Forgot your password?
typodupeerror
Censorship Networking The Internet Your Rights Online

Beating Censorship By Routing Around DNS 216

Posted by timothy
from the fake-left-break-right dept.
jfruhlinger writes "Last month, the US gov't shut down a number of sites it claimed were infringing copyright. They did it by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference — and now a number of projects have emerged to bypass DNS entirely."
This discussion has been archived. No new comments can be posted.

Beating Censorship By Routing Around DNS

Comments Filter:
  • Stupd move (Score:5, Insightful)

    by hedwards (940851) on Thursday December 09, 2010 @03:20PM (#34505042)
    People tolerated the US controlling ICANN because we were viewed as impartial, or at least less partial than an international organization. But this raises considerable doubt as to whether or not the US should still be allowed that level of control. Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries, to throw that away now so that we can preserve a dieing industry is troubling to say the least.
    • by Yetihehe (971185)
      In other countries this freedom of speech was just not so thoroughly tested as in USA.
      • Re: (Score:2, Interesting)

        by microbox (704317)
        In other countries this freedom of speech was just not so thoroughly tested as in USA.

        You have got to be kidding. Don't forget that the UK lost India because of freedom of the press. The public read about violent crack downs and sided with Ghandi. Freedom of the press did not suffer.

        Contrast to the US military, which believes that Vietnam failed because of the media. So they start their own manage-public-perception operation to ensure the success of their missions. We can all see how that is going.

        Th
    • by spun (1352) <(moc.oohay) (ta) (yranoituloverevol)> on Thursday December 09, 2010 @03:33PM (#34505212) Journal

      Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries,

      Historically, meaning what? thirty years ago? Now we have special places where you can go to protest and no one will have to hear you. We have laws against saying bad things about food, [wikipedia.org] for crying out loud. Free speech is for the rich. If you own a media empire, you have some semblance of free speech. Otherwise, you only have freedom of speech until you say something that someone with money and/or power doesn't like.

      • by cobrausn (1915176)

        Historically, meaning what? thirty years ago?

        I think you are failing to understand the word 'Historically' correctly. If it were thirty years ago that we stopped really believing in free speech, his statement would still be correct.

        • by spun (1352)

          I merely wish to emphasize that our freedoms of speech have been under constant and successful attack for quite some time not. Sorry if my wording irritated your inner pedant.

      • You can say anything you like, and will never be arrested.

        You might (might!) be sued, since that is what that law is about. But it's not specifically against the law to say anything you like.

      • by mcgrew (92797) *

        We have laws against saying bad things about food, for crying out loud.

        Those laws are against libel. You can say bad things against food it those things are true, just as you can say bad things about people if they're true, but you can't publicly lie maliciously about someone without fear of being sued for slander.

        It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer wo

        • by arth1 (260657)

          It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer would be perfectly within their rights to quash your lies.

          Why? Their natural casing hot dogs are made from intestines, and even though the inner mucus is removed and they're well washed, will occasionally contain minute quantities of, ehrm, intestinal material.

          • by mcgrew (92797) *

            Perhaps hot dogs weren't the best illustration. Potato salad, maybe?

            • by Tynin (634655)
              Why? Potato's are naturally grown in shit! ;-)
              • by arth1 (260657)

                Very useful shit, indeed.

                But anyhow, what seems wrong is that for slander or libel against a person, there has to be malice, while for slander or libel against a company or their brand, that doesn't seem to be required.
                The laws seem to favor coprorations over individuals. I wish we had justice instead.

        • by tombeard (126886)

          Walk into an American courtroom and yell " I think this judge is is a corrupt piece of shit". Can you guess what happens?
          Good luck expressing your opinion vs. a judge perceiving contempt.

    • by nomadic (141991)
      There's no link or citation to what exactly these incidents involved. Just the big scary "oh noes the government did this" accusation. Was it say, pursuant to a court order after a copyright infringement trial?
    • by DarthVain (724186)

      Exactly. My first though when I heard about the US ordering ICANN about was, "Yup, I guess its time to pull up stakes from the HQ in the US and move elsewhere, Belgium and Aus I suppose..."

      I find it disturbing that one country and simply just get up and do this... time to show that famed internet redundancy the internet was created for in the first place!

    • by Yvanhoe (564877)
      Here comes the first Web Schism...
  • by noidentity (188756) on Thursday December 09, 2010 @03:21PM (#34505060)
    There's always the old stand-by: the hosts file [wikipedia.org].
    • by alexhs (877055)

      0x165 Have you memorized the HOSTS.TXT table?
      0x166 ... Are you up to date?

