spun]

Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries,

Historically, meaning what? thirty years ago? Now we have special places where you can go to protest and no one will have to hear you. We have laws against saying bad things about food, for crying out loud. Free speech is for the rich. If you own a media empire, you have some semblance of free speech. Otherwise, you only have freedom of speech until you say something that someone with money and/or power doesn't like.

Re:Get back in your Free Speech Zone

[cobrausn]

Historically, meaning what? thirty years ago?

I think you are failing to understand the word 'Historically' correctly. If it were thirty years ago that we stopped really believing in free speech, his statement would still be correct.

Re:Get back in your Free Speech Zone

[spun]

"We have laws against saying bad things about food, [wikipedia.org] for crying out loud."

No -- no we don't. We have laws against deliberately and knowingly spreading false negative information about food products. But I don't expect that to get past your Slashdot mental filter.

Hahaha, oh, that is rich. Try saying that rGBH is bad. Heck, try marketing milk that is rGBH free. By claiming that your milk does not have bovine growth hormone, you are saying that bovine growth hormone is bad. And you will be sued.

Did you know that the standards of proof are different when you are being sued for badmouthing
food than when you are sued for badmouthing a person? When you badmouth a person, that person has to prove your guilt. When you badmouth food, you must prove your innocence.

I will repeat that. When you are sued for saying bad things about food, you are presumed guilty and must prove your innocence.

Re:Get back in your Free Speech Zone

[spun]

I merely wish to emphasize that our freedoms of speech have been under constant and successful attack for quite some time not. Sorry if my wording irritated your inner pedant.

Re:Get back in your Free Speech Zone

[spun]

See the case Monsanto v. Oakhurst Dairy of Maine. Monsanto sued, forcing Oakhurst dairy to modify their labels.

Re:Get back in your Free Speech Zone

[spun]

As I mentioned to the other AC, see the case Monsanto v. Oakhurst Dairy of Maine. Monsanto sued, forcing Oakhurst dairy to modify their labels.

Re:Get back in your Free Speech Zone

[nedlohs]

The bottle of milk in front of me (that was bought in a typical american supermarket) says, in the second largest letters on the label, and at the top of the label (their capitalization):

From Cows NOT Treated With ARTIFICIAL GROWTH HORMONES*

And then in the tinyest print on the label and at the very bottom:

*No significant difference has been shown between milk derived from rBST treated and non-rBST ttreated cows

Bought from the local supermarket in a typical American suburb.

So you are full of shit.

Re:Get back in your Free Speech Zone

[noidentity]

We have laws against saying bad things about food, for crying out loud.

I'm sorry sir, crying out loud is now also illegal. Ignorance of the law is no defense. Come with me.

Re:Get back in your Free Speech Zone

[spun]

Well, I guess if you include a disclaimer that negates any reason for even including the original statement, you can say that. But you have to include the disclaimer.

Re:Get back in your Free Speech Zone

[kilfarsnar]

http://motherjones.com/politics/2004/01/monsanto-vs-milkman Give it a read.

Re:Get back in your Free Speech Zone

[mcgrew]

We have laws against saying bad things about food, for crying out loud.

Those laws are against libel. You can say bad things against food it those things are true, just as you can say bad things about people if they're true, but you can't publicly lie maliciously about someone without fear of being sued for slander.

It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer would be perfectly within their rights to quash your lies.

I agree that freedom of the press is only for those rich enough to own a press, but the internet has changed that. I also agree that a rich man can fuck you over any way he wants for any reason he wants; that's part of the nature of money.

Re:Get back in your Free Speech Zone

Utterly clueless /. poster. Typical.

You apparently fail to notice:

1. Nobody forced Oakhurst Dairy to do anything.

2. The suit was based on claims of unfair trade practices, not "food libel" laws.

3. Even so, Monsanto's complaint wasn't that Oakhurst was "saying bad things" about its food. Rather, the complaint was that Oakhurst was saying *false and misleading* things about Monsanto's food. This, again, is what "food libel" laws prohibit.

4. You still have not substantiated the claim that

"the standards of proof are different when you are being sued for badmouthing food than when you are sued for badmouthing a person? When you badmouth a person, that person has to prove your guilt. When you badmouth food, you must prove your innocence"

which I still suspect is utter bullshit, even more so given how the rest of your "analysis" has played out. There is simply no such thing as a US civil lawsuit in which the DEFENDANT bears the initial burden of production or persuasion.

Re:Get back in your Free Speech Zone

[arth1]

It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer would be perfectly within their rights to quash your lies.

Why? Their natural casing hot dogs are made from intestines, and even though the inner mucus is removed and they're well washed, will occasionally contain minute quantities of, ehrm, intestinal material.

Re:Get back in your Free Speech Zone

JESUS, TRY TO HAVE A COHERENT THOUGHT

The disclaimer does NOT "negate any reason for even including the original statement". The reason for having the original statement is to let people know the milk doesn't contain growth hormones. The disclaimer does not affect this in ANY WAY.

It merely minimizes the potential that the consumer will be MISLED by the label and draw a FALSE CONCLUSION -- which, one more time, in case you haven't been paying attention -- is what "food libel laws" prohibit.

TA-DA! It's exactly like I said. Hope this helps.

