Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Beating Censorship By Routing Around DNS

timothy posted more than 3 years ago | from the fake-left-break-right dept.

Censorship 216

jfruhlinger writes "Last month, the US gov't shut down a number of sites it claimed were infringing copyright. They did it by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference — and now a number of projects have emerged to bypass DNS entirely."

cancel ×

216 comments

Sorry! There are no comments related to the filter you selected.

Stupd move (4, Insightful)

hedwards (940851) | more than 3 years ago | (#34505042)

People tolerated the US controlling ICANN because we were viewed as impartial, or at least less partial than an international organization. But this raises considerable doubt as to whether or not the US should still be allowed that level of control. Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries, to throw that away now so that we can preserve a dieing industry is troubling to say the least.

Re:Stupd move (1)

Yetihehe (971185) | more than 3 years ago | (#34505180)

In other countries this freedom of speech was just not so thoroughly tested as in USA.

Re:Stupd move (1)

Froggels (1724218) | more than 3 years ago | (#34505198)

"historically we've had a much better record on freedom of speech than most other countries,to throw that away now so that we can preserve a dieing industry is troubling to say the least." It isn't just being thrown away now. It's unfortunately been gone for quite some time, Comrad.

Get back in your Free Speech Zone (4, Insightful)

spun (1352) | more than 3 years ago | (#34505212)

Which is unfortunate because historically we've had a much better record on freedom of speech than most other countries,

Historically, meaning what? thirty years ago? Now we have special places where you can go to protest and no one will have to hear you. We have laws against saying bad things about food, [wikipedia.org] for crying out loud. Free speech is for the rich. If you own a media empire, you have some semblance of free speech. Otherwise, you only have freedom of speech until you say something that someone with money and/or power doesn't like.

Re:Get back in your Free Speech Zone (-1)

Anonymous Coward | more than 3 years ago | (#34505420)

"We have laws against saying bad things about food, [wikipedia.org] for crying out loud."

No -- no we don't. We have laws against deliberately and knowingly spreading false negative information about food products. But I don't expect that to get past your Slashdot mental filter.

Re:Get back in your Free Speech Zone (5, Insightful)

spun (1352) | more than 3 years ago | (#34505690)

"We have laws against saying bad things about food, [wikipedia.org] for crying out loud."

No -- no we don't. We have laws against deliberately and knowingly spreading false negative information about food products. But I don't expect that to get past your Slashdot mental filter.

Hahaha, oh, that is rich. Try saying that rGBH is bad. Heck, try marketing milk that is rGBH free. By claiming that your milk does not have bovine growth hormone, you are saying that bovine growth hormone is bad. And you will be sued.

Did you know that the standards of proof are different when you are being sued for badmouthing
food than when you are sued for badmouthing a person? When you badmouth a person, that person has to prove your guilt. When you badmouth food, you must prove your innocence.

I will repeat that. When you are sued for saying bad things about food, you are presumed guilty and must prove your innocence.

Re:Get back in your Free Speech Zone (0)

Anonymous Coward | more than 3 years ago | (#34505712)

Bullshit. Citation, please?

Re:Get back in your Free Speech Zone (5, Informative)

spun (1352) | more than 3 years ago | (#34505812)

See the case Monsanto v. Oakhurst Dairy of Maine. Monsanto sued, forcing Oakhurst dairy to modify their labels.

Re:Get back in your Free Speech Zone (-1)

Anonymous Coward | more than 3 years ago | (#34505814)

Heck, try marketing milk that is rGBH free. By claiming that your milk does not have bovine growth hormone, you are saying that bovine growth hormone is bad. And you will be sued.

Show an instance of this happening, please.

Re:Get back in your Free Speech Zone (1)

spun (1352) | more than 3 years ago | (#34505842)

As I mentioned to the other AC, see the case Monsanto v. Oakhurst Dairy of Maine. Monsanto sued, forcing Oakhurst dairy to modify their labels.

Re:Get back in your Free Speech Zone (2)

nedlohs (1335013) | more than 3 years ago | (#34505850)

The bottle of milk in front of me (that was bought in a typical american supermarket) says, in the second largest letters on the label, and at the top of the label (their capitalization):

From Cows NOT Treated With ARTIFICIAL GROWTH HORMONES*

And then in the tinyest print on the label and at the very bottom:

*No significant difference has been shown between milk derived from rBST treated and non-rBST ttreated cows

Bought from the local supermarket in a typical American suburb.

So you are full of shit.

Re:Get back in your Free Speech Zone (1)

spun (1352) | more than 3 years ago | (#34506002)

Well, I guess if you include a disclaimer that negates any reason for even including the original statement, you can say that. But you have to include the disclaimer.

Re:Get back in your Free Speech Zone (1)

Anonymous Coward | more than 3 years ago | (#34506314)

Utterly clueless /. poster. Typical.

You apparently fail to notice:

1. Nobody forced Oakhurst Dairy to do anything.

2. The suit was based on claims of unfair trade practices, not "food libel" laws.

3. Even so, Monsanto's complaint wasn't that Oakhurst was "saying bad things" about its food. Rather, the complaint was that Oakhurst was saying *false and misleading* things about Monsanto's food. This, again, is what "food libel" laws prohibit.

4. You still have not substantiated the claim that

"the standards of proof are different when you are being sued for badmouthing food than when you are sued for badmouthing a person? When you badmouth a person, that person has to prove your guilt. When you badmouth food, you must prove your innocence"

which I still suspect is utter bullshit, even more so given how the rest of your "analysis" has played out. There is simply no such thing as a US civil lawsuit in which the DEFENDANT bears the initial burden of production or persuasion.

