Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Consultants Warn About PROTECT-IP Act

samzenpus posted more than 3 years ago | from the danger-danger-danger dept.

Security 298

epee1221 writes "Several security professionals released a paper raising objections to the DNS filtering(PDF) mandated by the proposed PROTECT-IP Act. The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws. ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent. The paper notes that a DNS server which has been compromised by a cracker would be indistinguishable from one operating under a court order to alter its DNS responses. The measure also points to a possible fragmenting of the DNS system, effectively making domain names non-universal, and the DNS manipulation may lead to collateral damage (i.e. filtering an infringing domain may block access to non-infringing content). It is also pointed out that DNS filtering does not actually keep determined users from accessing content, as they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known. A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.' Paul Vixie, a coauthor of the paper, elaborates in his blog."

cancel ×

298 comments

Sorry! There are no comments related to the filter you selected.

Decay? (5, Insightful)

wsxyz (543068) | more than 3 years ago | (#36796794)

When was the Internet anything other than a "lawless wild west"?

Re:Decay? (1)

Mashiki (184564) | more than 3 years ago | (#36797116)

Since 10 minutes ago. I declare it now, so they can't change how it exists.

Wrong, there are laws, and this breaks one of them (5, Interesting)

SuperKendall (25149) | more than 3 years ago | (#36797128)

When was the Internet anything other than a "lawless wild west"?

The internet is the wild west, but it is far from lawless... it just so happens that there are very few laws.

One of those laws is the trustworthiness of DNS. The proposal at hand is actually one that makes the internet MORE lawless, not less, as DNS falls utterly as the (relatively) trustworthy backbone of the internet it has been until today.

Who would knowingly point to a DNS server that might mislead them after this is passed? I sure wouldn't.

Re:Wrong, there are laws, and this breaks one of t (2, Insightful)

wvmarle (1070040) | more than 3 years ago | (#36797222)

The vast majority of Internet users doesn't know their DNS, they probably don't even know what DNS is. They just open their browser (better known as "the Internet"), enter www.slashdot.org and expect to be able to read News for Nerds, Stuff that matters. Maybe not the best example but I bet you get the point.

typical users lack the expertise to select a different DNS server

is definitely a true statement.

Re:Wrong, there are laws, and this breaks one of t (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36797258)

the point is that will change in about 3 days across the USA if the USA tries this. It's not the first country to try DNS filtering, and perhaps despite what recent history might lead one to believe, americans aren't significantly more stupid than people in other countries, which nowadays routinely route around incompetent government/corporate attempts to censor the net.

Re:Wrong, there are laws, and this breaks one of t (3, Insightful)

c0lo (1497653) | more than 3 years ago | (#36797286)

typical users lack the expertise to select a different DNS server

is definitely a true statement for the present.

FTFY.

And it is so just because the DNS infrastructure worked by very unsophisticated rules - good enough for everybody - unsophistication which allowed the rules remain hidden. Break them and more people will start looking into how to mend them in their own way - one may not like some ways of mending.

Re:Wrong, there are laws, and this breaks one of t (4, Insightful)

greenbird (859670) | more than 3 years ago | (#36797318)

typical users lack the expertise to select a different DNS server

is definitely a true statement.

What it is is bullshit. There would be directions floating around everywhere written at a second grade level on how to do it. If they couldn't figure it out from there they'd ask that tech suave friend or relative to do it. Linux would come pre-configured to hit OpenDNS.

Where in the problem lies is that half the instructions floating around would be pointing to compromised servers. Thus by eliminating the trust aspect that is key to DNS working and making DNSSEC essentially illegal they're going to create exactly what they claim to be trying to prevent, turning the internet into a lawless wild west. I find it absolutely amazing that congress is going to pass a law that will make implementing security measures on the internet illegal. Tells you how deep our government representatives are in the pockets of the RIAA/MPAA crowd.

Re:Wrong, there are laws, and this breaks one of t (1)

Anonymous Coward | more than 3 years ago | (#36797330)

The vast majority of Internet users doesn't know their DNS, they probably don't even know what DNS is. They just open their browser (better known as "the Internet"), enter www.slashdot.org and expect to be able to read News for Nerds, Stuff that matters. Maybe not the best example but I bet you get the point.

typical users lack the expertise to select a different DNS server

is definitely a true statement.

Not very true at all. Changing DNS to a 3rd party server is trivial, there are all kinds of posts all over the internet especially in gaming and hacking/pirating forums. If they start trying to push this type of system, "how-to" docx and websites will pop up all over the place, and people will start running underground, shady DNS servers.

I'm fairly cynical regarding the average user's ability to tie their shoes, let alone do anything with a computer. But a shitload of people managed to get Kazaa installed and share music and movies, and to be blunt that's more involved than browsing to a local network IP, entering a default password, and typing one IP address into the DNS settings on your router.

Re:Wrong, there are laws, and this breaks one of t (0)

Anonymous Coward | more than 3 years ago | (#36797260)

Rule #1 of the Internet: Don't Break DNS.
Rule #2 of the Internet: Don't Break DNS The Other Way.
(Rule #3 of the Internet: Don't Break BGP - but that's not relevant here)

There may be a few more, but those are the big ones that I can think of. Violating Rules #1 and #2 indicate that you either have no clue how the Internet works, or you know just enough to be dangerous. Either way, Don't Do That.

Re:Wrong, there are laws, and this breaks one of t (1)

c0lo (1497653) | more than 3 years ago | (#36797272)

When was the Internet anything other than a "lawless wild west"?

The internet is the wild west, but it is far from lawless... it just so happens that there are very few laws.

One of those laws is the trustworthiness of DNS. The proposal at hand is actually one that makes the internet MORE lawless...

Indeed. Funny thing, this requires judges and lawyers being woven into the fabric of internet - I don't like the idea.

Re:Wrong, there are laws, and this breaks one of t (3)

BlueStrat (756137) | more than 3 years ago | (#36797394)

When was the Internet anything other than a "lawless wild west"?