Re:Get back in your Free Speech Zone

[wygit]

I guess if you're incapable of reading TFA, or at least the first paragraph, we can quote it for you:

  Food libel laws, also known as food disparagement laws and informally as veggie libel laws, are laws passed in 13 U.S. states that make it easier for food producers to sue their critics for libel. These 13 states include Alabama, Arizona, Colorado, Florida, Georgia, Idaho, Louisiana, Mississippi, North Dakota, Ohio, Oklahoma, South Dakota, and Texas.[1] Many of the food-disparagement laws establish a lower standard for civil liability and allow for punitive damages and attorney's fees for plaintiffs alone,[2] regardless of the case's outcome.[3]

https://secure.wikimedia.org/wikipedia/en/wiki/Food_libel_laws

Re:Get back in your Free Speech Zone

[Ungrounded+Lightning]

See the case Monsanto v. Oakhurst Dairy of Maine. Monsanto sued, forcing Oakhurst dairy to modify their labels.

Since you don't provide a link to the documents, I'll ask:

Did Oakhurst Dairy fight it in court and lose? Or did they settle out of court without a battle?

One of the downsides of civil law is that anybody can sue anybody else for anything. Whether they can WIN on it is another story. But a lot of businesses might decide it is better for their stockholders to change a label and abort a minor marketing program than to fight an expensive court battle and win.

(Knuckling under to a bully is usually a bad move, because it seldom stops there and ends up more expensive in the long run. But try telling that to a Harvard Business School grad.)

Re:Get back in your Free Speech Zone

[sir1real]

I was once told by a representative in our HR department that in a sexual harassment lawsuit the defendant bears the burden of proof. This was justified on the grounds that it protects the "victim" in some way. I tried to point at that you can't have a victim without first demonstrating the crime. They didn't want to hear it.

Has anyone else come across this?

Re:Get back in your Free Speech Zone

[mcgrew]

Perhaps hot dogs weren't the best illustration. Potato salad, maybe?

Re:Get back in your Free Speech Zone

[rickb928]

I grew up (so I say anyways) in Maine, and for one summer worked for Oakhurst Dairy. Many of my uncles and my father worked for them as well.

The single most important thing to come out of that suit: Mainers now know that when you say your milk is from farmers that don't use hormones, you are getting milk without hormones. Some Mainers prefer that. All they wanna know is what's in their milk. Is that too much?

According to the food libel laws, actually it IS. A pox on all of them.

ps- Oakhurst is a fairly ethical company. Nobody's perfect, but they were trying last I knew. Their competition is largely out of state.

Re:Get back in your Free Speech Zone

[memnock]

Do you think that the milk producers of the milk you have there put the asterisked statement on your carton for informational purpose of their own volition or because they were compelled to, because if they hadn't, they'd be sued?

Re:Get back in your Free Speech Zone

[Tynin]

Why? Potato's are naturally grown in shit! ;-)

Re:Get back in your Free Speech Zone

[BobMcD]

Got anything more recent? All this says is that the company that makes the chemicals got pissed and sued. Big deal. You can sue a ham sandwich. What actually came out of it?

(And I'll Google it myself, so don't bother, but I'd like to point out that you just linked to a 90%-non-story.)

Re:Get back in your Free Speech Zone

[BobMcD]

See the case Monsanto v. Oakhurst Dairy of Maine. Monsanto sued, forcing Oakhurst dairy to modify their labels...

...in a way which clearly stated they weren't making unfounded claims about the hormone:

Oakhurst retained the right to put its Farmers' Pledge on its milk label but added a disclaimer: "FDA states: No significant difference in milk from cows treated with artificial growth hormone."

Oakhurst never once claimed that the hormone had been proven to hurt anyone, but they saw a market of customers who wanted hormone-free milk, and went for it. Adding the disclaimer to the label indemnifies them from libel while still allowing the consumer to make their informed choice.

So, in that light, what exactly was your point? Because all I see here is a win-win for the consumer...

Re:Get back in your Free Speech Zone

[tombeard]

Walk into an American courtroom and yell " I think this judge is is a corrupt piece of shit". Can you guess what happens?
Good luck expressing your opinion vs. a judge perceiving contempt.

Re:Get back in your Free Speech Zone

[arth1]

Very useful shit, indeed.

But anyhow, what seems wrong is that for slander or libel against a person, there has to be malice, while for slander or libel against a company or their brand, that doesn't seem to be required.
The laws seem to favor coprorations over individuals. I wish we had justice instead.

Re:Get back in your Free Speech Zone

[nedlohs]

Who cares. Didn't stop them making the claim that the post I replied to said wasn't allowed at all.

Requiring crackpots to put "* out claims that eating out product cures cancer and AIDS are lies and not approved by the FDA" isn't all bad.

And yes the FDA isn't perfect and there are likely many cases in which they disallow stuff that isn't bad for you and allow stuff that is.

Re:Get back in your Free Speech Zone

[shaitand]

"...in a way [oakhurstdairy.com] which clearly stated they weren't making unfounded claims about the hormone:"

That would make sense if their label made such claims in the first place. Something it obviously did not do since they merely had to add an additional disclaimer not modify the existing "Farmers' Pledge".

"So, in that light, what exactly was your point? Because all I see here is a win-win for the consumer..."

It wasn't a lose for the consumer in the first place. Monsanto shouldn't be able to make anyone remove information from their labels. Leaving the situation in a state where Monsanto or anyone else can do this is a definite loss for consumers.

There is no evidence that food must be grown organically to be safe either but it still isn't illegal to market your organic produce as being organic!

Re:Get back in your Free Speech Zone

[celle]

"It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer would be perfectly within their rights to quash your lies."

Oddly enough both are opinions and protected under the 1st amendment. So where's the illegality come in? The reality is corporations have laws passed in their favor that in many point of views, if not outright, violate the intentions of the constitution.

Re:Get back in your Free Speech Zone

[memnock]

You wrote "So you are full of shit." to spun, who wrote about potentially being sued for a health claim about a product. In other words, 'no, there is no risk of lawsuit for making a health claim such as that'. But then you point out that a similar health claim is being followed up with a disclaimer which I point is to avoid a lawsuit. It seems to me that spun is not the person making the spurious claim.

