Slashdot Mirror
Beating Censorship By Routing Around DNS
jfruhlinger writes "Last month, the US gov't shut down a number of sites it claimed were infringing copyright. They did it by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference — and now a number of projects have emerged to bypass DNS entirely."
People tolerated the US controlling ICANN because we were viewed as impartial, or at least less partial than an international organization. But this raises considerable doubt as to whether or not the US should still be allowed that level of control. Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries, to throw that away now so that we can preserve a dieing industry is troubling to say the least.
There's always the old stand-by: the hosts file.
The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.
The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.
HTML is obsolete. It's time for a new, simpler and richer markup language.
...is govt mandated DNS servers. You go thru theirs, so that can track every hostname you resolve and presumably visit, or if you try to circumvent then that'll become a crime.
Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries,
Historically, meaning what? thirty years ago? Now we have special places where you can go to protest and no one will have to hear you. We have laws against saying bad things about food, for crying out loud. Free speech is for the rich. If you own a media empire, you have some semblance of free speech. Otherwise, you only have freedom of speech until you say something that someone with money and/or power doesn't like.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
As has been noted elsewhere, a number of the sites seized were, in fact, quite legitimate ones.
Bypassing due process is quick and cheap in the (very) short term, but an expensive disaster over the long haul.
I'd put money on it that somewhere in Amazon's thousands of listings there are a handful of counterfeit or pirated goods. Should the DNS providers go along with a government order to have Amazon de-listed? You might argue that these sights knew what they were doing and Amazon does not, but I would respond with the argument that there should be some due process there, not just a random bureaucrat making the decision.
most sites share a numeric IP with many virtual hosts. in that case, you need to put the desired host header field into your http request.
Instead of re-inventing the wheel Why not try out a existing darknet in the form of Freenet http://freenetproject.org/ or i2p http://www.i2p2.de/
the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods.
Wrong. The article says that the "ICE said" that these sites were "engaged in the illegal sale and distribution of counterfeit goods and copyrighted works". These are allegations, not "facts". Preponderance of evidence proving a crime has been committed is accomplished only through proper due process. There were no references to a court order, no references to a court trial, nor any reference to admittance of a crime. It is apparent to me that the DNS redirects were accomplished under duress of an executive agency without judicial oversight:
The seizures were accomplished by getting the VeriSign registry, owner of the .com and .net top-level domains, to change the authoritative domain-name servers for the seized domains to servers controlled by DHS.
I would call this unconstitutional, regardless of any supposed law that may be reference to the contrary. If these actions were done under a court order with judicial oversight accomplished through a supportive affidavit of the specific crime and specific circumstances, it would be different.
At this point in time, it is simply one government agency (or rather a group of related agencies), all this is is the effective removal of someone's publication of information. Until the judiciary orders its removal, it is nothing less than censorship.
We won't even go into the allusion in the article that the government is apparently deceptively redirecting site traffic to its own servers.
a government with properly issued warrant shutting down websites.
I think the issue here is that the only reason people were generally ok with letting the US have that level of control was that they weren't supposed to kill access to a website for everybody on the planet simply because it was breaking a law in one country.
Arguments like "but it's located in the US, so it has to follow those laws" don't really work here since the whole point was that it wasn't supposed to be controlled by any one country, but it was too much of a hassle to make it properly international as long as the US behaved.
One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing.
I would have kneejerk replied "try the web of trust", but that's under attack as a consequence of the actions of the U.S. Transportation Security Administration. The OpenPGP global web of trust relies on some users traveling hundreds of miles to key signing parties so that they can extend the web of trust by meeting well-known people living far from them. Otherwise, if Alice is trying to communicate with Bob, but nobody living near Alice has gone to a key signing party with someone living near Bob, they can't verify each other's keys. But the TSA with its "Rapist-scan" backscatter machines and "gate rape" pat-downs is making it hard to travel such distances.
Unless you try to protest at a political rally and refuse to go to your assigned Free Speech Zone out back by the dumpsters. But technically, you are right. You won't be arrested for 'speaking out.' You will be arrested for disturbing the peace or some other trumped up charge.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Says the guy who evidentally doesn't realize DNS is more than just a simple name-IP mapping scheme.
DNS is what allows your email client to figure out who the mail exchanger is for a domain. Without it, email wouldn't work.
DNS allows for failover and round-robin load balancing for services.
DNS and the Host header make HTTP virtual hosting possible.
Dynamic DNS allows one to have a constant, logical name, even if an underlying IP is changing.
I'm sure there are many others... these are just the first few that immediately come to mind.
We used to have various other systems to find the IP address of a host that we knew was out there (Archie?)
Standard NIS, still shipped on nearly every unix/clone can serve/receive hosts files, and a tweak of the nsswitch.conf file can make it precede DNS.
Completely clean? The companies are not run out of the US. Would it be illegal buy a billboard and put come to something that's illegal in your is legal here? By that logic the Indian casinos should not be able to advertise outside of there res since gambling is generally not legal elsewhere? Should we seize there domain names?
No sir I dont like it.
How about putting an A or AAAA record in a reverse DNS zone, so your site ends up looking like http://2.0.192.in-addr.arpa/ or whatever. There is no registry involved with the delegation of those reverse zones, so it would be alot more difficult for anyone to interfere with it.
I am a lawyer and this constitutes legal advice and I shall indemnify you against any losses arising from taking it.
Maybe a wizard can supply the details, but it seems we could just host our own DNS file. I would think it could be set to allow review and rollback.
You know eventually the governments will take control over "the internet". The opportunity to monitor our transactions, email, IM, books, video, music, news, comments etc. is irresistible to them. We may as well start building darknet now (or send me an invite if I'm late).
The reason we subjugate ourselves to law is to better procure justice. If law does not accomplish this purpose then it m
... like this: http://3626153261/
now we need to go OSS in diesel cars
While you're not wrong, per se, you do seem to be a bit behind the times...
And every single one of your "counter-arguments" is absurd. Why did you even bother? I mean, really, you couldn't spend the time to come up with something at least seemingly lucid? I mean, really...
If you think email is going away, you're delusional.
If you think DNS isn't used for round-robin load-balancing and failover, you haven't resolved www.google.com... ever.
If you think "Virtual hosting sucks" and that "That could stop and only the providers would notice or care", you live in a fantasy world.
All this P2P and encoding crap, but nobody thinks to simply archive the last valid result!
I call it the WHOIS Wayback Machine. If you think a particular site is at risk, submit it to all the WWMs you know of and let them do a lookup every week or so and permanently archive the results. When a domain get seized, look up the last valid IP, edit your HOSTS file, go to the site, and update your bookmarks with the new URL.
This could also be done locally for sites you frequently visit. Anyone want to code the browser extension? Heck, it's probably already been done.