      (From the Hacker purity test [armory.com]

    • And then you need to rely on some service to update your file. And if that service is in the US, you'd end up with the same problem.
      And you'd need to extend the Hosts file and get a daemon to update it, you'll just end up rewriting the wheel.

      The problem isn't with DNS as a technology, it's with the general TLDs being centrally controlled by only one organization.

      That's why the P2P DNS solution is based on the creation of a new TLD (.p2p) which wouldn't be controlled by the ICANN or any government.

      • by shmlco (594907)

        And why the P2P DNS solution is going to have serious trust issues.

        Without a trusted issuing authority or external verification, how to I know that the IP address being returned for PayPal or Amazon is actually pointing to the real PayPal or Amazon?

        And not to some site in Russia that's sitting there just waiting to collect credit card numbers?

        Hell, how would I know that wikileaks.p2p is even wikileaks? Might as well hijack that one too, and ask for donations.

        • by sjames (1099)

          Certificates used in https signed by someone you trust?

          Same way you know when you go to your favorite site now it's not actually a DOJ server? (that is, you don't).

          On;y use p2p when .com doesn't work anymore?

      • by JWSmythe (446288)

        ... but ...

        The root servers hold the root zones (oddly enough)

        ftp://ftp.internic.net/domain/root.zone [internic.net]

        In that, there are entries for each tld.


        za. 172800 IN NS za1.dnsnode.net.
        za. 172800 IN NS disa.tenet.ac.za.
        za. 172800 IN NS nsza.is.co.za.
        za. 172800 IN NS za-ns.anycast.pch.net.
        za. 172800 IN NS sns-pb.isc.org.
        hippo.ru.ac.za. 172800 IN A 146.231.128.1
        hippo.ru.ac.za

    • by Z00L00K (682162)

      It is still possible to set up a separate set of DNS servers to serve your dark net machines. And those DNS servers are your business, not the governments business.

      But as you noted - a hosts file usually works pretty well.

      • by BlueStrat (756137)

        And those DNS servers are your business, not the governments business.

        Until the government decides otherwise.

        The FCC is already bypassing Congress to implement NN and the EPA is also bypassing Congress to implement Cap & Trade, both through just writing regulations with the power of law, effectively creating laws without legislative participation or oversight.

        Congress does not have the power to delegate, "loan out", or "sub-contract" the power to legislate and create law according to most plain language Constitutional interpretations. Not that the SCOTUS and/or lower cour

      • by shmlco (594907)

        Until the government, like China, starts blocking specific IP addresses.

  • the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods. selling a pirated copy of a movie is not the same thing as sharing it. it's a real criminal offense

    • by sehlat (180760) on Thursday December 09, 2010 @03:36PM (#34505234)

      As has been noted elsewhere [eff.org], a number of the sites seized were, in fact, quite legitimate ones.

      Bypassing due process is quick and cheap in the (very) short term, but an expensive disaster over the long haul.

    • I'd put money on it that somewhere in Amazon's thousands of listings there are a handful of counterfeit or pirated goods. Should the DNS providers go along with a government order to have Amazon de-listed? You might argue that these sights knew what they were doing and Amazon does not, but I would respond with the argument that there should be some due process there, not just a random bureaucrat making the decision.

      • by alen (225700)

        i'd say something like 99.999% of amazon's listed products are legit and they will take action of if informed of pirated goods. the domain names seized clearly had names that used other brands to make people think they could get luis vutton for cheap

        • Amazon, maybe... but what about eBay?
          • by HiThere (15173)

            Not Amazon either. I'd go along with 99.9%. If they tack on another 9, then I want proof. If they tack on two or three more nines, then it had better be damn good proof, and I'll still be dubious. When they claim 99.9999%, then I claim hogwash. And I won't be likely to believe any proof they offer.

            I note that neither proof, nor even an argument for plausibility was offered. Merely an assertion. I suspect an astroturfer charged with defending "Amazon's good name". Either that or a troll.

            • I was only arguing that while Amazon may be almost entirely legitimate, eBay probably has a very substantial portion counterfit.
    • by gnuASM (825066) <gnuASM@bresnan.net> on Thursday December 09, 2010 @03:52PM (#34505470)

      the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods.