Re:Get back in your Free Speech Zone

[Rary]

Those laws are against libel. You can say bad things against food it those things are true, just as you can say bad things about people if they're true, but you can't publicly lie maliciously about someone without fear of being sued for slander.

There are a number of significant differences between normal libel laws and the food libel laws.

In normal libel, the plaintiff has to prove that the defendant's statement was false, that the statement caused harm, and that the defendant didn't try to verify the statement before making it. Additionally, if the plaintiff is a public figure, they must also prove that the defendant intended to cause harm.

In food libel, the plaintiff merely has to prove that the defendant's statement was false, or at least not definitively true. In some states the onus is reversed, making it up to the defendant to prove that the statement is true.

It is much easier to lose a food libel suit than a regular libel or defamation suit. If I have good reason to believe that you put shit in your hot dogs, and I communicate this, but it turns out I was wrong, that's not libel. If I have good reason to believe that Oscar Mayer hot dogs have shit in them, and I communicate this, but it turns out I was wrong, that is libel.

The whole point of the food libel laws is to make it easier for plaintiffs to win a libel case, and to make it more costly for defendants to lose.

Re:Get back in your Free Speech Zone

[nedlohs]

No the claim was "Heck, try marketing milk that is rGBH free" and behold the milk I buy is marketed exactly as that.

Re:Get back in your Free Speech Zone

[wtfamidoinghere]

But a lot of businesses might decide it is better for their stockholders to change a label and abort a minor marketing program than to fight an expensive court battle and win.

Aren't you kind of saying that "Free speech is for the rich" as stated above? I know not literally, but it all boils down to it.

Re:Get back in your Free Speech Zone

[mcgrew]

Yes, but they're not sold covered in shit. Once when my kids were about 7 or 8, we grew a pretty big garden (for a city dweller) in the back yard. One of my youngest daughter's friends saw us uprooting a big radish, and actually became sick when she saw my daughter wash it off and eat it.

Dumb city kids...

Re:Get back in your Free Speech Zone

[mcgrew]

Well, if you call ANYONE a corrupt piece of shit any time and any where, you'd better have some proof. And that's not jusr American courtrooms, that's any courtroom anywhere.

Re:Get back in your Free Speech Zone

[kj_kabaje]

Thank you /. for being the place where you can have a humorous yet somewhat intelligent discussion of the usefulness of scatological materials.

Re:Get back in your Free Speech Zone

[mcgrew]

The first amendment doesn't protect slander. If I were to say you were a child molester, you could sue me and collect damages.

Slander isn't free speech. "These hot dogs have fecal matter in them" isn't an opinion, it's a statement of (false) fact.

Re:Get back in your Free Speech Zone

[Ungrounded+Lightning]

Aren't you kind of saying that "Free speech is for the rich" as stated above? I know not literally, but it all boils down to it.

No. I'm saying "Free speech is for those who are willing to fight for it."

"The rich" often aren't, and free speech is rarely free of all costs.

Re:Get back in your Free Speech Zone

[shaitand]

Being a tad pedantic aren't we? s/remove/add/ and my point remains the same.

Monsanto forced them to either remove the pledge or add the disclaimer. Either way they are being forced to change their labeling without cause.

Pointless

[Bucky24]

Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember.

While it's true that removing a DNS entry will stop a lot of people from getting to the site at first, eventually the IP will start going around, and anyone who really wants to will be able to access it again.

Re:Pointless

[rubycodez]

most sites share a numeric IP with many virtual hosts. in that case, you need to put the desired host header field into your http request.

Re:Pointless

[inject_hotmail.com]

Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember. While it's true that removing a DNS entry will stop a lot of people from getting to the site at first, eventually the IP will start going around, and anyone who really wants to will be able to access it again.

Not true. While many sites have a dedicated IP, a great deal are hosted on a virtual server where the IP address is the same for a large number of sites. If one attempts to connect to the website via its IP address, the browser will be given the default site for that server (depending on how the admin set it up). In a case where an admin wants to be reached by both domain name AND IP address, the IP address would have to be dedicated. Using an IP address also doesn't help if the website's designer uses absolute paths (gawd, yes, it still happens).

Re:Pointless

[TheNinjaroach]

Using an IP address also doesn't help if the website's designer uses absolute paths (gawd, yes, it still happens).

"/story/" is an absolute path, since it takes you to the document root of the webserver. I think you are referring to a fully qualified path, where the domain name (and perhaps protocol) are also included.

In any case, /etc/hosts is your friend and will easily help you work around both problems without having to build your own HTTP headers or rewrite any URLs.

Re:Pointless

[Bucky24]

The only virtual-server setup that I've seen involves a separate (dedicated) IP address for each virtual domain on the server.

If you set up a free account with some web-host that gives you a subdomain, then yes, you would run into this problem, but any decent paid hosting plan (one that presumably involves a registered domain) gives said domain a separate IP.

I do agree with you on absolute paths though...

Re:Pointless

[inject_hotmail.com]

Using an IP address also doesn't help if the website's designer uses absolute paths (gawd, yes, it still happens).

"/story/" is an absolute path, since it takes you to the document root of the webserver. I think you are referring to a fully qualified path, where the domain name (and perhaps protocol) are also included. In any case, /etc/hosts is your friend and will easily help you work around both problems without having to build your own HTTP headers or rewrite any URLs.

True! My mistake, I did indeed mean to say 'fully-qualified'. Modifying /etc/hosts will work, but, can you imagine the hassle that would create? As an aside, the Internet originally had no DNS servers...all names were resolved using /etc/hosts...and now, what's old is new again...let's devolve everyone! Thanks be to the democratic/republican governments loaded with tyrants!