Re:Get back in your Free Speech Zone (1)

Anonymous Coward | more than 3 years ago | (#34506804)

JESUS, TRY TO HAVE A COHERENT THOUGHT

The disclaimer does NOT "negate any reason for even including the original statement". The reason for having the original statement is to let people know the milk doesn't contain growth hormones. The disclaimer does not affect this in ANY WAY.

It merely minimizes the potential that the consumer will be MISLED by the label and draw a FALSE CONCLUSION -- which, one more time, in case you haven't been paying attention -- is what "food libel laws" prohibit.

TA-DA! It's exactly like I said. Hope this helps.

Re:Get back in your Free Speech Zone (1)

cobrausn (1915176) | more than 3 years ago | (#34505568)

Historically, meaning what? thirty years ago?

I think you are failing to understand the word 'Historically' correctly. If it were thirty years ago that we stopped really believing in free speech, his statement would still be correct.

Re:Get back in your Free Speech Zone (1)

spun (1352) | more than 3 years ago | (#34505704)

I merely wish to emphasize that our freedoms of speech have been under constant and successful attack for quite some time not. Sorry if my wording irritated your inner pedant.

Re:Get back in your Free Speech Zone (0)

Anonymous Coward | more than 3 years ago | (#34506252)

I merely wish to emphasize that our freedoms of speech have been under constant and successful attack for quite some time not. Sorry if my wording irritated your inner pedant.

I think you're free to say that... for now.

Re:Get back in your Free Speech Zone (1)

noidentity (188756) | more than 3 years ago | (#34505936)

We have laws against saying bad things about food, for crying out loud.

I'm sorry sir, crying out loud is now also illegal. Ignorance of the law is no defense. Come with me.

No laws against saying anything (1)

SuperKendall (25149) | more than 3 years ago | (#34506004)

You can say anything you like, and will never be arrested.

You might (might!) be sued, since that is what that law is about. But it's not specifically against the law to say anything you like.

Re:No laws against saying anything (4, Informative)

spun (1352) | more than 3 years ago | (#34506224)

Unless you try to protest at a political rally and refuse to go to your assigned Free Speech Zone out back by the dumpsters. But technically, you are right. You won't be arrested for 'speaking out.' You will be arrested for disturbing the peace or some other trumped up charge.

Re:No laws against saying anything (1)

bill_mcgonigle (4333) | more than 3 years ago | (#34506398)

You can say anything you like, and will never be arrested.

Sadly, no. Hate crimes, criminal threatening, leaking government data, etc.

Re:No laws against saying anything (1)

bored (40072) | more than 3 years ago | (#34506622)

I'm sure there are quite a few places I can say something that gets me arrested. The airport comes to mind, as does the local courthouse.

Re:Get back in your Free Speech Zone (1)

mcgrew (92797) | more than 3 years ago | (#34506278)

We have laws against saying bad things about food, for crying out loud.

Those laws are against libel. You can say bad things against food it those things are true, just as you can say bad things about people if they're true, but you can't publicly lie maliciously about someone without fear of being sued for slander.

It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer would be perfectly within their rights to quash your lies.

I agree that freedom of the press is only for those rich enough to own a press, but the internet has changed that. I also agree that a rich man can fuck you over any way he wants for any reason he wants; that's part of the nature of money.

Re:Get back in your Free Speech Zone (2)

arth1 (260657) | more than 3 years ago | (#34506446)

It's perfectly legal to give an opinion, as well. It's perfectly legal to say "I think Oscar Mayer hot dogs taste like shit", but if you say "Oscar Mayer hot dogs contain shit" then Oscar Mayer would be perfectly within their rights to quash your lies.

Why? Their natural casing hot dogs are made from intestines, and even though the inner mucus is removed and they're well washed, will occasionally contain minute quantities of, ehrm, intestinal material.

We (1)

Anonymous Coward | more than 3 years ago | (#34505296)

we were viewed as impartial

We? So you were the one who ordered the takedown? Because it certainly wasn't me.

Be careful of using the term "we" to desribe the relationship between government and the common man. Government and the people are NOT one and the same, no matter how loud the politicians scream. Every little thing that government does counter to your wishes is proof to the contrary.

Re:Stupd move (2)

nomadic (141991) | more than 3 years ago | (#34505352)

There's no link or citation to what exactly these incidents involved. Just the big scary "oh noes the government did this" accusation. Was it say, pursuant to a court order after a copyright infringement trial?

Re:Stupd move (1)

Anonymous Coward | more than 3 years ago | (#34505466)

historically we've had a much better record on freedom of speech than most other countries
 
Yeah but...the US's recent record on supporting free speech (since 9/11) has taken a serious beating, both inside and outside the country. Wikileaks is just the latest issue. Now that the US Government has decided to actively censor the internet, it is inevitable that the geeks out there will try to do something about it. I would go so far as to predict that if US corporations continue to comply with these censorship demands, especially businesses that require an open internet in order to stay in business -- Amazon, Google, The Washington Post come to mind -- they will lose the trust of people in the know and those people will take their internet business elsewhere. The same thing happened at Yahoo a number of years back when people realized that searching for the "best price" for items only returned businesses with an affiliation with Yahoo.
 
If people feel that internet sites are being censored -- whether it be news or prices or whatever -- and trust is lost, it will be nearly impossible to regain that trust. Freedom of the press, and freedom of speech, is fundamental to a free society. The US Government itself needs that trust to function. This incident with Wikileaks is being touted as a "national security" issue, but it is obviously just an embarrassing behind-the-scenes look at government in action. Everyone already accepts that public statements by government in general are always only half-truths. For the US to crack down on Wikileaks like this blatantly emphasizes that you cannot trust government, and it will have ramifications for years to come. They would have been smarter to let it go.

