Slashdot Mirror
Coders Develop Ways To Defeat SOPA Censorship
Hugh Pickens writes "The Atlantic reports that one developer who doesn't have much faith in Congress making the right decision on anti-piracy legislation has already built a workaround for the impending censorship measures being considered, and called it DeSOPA. Since SOPA would block specific domain names (e.g. www.thepiratebay.com) of allegedly infringing sites, T Rizk's Firefox add-on allows you to revert to the bare internet protocol (IP) address (e.g. 194.71.107.15) which takes you to the same place. 'It could be that a few members of Congress are just not tech savvy and don't understand that it is technically not going to work, at all,' says T Rizk. 'So here's some proof that I hope will help them err on the side of reason and vote SOPA down.' Another group called 'MAFIAAFire' decided to respond when Homeland Security's ICE unit started seizing domain names, by coding a browser add-on to redirect the affected websites to their new domains. More than 200,000 people have already installed the add-on. ICE wasn't happy, and asked Mozilla to pull the add-on from their site. Mozilla denied the request, arguing that this type of censorship may threaten the open Internet."
So it's like MafiaaFire/FireIce for SOPA, just like a little custom HOSTS file in the form of a browser addon.
Technically not brilliant but a good political move, to demonstrate the futility of this legislation.
"When information is power, privacy is freedom" - Jah-Wren Ryel
If SOPA passes, this might actually make me switch back to Firefox from Chrome. Of course, I'd have to download the plugin before it got stomped by a SOPA claim.
Honestly, there really is no way to stop people from getting around every roadblock you put down. Walls can only stretch so far. The only way to prevent them from doing what they want is to either destroy the internet or kill everyone in the country. The first could even be worked around with possibly WiFi meshes or usb drop locations.
If the government decides to do the second, well, can't exactly get around that when you're dead.
If meddling with DNS doesn't work, network operators will simply be forced to block at the IP level, e.g. by withdrawing the BGP routes to the censored sites. Good luck circumventing this kind of blocking (still possible with proxies, and maybe distributed anonymous p2p proxies, but a nuisance anyway).
cpghost at Cordula's Web.
Or maybe now we'll see the race to buy "easy" IP addresses. "Visit us at 12.34.56.78".
Now, thinking again, that could actually halt the long-awaited migration to IPv6. Who'd like to see an ad like "find our products at http://200147023aef0/. Please remember the square brackets or you won't reach our website. And the double colon between 470 and 23. Unless you want to fill the omitted zeroes."
Guess who will win?
Please do not read this sig. Thank you.
What's to stop me from entering the IP address without the add-on?
Several things.
First, you have to know the IP address. The point of one of the the plug-ins, as far as I understand it, is that it automatically gets the list of known seized host names and IP addresses for you.
Second is that entering the IP manually presumes that an IP address only has one web host on it. This is far from true - with dynamic hosting, lots of domains share the same IP address. It's by the browser sending "Host: www.somewhere.foo" in the header of the request that the web server knows which host's content to serve you. "Host: NNN.NNN.NNN.NNN" is likely only going to give you the hosting provider's web page, or even just a generic "Welcome to Apache" page for those who haven't configured it.
Oh, and third, have fun entering IPv6 addresses that way...
"So here's some proof that I hope will help them err on the side of reason and vote SOPA down"
Eh... no. If the war against drugs/piracy/terrorism has taught us anything, it is that if the law makers were made to understand that it won't work, they would just try more draconian measures.
By all means, petition them in terms of freedom of speech, cost or restricting innovation, arguing that "The more you tighten your grip, the more star systems will slip through" will simply make them tighten their grip further.
Nothing prevents a plugin from sending additional HTTP headers (e.g. the Host: header) once the TCP connection has been established to the IP address. No DNS intervention is needed for this.
cpghost at Cordula's Web.
Nothing prevents a plugin from sending additional HTTP headers (e.g. the Host: header) once the TCP connection has been established to the IP address. No DNS intervention is needed for this.
Um, you didn't read the post I was replying to, did you? That was exactly my point - a plugin can do that, but manually entering the IP address instead of using a plugin won't.
And no, the Host: header isn't an additional header - it's a required header (for HTTP/1.1 and above). So a plugin have better replace the Host header that the browser sets, not add one.