Re:Pointless

[inject_hotmail.com]

The only virtual-server setup that I've seen involves a separate (dedicated) IP address for each virtual domain on the server. If you set up a free account with some web-host that gives you a subdomain, then yes, you would run into this problem, but any decent paid hosting plan (one that presumably involves a registered domain) gives said domain a separate IP. I do agree with you on absolute paths though...

That's a tough one, as all the hosting services out there are trying to conserve IPv4 addresses. I say each site deserves its own IP, but, who am I to say...We have a major telecom ISP that hosts thousands upon thousands of sites off of one IP address.

Re:Pointless

[anyGould]

Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember.

I'm wondering if we'll just revert back to plain ol' IP addresses. We remember phone numbers, after all.

Re:Pointless

[sycorob]

Also, DNS is for more than just convenience. We used to have various other systems to find the IP address of a host that we knew was out there (Archie?), and now DNS maps human-recallable names to an address.

Let's say the DNS entry for twitter.com was pulled down. What's the IP address for Twitter? I have no idea. Even if I Google it, the Google entry still points me to "http://twitter.com" We nerds could probably figure out a way around it; find somebody that posted the address somewhere, type it in manually, update our hosts file, etc. But to the vast majority of internet users that might be interested, wikileaks.org has effectively disappeared.

Interestingly, when you Google "wikileaks" right now, Google points you to http://213.251.145.96/ I assume they had to hack that somehow, so kudos to Google. Since a lot of people apparently do a search for wherever they want to go rather than entering the URL, this may have less of an effect than the government would want.

Re:Pointless

[Abcd1234]

Says the guy who evidentally doesn't realize DNS is more than just a simple name-IP mapping scheme.

DNS is what allows your email client to figure out who the mail exchanger is for a domain. Without it, email wouldn't work.

DNS allows for failover and round-robin load balancing for services.

DNS and the Host header make HTTP virtual hosting possible.

Dynamic DNS allows one to have a constant, logical name, even if an underlying IP is changing.

I'm sure there are many others... these are just the first few that immediately come to mind.

Re:Pointless

[awshidahak]

We do? I just press contacts on my phone and type in the name of the person. Of course, this is kind of like maintaining my own /etc/hosts file.

Re:Pointless

[bored]

We used to have various other systems to find the IP address of a host that we knew was out there (Archie?)

Standard NIS, still shipped on nearly every unix/clone can serve/receive hosts files, and a tweak of the nsswitch.conf file can make it precede DNS.

Re:Pointless

[mcgrew]

I gave up memorizing phone numbers a long time ago, now you want me to memorize IP addresses?

It would be helpful if browser makers woul have bookmarks remember the IP address and the domain name, and display them.

Re:Pointless

[Bucky24]

It would be helpful if browser makers woul have bookmarks remember the IP address and the domain name, and display them.

That would be very useful, I agree.

Re:Pointless

[anyGould]

All the more reason we shouldn't let random politicians mess with it arbitrarily, no?

And I'll happily admit I'm not an expert on the inner workings of DNS. But the US actions show that DNS can't necessarily be trusted anymore, either.

Re:Pointless

[BobMcD]

While you're not wrong, per se, you do seem to be a bit behind the times...

DNS is what allows your email client to figure out who the mail exchanger is for a domain. Without it, email wouldn't work.

E-what? That stuff is dieing, or certainly would be in a world where we can't count on DNS anymore...

DNS allows for failover and round-robin load balancing for services.

WTB router, pst.

DNS and the Host header make HTTP virtual hosting possible.

Virtual hosting sucks, existing largely only for hosting providers to tier their offerings. That could stop and only the providers would notice or care.

Dynamic DNS allows one to have a constant, logical name, even if an underlying IP is changing.

THIS is a solid point. Can't argue here...

Anyway, I guess my point is, if DNS works for you and you don't mind the government having total power over your name resolution, great. If it doesn't, or if you can imagine a future where it doesn't, then alternatives are a great idea.

Further, I'm just impressed at how well 4lw actually works!

Re:Pointless

[Lincolnshire+Poacher]

> I'm wondering if we'll just revert back to plain ol' IP addresses.

"You won't believe what Mike posted on 2001:40fc::dead:beef today!"

Hmm, has potential!

Re:Pointless

[Abcd1234]

While you're not wrong, per se, you do seem to be a bit behind the times...

And every single one of your "counter-arguments" is absurd. Why did you even bother? I mean, really, you couldn't spend the time to come up with something at least seemingly lucid? I mean, really...

If you think email is going away, you're delusional.

If you think DNS isn't used for round-robin load-balancing and failover, you haven't resolved www.google.com... ever.

If you think "Virtual hosting sucks" and that "That could stop and only the providers would notice or care", you live in a fantasy world.

Re:Pointless

[koona]

Didn't the old (and beautiful) netscape bookmark editor include the IP address? I just don't know if I have an old running example on hand or not.

I'll look. Haha, I'm inspired, thanks

Re:Pointless

[koona]

    Damn, I can get netscape v 6 running but the v 4.5 is dependant on sun java 2 which I just don't have. That old machine is stripped of netcard, everything. Poop. Anyway v6 bookmark editor does NOT include IP #'s . I'm still damn near sure ver 4 did.

Re:Pointless

[tjhart85]

Who remembers phone numbers anymore? All my numbers are in my phones address book.

We

we were viewed as impartial

We? So you were the one who ordered the takedown? Because it certainly wasn't me.

Be careful of using the term "we" to desribe the relationship between government and the common man. Government and the people are NOT one and the same, no matter how loud the politicians scream. Every little thing that government does counter to your wishes is proof to the contrary.