The internet is the wild west, but it is far from lawless... it just so happens that there are very few laws.

One of those laws is the trustworthiness of DNS. The proposal at hand is actually one that makes the internet MORE lawless...

Indeed. Funny thing, this requires judges and lawyers being woven into the fabric of internet - I don't like the idea.

And politicians.

Don't forget the damned politicians.

Politicians, lawyers, and judges.

The Unholy Trinity.

Of course, it was inevitable that a source of such wealth, information, and power available to the unwashed such as the internet would become a target for control for such as they.

It had to happen. They by their very nature are unable to tolerate anything that empowers regular people unless it's been made "safe"..."safe" from use against *them* by the people, and "safe" against regular people using it to communicate information, ideas, and wealth created independently from, and unmonitored by, those in power.

I'm surprised the freedom of the internet hasn't been attacked more intensely and with more determination than it has at this point in the 'net's history.

I guess looting the country and the citizens while trying to turn it into a Third-World hellhole takes most of their attention. It must be really hard work, too, judging by the number of vacations they take on the taxpayer's dime.

Strat

Re:Wrong, there are laws, and this breaks one of t (1)

c0lo (1497653) | more than 3 years ago | (#36797430)

Indeed. Funny thing, this requires judges and lawyers being woven into the fabric of internet - I don't like the idea.

And politicians.

I wasn't forgetting them... just that they seem to be already entangled in/with the internet - ever since the somebody "explained" them the internet is like a series of tubez [wikipedia.org] . To date, on purpose or not, the confusion persists.

The judges and lawyers would be new additions.

Re:Wrong, there are laws, and this breaks one of t (1)

BlueStrat (756137) | more than 3 years ago | (#36797476)

You're correct, of course. I just didn't want the Unholy Trinity to go unmentioned and possibly be missed by someone not already well aware.

I thought about going for the "series of tubes" thing, but decided the straighter, more philosophical(?) approach might be more effective.

But, who am I really kidding? This is Slashdot, that needs a car analogy for nearly every concept. :)

Strat

Re:Decay? (-1)

Anonymous Coward | more than 3 years ago | (#36797140)

how long does it take a black woman to take a shit? about nine months.

why do niggers keep chickens in their yards? to teach their kids how to walk.

why is it ok to have a Cracker Barrel but not ok to call KFC the Nigger Bucket?

why is Stevie Wonder always smiling? he doesn't know he's black.

what do you say if you wake up in the mddle of the night, it's dark, and your TV seems to be levitating? DROP IT NIGGER!

why are niggers getting bigger and stronger? TVs and stereos are getting heavier.

why do black women wear blue contacts and dye their hair blonde? so black men will date them.

typical users (5, Insightful)

buback (144189) | more than 3 years ago | (#36796800)

15 years ago, 'typical users' didn't know how to use napster. 6 years ago, 'typical users' didn't know how to bittorrent.

This kind of argument shows how little they've learned.

Re:typical users (4, Informative)

CSMatt (1175471) | more than 3 years ago | (#36796870)

15 years ago, 'typical users' didn't know how to use napster

I should think not, since Napster didn't exist until 1999. [wikipedia.org]

Re:typical users (1)

MyFirstNameIsPaul (1552283) | more than 3 years ago | (#36796996)

As a typical user in 1999, I knew how to use Napster, and so did all the other typical users I knew.

Re:typical users (1)

Cwix (1671282) | more than 3 years ago | (#36797040)

Fine 12 years.

Quit being pedantic.

Re:typical users (0)

Anonymous Coward | more than 3 years ago | (#36797400)

Quit whining because you made a mistake and were called out for it.

Re:typical users (5, Insightful)

TubeSteak (669689) | more than 3 years ago | (#36797042)

The typical user knows exactly as much as they need to (or slightly less) in order to go about their business.
When schools and businesses started filtering video/social networking/etc the "typical" user was introduced to web based proxies.
If the **AA manages to push through DNS tampering, the typical user will be introduced to alternative DNS servers and even more proxies.

The internet routes around damage.

Precisely (3)

Sycraft-fu (314770) | more than 3 years ago | (#36797192)

In particular, because these sorts of things would get asked about and talked about. People would learn "Just enter these numbers under DNS and stuff will work again," and they'd do it. Setting DNS servers is not complex, users can easily be taught how to do it, just nobody bothers because they needn't do so. DHCP hands them out and it makes sense to use the ones your ISP provides as they are usually the fastest for you. However it isn't some major technical feat to enter the numbers in the box. There would be sites out there listing unfiltered DNS servers and people would just copy and paste.

politicians (hock...patoooiiiii) (3, Interesting)

xmundt (415364) | more than 3 years ago | (#36796804)

Greetings and Salutations....
          Why does this seem like one of those "feel good" laws that politicians pass to get brownie points with their followers, rather than to actually address and fix a problem?
            I am more and more convinced that attempts to regulate the Net are a bad idea, and, any official that attempts to do this should be voted out of office or recalled.

Re:politicians (hock...patoooiiiii) (5, Insightful)

DigiShaman (671371) | more than 3 years ago | (#36796924)

That's the intent. To create a law that addresses one political issue while at the same time creating several new problems. THIS IS BY DESIGN. It's the political gift that keeps on giving back to legislatures. It's purely justification to expand the government at the expense of public tax dollars. How in the fuck this is news to anyone proves we still live in a sick, sad world. It should be ingrained into every child from birth that large government = evil!

Re:politicians (hock...patoooiiiii) (1)

reiisi (1211052) | more than 3 years ago | (#36796982)

Adding a little from the quote that got cut precariously close to out of context:

“Here's the bottom line: We rely on the Internet to do too much and be too much to let it decay into a lawless Wild West. We are confident that America's technology community, which leads the world in innovation and creativity, will be capable of developing a technical solution that helps address the serious challenge of rogue sites,” said Paul Brigner, chief technology officer at MPAA.

In other words, "our geeks are Gods, and they'd damned sure better do our bidding!"