I suspected someone would do this since they were basing blocking on domain. essentially SOPA will kill DNS.
people will begin passing raw addresses/ports to each other and you will end up with another dark-net, one where there are no domain names or to access it you have to get a hold of a domain file for a plug in.
soon there will be sites dedicated to the pirate DNS then there will be assholes who distribute bad DNS files leading to pages with drive by attacks. peges will be fighting over their old domain names since there will be no registrar for this dark net.
this security issue will likely push the P2P DNS efforts already in place.
Heh... I was actually musing about how to do this with music. After all, there are only so many combinations of notes - why not have computer programs just generating all possible single measures, then all possible combinations of those measures, and publishing them all online with a claimed copyright? (In the US at least, you don't have to spend money to register a work to obtain a copyright - you actually inherently have the copyright. Registering does have benefits though - but it's not required.)
Essentially, beat them at their own game. (And at the same time prove the silliness of it all. You could probably do the same with works of text as well by using a grammar generator to get legitimate sentences.)
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
Most PEOPLE don't have even a clue as to how the internet in general works. Honestly the lack of education with these idiots is staggering.
FTFY. Ok, but not everybody gets to decide on internet encumbering laws either, but this is the same kind of thing that happens all over the place. Crazy policies made up by pointy haired bosses that network admins need to implement, even though they don't accomplish much to anybody remotely educated in how these things work. But it stops most people . I have a neighbor, who isn't the most tech savvy person, but isn't someone I would consider completely computer illiterate either. He was telling me about this BitTorrent thing his friend just showed him. I've been using that for 7 years, and people are just now discovering this. It's like somebody walks up to me, and says, hey, did you know you can send Instant Messages to people on the internet. If they block DNS for these sites, I can bet that will stop 99% of people from accessing the sites, because most of them frankly wouldn't even know what to type into Google to solve their problem. And whatever thing they are likely to type into Google will be link farmed by scammers to get them to install virus/malware/trojan so that they can get their precious torrents.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
This legislation, combined with the recent domain seizures by ICS, highlights a weakness in the current DNS system: it's far too centralized and way too subject to censorship by governments. Rather than individual, browser-based workarounds, we need a completely new DNS system that is based on some form of distributed computing and lacks a central point of failure. Given the presence of existing protocols like BitTorrent, Tor, and Bitcoin, this should be possible to do.
My sources tell me that the real evildoers are using the same ICMP technology server side or in transit to discover whom is actually attempting to visit said forbidden servers; This new technique is dubbed: Internet Control of Users Protocol (ICUP).
The resistance is responding by creating a decentralized content store: HTTP over BitTorrent.
You misunderstand. I wasn't saying that generic Internet access is impossible in those countries. Even porn in countries like Iran isn't something that's hard to get. What is really, really hard to get is an Internet connection that won't prompt the visits of various burly men in street clothes if you decide to talk about how much better the country would be under a new political system.
VPN proxies are nice, but are the first things to be stopped when things get hairy (and yes, I also have friends in the countries I listed - except NK).
Finally, you are also operating under the assumption that countries won't be able to cooperate on these matters. Look at the US: it's implementing the same technologies that the most repressive countries are implementing. Yes, the goals are still somewhat different, but I can guarantee you that once these legal structures are available in all countries, the Internet will not be able to route around damage, because the damage will be applied to the entire Internet.
Read Lessig's book Code is Law. It makes the interesting observation that code is law - and that consequently, law is code.
The only alternatives will be encrypted darknets, private nets and other things, but those are not the Internet anymore.
Those who can, do. Those who can't, sue.
This. I wonder if the govt will be publishing a list of banned domains and IP addresses, so the cycle from blocked to unblocked could be fully automated...
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
After all, there are only so many combinations of notes
Yeah, have you worked out just how many? Assuming 4 bars of quarter notes and using one chromatic octave (12 notes) and rests: 665,416,609,183,179,841 permutations. And that's only tiny proportion of all realistic possibilities.
Brain surgery - it's not rocket science!