Curious

[Archangel+Michael]

On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.

The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??

Re:Curious

[couchslug]

"What then??"

Join or build a bigger gang, and mob deep when you roll.

That's really never been different, merely prettified and named different names.

Re:Curious

[Therilith]

a government with properly issued warrant shutting down websites.

I think the issue here is that the only reason people were generally ok with letting the US have that level of control was that they weren't supposed to kill access to a website for everybody on the planet simply because it was breaking a law in one country.

Arguments like "but it's located in the US, so it has to follow those laws" don't really work here since the whole point was that it wasn't supposed to be controlled by any one country, but it was too much of a hassle to make it properly international as long as the US behaved.

Re:Curious

[anyGould]

On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.

The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??

You're looking at it from an American point of view. If the US wants to block a website, that's their prerogative. But they blocked it *everywhere* - in the US, in Canada, in China, in Europe - everywhere. (And it just occured to me that they also gained the ability to see - at least for a limited time - *who* was going to those sites, which would explain why they didn't just blackhole the domains).

So look at it in reverse - if China (for instance) had provided a properly issued warrant demanding that a site be redirected to their servers worldwide, would you have a problem with it?

As for the Anonymous tactics, I think they're quite proportional to the tactics of the companies involved. To put it in pretty terms, they've discontinued service while an investigation into the legality of their actions takes place. Should only take, oh, 90 days or so? :)

(Sadly, not l33t enough to be part of the DDOS.)

Re:Curious

[Archangel+Michael]

If you're a geek, then you understand the difficulty and ultimate futility of blocking a DNS entry to just the US and not the rest of the world truly is.

And exactly how was the US supposed to accomplish this impossible task?

If you suggest "international court", I'll laugh at you and call you arrogantly stupid. This is the same international community that thinks Libya is a good representative for human rights, and Obama was deserving of a Nobel Prize for his "potential".

Re:Curious

[Archangel+Michael]

SO, exactly, how does one Partially block a website in the US?

Re:Curious

[anyGould]

I don't know, but I'd suggest asking China, since they seem to be the industry leaders in such thing.

And before anyone asks, yes, I'm equating the US takedowns to Chinese censorship. It's a government deciding what it's citizens can or can't see online. The only difference is that China generally has the good manners to only censor to people inside it's borders.

Re:Curious

[Archangel+Michael]

So criminal behavior is protected free speech? And stopping criminals from committing crimes is the same as censorship?

Wow.

Lawyers should learn that people believe that shit.

Re:Curious

[sjames]

It's not really that I want mobs ruling everything. I would much rather a good and just government take care of things. However, if that isn't going to happen, I guess the DDOS is better than nothing and at least it requires some sort of consensus rather than just one bureaucrat with an over-used rubber stamp somewhere to put it in play.

In the end, I hope this sort of thing makes it too painful to continue blatantly supporting greedy corporations over the citizens. Or at least raises enough stink that others start thinking about why so many feel the DDOS is a necessary evil right now.

Re:Curious

[anyGould]

So criminal behavior is protected free speech? And stopping criminals from committing crimes is the same as censorship?

What crime? WL hasn't be charged with *any* crimes, *anywhere* in the world. (Assange is charged with a crime, but that's for his personal life.)

And nice try moving the goalposts - no matter how much the US wants to think they're the global policemen, their legal authority stops at the border - after that it's cowboy diplomacy.

let's also break the SSL certificate cartel

[rubycodez]

let's also have an open, distributed, trustable system for ssl certificates where I don't have to line the pocket of a Versign or other agency to have SSL communication. Ever try to get Android or such to work with SSL gatewayed systems, can be very painful the current way

Re:let's also break the SSL certificate cartel

[rubycodez]

false, we can make a trustworthy certification authority web more trustworthy than the current CA

Question your assumptions, who says Verisign is trustworthy, and why are they trustworthy (in fact they are not, have committed crimes of monetary damage to all internet users on several occassions)

Re:let's also break the SSL certificate cartel

[VortexCortex]

By definition, that doesn't work. A certificate is the product of a certification authority, and it certifies you are who you say you are. You're talking about web of trust. Very different model, and even less trustworthy than a CA.

::Sigh:: Some CA's are more "trustworthy" than others. The current CA system is broken... let me repeat that: OUR CA SYSTEM IS BROKEN, since, for example, China's CINNIC CA can create a valid cert for Google.com without Google's permission.

At least a web of trust has a chain of signatures that I can validate by personally contacting each person in the chain: "Hey, Alice, my good friend, you signed Bob's cert, what's his number I need to find out about Carl since Bob signed Carlo's cert, and Carlos signed Daisy's" I can even decide how long of a chain of trust I allow between me and someone else. I can also decide who can and can't sign my key.

Remember that time that a whole crapload of Internet data was "accidentally" routed through China? If CINNIC had created fraudulent certs, and inserted themselves into the connections MITM style, your web browser would display the "IT'S SECURE" bar and all that SSL encryption would be useless.

Not to mention, any country can coerce and gag-order a CA that resides in said country for the purpose of creating fake certs. If the US coerced Thawte to make a fake Google.com cert, they can just insert themselves right into your "secure" connection, and you wouldn't even be able to detect the tap, and Google wouldn't even know either.

If you have Firefox: Preferences > Advanced > Encryption > View Certificates. Remove the root CAs that you don't trust. Yes, CINNIC is in there by default.

It's possible to create a better CA system that is tiered as our current system, and prevents the CAs from generating certs that were not requested. It's very simple using public-key crypto. I am developing such a system for use in my game's mod community. "It arn't that hard"

TL;DR: The Current SSL & CA system is just a security theater...