I'm thinking this is the same kind of political behavior that caused that incident with a tower in Babel. (Whether you take the Bible literally about that or not, the metaphor is quite instructive [lds.org] .)

Re:politicians (hock...patoooiiiii) (0)

Anonymous Coward | more than 3 years ago | (#36797244)

aww yeah getting down with the lsd! i mean lds... whatever so similar can't tell them apart.

Re:politicians (hock...patoooiiiii) (0)

Anonymous Coward | more than 3 years ago | (#36797300)

These degenerate politicians can't balance the budget, set term limits, stop any war or war profiteering, get their act together on sensible drug laws, but they sure can move mountains when it comes down to corporate hand-outs. These pork barrel perverts have done enough, it's time they go to jail, and I don't mean club fed.

Re:politicians (hock...patoooiiiii) (0)

Anonymous Coward | more than 3 years ago | (#36797356)

Never attribute to malice that which can be explained by ignorance.

Re:politicians (hock...patoooiiiii) (1)

AlamedaStone (114462) | more than 3 years ago | (#36797480)

Never attribute to malice that which can be explained by ignorance.

Sufficient levels of ignorance are indistinguishable from malice.

Re:politicians (hock...patoooiiiii) (0)

Anonymous Coward | more than 3 years ago | (#36797360)

It should be ingrained into every child from birth that large government = evil!

That's simplistic drivel. Scandinavian countries are heavy on the government, and they have some of the happiest, healthiest citizens in the world. The problem with the US is the Military-Industrial Complex. Read Eisenhower's exit speech.

Re:politicians (hock...patoooiiiii) (1)

c0lo (1497653) | more than 3 years ago | (#36797044)

Greetings and Salutations....
Why does this seem like one of those "feel good" laws that politicians pass to get brownie points with their followers, rather than to actually address and fix a problem?

This is by design [despair.com]

I am more and more convinced that attempts to regulate the Net are a bad idea, and, any official that attempts to do this should be voted out of office or recalled.

Yes... but nothing new [despair.com] and it must not be restricted only to the Net.

Re:politicians (hock...patoooiiiii) (1)

rohan972 (880586) | more than 3 years ago | (#36797060)

Why does this seem like one of those "feel good" laws that politicians pass to get brownie points with their followers, rather than to actually address and fix a problem?

Possibly that is what it is designed to be. The politicians who voted for it might have wanted to raise the money for their next election campaign from the MPAA without closing off their kids access to free content.

Idiots (5, Insightful)

governorx (524152) | more than 3 years ago | (#36796806)

The typical users will quickly learn how to set their DNS providers if this comes to pass.

Re:Idiots (3, Insightful)

moj0joj0 (1119977) | more than 3 years ago | (#36796888)

The typical users will quickly learn how to set their DNS providers if this comes to pass.

Say rather that the users who are interested will quickly learn.

ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent.

We shouldn't forget the massive amounts of users that are oblivious to nearly any of this. DNS, IP Addresses, Routing protocols and all the rest of the "magic" of the Internet is well past their horizon. Please keep in mind how reasonable this would appear to the average Jane and Joe Six-Pack.

The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws.

On the surface this looks like a great thing. Understanding the technology or anything past double-clicking the blue "e", or perhaps clicking a link in their e-mail, is not something a more advanced user should expect. While we can understand the potential difficulties and pitfalls that come with this sort of meddling, I don't think we should see them as so obvious that the basic user will also see them.

Re:Idiots (1)

rrohbeck (944847) | more than 3 years ago | (#36796952)

You don't need to understand how it works. All that is needed is a website with a few screenshots that show how to change the DNS server. Even grandma can do that.

Re:Idiots (1)

moj0joj0 (1119977) | more than 3 years ago | (#36797034)

My point is that they will not see the need.

Re:Idiots (1)

1u3hr (530656) | more than 3 years ago | (#36797384)

My point is that they will not see the need.

When the content they want is blocked, they will. They'll complain in whatever forums, social media they use and will be directed to a how-to to fix it.

In no time there will be Firefox plugins, etc to make it completely painless.

Re:Idiots (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36796980)

That may be true, but I've seen otherwise relatively technically-illiterate users solve problems - like the ones this may cause - by simply following tutorials. They may not *understand* what a dns server does, but if they can follow instructions, they can fix the problem.
Also, don't underestimate the power of friends providing help - One semi-knowledgable user + Google can help dozens of users to make the switch if needed.

As such, I think most freeloaders & normal users will end up changing DNS if needed(i.e. if something they try to do stops working), even if they don't really understand what they're doing.

Re:Idiots (5, Insightful)

black3d (1648913) | more than 3 years ago | (#36797030)

How can that be a good thing by any means? "Deemed to be infringing" is extremely broad. I've had cease and desists sent to my own website for MP3s of my own music which I own entirely. With this law, they don't even need to attempt to prosecute me. They just file notice with the court that my domain is "infringing" and suddenly my hits go to 0. I have no right of reply as I've never been served.

I intend no personal insult, but you seem to forget that what the US courts deem as "infringing" draws no parallels to actual international copyright law. For example, a site which contains no pirated material but contains links to it, is considered as infringing under US copyright laws (see DMCA). If you haven't noticed, the MPAA and RIAA will stop at nothing and have no qualms about how many people they inconvenience. Baidu.cn contains an MP3 section. Does it host MP3s? No. Does that matter to a court which orders all ISPs to block access to Baidu as a result? Of course not.

This law like this gives the MPAA the legal right to have Google.com blocked until it removes all links to pirated material. I don't believe they'd hesitate for a second. Although TBH, they probably need it, in order to search for more meta sites which may or may not link to "deemed infringing" material. Like my personal music.

While of course, this horrific scenario may not occur, the point is, this will allow the MPAA to go nuts. They don't care if they knock out 10,000 sites like my own. They don't have to serve me, so there's no case to win. And when they get it wrong, I can't sue the MPAA, because the MPAA didn't make the "ruling", the court did.