Old stand-by: hosts file (2)

noidentity (188756) | more than 3 years ago | (#34505060)

There's always the old stand-by: the hosts file [wikipedia.org] .

Re:Old stand-by: hosts file (0)

Anonymous Coward | more than 3 years ago | (#34505140)

Editing a hosts file ain't no small feat these days, the first time I tried it on Windows 7 I needed hours.

Re:Old stand-by: hosts file (0)

Anonymous Coward | more than 3 years ago | (#34505204)

Yeah, no one understands how privilege separation works on Windows after XP. I can understand this out of users, but developers seem to have the same problems.

Re:Old stand-by: hosts file (1)

arth1 (260657) | more than 3 years ago | (#34506546)

Developers are, in general and these days, users, and tend to know little about low-level or system operations, at least not outside their own field of expertise.

I would venture a guess that not one in five typical Windows programmers has the faintest idea of "cacls" is, or can tell why it's bad to give full access to the root of a share.
This doesn't mean that programmers are stupid, but it's just not within their daily field of work, and likely not within their field of interest either.

Re:Old stand-by: hosts file (0)

Anonymous Coward | more than 3 years ago | (#34505556)

You are an idiot. Did it ever fucking occur to you to start notepad as, I don't know, an administrator? Then drag/drop the fucking hosts file into it.

You have to sudo on linux, why can't you handle this on Windows? There's a fucking reason these files require escalation to edit them. It's what you FOSStards have always wanted. Now you flame it.

It took me over a fucking week to get wifi working on linux. Then I gave up. Linux and Mac OS are the biggest fucking kludges I've ever seen.

Re:Old stand-by: hosts file (2)

ep32g79 (538056) | more than 3 years ago | (#34506122)

It took me over a fucking week to get wifi working on linux. Then I gave up. Linux and Mac OS are the biggest fucking kludges I've ever seen.

Then you were doing it wrong, or doing it in 1997.

too harsh (1)

HiThere (15173) | more than 3 years ago | (#34506626)

Depending on your system wi-fi on Linux was difficult up through around 2003-5. And it's still not perfect.

E.g., A DVD-1 of Debian Squeeze (two months ago) doesn't contain some of the files needed to enable wi-fi. To get it working you need either some other install disk (DVD-2?) or a hardwired connection.

OTOH, I'm more bothered by the way it mismanages power when on battery. I know there are answers out there, but switching to Ubuntu was an easier answer.

Re:Old stand-by: hosts file (1)

SuricouRaven (1897204) | more than 3 years ago | (#34506612)

If you edit it on Windows Vista or Seven, the little Windows Defender utility will start to pester you about once a day claiming the system has been compromised and a virus detected. One of the things malware often does is edit the hosts file to prevent AV applications updating or redirect websites to the author's own fakes - but Windows Defender assumes that all edits to the hosts file must be caused by malware.

Re:Old stand-by: hosts file (1)

alexhs (877055) | more than 3 years ago | (#34505256)

0x165 Have you memorized the HOSTS.TXT table?
0x166 ... Are you up to date?

(From the Hacker purity test [armory.com]

Re:Old stand-by: hosts file (0)

Anonymous Coward | more than 3 years ago | (#34505908)

0x187 Have you ever paged or swapped off a tape drive?

AAUUUUUUUUGH.

Re:Old stand-by: hosts file (1)

icebraining (1313345) | more than 3 years ago | (#34505262)

And then you need to rely on some service to update your file. And if that service is in the US, you'd end up with the same problem.
And you'd need to extend the Hosts file and get a daemon to update it, you'll just end up rewriting the wheel.

The problem isn't with DNS as a technology, it's with the general TLDs being centrally controlled by only one organization.

That's why the P2P DNS solution is based on the creation of a new TLD (.p2p) which wouldn't be controlled by the ICANN or any government.

Re:Old stand-by: hosts file (2)

shmlco (594907) | more than 3 years ago | (#34505846)

And why the P2P DNS solution is going to have serious trust issues.

Without a trusted issuing authority or external verification, how to I know that the IP address being returned for PayPal or Amazon is actually pointing to the real PayPal or Amazon?

And not to some site in Russia that's sitting there just waiting to collect credit card numbers?

Hell, how would I know that wikileaks.p2p is even wikileaks? Might as well hijack that one too, and ask for donations.

its a general problem (0)

Anonymous Coward | more than 3 years ago | (#34506180)

reputation is a maths problem that hasn't been solved yet . anywhere.

Re:Old stand-by: hosts file (2)

JWSmythe (446288) | more than 3 years ago | (#34506116)

... but ...

    The root servers hold the root zones (oddly enough)

ftp://ftp.internic.net/domain/root.zone [internic.net]

    In that, there are entries for each tld.


za. 172800 IN NS za1.dnsnode.net.
za. 172800 IN NS disa.tenet.ac.za.
za. 172800 IN NS nsza.is.co.za.
za. 172800 IN NS za-ns.anycast.pch.net.
za. 172800 IN NS sns-pb.isc.org.
hippo.ru.ac.za. 172800 IN A 146.231.128.1
hippo.ru.ac.za. 172800 IN AAAA 2001:4200:1010:0:0:0:0:1
disa.tenet.ac.za. 172800 IN A 196.21.79.50
disa.tenet.ac.za. 172800 IN AAAA 2001:4200:ffff:a:0:0:0:1
daisy.ee.und.ac.za. 172800 IN A 146.230.192.18
nsza.is.co.za. 172800 IN A 196.4.160.27
ns1.coza.net.za. 172800 IN A 66.135.62.20

    The InterNIC can givith, and takeith away. Just as they provided the glue of the IP's of those nameservers, they could provide alternative information.


evil.hacker.example.za. 172800 IN A 127.0.0.1

    Even without such deliberate and obvious (and potentially dangerous) methods, they at very least have the IP's for that NIC. The TLD p2p still must have records with InterNIC. It's not a matter of "we're distributed, we're safe", it's a matter that there can be pressures on some or all providers to make sure things stop.