      Wrong. The article says that the "ICE said" that these sites were "engaged in the illegal sale and distribution of counterfeit goods and copyrighted works". These are allegations, not "facts". Preponderance of evidence proving a crime has been committed is accomplished only through proper due process. There were no references to a court order, no references to a court trial, nor any reference to admittance of a crime. It is apparent to me that the DNS redirects were accomplished under duress of an executive agency without judicial oversight:

      The seizures were accomplished by getting the VeriSign registry, owner of the .com and .net top-level domains, to change the authoritative domain-name servers for the seized domains to servers controlled by DHS.

      I would call this unconstitutional, regardless of any supposed law that may be reference to the contrary. If these actions were done under a court order with judicial oversight accomplished through a supportive affidavit of the specific crime and specific circumstances, it would be different.

      At this point in time, it is simply one government agency (or rather a group of related agencies), all this is is the effective removal of someone's publication of information. Until the judiciary orders its removal, it is nothing less than censorship.

      We won't even go into the allusion in the article that the government is apparently deceptively redirecting site traffic to its own servers.

      • by BobMcD (601576)

        The seizures were accomplished by getting the VeriSign registry, owner of the .com and .net top-level domains, to change the authoritative domain-name servers for the seized domains to servers controlled by DHS.

        I would call this unconstitutional, regardless of any supposed law that may be reference to the contrary. If these actions were done under a court order with judicial oversight accomplished through a supportive affidavit of the specific crime and specific circumstances, it would be different.

        At this point in time, it is simply one government agency (or rather a group of related agencies), all this is is the effective removal of someone's publication of information. Until the judiciary orders its removal, it is nothing less than censorship.

        And I'd agree. In the meat-space USA they never actually take away your ability to speak. They can punish you each time you decide to do it, but they can't usually 'de-list' you from the planet unless you've done something really, really bad.

        So why is it in cyberspace that they suddenly gain such powers?

  • Up next... BGP. We can't let the Chinese upstage us in our censorship efforts.

    • by Anonymous Coward

      ...is govt mandated DNS servers. You go thru theirs, so that can track every hostname you resolve and presumably visit, or if you try to circumvent then that'll become a crime.

  • by spectro (80839) on Thursday December 09, 2010 @03:31PM (#34505186) Homepage

    The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

    The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.

    • ... unless it is ordered by a court of law.

      Who's court though? Iran's? China's? The US's where many judges are elected, or are vetted by politicians first?

    • The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

      The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.

      <sarcasm>OMGtERRORism! In a clear/present danger situation do we want to really wait around for niceties like court orders and other mamby pamby stuff? Executive branch needs this right now or they cannot effectively tyrranize. Why do you hate America stop sympathizing and giving aid to terrorists.</sarcasm>

  • It seems like there are potential problems here. With 4LW, I still need to memorize a set of 4 unrelated words for each site, and there's basically a single point of failure. Plus, as the article points out, it assumes a single domain name per IP address, and also IPv6 will complicate things.

    P2P DNS seems like a good idea, but getting DNS from random services seems open to attack. One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing. I

    • by Magada (741361)

      Signing should work. One simply(?) has to keep track of trustworthy signers.

    • by tepples (727027) <tepples&gmail,com> on Thursday December 09, 2010 @04:36PM (#34506146) Homepage Journal

      One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing.

      I would have kneejerk replied "try the web of trust", but that's under attack as a consequence of the actions of the U.S. Transportation Security Administration. The OpenPGP global web of trust relies on some users traveling hundreds of miles to key signing parties so that they can extend the web of trust by meeting well-known people living far from them. Otherwise, if Alice is trying to communicate with Bob, but nobody living near Alice has gone to a key signing party with someone living near Bob, they can't verify each other's keys. But the TSA with its "Rapist-scan" backscatter machines [wikipedia.org] and "gate rape" pat-downs is making it hard to travel such distances.

  • On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites [slashdot.org] on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.

    The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??

    • by couchslug (175151)

      "What then??"

      Join or build a bigger gang, and mob deep when you roll.

      That's really never been different, merely prettified and named different names.

    • a government with properly issued warrant shutting down websites.

      I think the issue here is that the only reason people were generally ok with letting the US have that level of control was that they weren't supposed to kill access to a website for everybody on the planet simply because it was breaking a law in one country.

      Arguments like "but it's located in the US, so it has to follow those laws" don't really work here since the whole point was that it wasn't supposed to be controlled by any one country, but it was too much of a hassle to make it properly international as

      • If you're a geek, then you understand the difficulty and ultimate futility of blocking a DNS entry to just the US and not the rest of the world truly is.

        And exactly how was the US supposed to accomplish this impossible task?