They'll happily have Metacafe block because some video has a soundtrack they own, or have any NNTP Usenet provider closed because, despite all their legal offerings, they can be deemed to be serving infringing material. A Safe-Harbour doesn't apply here as they're not actually filing a DMCA takedown. They're just having the court look at all the pirated material and say "this means ISPs have to block them." Goodbye Giganews. I'm sure such sites can go through and remove all material deemed infringing, but exactly how do you go about doing this? MPAA doesn't care - they only have to prove one instance of pirated material. Yet before, say, Giganews can file an appeal, they have to go about removing all potentially infringing material from their usenet mirror? For that matter, how does Google go about removing all links to "potentially infringing" material from their servers?

Re:Idiots (0)

Anonymous Coward | more than 3 years ago | (#36797200)

Silence, child. Passing laws which try and fail to prevent the potential loss of potential profit is of utmost importance. Who cares about collateral damage? Who cares about users?

Re:Idiots (0)

Anonymous Coward | more than 3 years ago | (#36797336)

Your first mistake is assuming the Common Law === Common Sense.

Re:Idiots (2)

1u3hr (530656) | more than 3 years ago | (#36797210)

Say rather that the users who are interested will quickly learn.

There will be simple one-click apps to do it for the rest. And shortly after, Trojans masquerading as such.

Re:Idiots (2)

wvmarle (1070040) | more than 3 years ago | (#36797252)

The typical users will quickly learn how to set their DNS providers if this comes to pass.

Say rather that the users who are interested will quickly learn.

And the ones that are hit by such filtering are probably also the ones that are interested to route around it. If only by posting on their local message board "The Internetz seem broken, I can't reach The Pirate Bay any more!", likely quickly replied to by someone giving some overseas DNS and telling them how to change their settings to use that one. The ones that aren't affected will not change their settings, but then they're not affected to begin with so no reason for them to change it in the first place.

Re:Idiots (2)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36796998)

The typical users will quickly learn how to set their DNS providers if this comes to pass.

Unfortunately, some unknown; but nontrivial, number of them will learn to set their DNS providers by obtaining from an incrementally more clueful friend and running "l33tt0rr3ntz_DNS_Crack.exe". This will, in fact, recofigure their system's DNS settings to point to somewhere in the free world; but it might, well, invite a few buddies in...

Re:Idiots (0)

Anonymous Coward | more than 3 years ago | (#36797362)

The typical users will quickly learn how to set their DNS providers if this comes to pass.

Unfortunately, some unknown; but nontrivial, number of them will learn to set their DNS providers by obtaining from an incrementally more clueful friend and running "l33tt0rr3ntz_DNS_Crack.exe". This will, in fact, recofigure their system's DNS settings to point to somewhere in the free world; but it might, well, invite a few buddies in...

Why go to those lengths? If you're running the DNS server, you can just wait for a specific client to request a specific site, say their online bank, and then returned a fully custom-crafted poisoned DNS record which sends them to your phishing site, which is a transparent https proxy.

Re:Idiots (1)

c0lo (1497653) | more than 3 years ago | (#36797062)

The typical users will quickly learn how to set their DNS providers if this comes to pass.

One good reason to actually go ahead and try to screw the net. For this very reason, I wonder if it wouldn't actually worth encouraging them to do it.

Re:Idiots (3, Interesting)

AmberBlackCat (829689) | more than 3 years ago | (#36797076)

My nieces and nephews all got MacBooks issued to them from their school. Just like the ones in that webcam scandal. So the school had a firewall installed that was supposed to block inappropriate sites. It was amazing how fast people, who had never owned a computer before, learned how to use a proxy, and learned to put that s on the end of https because apparently the firewall didn't filter sites using ssl. And one of the first things they learned was electrical tape defeats the webcam.

Cousins got iPhones. It was amazing how people who didn't even know what firmware was learned the concept of jailbreaking. No, they didn't all know how to do it. But they knew how to go on Facebook and ask "does anybody know how to jailbreak an iPhone"?

The moral of this story is, if you try to take it away and there is a way to get it back, they'll find it even if they have no idea how to do it right now. It's not that they're incapable of learning. It's they have had no reason to up until now.

Re:Idiots (1)

whiteboy86 (1930018) | more than 3 years ago | (#36797088)

It looks like PROTECT-IP will force Google to delist those sites anyway, once off the indexes, it will be very hard to find them, DNS blacklisted or not. That could cause a secondary underground internet to rise, with their own "black DNS" servers and search engines.

Re:Idiots (1)

nzac (1822298) | more than 3 years ago | (#36797204)

Don't over sensationalise it you will just go to a site that links (possibly using the direct ip address) to another site that has no 'illegal' content but is outside the US that has an IP link to the desired site. Provided the IP is static enough no DNS is ever needed. Just add more links as the law tries to catchup.

I would think this process could be made automatic with various scripts. Inventing a new DNS standard will not be fast enough to catch up with some obvious and already implemented web 'standards' and they will become the standard method of bypassing it.

I think the phone book analogy is pretty good here. It makes it easy but there are ways to bypass it like ringing up a mate who has the useful numbers written down

bye-bye Google (1)

tebee (1280900) | more than 3 years ago | (#36797516)

So if they do force Google to de-list, what is to stop Google continuing to list them on it's local sites outside the US? So everyone switches to using Google.co.uk? Or Google could move it's .com servers outside the US like it did with China.

You can be sure Google will be dong it's best to let people find those sites, as not only does this censorship go against the Google creed but it also knows that if people can't find what the want on Google they will switch to another search provider and bang go Google's advertising revenues.

There may be new search providers who appear out of the ether to fill the gap, and while they can ban these too, one thing you can be certain of, they will not be based in the US. One more nail in the coffin of the US as the major internet player.
 

Browser plug-in (1)

Mr. Underbridge (666784) | more than 3 years ago | (#36797282)

They won't even need to know what a DNS is. They'll just download the 'get your free music' extension for firefox. Which will, of course, require them to download a browser that isn't IE, but their nephew/sister/uncle/cool geek in their dorm knows how to do that stuff so its OK.