    The only way around this is methods that have been tried before. Alternative NIC's, with their own systems. Build a system, and you can hope that things will work better. In all reality, you or I or 99% of the folks on here could put up their own nameservers and say "hey, use this instead". That's all fine and dandy, but the truth is it will not be financially viable.

    Say I set up my nameservers with the tld's of .xxx, .p2p, .torrent. I could advertise it as loud as I could (and my budget doesn't go much beyond posting this). Get your ISP's to change over to our dark side. It's not going to happen, even if we properly respect the legitimate zones. You might get a few. You'll never get the majority. There's too much liability. Think if all the fiber and cable broadband providers said "sure, we'll use you instead." That would be all fun and games until the first lawsuit came down.

    So you won't get the ISP's to switch. Run your own nameserver at home, you say. Great. Again, you, I, and 99% of the readers here can do it. What about the other billion people on the Internet. So you have the next killer site, freewarez.p2p. You and your group of friends who did it can get to it. You'll never make a penny on it. Why think about money? Because it costs money to keep your server up.

    And of course, you'd have to pay whoever is being authorative for the tld's. Those machines take a beating all day every day. It's not just one machine on a residential line. It's clusters of machines distributed world wide to ensure reliability.

    So you retool the way DNS works. Hey, that's a great idea. Until you realize that you have to gain acceptance from every OS distro out there. You may get segments of the Linux and *bsd crowed involved. Good luck getting Microsoft and Apple to sign into it. You'd have a better chance creating your own SSL signing authority and getting them to add those to their browsers (again, good luck there).

    I'm not saying it won't happen. It can and should happen. It just isn't likely any time soon. It will be years from rollout of a working platform, to acceptance by even a part of the Internet. It will be quite a few years from that to getting the end users to accept it. Look at the tld .com, and the tld .info. Try telling someone you have a .info site. Even if you spell it out, most people type .com at the end, or leave it off entirely so their browser can automatically decide what you wanted to do.

    I have a site that I use internally. Lets say it's foo.example.net. Pretty easy, right? When people try it, and it doesn't work, I ask them what they've used. I'll get stuff back like www.fooexample.com, www.foo.example.com, foo.example.com, www.foo.example.net. You get the idea. Go outside of the pattern of having the www prefix and com suffix, and most users get confused. I have a lot of people tell me their web site without the www or com on it. "Oh, go to my site, example". Great. It must be example.com. Nope, lets see if their admin is one of those folks that requires the prefix. Nope, not www.example.com. They have example.net, and just think that people should already know it.

    Honestly, I really hope that we end up with a functional distributed open system for DNS different than what we have now. I really don't see it happening anytime in the near future.
 

Re:Old stand-by: hosts file (1)

Z00L00K (682162) | more than 3 years ago | (#34505372)

It is still possible to set up a separate set of DNS servers to serve your dark net machines. And those DNS servers are your business, not the governments business.

But as you noted - a hosts file usually works pretty well.

Re:Old stand-by: hosts file (1)

BlueStrat (756137) | more than 3 years ago | (#34506156)

And those DNS servers are your business, not the governments business.

Until the government decides otherwise.

The FCC is already bypassing Congress to implement NN and the EPA is also bypassing Congress to implement Cap & Trade, both through just writing regulations with the power of law, effectively creating laws without legislative participation or oversight.

Congress does not have the power to delegate, "loan out", or "sub-contract" the power to legislate and create law according to most plain language Constitutional interpretations. Not that the SCOTUS and/or lower courts might very well have decided Congress could delegate it's powers, I'm not aware of any decisions regarding it. Besides, just because 9 lifetime political appointees in black robes pronounce something from on high makes it neither Constitutional nor a fact, neither does it make it right and/or just.

That is the job of We the People. We are the oversight on government. And for the last 100 years or so, we've really sucked at it, because it was easier to ignore and just bitch.

Strat

how is it censorship? (1)

alen (225700) | more than 3 years ago | (#34505072)

the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods. selling a pirated copy of a movie is not the same thing as sharing it. it's a real criminal offense

Re:how is it censorship? (5, Informative)

sehlat (180760) | more than 3 years ago | (#34505234)

As has been noted elsewhere [eff.org] , a number of the sites seized were, in fact, quite legitimate ones.

Bypassing due process is quick and cheap in the (very) short term, but an expensive disaster over the long haul.

Re:how is it censorship? (1)

Dasuraga (1147871) | more than 3 years ago | (#34506016)

No matter how "legitimate" a site is, illegal activities are still illegal. Rapgodfathers, for instance(cited in the eff brief), has a very clear "downloads" section, filled with very copyrighted material.

While I don't like the heavy-handed-ness of the DHS's actions, acting as if these sites were completely clean just debases your argument.

It'd be nice if we could all just get along, or if someone in the justice department could figure out a clean way to fix copyright law to a manageable state without leaving the web to be a wild west for illegal file-sharing.

Re:how is it censorship? (2)

MozeeToby (1163751) | more than 3 years ago | (#34505280)

I'd put money on it that somewhere in Amazon's thousands of listings there are a handful of counterfeit or pirated goods. Should the DNS providers go along with a government order to have Amazon de-listed? You might argue that these sights knew what they were doing and Amazon does not, but I would respond with the argument that there should be some due process there, not just a random bureaucrat making the decision.

Re:how is it censorship? (1)

alen (225700) | more than 3 years ago | (#34505356)

i'd say something like 99.999% of amazon's listed products are legit and they will take action of if informed of pirated goods. the domain names seized clearly had names that used other brands to make people think they could get luis vutton for cheap

Re:how is it censorship? (1)

SuricouRaven (1897204) | more than 3 years ago | (#34506646)

Amazon, maybe... but what about eBay?