This is asymmetrical warfare in cyberspace, except all the resources of congress don't count for squat here. Even a small group of motivated and skilled hackers can defeat anything congress can throw at them because congress has no conception of how technology works. Even the contractors they hire are not skilled (ever see a government IT project?). FBI? Please, would a skilled programmer work on cool stuff in the free market for more than six figures or for $50K and more bureaucracy and drudgery than you can shake a stick at at the FBI? Let's stop propagating the "government is omnipotent" meme.
Incidentally the Berlin Wall didn't fall for the reason you stated. I was there then. It fell because Hungary and Czechoslovakia stopped closing their borders to Austria and thousands of East Germans decided to "vacation" there. They crossed over, caught a bus north and hey presto were in the west. East Germany couldn't stop them because of warsaw pact treaties and because russia under gorbachev wouldn't change them. So the government of erich honneker destabilized, was replaced with egon krenz, who in a bid to stop the whole country emptying out opened the wall so easterners could visit and come back. That is why it fell.
Do what you can, with what you have, where you are.
Actually there is a new organization responsible for that, and your "ICUP" is nearly on target. It's still a small group, but the 2 girls involved have a homepage... oops sorry I can't locate it. But Google should be able to help you.
Yes, but only so many of those combinations "sound good" - you can probably algorithmically eliminate ones that would make no sense. After all, the goal would be to "protect" the good music, not the "noise."
Rules of music theory are simple enough to dramatically reduce the number of combinations.
(I never said such a thing would be practical, just that it would be theoretically possible. I actually got the idea from the little short story about "society that never forgets" and the unintended consequences of indefinite copyright.)
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
You're not wrong, but this guy also seems to think better of his addon than he really should.
His little addon works, at least somewhat, for those sites with a single static IP. It fails at doing anything about the millions and millions of websites, and probably the majority of sites that a bill like SOPA would seek to eliminate, that run on vhosts behind a single IP. Going to the IP of the domain I use for email and as a homepage gets me a wonderful Apache error message; with other hosts, it likely gets a nice little advertisement for the host. He does mention this on the Addon page. However his response is basically "then they should buy a static IP and be compatible with DeSopa!" Well, good luck with that. Those people who haven't found a need for one yet aren't going to suddenly do so now. At least not in appreciable numbers.
Beyond that, I wonder if all functionality works even for sites this would help. Just as an example, do cookies still get forwarded to the site and received from the site properly? If my browser can't resolve the domain properly it may refuse to accept or send back those cookies, meaning any site that requires them to function (a depressing number overall, but maybe not among websites likely to be targeted by SOPA) is still useless. It looks as though the addon functions by simply going "oop, thepiratebay.com -- let's redirect to 1.2.3.4 instead" rather than act as a kind of mini-DNS that actually tries to intercept the lookup and return the IP (which he says does not appear feasible due to a lack of hooks--sounds accurate enough).
The biggest thing, though, is simply that he gets caught up in the same thing that a lot of geeks do: SOPA is a clearly imperfect piece of legislation so it's not worth doing*. It's relatively easy to bypass, I admit--just change DNS servers to somewhere that doesn't give two shits about SOPA--but how many people know how to do that? How many people even know that it can be done? If this blocks even a third of people who would otherwise use these sites, isn't it a huge success from the perspective of the people who want this legislation?
SOPA is an abomination, and it is likely not going to have any effect on anybody who reads Slashdot or similar sites. It may not affect those peoples' family and friends. It will have an effect, and for no cost and little effort from the people who want it passed. They don't need perfection. And the cynic in me supposes that once it gets passed, the RIAA and MPAA and those groups will march back to Congress and say "people are bypassing your law, you need to mandate that ISPs filter DNS requests that go outside their servers!" and a new, even bigger abomination will be passed with considerably less effort in the name of "closing loopholes" and enforcing already-passed legislation, with little debate as to the merits of the new OR previous legislation.
Should he and people like him still make their addons and other programs to help bypass SOPA? Yes, absolutely. They just shouldn't stand around tooting their horns about how this will teach Congress a lesson about how it is technically infeasible to enforce. They don't give a shit if there are workarounds. The real effort should be in stopping idiocy like this from becoming law in the first place, and I hope they are at least involved in that area as well.
* From the perspective of those who want to do it. I do not think it's worth doing at all; I in no way support it.
I explained the DNS to my aging father in a matter of minutes. It's not hard to understand the basics.
How can our lords and masters not understand the basics?