Sort of lowers the technical bar for circumventing this crap. It'll also move the fight from DNS to the browser level, which will be fuggin' awesome.

What an opportunity! (0)

Anonymous Coward | more than 3 years ago | (#36796810)

A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server

I'm going to get rich, starting now to create an innovative program named "DNS-server-changer". Everybody will buy it, I can patent-troll IBM and Microsoft and I also get money from Anonymous to redirect everybody through their network.

typical users (2)

Joce640k (829181) | more than 3 years ago | (#36796814)

Experts: "they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known"

MPAA: "typical users lack the expertise to select a different DNS server"

Dear MPAA,

What about the other half of the expert's statement? Typical users are perfectly capable of typing in four numbers with periods between them. Web links and bookmarks can be IP addresses. etc.

Re:typical users (0)

Anonymous Coward | more than 3 years ago | (#36796844)

The fun part is that the people who are trying to access the content that this is meant to block are /exactly/ those who would take the 5 minutes needed to learn how to get around them. You think Mr. Pedofiend is going to go "oh man, Cox blocked nakedbabies.com! Guess I'll quit!"? Or you think he'll go "oh man, Cox blocked nakedbabies.com! Let's google how to get around that."

Re:typical users (1)

Joce640k (829181) | more than 3 years ago | (#36796898)

The really fun part is that this actually takes away some government control. Monitoring of DNS lookups at your ISP is a useful way for the feds to track what sites you're visiting. By forcing you to use IP addresses directly they're cutting out the middle man and it will be harder to track you.

direct IP addresses (2)

reiisi (1211052) | more than 3 years ago | (#36797002)

No, their use is not particularly harder to track.

Re:typical users (2)

scdeimos (632778) | more than 3 years ago | (#36797446)

No ISP I've ever worked at logged DNS requests and responses. Not for law-enforcement purposes, anyway. All your usage bills are based on traffic crossing the border routers - you can rest assured the src and dst IPs on every single one of those packets is recorded and linked to your account.

Re:typical users (0)

Anonymous Coward | more than 3 years ago | (#36796904)

Well, for kiddie porn and other criminal matters "google how to get around that" may just leave you the evidence your investigation needs. Of course, since the vast majority of internet copyright infringement is not criminal, and LE won't be involved, it won't affect pirates much at all.

And for the GP's discussion re:IP addresses: Maybe 10 years from now it'll matter, when most pirate sites can't afford an IPv4 and IPv6es are still a bitch to type, but of course you can still link to an IPv6 directly.

Re:typical users (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36796990)

Heck, I'd not consider that a problem at all - Why type a number when you can copy and paste the value?

Re:typical users (0)

Anonymous Coward | more than 3 years ago | (#36797072)

Even better, we could create a system that let people type a name, and get directed to the appropriate server. We could call it Name Lookup Service. Then, we could create an entire secondary market where we could sell Names in the lookup service.

Golly, this is starting to sound familiar.

Re:typical users (0)

Anonymous Coward | more than 3 years ago | (#36797298)

Easier still,

a url like: http://12.3.4.5/foo/bar/baz
is just as valid as: http://exampleblockedsite.com/foo/bar/baz

People are just going to start putting IP addresses in URIs instead of domain names, and the DNS breakage will be rendered irrelevant.

Then what will happen next is they will try and force web browser developers to include blocked site lists, which will be thwarted by users replacing or deleting those block lists.

Then I suppose they will attempt to mandate transparent proxies with content filters on all consumer broadband connections...

At this point it's likely users will probably switch to use of another information distribution system, like I2P.

Censorship is always doomed to failure, especially when it is attempted against a population that was previously free from censorship.

Re:typical users (0)

Anonymous Coward | more than 3 years ago | (#36797418)

a url like: http://12.3.4.5/foo/bar/baz [12.3.4.5]

is just as valid as: http://exampleblockedsite.com/foo/bar/baz [exampleblockedsite.com]

Except for Host-Header sites, which is like most of them.

Kay Bailey Hutchison defends PROTECT-IP (5, Informative)

paulsnx2 (453081) | more than 3 years ago | (#36796826)

I sent my senator a short message detailing many of these concerns about the PROTECT-IP bill. You might be interested in her response.... WARNING: Don't read any further if you still have hope that senators can understand and address technology issues....

Dear Friend:
          Thank you for contacting me regarding the Federal Communications Commission's actions relating to the openness of the Internet. I welcome your thoughts and comments.

          The Internet is a valuable tool that facilitates business, education, and recreation for millions of Americans. In 2009, an estimated 198 million Americans had access to the Internet. I am committed to ensuring that consumers continue to benefit from the Internet as an open platform for innovation and commerce.

          Instrumental to the success of the Internet is the long-standing policy of keeping the Internet as free as possible from burdensome government regulations. Increased investment in upgrading and expanding America’s communications infrastructure, and, in particular, new broadband networks, will ensure that all Americans have access to affordable high-speed Internet. However, in my judgment, intensified regulation of the Internet, such as government-mandated treatment of data, would stifle competition and would decrease the incentive for network operators to invest in critical infrastructure.

          The case for additional broadband regulatory authority, or “net neutrality,” has not effectively been made. Broadband investment began to truly flourish when the Federal Communications Commission (FCC) made a decision in 2002 to remove advanced communications technologies from the antiquated common carrier regulatory framework. However, advocates of a larger regulatory footprint have continued to call for net neutrality since 2006.

          Unfortunately, the FCC chose to respond by beginning a new proceeding that would reverse the 2002 decision to treat advanced communications services with a "light touch" regulatory approach. On December 21, 2010, by a 3-2 vote, the FCC adopted new rules meant to impose a net neutrality regime on broadband services. I believe these new regulations represent an unprecedented power grab by the Commission to claim regulatory jurisdiction without Congressional authority. This FCC action threatens investment and innovation in broadband systems, places valuable American jobs at risk, and may subject communications companies to new legal liability in the management of their networks.