Re:how is it censorship? (1)

HiThere (15173) | more than 3 years ago | (#34506758)

Not Amazon either. I'd go along with 99.9%. If they tack on another 9, then I want proof. If they tack on two or three more nines, then it had better be damn good proof, and I'll still be dubious. When they claim 99.9999%, then I claim hogwash. And I won't be likely to believe any proof they offer.

I note that neither proof, nor even an argument for plausibility was offered. Merely an assertion. I suspect an astroturfer charged with defending "Amazon's good name". Either that or a troll.

Re:how is it censorship? (0)

Anonymous Coward | more than 3 years ago | (#34505698)

http://news.slashdot.org/story/10/12/09/1822251/Amazon-Fake-Products-and-Fake-Reviews

Re:how is it censorship? (0)

Anonymous Coward | more than 3 years ago | (#34505288)

Right in the TFS:

by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference

Specifically, they didn't "shut the sites down", they forced a DNS change to make getting to those sites difficult. The issue is that the US Government can censor web content by simply ordering nameservers to do so. You have to ignore the criminal side of things in this case to understand the implications here. The ends never justify the means.

Re:how is it censorship? (5, Insightful)

gnuASM (825066) | more than 3 years ago | (#34505470)

the article says and even links to the fact that the US Government busted people selling counterfeit or pirated goods.

Wrong. The article says that the "ICE said" that these sites were "engaged in the illegal sale and distribution of counterfeit goods and copyrighted works". These are allegations, not "facts". Preponderance of evidence proving a crime has been committed is accomplished only through proper due process. There were no references to a court order, no references to a court trial, nor any reference to admittance of a crime. It is apparent to me that the DNS redirects were accomplished under duress of an executive agency without judicial oversight:

The seizures were accomplished by getting the VeriSign registry, owner of the .com and .net top-level domains, to change the authoritative domain-name servers for the seized domains to servers controlled by DHS.

I would call this unconstitutional, regardless of any supposed law that may be reference to the contrary. If these actions were done under a court order with judicial oversight accomplished through a supportive affidavit of the specific crime and specific circumstances, it would be different.

At this point in time, it is simply one government agency (or rather a group of related agencies), all this is is the effective removal of someone's publication of information. Until the judiciary orders its removal, it is nothing less than censorship.

We won't even go into the allusion in the article that the government is apparently deceptively redirecting site traffic to its own servers.

Up next (1)

wiredlogic (135348) | more than 3 years ago | (#34505116)

Up next... BGP. We can't let the Chinese upstage us in our censorship efforts.

What's really up next... (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34505194)

...is govt mandated DNS servers. You go thru theirs, so that can track every hostname you resolve and presumably visit, or if you try to circumvent then that'll become a crime.

Re:What's really up next... (1)

Anonymous Coward | more than 3 years ago | (#34505434)

SSSSSsssssshhhhhhh!!!

US vs China: the smackdown!! (0)

Anonymous Coward | more than 3 years ago | (#34505144)

This would be great for PPV! The two biggest economic powerhouses battling it out over who can censor the internet to a bigger degree. They money would practically print itself!

Re:US vs China: the smackdown!! (0)

oldspewey (1303305) | more than 3 years ago | (#34505170)

Money is already printing itself [usdebtclock.org] these days.

any insufficiently funny money is indistinguishabl (0)

Thud457 (234763) | more than 3 years ago | (#34505520)

Apparently, even the Treasury Department can't print [google.com] convincing 100 dollar bills now.

That's right, sit there and let the cognitive dissonance from the implications of that one seep in.

Due process anybody? (5, Insightful)

spectro (80839) | more than 3 years ago | (#34505186)

The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.

Re:Due process anybody? (2)

LordThyGod (1465887) | more than 3 years ago | (#34505340)

... unless it is ordered by a court of law.

Who's court though? Iran's? China's? The US's where many judges are elected, or are vetted by politicians first?

Re:Due process anybody? (1, Informative)

Anonymous Coward | more than 3 years ago | (#34505422)

The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

Which is exactly what happened in the domain seizure case. There was a court order under 18 USC 2323 (Forfiture, destruction, and restitution) served upon VeriSign. A court order, signed by a judge.

Re:Due process anybody? (4, Informative)

gnuASM (825066) | more than 3 years ago | (#34505680)

However, this is not that particular domain seizure. This is a redirect to government servers ("spoofs", if you will) with no judicial oversight. Furthermore, there was no judicial order for VeriSign to act in such a deceptive manner in support of a government actor.

Your post only goes to prove the GPs issue on due process. If they were able to follow the rules then, why not now? This simply constitutes censorship until evidence and affidavit are submit to a judge in due process of law to obtain a writ. Only then does this become an injunction and not censorship.

Re:Due process anybody? (1)

Anonymous Coward | more than 3 years ago | (#34506714)

However, this is not that particular domain seizure. This is a redirect to government servers ("spoofs", if you will) with no judicial oversight. Furthermore, there was no judicial order for VeriSign to act in such a deceptive manner in support of a government actor.

Your post only goes to prove the GPs issue on due process. If they were able to follow the rules then, why not now? This simply constitutes censorship until evidence and affidavit are submit to a judge in due process of law to obtain a writ. Only then does this become an injunction and not censorship.

Okay, which "particular domain seizure" are you talking about? I had assumed we were talking about the Nov 29 seizure of 82 domains, which are listed here
http://www.ice.gov/doclib/news/releases/2010/domain_names.pdf [ice.gov] (WARNING: PDF)

Click on any of them (the PDF is hotlinked) and you will be sent to a page that clearly says "This domain name has been seized...pursuant to a seizure warrant issued by a United States District Court..."