Freenet

[goldarg]

Instead of re-inventing the wheel Why not try out a existing darknet in the form of Freenet http://freenetproject.org/ or i2p http://www.i2p2.de/

Re:Freenet

Try VoIP over Freenet and tell me how well that works.

Re:Freenet

[SuricouRaven]

I've not used i2p, but I have used Freenet, and... it works. I admit it's slow, but it does work. You can browse the sites, post in a forum. There is plenty of stuff there by the paranoid (Lots of conspiricy theorist types on freenet), the activists and, of course, the pirates (It is *not* the fastest or most bandwidth-friendly way to pirate, but it will get you what you want... if you don't mind waiting a week for the latest episode). I also understand how the anonyminity works and, so long as you avoid mistakes like uploading a jpeg with camera-identifying information or looking at a non-freenet link to a monitored site, it is not going to be at all easy to find anyone. I'd say it's a project with promise.

And, yes, it has wikileaks mirrors.

It also has pedophiles. Everyone else tries to forget they exist, but... build a network dedicated to absolute and unrestrictable free speech, and they will come. On the upside, they keep a very low profile - the most you'll ever see is the occasional link you can not-follow.

Re:Freenet

[VortexCortex]

Instead of re-inventing the wheel

Instead of re-inventing the wheel why not just use Fidonet?

Hell, I was using Fidonet since before the Internet was available to the masses.

Tell you what, why don't we let those that have ideas, and itches to scratch rally supporters for their own implementations based on their own merits, and let the best protocol win?

Sometimes you have to break an egg to make an omelet; Sometimes you have to re-invent a wheel or axle to innovate.

Re:Freenet

Freenet is really really slow. Although PD only supports bulletin boards and regular file sharing the network is very large, robust and fast. The file-shareing part of it uses tags instead of keywoards to search for stuff which is almost as good as using bittorrent. I really like these kinds of services. PD is worth checking out if you're curious. I'm not sure how much english content is present in PD but PD is being adopted by more and more english speakers every day.

From the P2P DNS project wiki

[icebraining]

We currently believe the best way to create a stable environment for TLDs is to enact a central authority. We know this will cause much argument within the community, but we have made the decision that we believe will be best for the continued development of this project.

http://dot-p2p.org/index.php?title=Main_Page#Announcement

Really?

Re:From the P2P DNS project wiki

[jimktrains]

I forked the project and a couple people came with me.

http://dnsp2p.gp5st.com/w/index.php?title=Main_Page

We want a fully decentralized dns system. We're currently discussing ideas and reading acedemic articles on DHT security and attacks.

No laws against saying anything

[SuperKendall]

You can say anything you like, and will never be arrested.

You might (might!) be sued, since that is what that law is about. But it's not specifically against the law to say anything you like.

Re:No laws against saying anything

[spun]

Unless you try to protest at a political rally and refuse to go to your assigned Free Speech Zone out back by the dumpsters. But technically, you are right. You won't be arrested for 'speaking out.' You will be arrested for disturbing the peace or some other trumped up charge.

Re:No laws against saying anything

[bill_mcgonigle]

You can say anything you like, and will never be arrested.

Sadly, no. Hate crimes, criminal threatening, leaking government data, etc.

Re:No laws against saying anything

[bored]

I'm sure there are quite a few places I can say something that gets me arrested. The airport comes to mind, as does the local courthouse.

Re:No laws against saying anything

[Lincolnshire+Poacher]

> You can say anything you like, and will never be arrested.

I read this in USA Today over breakfast yesterday:

"US District Judge Joseph H. McKinley Jr. called Spencer's writing of the poem an extremely dangerous thing. Spencer will be on supervised release for three years after he completes the 33-month sentence. "

I'll let you track-down the story as you might learn something along the way.

TSA vs. the OpenPGP web of trust

[tepples]

One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing.

I would have kneejerk replied "try the web of trust", but that's under attack as a consequence of the actions of the U.S. Transportation Security Administration. The OpenPGP global web of trust relies on some users traveling hundreds of miles to key signing parties so that they can extend the web of trust by meeting well-known people living far from them. Otherwise, if Alice is trying to communicate with Bob, but nobody living near Alice has gone to a key signing party with someone living near Bob, they can't verify each other's keys. But the TSA with its "Rapist-scan" backscatter machines and "gate rape" pat-downs is making it hard to travel such distances.

Re:TSA vs. the OpenPGP web of trust

[L4t3r4lu5]

There's no need to make a funny name up for Rapiscan.

Just promounce the first part as "Rapey"

too harsh

[HiThere]

Depending on your system wi-fi on Linux was difficult up through around 2003-5. And it's still not perfect.

E.g., A DVD-1 of Debian Squeeze (two months ago) doesn't contain some of the files needed to enable wi-fi. To get it working you need either some other install disk (DVD-2?) or a hardwired connection.

OTOH, I'm more bothered by the way it mismanages power when on battery. I know there are answers out there, but switching to Ubuntu was an easier answer.

Re:too harsh

[L4t3r4lu5]

OTOH, Ubuntu (based upon Debian) worked without configuration on my computer.

Deb didn't contain some of the files needed to get your wi-fi working. A quick check on hardware compatibility lists will tell you what you need to do. And if you're not checking the compatibility lists before you install a Linux distro, you're probably not ready for it. It'll be there when you're ready, though.

Re:too harsh

[HiThere]

Sorry, but you're thinking everyone has the same priorities you do. For me it was easier to try to install the distribution, and, when it didn't work, switch to another that I knew would.

But do note that Debian *did* have the packages needed to get WiFi working, so checking things out wouldn't have worked. They just didn't include them on the install DVD.

