Slashdot Mirror
Coders Develop Ways To Defeat SOPA Censorship
Hugh Pickens writes "The Atlantic reports that one developer who doesn't have much faith in Congress making the right decision on anti-piracy legislation has already built a workaround for the impending censorship measures being considered, and called it DeSOPA. Since SOPA would block specific domain names (e.g. www.thepiratebay.com) of allegedly infringing sites, T Rizk's Firefox add-on allows you to revert to the bare internet protocol (IP) address (e.g. 194.71.107.15) which takes you to the same place. 'It could be that a few members of Congress are just not tech savvy and don't understand that it is technically not going to work, at all,' says T Rizk. 'So here's some proof that I hope will help them err on the side of reason and vote SOPA down.' Another group called 'MAFIAAFire' decided to respond when Homeland Security's ICE unit started seizing domain names, by coding a browser add-on to redirect the affected websites to their new domains. More than 200,000 people have already installed the add-on. ICE wasn't happy, and asked Mozilla to pull the add-on from their site. Mozilla denied the request, arguing that this type of censorship may threaten the open Internet."
So it's like MafiaaFire/FireIce for SOPA, just like a little custom HOSTS file in the form of a browser addon.
Technically not brilliant but a good political move, to demonstrate the futility of this legislation.
"When information is power, privacy is freedom" - Jah-Wren Ryel
If meddling with DNS doesn't work, network operators will simply be forced to block at the IP level, e.g. by withdrawing the BGP routes to the censored sites. Good luck circumventing this kind of blocking (still possible with proxies, and maybe distributed anonymous p2p proxies, but a nuisance anyway).
cpghost at Cordula's Web.
Or maybe now we'll see the race to buy "easy" IP addresses. "Visit us at 12.34.56.78".
Now, thinking again, that could actually halt the long-awaited migration to IPv6. Who'd like to see an ad like "find our products at http://200147023aef0/. Please remember the square brackets or you won't reach our website. And the double colon between 470 and 23. Unless you want to fill the omitted zeroes."
Guess who will win?
Please do not read this sig. Thank you.
What's to stop me from entering the IP address without the add-on?
Several things.
First, you have to know the IP address. The point of one of the the plug-ins, as far as I understand it, is that it automatically gets the list of known seized host names and IP addresses for you.
Second is that entering the IP manually presumes that an IP address only has one web host on it. This is far from true - with dynamic hosting, lots of domains share the same IP address. It's by the browser sending "Host: www.somewhere.foo" in the header of the request that the web server knows which host's content to serve you. "Host: NNN.NNN.NNN.NNN" is likely only going to give you the hosting provider's web page, or even just a generic "Welcome to Apache" page for those who haven't configured it.
Oh, and third, have fun entering IPv6 addresses that way...
"So here's some proof that I hope will help them err on the side of reason and vote SOPA down"
Eh... no. If the war against drugs/piracy/terrorism has taught us anything, it is that if the law makers were made to understand that it won't work, they would just try more draconian measures.
By all means, petition them in terms of freedom of speech, cost or restricting innovation, arguing that "The more you tighten your grip, the more star systems will slip through" will simply make them tighten their grip further.
Nothing prevents a plugin from sending additional HTTP headers (e.g. the Host: header) once the TCP connection has been established to the IP address. No DNS intervention is needed for this.
cpghost at Cordula's Web.
Nothing prevents a plugin from sending additional HTTP headers (e.g. the Host: header) once the TCP connection has been established to the IP address. No DNS intervention is needed for this.
Um, you didn't read the post I was replying to, did you? That was exactly my point - a plugin can do that, but manually entering the IP address instead of using a plugin won't.
And no, the Host: header isn't an additional header - it's a required header (for HTTP/1.1 and above). So a plugin have better replace the Host header that the browser sets, not add one.
Point is not to prevent every single person. Just enough of them to kill momentum.
Point is to make it too bothersome for average person. Which this particular countermeasure is - it is hard enough explain how to torrents downloaded in ideal conditions.
The fact is that it can very easily switch even geeks. I seriously do not want to waste time researching latest blocking techniques and some more time geting around them.
If stuff behind lock was something i would not really want to spend money on, i do not bother getting it for "free" anymore anyway. If it is something that matters, actually buying it sounds much more economic.
Also, it helps to realize that world does not owe you free shit.
I suspected someone would do this since they were basing blocking on domain. essentially SOPA will kill DNS.
people will begin passing raw addresses/ports to each other and you will end up with another dark-net, one where there are no domain names or to access it you have to get a hold of a domain file for a plug in.
soon there will be sites dedicated to the pirate DNS then there will be assholes who distribute bad DNS files leading to pages with drive by attacks. peges will be fighting over their old domain names since there will be no registrar for this dark net.
this security issue will likely push the P2P DNS efforts already in place.