          In response to the FCC's heavy-handed order, I intend to explore every option available to me to keep the Internet free from such burdensome regulations, including introducing a resolution of disapproval in an effort to repeal the new rules. As the Ranking Member of the Senate Commerce, Science, and Transportation Committee, which has jurisdiction over the FCC, I will continue to work to prohibit further net neutrality-based regulations.

          I appreciate hearing from you, and I hope that you will not hesitate to contact me on any issue that is important to you.

Sincerely,
Kay Bailey Hutchison
United States Senator

284 Russell Senate Office Building
Washington, DC 20510
202-224-5922 (tel)
202-224-0776 (fax)
http://hutchison.senate.gov/ [senate.gov]

PLEASE DO NOT REPLY to this message as this mailbox is only for the delivery of outbound messages, and is not monitored for replies. Due to the volume of mail Senator Hutchison receives, she requests that all email messages be sent through the contact form found on her website at http://hutchison.senate.gov/?p=email_kay [senate.gov] .

If you would like more information about issues pending before the Senate, please visit the Senator's website at http://hutchison.senate.gov/ [senate.gov] . You will find articles, floor statements, press releases, and weekly columns on current events.

Thank you.

Re:Kay Bailey Hutchison defends PROTECT-IP (2)

ilumits (556634) | more than 3 years ago | (#36796936)

I think she sent you the wrong form response. What's amusing is that if she's against government regulation of the Internet, then undoubtedly she should oppose the PROTECT-IP Bill.

I'm guessing that's not the case.

Re:Kay Bailey Hutchison defends PROTECT-IP (3, Informative)

rrohbeck (944847) | more than 3 years ago | (#36796970)

I think she wouldn't know the difference and this is the form response to any complaint about the tubes.

It pertains (1)

SuperKendall (25149) | more than 3 years ago | (#36797150)

I think she sent you the wrong form response.

Yes and no.

Yes her staffer misread whatever his complaint was.

But no, she did not send the wrong response. If PROTECT-IP does not pass, how better to advance the same cause than to add it as further regulation under the umbrella of net neutrality? Once you are mandating how an ISP run "Ze Tubes" it's a very short hop away indeed from telling them they also need to obey a blacklist of IP addresses to be provided by the government... indeed that's probably the other prong of a two-part attack, since PROTECT-IP is all about not being able to find something, whereas an IP blacklist would prevent you from visiting it even if you used an alternate DNS.

Re:Kay Bailey Hutchison defends PROTECT-IP (1)

Anonymous Coward | more than 3 years ago | (#36797016)

For the record, I emailed Dianne Feinstein (D-CA) and she's in support of the bill. She's in the "we need to strengthen copyright to protect creators" camp. Sad...

Re:Kay Bailey Hutchison defends PROTECT-IP (1, Insightful)

DigiShaman (671371) | more than 3 years ago | (#36797082)

She's a Democrat from California. Did you really anything different from her?

Re:Kay Bailey Hutchison defends PROTECT-IP (0)

Anonymous Coward | more than 3 years ago | (#36797240)

Your second sentence a verb missing.

Re:Kay Bailey Hutchison defends PROTECT-IP (0)

Anonymous Coward | more than 3 years ago | (#36797066)

I have always been amused at how opponents of net neutrality have the idea of it all wrong. They think that a law that prohibits laws from regulating and controlling the internet by special interests and corporate lapdogs is somehow 'controlling and stifling' and then propose laws that do exactly that under the claims of 'keeping the internet free and unregulated'. In the words of Inigo Montoya, 'You keep using that word. I do not think it means what you think it means.'

Net neutrality is like putting a Bouncer outside a nightclub. His job is to make sure the club stays safe and enjoyable, but doesn't actually know or care what is going on or who is doing or saying what inside the club until he's called to do his job. Otherwise, he keeps his meat hooks off the club. It works by the patrons knowing there is someone out there who will step in when things truly get out of hand but isn't constantly making sure your dance steps are exactly correct or that you drink exactly the amount of liquor prescribed by law and that you only dance with officially provided partners.

Opponents of Net Neutrality are like locking a henhouse with a paperclip, allowing anyone and everyone with a big enough stick to come in and guard the henhouse, hoping that the very idea of such flimsy and useless locks and fear of the big stick will somehow stop the fox, and acting surprised when the foxes get at the hens. This only works as long as the fox remains ignorant of the huge gaping holes in the sides of the henhouse.

Re:Kay Bailey Hutchison defends PROTECT-IP (1)

Anonymous Coward | more than 3 years ago | (#36797238)

We (the rest of the world) really don't care. We already do not use backup services or cloud services based in the US because of your government. There are lots of alternatives. Soon we won't use DNS with US based roots.

At some point only US citizens will be hampered, held back, and harassed by their funny little leaders and their funny little laws.

Re:Kay Bailey Hutchison defends PROTECT-IP (1)

kent_eh (543303) | more than 3 years ago | (#36797358)

We (the rest of the world) really don't care. We already do not use backup services or cloud services based in the US because of your government. There are lots of alternatives. Soon we won't use DNS with US based roots. At some point only US citizens will be hampered, held back, and harassed by their funny little leaders and their funny little laws.

Unfortunately, some of our politicians (Like the current Canadian Prime Minister) seem to think that we will be a so much better country if we simply do every stupid thing that the American government has already done, no matter if it actually worked. "it's an American idea, it has to be good for us".
I fear the next 4 years.

Re:Kay Bailey Hutchison defends PROTECT-IP (0)

Anonymous Coward | more than 3 years ago | (#36797256)

Understanding of what is at stake: FAIL
Understanding of the terms: FAIL
Understanding of the bill: FAIL
Understanding of which side means what: FAIL
And this is probably even more worrying than corrupt politicians, the politicians on 'our side' not knowing what's they're trying to defend.
At least she didn't say it was a bunch of tubes...
On a side note about the main post, they're right, most internet users wouldn't know how to get around it, but it would only take a handful to figure out a way around the block or to make an add-on to do so automatically, then for it to be reposted to anybody who wants to know.