And I could have tuned the system so that Debian would have managed the power better. It just wasn't worth the effort fiddling around. So I re-installed Ubuntu.

The point, however, was that WiFi isn't yet flawless under Linux. Ubuntu seems to do a pretty good job of it, but Ubuntu isn't the same as Linux. (Debian and Fedora have better claims than Ubuntu, despite Ubuntu's popularity.) I'll agree that someone so inclined and properly skilled should be able to set up WiFi on a current Linux system, but this doesn't make it ready for the general user. Only a few distros even *try* to fill that niche. Of those that do the most prominent is Ubuntu. It does a pretty good job.

Personally, I don't like fiddling with my system. I abominate the interface of KDE4, enough so that I switched to Gnome, even though KDE3 was far superior to either of those choices. But I didn't try to keep KDE3 working. That's not where I put my energies. And if Gnome3 turns out to be just as bad, I'll switch to LXDE or some such. There are plenty of Window managers. I happen to find KDE3 the best, but that doesn't mean I feel like maintaining it when the developers have left. That's not where I want to put my energies. (I note that a few people *are* putting there energies there. They have my best wishes. I hope they are successful. But I'm still not putting my energies there. For one thing, I don't currently have the proper skill-set. For another, it's a HUGE!!! task. Qt3 will soon [if not yet] be unsupported. So the system will need to be moved to Qt4. A minor task for a single program. But for ALL the programs???)

A lot of responses here keep pointing to I2P

[Burz]

...or something a lot like it. Ive been using I2P for over a year and the more censorship and surveillance fiascos I see in the news the more invaluable it seems.

1. 'The issue is due process.'

What about coping with an absence of due process? What about communicating and organizing around the need for due process? You need a way around centralized control in the first place in order to bring pressure to bear and undermine establishment false propaganda.

2. 'DNS is being abused and IP addresses blocked'

Some anonymous networks like I2P overlay a virtual mesh topology over the Internet's topology of centralized control points. Each I2P node employs onion-like routing and uses public keys as addresses. Though the popular DNS services on I2P could censor domains, access to the addresses cannot be blocked (and its easy to change to a different DNS provider anyway)... plus even physical eviction from a real-world uplink and IP address cannot make you give up your I2P key address (you always keep your same I2P identity until you alone erase/replace your key).

3. 'A certificate cartel is abusing their power'

See #2 above. On a net like I2P, your net address is a crypto-verified identity as well. A side-benefit is that all links (except proxies leading outside the I2P net) are secure.

4. 'Use Freenet'

Freenet tends to lack in speed and in the types of applications you can use it for. I2P is like an anonymized Internet, flexible and relatively quick. Also see this post that contrasts Tor with I2P.

5. 'Use P2P DNS'

If the P2P DNS project believes a central authority is required for their vision, then they can still be taken out by a government or small group of governments. OTOH, their central authority over I2P could be a nice backup to the simple and switchable I2P DNS.

Further, even sites and users that have been removed from I2P's usual DNS sites can still participate in P2P applications like bittorrent.

Re:A lot of responses here keep pointing to I2P

[Burz]

I suppose that's a downside for some people. But I find it runs well on a used mini-PC (which is probably the best kind of home server to have anyway).

Too easy...

[g0bshiTe]

http://216.34.181.45/ DNS averted.

Re:FBI and Counterfeits

[snookerhog]

when I complained to eBay about the counterfeit DVD that I recieved, they responded by immediately shutting down the seller and refunding my purchase in full. I even got to keep the knock off Sopranos collection from China.

no complaints from me about eBay service.

reroute around DNS

[zakeria]

so their method is to add hosts to a domain name? lol hilarious

People keep saying there was no due process?

[stewski]

OK this is DNS and the internet, Due process by whom under what laws? The US is not the internet, removing names against IP address is not the place of any one country.

What about the reverse zone?

[DeadBeef]

How about putting an A or AAAA record in a reverse DNS zone, so your site ends up looking like http://2.0.192.in-addr.arpa/ or whatever. There is no registry involved with the delegation of those reverse zones, so it would be alot more difficult for anyone to interfere with it.

Re:What about the reverse zone?

[Skapare]

It could be interfered, but it would be harder. They'd have to track down the ISP. If the ISP is in another country, it's even harder. OTOH, lots of ISPs don't set up their reverse DNS.

A workaround?

[tombeard]

Maybe a wizard can supply the details, but it seems we could just host our own DNS file. I would think it could be set to allow review and rollback.
You know eventually the governments will take control over "the internet". The opportunity to monitor our transactions, email, IM, books, video, music, news, comments etc. is irresistible to them. We may as well start building darknet now (or send me an invite if I'm late).

Why DNS at all?

[joh]

Of course, you're going to need some kind of DNS. Things will only get worse when IPv6 gets going.

Why do you need some kind of DNS actually? Do you have DNS for phone numbers? You don't, you just have phone numbers you'll never remember and you don't have to because your phone does that for you.

DNS is overrated. With IPv6 and no shortage of adresses the only ones who *need* DNS are those who badly want you to remember their spiffy domain names, so they can put it an ads.

But of course doing away with DNS wouldn't change anything. If your IP gets grounded, you're fucked anyway and you can't host your stuff elsewhere then and just point your domain name there.

The problem is not a technical one and there won't be a technical solution to it.

Re:Why DNS at all?

[nine-times]

DNS is overrated. With IPv6 and no shortage of adresses the only ones who *need* DNS are those who badly want you to remember their spiffy domain names, so they can put it an ads.

Ok, without looking, what's the IPv6 address for Slashdot? What's that you say, you'll just google it? What's the IPv6 address for Google, then? Ok, you don't know, so you'll write it down. But what do you do when Google changes the location of their datacenter and the IP address for google.com changes?