"Dad, it's like the phone book. You look up the name of the person/website, and to the right it displays the phone number/IP number. IP numbers are just like phone numbers; every computer on the internet has one"
So that took all of 10 seconds, not the minutes I first said.
How can our lords and masters not understand the basics?
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
The other day I decided to send a note to my senator urging him not to pass SOPA.
Here's the response I got. It made me sad.
Dear Joshua,
Thank you for contacting me regarding S. 968, the Protect IP Act.
Intellectual property industries employ more than 19 million people, making it an integral part of our economy. Rogue websites dedicated to the sale and distribution of counterfeit goods and pirated content are a direct threat to these jobs and to entrepreneurs growing and building legitimate businesses online.
Businesses have lost $135 billion in revenue annually as a result of these rogue sites. Customers have also been harmed by these sites; for example, online pharmacies that don't adhere to U.S. regulations have been reported to cause a rapid increase in prescription drug abuse.
I am a cosponsor of the Protect IP Act which would cut off foreign websites dedicated to counterfeiting and piracy that steal American jobs, hurt the economy, and harm customers. It would allow the Justice Department to file a civil action against those who have registered or own a domain name linked to an infringing website. The bill does not allow the Justice Department to target domain names registered by a U.S. entity.
Innovation is a cornerstone of our nation's economic growth. Proper intellectual property protections and incentives ensure that inventors develop products that benefit consumers. Without such incentives for innovators, we risk falling behind places like China and India.
Again, thank you for contacting me. I look forward to continuing our conversation on Facebook (www.facebook.com/SenatorBlunt) and Twitter (www.twitter.com/RoyBlunt) about the important issues facing Missouri and the country. I also encourage you to visit my website (blunt.senate.gov) to learn more about where I stand on the issues and sign-up for my e-newsletter.
Sincere regards,
Roy Blunt United States Senator
Govts are restricting the internet with salami tactics. In Turkey you can find several levels of censhorship. Some you can circumvent with OpenDNS, others you need proxies/vpn. Then there is the opt-in censhorship of "internet profiles" such as "family internet" or "children's internet".
Every time they up the ante techies realized they could circumvent the effects rather easily, but many many more do not have the know-how.
So the most active knowledgeable users like us develop apathy because we are not really affected, therefore we stay passive, while for the vast majority of users the internet gets more and more restricted. Let's not fall for this complicity strategy.
https://dalgamotor.wordpress.com/ - Elektronik beyinlere ozgurluk asisi (Turkish)
You don't need to copyright all combinations, 12 sets of 3. The first, AKA a tonic, a third and a fifth. Like this; C, E, G. You have just copyrighted a C major chord. How many songs use a C major chord? Copyright all major and minor chords and you own most of western music.
Another day closer to redwood heaven
Sorry, forgot to close my bold tag, slashdot really should warn you about that.
It does. It's called the Preview button. Why the !@#$ proofreading went out of style, I don't know, but no-one's being forced to be stupid. It's a lifestyle choice.
"Tongue tied and twisted, just an Earth bound misfit
Yes, but using music theory, one could probably discount many of those that wouldn't be considered "music". You generally don't go back and forth between 4x whole and 1/128 notes repeatedly, and you generally don't go back and forth between the highest and lowest note in the octave repeatedly. You could probably stick to anythign between hole notes and and 1/16 notes, and get the majority of the song. Also, note that as far as copyright goes, changing the pitch of a song to a different key would still be considered the same song, as would playing the song at double speed. There may be a lot of combinations of notes, but not nearly as many would be musically distinct, and also considered music.
Where is Frank Zappa when we need him?
I don't have to be a baker to know the bread is stale, guy(s).
The soylentnews experiment has been a dismal failure.
Hmm... this just gave me an idea. VPNs stick out like a sore thumb... but shouldn't it be possible to run a stego VPN over, say, DNS? You could probably even do it pretty well over some AJAX-y persistent connection, where the encryption sits inside all the junk requests to refresh news from a news feed, etc. To make it work even better, have it distributed multipoint, so it looks like your VPN is actually visiting multiple boring sites. This has the added benefit that none of those endpoints has access to your complete datastream either; and using the right encryption scheme, it would be impossible for any single exit point to know anything about the stream other than the next hop destination.