In summary: (3, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#36796830)

Laundry list of distinguished security researchers: "This is a terrible plan, it won't achieve what you want, and it will set back the state of internet security quite dangerously."

MPAA Flack: "Shut up, nerd, the health and security of the internet is not even a secondary objective here."

Re:In summary: (3, Informative)

Daniel Dvorkin (106857) | more than 3 years ago | (#36796948)

Yep. And here's what the powers-that-be will hear:

Laundry list of distinguished security researchers: "Blah blah nerd stuff neep neep neep."

MPAA Flack: "We wear suits. And we have money. By the way, Senator, how's that third vacation home working out for you?"

Re:In summary: (1)

slashqwerty (1099091) | more than 3 years ago | (#36797068)

While the researchers make some good points from a technical perspective there really are more fundamental issues with PROTECT-IP. The proposed law would grant the government power to selectively censor websites without due process. Those are some pretty basic violations of the constitution and a huge threat to freedom of speech. And the reality is, the government is already doing this without the PROTECT-IP act.

Hollywood demands (1)

Voline (207517) | more than 3 years ago | (#36796832)

that we break the internet. Get to it!

Lawless wild west (2)

Datamonstar (845886) | more than 3 years ago | (#36796838)

Yes! Once they get trains going over 50 MPH on the wild frontier of the Information Superhighway tubes then you have all sorts of stuff going on, like women's uteri being ripped right out of em. We can't have that. It's the internet and we need porn on it. For that we need women with intact uteri.

Re:Lawless wild west (0)

Anonymous Coward | more than 3 years ago | (#36796890)

Apparently we're watching two very different types of porn.

"Typical Users" Learn.. (1)

goruka (1721094) | more than 3 years ago | (#36796852)

Downloading a torrent client is not much more difficult than downloading a small app or browser extension that sets up alternate DNS lookups.
"Typical Users" can learn..

ISP Blocking? (3, Insightful)

AlphaWolf_HK (692722) | more than 3 years ago | (#36796882)

Interesting that they mention ISP's would block your ability to use other DNS servers. I don't think that, in the end, there is really anything the ISP could do to completely stop you. The worst they could do is block UDP port 53, but that wouldn't stop you from using any kind of tunneling software, especially if you did that tunneling over a secure socket.

Re:ISP Blocking? (1)

yeshuawatso (1774190) | more than 3 years ago | (#36797138)

What's really sad is that as of right now, you couldn't get more than 20% of all Facebook users to understand what secure tunneling is, so those that do understand it will just make it a one-click-fix for the other 80%, bypassing all of the ISPs' hard work.

Really it reminds me of Sony and the PS3 all over again. Most of Sony's PS3 gamers don't know the ins and outs of security hacking, yet Sony managed to piss off that 1% of users that do and open the flood gates for another 20% to follow a video tutorial on YouTube.

When will these giant corporations learn that you can't take a sledge hammer to a pin and think you're going to accomplish something. If you want piracy to drop, make your content more easily accessible. I'm guilty of using a torrent to download a TV episode or two, but only after I can't "one click to buy it" on Amazon or iTunes. $1.99 for 21-45 minutes of entertainment isn't going to break me, I'm just tired of paying $100+/month for access to that 21-45 minutes a week I want because the providers are too stubborn to put the damn content online where I can easily purchase it without having 20+ accounts at 20+ different websites.

Re:ISP Blocking? (0)

Anonymous Coward | more than 3 years ago | (#36797148)

No, they could rewrite the replies for all flows who's UDP packets start with a payload of 2 random bytes proceeded by 01 00 00 01 00 00 00 00 00 00, regardless of destination address. It is trivial these days with off the shelf equipment because you are basically doing boolean logic on a stream with fixed offsets.

A lawyer can argue that this is not looking at the data (which would be the actual DNS lookup) but just the protocol or addressing information.

Eventually even with a secure socket, you won't be able to reach a unfiltered DNS server (unless the socket is to the actual name server) as most the infrastructure is owned by big telco...

And, would you trust this alternate DNS provider? I recall back in the 90's an adware provider that gave you access to the unofficial .kids, .xxx and other TLDs.

Furthermore, circumventing makes things easier for govt. because they only have to pay attention to traffic to known name resolution providers to know who to add to a watch list.

They don't even need to look at the contents of your packets - they just need to look at the routing to know the connection is used for deliberately(now you are going out of your way) accessing the content of concern, at which point they can obtain a warrant, replace/use the firmware on your router, get the MAC address used to obtain the content, and drive up a truck that will triangulate the wifi source signal to the person in front of the computer (or follow the cable if its hard wired)

The problem with standard protocols is they seem to follow protocol very well. So predictable.
The problem with people is they don't understand everything they think they do and believe they have the freedom to do whatever they want. On both sides.

In related news, I am selling tin-foil hats.

Abolish Freedom. Endorse Tyranny. Embrase Slavery. (0)

Anonymous Coward | more than 3 years ago | (#36796908)

That is your future. Face it. The global tyranny will prevail.

Re:Abolish Freedom. Endorse Tyranny. Embrase Slave (1)

c0lo (1497653) | more than 3 years ago | (#36797096)

How "Freedom and liberty for all" looks like lately:

Freedom [despair.com] - I may not agree with what you say, but I respect your right to be punished for it.

Liberty [despair.com] - the price of freedom keeps going up, but the quality keeps deteriorating.

lack expertise? (1)

arbiter1 (1204146) | more than 3 years ago | (#36796918)

"A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West." if you type in google for example "how to change dns servers" how many tutorials will come back with exactly How to change them? Just cause some people are not smartest people in the world with a computer there is always an article or tutorials out there written in the "how to for dummies" way.

Re:lack expertise? (1)

reiisi (1211052) | more than 3 years ago | (#36797018)

And, of course, the skripped quiddees will be passing around "applications" to do that with "just the press of a button".

Re:lack expertise? (0)

Anonymous Coward | more than 3 years ago | (#36797410)

"A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West."

if you type in google for example "how to change dns servers" how many tutorials will come back with exactly How to change them? .