These problems may not be insoluble, but it's likely that any solution will look something like DNS.

Re:Why DNS at all?

[SuricouRaven]

I've seen systems that allow for an updateable, verifiable address. Freenet uses something like that. Basically the addresses are signed and have a version number - the person who holds an address can put out a redirect, and if they are signed with the same key, the redirect overwrites the original. These addresses are very unweildy for human use though, long strings of uuencoded keys. Good for use on Freenet, but not so much elsewhere.

DNS also provides a level of confidence via lawsuit, too. If you go to www.yourbank.com, you can be sure it's actually the site of your bank - because if anyone else had purchased it, your bank would doubtless have sued them for trademark infringement and probably fraud too. This works for any sufficiently large, successful company.

for those who don't want to click...

[KingAlanI]

for those who don't want to click, that's simply the IP for slashdot.org itself.

Interestingly, the Firefox URL bar displayed "http://slashdot.org/" once I actually went to the link.

Re:for those who don't want to click...

[diamondmagic]

That's /. sending an "HTTP/1.1 301 Moved Permanently" header with "Location: http://slashdot.org/"
You would need to edit your /etc/hosts file.

Re:for those who don't want to click...

[KingAlanI]

interesting; looking for those things isn't my level of knowledge/interest. :)

Every IP address has a number

[Skapare]

... like this: http://3626153261/

How about a lazier solution?

All this P2P and encoding crap, but nobody thinks to simply archive the last valid result!

I call it the WHOIS Wayback Machine. If you think a particular site is at risk, submit it to all the WWMs you know of and let them do a lookup every week or so and permanently archive the results. When a domain get seized, look up the last valid IP, edit your HOSTS file, go to the site, and update your bookmarks with the new URL.

This could also be done locally for sites you frequently visit. Anyone want to code the browser extension? Heck, it's probably already been done.

Re:ice you can download up to date hosts though

[icebraining]

Once a month! Do you really think that's enough? DNS records change all the time. Not all of them, but enough to make that list obsolete in a couple of days.
To be effective, you'd have to download the diff off that hosts file every hour or so, which would make it almost like DNS, except with less features (like MX records and such).
Hosts files are fine for ad-blocking and such, it's not a good system for normal name resolving. And if you try turning it into one, you rewrite the wheel.

Churchil paraphrased

[ThatsNotPudding]

The US a terrible example of a world power - except the others are far worse.

forbidden planet?

[airdrummer]

i think this shows we've already created our own monsters of the id...

Re:I update my custom HOSTS file once a day here

[icebraining]

This story is about "Beating Censorship By Routing Around DNS" and you talk about malware and favorite websites. Sigh. Why do I still reply?

This is NOT about blocking websites, in fact it's about PREVENTING from being blocked. And no, the Hosts file is NOT a good replacement for DNS. In fact, the DNS was invented to surpass the limitations of the Hosts file, which already existed.

And by the way, OpenDNS - at least the free version - is a shitty service, as it returns valid responses to non-existent domains, breaking the protocol.
this-domain-does-not-exist-stupid-opendns.com. 0 IN A 67.215.77.132

Re:I cover that though, & more icebraining (st

[icebraining]

(DNS has seen either bugs like the Kaminsky flaw, and others too, which there have been more than just one, & redirection poisoning? It STILL happens -> http://www.theregister.co.uk/2010/11/26/secunia_back_from_dns_hack/ & even "gets the best of" security pros, as happened to SECUNIA.COM last week)

That didn't affect ME though! Why/How?? Simply due to my use of HOSTS files hardcodes of my fav. sites into my HOSTS file, as I noted in my init. posts here you replied to & others this past 2-3 weeks now in which you & I have discussed this before already!

I.E. -> I reached the actual site for SECUNIA.COM when it was redirect poisoned in DNS, NO PROBLEM, & I didn't have to wait for subordinate DNS servers to get the CORRECTED updated propogation of the IPAddress4SECUNIA.COM to its Domain/HOSTS name either. I was there all week correctly due to hardcodes of FAVS in a HOSTS file (double-verified by PING & WHOIS also on these)))

And how did you get Secunia's IP address in the first place, to put in Hosts? And what if it was your first visit to Secunia?

I never said the Hosts file wasn't useful. I said "it's not a replacement for DNS". Using both is NOT an argument against what I said.

I covered that though, with hosts file hardcodes of your fav. sites' IPAddress - to - URL equation... did you "skim" over that?

So that works for the what, dozen of websites you can manually manage and update? What about the millions that you haven't even accessed before, all of which can be blocked before you try to access them?

Which is why I also note I use ScrubIT & alternate it with OpenDNS... if that's invalid? It's going to have to be updated & have it propogate to all subordinate servers is all (kind of like the ISSUE SECUNIA.COM saw: There was "lag time" in updates to subordinate recursive DNS servers, for their CORRECT IPAddy-to-HOST/DOMAIN name resolution updates in the DNS record).

OpenDNS isn't slow to progagate. OpenDNS forges results to show you advertisement when you "mistype" the domain. Or do you think that "this-domain-does-not-exist-stupid-opendns.com" actually exists?

P.S.=> You've just pointed out a flaw in DNS right there, mind you... thanks, you're only helping me make a stronger point for the case of using HOSTS files in fact, in doing so... your point along with the hassles in DNS I put up above? It's HOSTS files all the way for better speed online, more security, & even added "anonymity"... & you want to read this too, I think:

No, I didn't. You just have to choose a DNS server that doesn't suck. Oh, and I get speed using a caching DNS resolver, no need to manually manage domains.

I do use Hosts, for a couple fake domains I use. It's useful. It's NOT a replacement for DNS.