This legislation, combined with the recent domain seizures by ICS, highlights a weakness in the current DNS system: it's far too centralized and way too subject to censorship by governments. Rather than individual, browser-based workarounds, we need a completely new DNS system that is based on some form of distributed computing and lacks a central point of failure. Given the presence of existing protocols like BitTorrent, Tor, and Bitcoin, this should be possible to do.
You misunderstand. I wasn't saying that generic Internet access is impossible in those countries. Even porn in countries like Iran isn't something that's hard to get. What is really, really hard to get is an Internet connection that won't prompt the visits of various burly men in street clothes if you decide to talk about how much better the country would be under a new political system.
VPN proxies are nice, but are the first things to be stopped when things get hairy (and yes, I also have friends in the countries I listed - except NK).
Finally, you are also operating under the assumption that countries won't be able to cooperate on these matters. Look at the US: it's implementing the same technologies that the most repressive countries are implementing. Yes, the goals are still somewhat different, but I can guarantee you that once these legal structures are available in all countries, the Internet will not be able to route around damage, because the damage will be applied to the entire Internet.
Read Lessig's book Code is Law. It makes the interesting observation that code is law - and that consequently, law is code.
The only alternatives will be encrypted darknets, private nets and other things, but those are not the Internet anymore.
Those who can, do. Those who can't, sue.
That was the second goal of copyright when it was written. After a fixed period of time, art goes into the public domain.
Have you SEEN congress? I wouldn't put it past them ban ALL dns. Would solve the problem.
brickspeed.net for your old Volvo performance addiction
This is asymmetrical warfare in cyberspace, except all the resources of congress don't count for squat here. Even a small group of motivated and skilled hackers can defeat anything congress can throw at them because congress has no conception of how technology works. Even the contractors they hire are not skilled (ever see a government IT project?). FBI? Please, would a skilled programmer work on cool stuff in the free market for more than six figures or for $50K and more bureaucracy and drudgery than you can shake a stick at at the FBI? Let's stop propagating the "government is omnipotent" meme.
Incidentally the Berlin Wall didn't fall for the reason you stated. I was there then. It fell because Hungary and Czechoslovakia stopped closing their borders to Austria and thousands of East Germans decided to "vacation" there. They crossed over, caught a bus north and hey presto were in the west. East Germany couldn't stop them because of warsaw pact treaties and because russia under gorbachev wouldn't change them. So the government of erich honneker destabilized, was replaced with egon krenz, who in a bid to stop the whole country emptying out opened the wall so easterners could visit and come back. That is why it fell.
Do what you can, with what you have, where you are.
How can they make a DNS server illegal?
By passing a law? That's how anything becomes illegal.
Yes, but only so many of those combinations "sound good" - you can probably algorithmically eliminate ones that would make no sense. After all, the goal would be to "protect" the good music, not the "noise."
Rules of music theory are simple enough to dramatically reduce the number of combinations.
(I never said such a thing would be practical, just that it would be theoretically possible. I actually got the idea from the little short story about "society that never forgets" and the unintended consequences of indefinite copyright.)
"There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
The other day I decided to send a note to my senator urging him not to pass SOPA.
Here's the response I got. It made me sad.
Dear Joshua,
Thank you for contacting me regarding S. 968, the Protect IP Act.
Intellectual property industries employ more than 19 million people, making it an integral part of our economy. Rogue websites dedicated to the sale and distribution of counterfeit goods and pirated content are a direct threat to these jobs and to entrepreneurs growing and building legitimate businesses online.
Businesses have lost $135 billion in revenue annually as a result of these rogue sites. Customers have also been harmed by these sites; for example, online pharmacies that don't adhere to U.S. regulations have been reported to cause a rapid increase in prescription drug abuse.
I am a cosponsor of the Protect IP Act which would cut off foreign websites dedicated to counterfeiting and piracy that steal American jobs, hurt the economy, and harm customers. It would allow the Justice Department to file a civil action against those who have registered or own a domain name linked to an infringing website. The bill does not allow the Justice Department to target domain names registered by a U.S. entity.
Innovation is a cornerstone of our nation's economic growth. Proper intellectual property protections and incentives ensure that inventors develop products that benefit consumers. Without such incentives for innovators, we risk falling behind places like China and India.
Again, thank you for contacting me. I look forward to continuing our conversation on Facebook (www.facebook.com/SenatorBlunt) and Twitter (www.twitter.com/RoyBlunt) about the important issues facing Missouri and the country. I also encourage you to visit my website (blunt.senate.gov) to learn more about where I stand on the issues and sign-up for my e-newsletter.
Sincere regards,
Roy Blunt United States Senator