Yes, the page in question is doubtless hosted by a government server, but what do you expect the Feds do with a domain that they've taken control of? Redirect all traffic to 4Chan?

Re:Due process anybody? (2)

SuricouRaven (1897204) | more than 3 years ago | (#34506678)

Which is all well and good, except that the internet isn't just a US thing. By asserting the authority to revoke the domain of a site hosted outside the US, by non-US citizens, for a non-US business, the US government is essentially claiming limitless jurisdiction: If you do anything on the internet, you'd better obey American law.

Re:Due process anybody? (1)

Junior J. Junior III (192702) | more than 3 years ago | (#34506486)

The issue here is due process, registrars should ignore any government "request" to remove or redirect a DNS entry unless it is ordered by a court of law.

The same applies to the former DNS provider for wikileaks, visa, mastercard and anybody else who stopped doing business with them just because they got a call from some government dude accusing them of illegal activity.

<sarcasm>OMGtERRORism! In a clear/present danger situation do we want to really wait around for niceties like court orders and other mamby pamby stuff? Executive branch needs this right now or they cannot effectively tyrranize. Why do you hate America stop sympathizing and giving aid to terrorists.</sarcasm>

Anything of these good? (1)

nine-times (778537) | more than 3 years ago | (#34505208)

It seems like there are potential problems here. With 4LW, I still need to memorize a set of 4 unrelated words for each site, and there's basically a single point of failure. Plus, as the article points out, it assumes a single domain name per IP address, and also IPv6 will complicate things.

P2P DNS seems like a good idea, but getting DNS from random services seems open to attack. One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing. I don't know that I really understand IDONS. I mean, to be totally honest, I'm not sure I really understand any of these alternatives.

Of course, you're going to need some kind of DNS. Things will only get worse when IPv6 gets going. Ideally I'd like to see something that is decentralized, includes record signing, allows for SSL public keys to be kept in DNS records (thereby eliminating most of the need for CAs), and does not allow for domain squatting or phishing to such an extreme degree. Anything fit that bill?

Re:Anything of these good? (1)

Magada (741361) | more than 3 years ago | (#34505794)

Signing should work. One simply(?) has to keep track of trustworthy signers.

Re:Anything of these good? (1)

tramp (68773) | more than 3 years ago | (#34505970)

At the moment there is nothing that fit that bill. At best you will get a shadow or underground system that will functioning concurrently with the current DNS-system. The impact will be too big for internet as a whole to kill off the current DNS-system imho.

TSA vs. the OpenPGP web of trust (3, Funny)

tepples (727027) | more than 3 years ago | (#34506146)

One way around this would be to have signed DNS records, but then you still need some kind of authority for the signing.

I would have kneejerk replied "try the web of trust", but that's under attack as a consequence of the actions of the U.S. Transportation Security Administration. The OpenPGP global web of trust relies on some users traveling hundreds of miles to key signing parties so that they can extend the web of trust by meeting well-known people living far from them. Otherwise, if Alice is trying to communicate with Bob, but nobody living near Alice has gone to a key signing party with someone living near Bob, they can't verify each other's keys. But the TSA with its "Rapist-scan" backscatter machines [wikipedia.org] and "gate rape" pat-downs is making it hard to travel such distances.

Pointless (1)

Bucky24 (1943328) | more than 3 years ago | (#34505242)

Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember.

While it's true that removing a DNS entry will stop a lot of people from getting to the site at first, eventually the IP will start going around, and anyone who really wants to will be able to access it again.

Re:Pointless (4, Informative)

rubycodez (864176) | more than 3 years ago | (#34505320)

most sites share a numeric IP with many virtual hosts. in that case, you need to put the desired host header field into your http request.

Re:Pointless (1)

sycorob (180615) | more than 3 years ago | (#34506008)

Also, DNS is for more than just convenience. We used to have various other systems to find the IP address of a host that we knew was out there (Archie?), and now DNS maps human-recallable names to an address.

Let's say the DNS entry for twitter.com was pulled down. What's the IP address for Twitter? I have no idea. Even if I Google it, the Google entry still points me to "http://twitter.com" We nerds could probably figure out a way around it; find somebody that posted the address somewhere, type it in manually, update our hosts file, etc. But to the vast majority of internet users that might be interested, wikileaks.org has effectively disappeared.

Interestingly, when you Google "wikileaks" right now, Google points you to http://213.251.145.96/ [213.251.145.96] I assume they had to hack that somehow, so kudos to Google. Since a lot of people apparently do a search for wherever they want to go rather than entering the URL, this may have less of an effect than the government would want.

Re:Pointless (0)

Anonymous Coward | more than 3 years ago | (#34506230)

Interestingly, when you Google "wikileaks" right now, Google points you to http://213.251.145.96/ I assume they had to hack that somehow, so kudos to Google.

I've encountered that multiple times, the actual cause seems to be technical users who pulled the IP address and posted it on some forum as a link; "XYZ.com is down you go to it here at a.b.c.d [b.c.d] "

Re:Pointless (2)

bored (40072) | more than 3 years ago | (#34506732)

We used to have various other systems to find the IP address of a host that we knew was out there (Archie?)

Standard NIS, still shipped on nearly every unix/clone can serve/receive hosts files, and a tweak of the nsswitch.conf file can make it precede DNS.

Re:Pointless (0)

Anonymous Coward | more than 3 years ago | (#34506822)

Interestingly, when you Google "wikileaks" right now, Google points you to http://213.251.145.96/ [213.251.145.96] I assume they had to hack that somehow, so kudos to Google. Since a lot of people apparently do a search for wherever they want to go rather than entering the URL, this may have less of an effect than the government would want.

