Coders Develop Ways To Defeat SOPA Censorship

Hugh Pickens writes "The Atlantic reports that one developer who doesn't have much faith in Congress making the right decision on anti-piracy legislation has already built a workaround for the impending censorship measures being considered, and called it DeSOPA. Since SOPA would block specific domain names (e.g. www.thepiratebay.com) of allegedly infringing sites, T Rizk's Firefox add-on allows you to revert to the bare internet protocol (IP) address (e.g. 194.71.107.15) which takes you to the same place. 'It could be that a few members of Congress are just not tech savvy and don't understand that it is technically not going to work, at all,' says T Rizk. 'So here's some proof that I hope will help them err on the side of reason and vote SOPA down.' Another group called 'MAFIAAFire' decided to respond when Homeland Security's ICE unit started seizing domain names, by coding a browser add-on to redirect the affected websites to their new domains. More than 200,000 people have already installed the add-on. ICE wasn't happy, and asked Mozilla to pull the add-on from their site. Mozilla denied the request, arguing that this type of censorship may threaten the open Internet."

Re:How Is This an Add-On?

[arth1]

What's to stop me from entering the IP address without the add-on?

Several things.

First, you have to know the IP address. The point of one of the the plug-ins, as far as I understand it, is that it automatically gets the list of known seized host names and IP addresses for you.

Second is that entering the IP manually presumes that an IP address only has one web host on it. This is far from true - with dynamic hosting, lots of domains share the same IP address. It's by the browser sending "Host: www.somewhere.foo" in the header of the request that the web server knows which host's content to serve you. "Host: NNN.NNN.NNN.NNN" is likely only going to give you the hosting provider's web page, or even just a generic "Welcome to Apache" page for those who haven't configured it.

Oh, and third, have fun entering IPv6 addresses that way...

Re:How Is This an Add-On?

[arth1]

Nothing prevents a plugin from sending additional HTTP headers (e.g. the Host: header) once the TCP connection has been established to the IP address. No DNS intervention is needed for this.

Um, you didn't read the post I was replying to, did you? That was exactly my point - a plugin can do that, but manually entering the IP address instead of using a plugin won't.

And no, the Host: header isn't an additional header - it's a required header (for HTTP/1.1 and above). So a plugin have better replace the Host header that the browser sets, not add one.

Re:IP-level blocks

[cpghost]

Wait. Did you just state that there was a way to reliably block sites, sarcastically wish people luck, and then parenthetically note how to defeat your invented scenario?

It may look paradox, but that's exactly how it is because that's the way routing in IP backbones is working. Suppose e.g. that your provider is Level-3 based, and Level-3 withdraws the BGP route to TPB to comply with SOPA. However, TPB can also connect to another tier-1 backbone that doesn't filter out its routes. You, behind Level-3 won't be able to access TPB directly, but via proxies, you could exit Level-3 and reach that other backbone, hence reach TPB. Of course, that scenario is more something for techies as it requires constant updating of alternative routes, but the 99.99% of the masses won't be able to circumvent Level-3's IP-level block, and that's all the MAFIAA cares about.

asymmetrical warfare

[Phoenix666]

This is asymmetrical warfare in cyberspace, except all the resources of congress don't count for squat here. Even a small group of motivated and skilled hackers can defeat anything congress can throw at them because congress has no conception of how technology works. Even the contractors they hire are not skilled (ever see a government IT project?). FBI? Please, would a skilled programmer work on cool stuff in the free market for more than six figures or for $50K and more bureaucracy and drudgery than you can shake a stick at at the FBI? Let's stop propagating the "government is omnipotent" meme.

Incidentally the Berlin Wall didn't fall for the reason you stated. I was there then. It fell because Hungary and Czechoslovakia stopped closing their borders to Austria and thousands of East Germans decided to "vacation" there. They crossed over, caught a bus north and hey presto were in the west. East Germany couldn't stop them because of warsaw pact treaties and because russia under gorbachev wouldn't change them. So the government of erich honneker destabilized, was replaced with egon krenz, who in a bid to stop the whole country emptying out opened the wall so easterners could visit and come back. That is why it fell.

Re:Good move

[Blue+Stone]

A custom HOSTS file is all well and good, but doesn't take into account the type of censorship that's currently happening in the UK, with BT and SKY, with the Great British Firewall.

Both ISPs have instituted a blockade on Newzbin using BT's Cleanfeed, which acts as a transparent proxy between the user and the server. Typing in the IP address results in a timeout. Using OnpenDNS or Google's DNS results in the same issue.

If and when the US pro-censorship copyright cabals lobby for such a technological measure, a custom HOSTS file won't work.

Re:IP-level blocks

This is incorrect, at least for Turkey. The Turkish internet filter system is opt-in only. You have to tell your ISP that you want content filtering enabled. The filter system used to be enabled by default, but it caused too many issues and unfiltered is now the new default for internet services. Second, on both filtered and non-filtered systems VPN is never blocked. Finally, the filter systems are only available to cabled networks. Mobile internet (at least from Avea) has no filtering. I checked by accessing known PKK terrorist related material, thepiratebay, and pornhub. All are blocked on filtered system.

Here's the conspiracy part. The filter system is encouraged as a "family safety feature" and promises customers that illicit materials such as pornography will be blocked for the safety of their kids. Upon further inspection, politically sensitive materials and other sites are arbitrarily blocked. The opinion here is that they are trying to trick people into opting-in to CENSORSHIP not filtering.

Finally, this post was done over VPN. Now, if the government believes they have VPN blocking and can filter anything on demand. Well, they are grossly incompetent if that is the case, or providers don't give a shit and are not implementing it correctly.

With love from Turkey.

Response from my senator

[Pawnn]

The other day I decided to send a note to my senator urging him not to pass SOPA.

Here's the response I got. It made me sad.
Dear Joshua,

Thank you for contacting me regarding S. 968, the Protect IP Act.

Intellectual property industries employ more than 19 million people, making it an integral part of our economy. Rogue websites dedicated to the sale and distribution of counterfeit goods and pirated content are a direct threat to these jobs and to entrepreneurs growing and building legitimate businesses online.

Businesses have lost $135 billion in revenue annually as a result of these rogue sites. Customers have also been harmed by these sites; for example, online pharmacies that don't adhere to U.S. regulations have been reported to cause a rapid increase in prescription drug abuse.

I am a cosponsor of the Protect IP Act which would cut off foreign websites dedicated to counterfeiting and piracy that steal American jobs, hurt the economy, and harm customers. It would allow the Justice Department to file a civil action against those who have registered or own a domain name linked to an infringing website. The bill does not allow the Justice Department to target domain names registered by a U.S. entity.

Innovation is a cornerstone of our nation's economic growth. Proper intellectual property protections and incentives ensure that inventors develop products that benefit consumers. Without such incentives for innovators, we risk falling behind places like China and India.

Again, thank you for contacting me. I look forward to continuing our conversation on Facebook (www.facebook.com/SenatorBlunt) and Twitter (www.twitter.com/RoyBlunt) about the important issues facing Missouri and the country. I also encourage you to visit my website (blunt.senate.gov) to learn more about where I stand on the issues and sign-up for my e-newsletter.

Sincere regards,
Roy Blunt United States Senator