        If you suggest "international court", I'll laugh at you and call you arrogantly stupid. This is the same international community that thinks Libya is a good representative for human rights, and Obama was deserving of a Nobel Prize for his "potential".

    • by anyGould (1295481)

      On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites [slashdot.org] on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.

      The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??

      You're looking at it from an American point of view. If the US wants to block a website, that's their prerogative. But they blocked it *everywhere* - in the US, in Canada, in China, in Europe - everywhere. (And it just occured to me that they also gained the ability to see - at least for a limited time - *who* was going to those sites, which would explain why they didn't just blackhole the domains).

      So look at it in reverse - if China (for instance) had provided a properly issued warrant demanding that a sit

      • SO, exactly, how does one Partially block a website in the US?

        • by anyGould (1295481)

          I don't know, but I'd suggest asking China, since they seem to be the industry leaders in such thing.

          And before anyone asks, yes, I'm equating the US takedowns to Chinese censorship. It's a government deciding what it's citizens can or can't see online. The only difference is that China generally has the good manners to only censor to people inside it's borders.

  • let's also have an open, distributed, trustable system for ssl certificates where I don't have to line the pocket of a Versign or other agency to have SSL communication. Ever try to get Android or such to work with SSL gatewayed systems, can be very painful the current way

  • Freenet (Score:5, Insightful)

    by goldarg (227346) <john.meatkite@com> on Thursday December 09, 2010 @03:51PM (#34505452) Homepage

    Instead of re-inventing the wheel Why not try out a existing darknet in the form of Freenet http://freenetproject.org/ [freenetproject.org] or i2p http://www.i2p2.de/ [i2p2.de]

    • I've not used i2p, but I have used Freenet, and... it works. I admit it's slow, but it does work. You can browse the sites, post in a forum. There is plenty of stuff there by the paranoid (Lots of conspiricy theorist types on freenet), the activists and, of course, the pirates (It is *not* the fastest or most bandwidth-friendly way to pirate, but it will get you what you want... if you don't mind waiting a week for the latest episode). I also understand how the anonyminity works and, so long as you avoid mi
    • Instead of re-inventing the wheel

      Instead of re-inventing the wheel why not just use Fidonet? [fidonet.org]

      Hell, I was using Fidonet since before the Internet was available to the masses.

      Tell you what, why don't we let those that have ideas, and itches to scratch rally supporters for their own implementations based on their own merits, and let the best protocol win?

      Sometimes you have to break an egg to make an omelet; Sometimes you have to re-invent a wheel or axle to innovate.

  • We currently believe the best way to create a stable environment for TLDs is to enact a central authority. We know this will cause much argument within the community, but we have made the decision that we believe will be best for the continued development of this project.

    http://dot-p2p.org/index.php?title=Main_Page#Announcement [dot-p2p.org]

    Really?

  • ...or something a lot like it. Ive been using I2P for over a year and the more censorship and surveillance fiascos I see in the news the more invaluable it seems.

    1. 'The issue is due process.'

    What about coping with an absence of due process? What about communicating and organizing around the need for due process? You need a way around centralized control in the first place in order to bring pressure to bear and undermine establishment false propaganda.

    2. 'DNS is being abused and IP addresses blocked'

    Some an

  • http://216.34.181.45/ [216.34.181.45] DNS averted.
  • by DeadBeef (15) on Thursday December 09, 2010 @07:17PM (#34508172) Homepage
    How about putting an A or AAAA record in a reverse DNS zone, so your site ends up looking like http://2.0.192.in-addr.arpa/ [192.0.2] or whatever. There is no registry involved with the delegation of those reverse zones, so it would be alot more difficult for anyone to interfere with it.
    • by Skapare (16644)

      It could be interfered, but it would be harder. They'd have to track down the ISP. If the ISP is in another country, it's even harder. OTOH, lots of ISPs don't set up their reverse DNS.

  • by tombeard (126886) on Thursday December 09, 2010 @07:52PM (#34508600)

    Maybe a wizard can supply the details, but it seems we could just host our own DNS file. I would think it could be set to allow review and rollback.
    You know eventually the governments will take control over "the internet". The opportunity to monitor our transactions, email, IM, books, video, music, news, comments etc. is irresistible to them. We may as well start building darknet now (or send me an invite if I'm late).

  • by Skapare (16644) on Thursday December 09, 2010 @10:20PM (#34510184) Homepage

    ... like this: http://3626153261/ [3626153261]

Swap read error. You lose your mind.

Working...