Actually, you can do that yourself with the google webmaster tools. You can add various names for your site (commonly to put a www.domain.com and domain.com entry in) so google can associate links to either, then only ever link to your preferred format. I've not tried it, but it looks like you can do the same thing with an IP address, as long as that IP address will host the right page when you don't specify a hostname in the get request.

Re:Pointless (1)

inject_hotmail.com (843637) | more than 3 years ago | (#34505354)

Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember. While it's true that removing a DNS entry will stop a lot of people from getting to the site at first, eventually the IP will start going around, and anyone who really wants to will be able to access it again.

Not true. While many sites have a dedicated IP, a great deal are hosted on a virtual server where the IP address is the same for a large number of sites. If one attempts to connect to the website via its IP address, the browser will be given the default site for that server (depending on how the admin set it up). In a case where an admin wants to be reached by both domain name AND IP address, the IP address would have to be dedicated. Using an IP address also doesn't help if the website's designer uses absolute paths (gawd, yes, it still happens).

Re:Pointless (1)

TheNinjaroach (878876) | more than 3 years ago | (#34505608)

Using an IP address also doesn't help if the website's designer uses absolute paths (gawd, yes, it still happens).

"/story/" is an absolute path, since it takes you to the document root of the webserver. I think you are referring to a fully qualified path, where the domain name (and perhaps protocol) are also included.

In any case, /etc/hosts is your friend and will easily help you work around both problems without having to build your own HTTP headers or rewrite any URLs.

Re:Pointless (1)

inject_hotmail.com (843637) | more than 3 years ago | (#34505780)

Using an IP address also doesn't help if the website's designer uses absolute paths (gawd, yes, it still happens).

"/story/" is an absolute path, since it takes you to the document root of the webserver. I think you are referring to a fully qualified path, where the domain name (and perhaps protocol) are also included. In any case, /etc/hosts is your friend and will easily help you work around both problems without having to build your own HTTP headers or rewrite any URLs.

True! My mistake, I did indeed mean to say 'fully-qualified'. Modifying /etc/hosts will work, but, can you imagine the hassle that would create? As an aside, the Internet originally had no DNS servers...all names were resolved using /etc/hosts...and now, what's old is new again...let's devolve everyone! Thanks be to the democratic/republican governments loaded with tyrants!

Re:Pointless (1)

Bucky24 (1943328) | more than 3 years ago | (#34505646)

The only virtual-server setup that I've seen involves a separate (dedicated) IP address for each virtual domain on the server.

If you set up a free account with some web-host that gives you a subdomain, then yes, you would run into this problem, but any decent paid hosting plan (one that presumably involves a registered domain) gives said domain a separate IP.

I do agree with you on absolute paths though...

Re:Pointless (1)

inject_hotmail.com (843637) | more than 3 years ago | (#34505880)

The only virtual-server setup that I've seen involves a separate (dedicated) IP address for each virtual domain on the server. If you set up a free account with some web-host that gives you a subdomain, then yes, you would run into this problem, but any decent paid hosting plan (one that presumably involves a registered domain) gives said domain a separate IP. I do agree with you on absolute paths though...

That's a tough one, as all the hosting services out there are trying to conserve IPv4 addresses. I say each site deserves its own IP, but, who am I to say...We have a major telecom ISP that hosts thousands upon thousands of sites off of one IP address.

Re:Pointless (1)

anyGould (1295481) | more than 3 years ago | (#34505994)

Removing the main DNS entry is really quite pointless: anyone who really wants to get to the site can just enter the IP into the browser. DNS is simply "syntactic sugar" to make websites easier to remember.

I'm wondering if we'll just revert back to plain ol' IP addresses. We remember phone numbers, after all.

Re:Pointless (2)

Abcd1234 (188840) | more than 3 years ago | (#34506414)

Says the guy who evidentally doesn't realize DNS is more than just a simple name-IP mapping scheme.

DNS is what allows your email client to figure out who the mail exchanger is for a domain. Without it, email wouldn't work.

DNS allows for failover and round-robin load balancing for services.

DNS and the Host header make HTTP virtual hosting possible.

Dynamic DNS allows one to have a constant, logical name, even if an underlying IP is changing.

I'm sure there are many others... these are just the first few that immediately come to mind.

Re:Pointless (1)

awshidahak (1282256) | more than 3 years ago | (#34506458)

We do? I just press contacts on my phone and type in the name of the person. Of course, this is kind of like maintaining my own /etc/hosts file.

Curious (1)

Archangel Michael (180766) | more than 3 years ago | (#34505330)

On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites [slashdot.org] on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.

The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??

Re:Curious (1)

couchslug (175151) | more than 3 years ago | (#34505500)

"What then??"

Join or build a bigger gang, and mob deep when you roll.

That's really never been different, merely prettified and named different names.

Re:Curious (2)

Therilith (1306561) | more than 3 years ago | (#34505768)

a government with properly issued warrant shutting down websites.

I think the issue here is that the only reason people were generally ok with letting the US have that level of control was that they weren't supposed to kill access to a website for everybody on the planet simply because it was breaking a law in one country.

Arguments like "but it's located in the US, so it has to follow those laws" don't really work here since the whole point was that it wasn't supposed to be controlled by any one country, but it was too much of a hassle to make it properly international as long as the US behaved.

Re:Curious (1)

Archangel Michael (180766) | more than 3 years ago | (#34506752)

If you're a geek, then you understand the difficulty and ultimate futility of blocking a DNS entry to just the US and not the rest of the world truly is.

And exactly how was the US supposed to accomplish this impossible task?

If you suggest "international court", I'll laugh at you and call you arrogantly stupid. This is the same international community that thinks Libya is a good representative for human rights, and Obama was deserving of a Nobel Prize for his "potential".