Note- Devil's Advocate time, I'm not in support of the Thugs.

MPAA reply:
"This is exactly the type of lawless behavior this law will address. Sites like Google will be required to filter and strip phrases such as 'how to change DNS' from results, much like they already do for child porn which we all know is a slightly lesser evil than copyright violation. ISP's will of course be required to block the DNS of such 'hacking' sites which promote Sin and Lawlessness by posting information on how to alter DNS settings."

Re:lack expertise? (0)

Anonymous Coward | more than 3 years ago | (#36797514)

When the whole issue of DNS blocks arose in Germany - along with the same bogus arguments of censorship-proponents - people started posting tutorials left and right. 30-60 second how-to videos were quite popular as they demonstrated how ridiculously easy the process is. AFAIR even a German politician who opposed filtering made one of those.

Of course these tutorials also included a list of non-ISP DNS servers that wouldn't be filtered.

8 year olds now know how to set Alt. DNS (0)

Anonymous Coward | more than 3 years ago | (#36796940)

Dear **AA,
I have taught my children how to change to an alternate DNS server.
Game over.
Sincerely,
Think of the Children

Geez, we are so underestimated..even the non-geeks (0)

Anonymous Coward | more than 3 years ago | (#36797020)

Typical users also lack the the knowledge to un-check the default "use [firewall company]'s secure DNS servers" from the install that their son or other relation e-mailed them.

CASE AND POINT

Typical

73 KJ4IPS CL

Dumb fucks (1)

Legion303 (97901) | more than 3 years ago | (#36797036)

"A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server"

I would argue that any user who lacks the expertise to change DNS servers also lacks the expertise to configure an FTP or torrent client. I would also argue that the MPAA is full of inbred morons.

Re:Dumb fucks (1)

wvmarle (1070040) | more than 3 years ago | (#36797270)

Of course they can configure it, if they know what it is to begin with.

DNS is pretty deep down in the Internet configuration, not something the general user should have to deal with. Bittorrent is so commonplace these days that most users at least know about bittorrent, and many may even actively use it. Now of course if a law like this gets implemented then that may change very quickly.

hosts file (0)

Anonymous Coward | more than 3 years ago | (#36797372)

lol enjoy

Maybe, possibly, we will finally (1)

countertrolling (1585477) | more than 3 years ago | (#36797048)

FORK DNS!

I can't think of a better thing for the internet at large.. for now

"Typical user" here... (0)

Anonymous Coward | more than 3 years ago | (#36797114)

I just read /. for the articles. I swear! I have no clue what "Port Forwarding" really does or how it really works, but I can do it. The only reason why I care to know at all is to make my torrents run faster. Thank you, Google! Part of the process of doing this meant learning other crap non-typical user techies take for granted such as what an IP address is and how to use an IP number to access my router, and what a DNS server is and how to manually set one so that I can have a fixed IP that works with my ISP. If all you have to do to circumvent this is to manually set a different DNS server or enter a numerical IP address, that is not going to stop the "typical user" of BT at all! What do they think it is, 1999?

A new DNS system is urgent (2)

Lord Juan (1280214) | more than 3 years ago | (#36797168)

A fork of the DNS system is something that I can't wait to see happening. I believe that the changes that ICANN is doing are precisely mean to obstruct the adoption of additional independent TDLs, and honestly if the DNS is not forked soon, attempting to do it later is going to create fragmentation and confusion, specially when ICANN sell some of the independent TLDs that belong to the alternative DNS systems nowadays. I am also, mmm, I'll go with angry, at the ICE taking away domains of companies that operate legally in their own countries (rojadirecta), and I simply don't think that ICANN or the US can be trusted anymore with the control of this vital component of Internet. The RIAA/MPAA have way so much control over the government, and the government have way so much control over ICANN, and ICANN have complete control of the DNS system.

Wow. fucked up morons. (5, Informative)

unity100 (970058) | more than 3 years ago | (#36797234)

A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.

dns filtering came to turkey 5 years ago.

EVERYONE knows how to bypass it now. and i mean everyone who is using internet - the equivalent of the 'mom in idaho' knows how to bypass it. her son, relatives, someone from neighborhood comes and bypasses it for her. people learned what 'opendns' means here. the term 'proxy' have become an everyday term, even in among the tech illiterate crowd. people ask about 'good proxy' to each other. (people learned about it when the courts started to ban i.p.s).

so, random 'mom in turkey' is able to do that, but the organization that represents all movie producers in america shits about otherwise ?

really. what kind of people are you letting you run your country and corporations and corporations' lackey organizations ? idiots ? morons ? bastards ? i think the last one is more likely. (i am not able to bring myself to say ngo regarding mpaa after that kind of idiocy)

Doesn't have to conflict with DNSSEC (2)

kasperd (592156) | more than 3 years ago | (#36797314)

Technically it doesn't have to conflict with DNSSEC.

First of all ISPs have to stop lying about the A record when you look up a filtered domain (Seems like an oversight if that practice is even legal). Instead they need to send an error response back to the user. I'd suggest a server error message (since "your government don't want you to see this" wasn't included as an error code when DNS was designed).

What the client will do when getting this error is to use the DNS search path provided by the DHCP server along with the DNS server IP. Since the ISP controls the search path, they can ensure it is a domain under which they can provide valid DNSSEC protected domains. Then they make it so that every filtered domain exists as a subdomain under the DNS search path and other domains don't exist there.

Re:Doesn't have to conflict with DNSSEC (1)

ace123 (758107) | more than 3 years ago | (#36797440)

Why aren't search paths disabled by default? They seem like a huge security hole. I don't want to be getting "google.com.mitm.comcast.net" when I type in "google.com".

Search paths should be enabled explicitly, since I've only ever seen them legitimately used on corporate networks where they control all the computers anyway.

they really think your(we) all stupid (0)

Anonymous Coward | more than 3 years ago | (#36797340)

funny....maybe 12 years ago they might a got away with it , but not now.....

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?