Re:Curious (1)

anyGould (1295481) | more than 3 years ago | (#34506426)

On the one hand we have people championing DDOS attacks on websites via vigilante action which inflict damage to innocent websites [slashdot.org] on the other hand, many of these same people are protesting a government with properly issued warrant shutting down websites.

The question is, for those that support the former, and not the latter, exactly what kind of society you are really wanting where laws are meaningless and mobs rule? I'm sure you're fine with it until the mob ruling isn't your kind of mob. What then??

You're looking at it from an American point of view. If the US wants to block a website, that's their prerogative. But they blocked it *everywhere* - in the US, in Canada, in China, in Europe - everywhere. (And it just occured to me that they also gained the ability to see - at least for a limited time - *who* was going to those sites, which would explain why they didn't just blackhole the domains).

So look at it in reverse - if China (for instance) had provided a properly issued warrant demanding that a site be redirected to their servers worldwide, would you have a problem with it?

As for the Anonymous tactics, I think they're quite proportional to the tactics of the companies involved. To put it in pretty terms, they've discontinued service while an investigation into the legality of their actions takes place. Should only take, oh, 90 days or so? :)

(Sadly, not l33t enough to be part of the DDOS.)

Re:Curious (1)

Archangel Michael (180766) | more than 3 years ago | (#34506764)

SO, exactly, how does one Partially block a website in the US?

let's also break the SSL certificate cartel (1)

rubycodez (864176) | more than 3 years ago | (#34505368)

let's also have an open, distributed, trustable system for ssl certificates where I don't have to line the pocket of a Versign or other agency to have SSL communication. Ever try to get Android or such to work with SSL gatewayed systems, can be very painful the current way

Re:let's also break the SSL certificate cartel (0)

Anonymous Coward | more than 3 years ago | (#34505476)

By definition, that doesn't work. A certificate is the product of a certification authority, and it certifies you are who you say you are. You're talking about web of trust. Very different model, and even less trustworthy than a CA.

Freenet (5, Insightful)

goldarg (227346) | more than 3 years ago | (#34505452)

Instead of re-inventing the wheel Why not try out a existing darknet in the form of Freenet http://freenetproject.org/ [freenetproject.org] or i2p http://www.i2p2.de/ [i2p2.de]

Re:Freenet (1)

Anonymous Coward | more than 3 years ago | (#34506786)

Try VoIP over Freenet and tell me how well that works.

From the P2P DNS project wiki (1)

icebraining (1313345) | more than 3 years ago | (#34505462)

We currently believe the best way to create a stable environment for TLDs is to enact a central authority. We know this will cause much argument within the community, but we have made the decision that we believe will be best for the continued development of this project.

http://dot-p2p.org/index.php?title=Main_Page#Announcement [dot-p2p.org]

Really?

Re:From the P2P DNS project wiki (1)

jimktrains (838227) | more than 3 years ago | (#34506544)

I forked the project and a couple people came with me.

http://dnsp2p.gp5st.com/w/index.php?title=Main_Page [gp5st.com]

We want a fully decentralized dns system. We're currently discussing ideas and reading acedemic articles on DHT security and attacks.

FBI and Counterfeits (0)

xkr (786629) | more than 3 years ago | (#34505632)

A year ago I ordered something from ebay and it was counterfeit. The seller refused to take it back and ebay refused to refund for something like 90 days. I was so pissed I sent a letter to the FBI with names and addresses. I received a nice phone call from the SF FBI office telling me that they did not have enough staff to go after anything less than $10,000 and typically more like $100,000, He also told me they have a handful of agents working inside ebay.

I told the ebay people they were clearly a bunch of criminals themselves and they decided to refund me immediately.

I love amazon.

Can anyone suggest a better system for outing the tiny fraction of bad guys? The current system is clearly not very effective. Chopping off the head because the fingers are slippery is not how a society should work.

How many itworld articles today? (0)

Anonymous Coward | more than 3 years ago | (#34505648)

Someones hit count must be low.

A lot of responses here keep pointing to I2P (1)

Burz (138833) | more than 3 years ago | (#34506780)

...or something a lot like it. Ive been using I2P for over a year and the more censorship and surveillance fiascos I see in the news the more invaluable it seems.

1. 'The issue is due process.'

What about coping with an absence of due process? What about communicating and organizing around the need for due process? You need a way around centralized control in the first place in order to bring pressure to bear and undermine establishment false propaganda.

2. 'DNS is being abused and IP addresses blocked'

Some anonymous networks like I2P overlay a virtual mesh topology over the Internet's topology of centralized control points. Each I2P node employs onion-like routing and uses public keys as addresses. Though the popular DNS services on I2P could censor domains, access to the addresses cannot be blocked (and its easy to change to a different DNS provider anyway)... plus even physical eviction from a real-world uplink and IP address cannot make you give up your I2P key address (you always keep your same I2P identity until you alone erase/replace your key).

3. 'A certificate cartel is abusing their power'

See #2 above. On a net like I2P, your net address is a crypto-verified identity as well. A side-benefit is that all links (except proxies leading outside the I2P net) are secure.

4. 'Use Freenet'

Freenet tends to lack in speed and in the types of applications you can use it for. I2P is like an anonymized Internet, flexible and relatively quick. Also see this post that contrasts Tor with I2P. [slashdot.org]

5. 'Use P2P DNS'

If the P2P DNS project believes a central authority is required for their vision, then they can still be taken out by a government or small group of governments. OTOH, their central authority over I2P could be a nice backup to the simple and switchable I2P DNS.

Further, even sites and users that have been removed from I2P's usual DNS sites can still participate in P2P applications like bittorrent.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?