
DNS filtering: absolutely the wrong way to defend copyrights - evo_9
http://arstechnica.com/tech-policy/news/2011/05/dns-filtering-absolutely-the-wrong-way-to-defend-copyrights.ars
======
code_duck
Yeah, but it will work great for arbitrary censorship! Like how searching 5
year olds at the airport doesn't fight terrorism. It's apparent that these
methods don't fit the alleged purposes, so my assumption is that the real
goals are unspoken.

~~~
lotusleaf1987
Security theater. It's just a simulation of safety.

~~~
code_duck
I don't really believe in that 'security theater' concept either, though the
media has been nearly unanimous in labeling the TSA's abuses as such.

------
sorbus
> But, more ominously, they can also have it changed for them by a website:
> "It is likely, if not inevitable, that infringement sites would use the same
> strategy, allowing a single site to instantly, silently, and permanently
> change a user's DNS path and evade DNS filtration and filtering."

That's very worrying, as presented. However, slightly later, it suggests that
this either requires user interaction (still worrying) or the download of
software (not worrying):

> "Those promoting pirate sites will simply create websites and postings that
> ask: 'Frustrated by getting filtered when you try to watch movies? Click
> here to fix the problem'," the article notes.

Would someone clarify whether this refers to downloading software to change
DNS servers or a mechanism by which websites can actually do so? Of course, by
Occam's razor, this is referring to software, since if a method for websites
to change the DNS server of a visiting computer without user interaction
existed then attacks of this nature would be extremely common.

------
rcthompson
On the plus side, I now understand why every critical system in every Sci-Fi
movie has a self-destruct button. It was probably legislated in.

------
biturd
What would be the safest non .com/.net/.edu domain to buy in the future? I
have a feeling the .com is going to become devalued in the coming year. I no
longer will build a site that I believe could ever be popular under a .com.

I would rather give my money to .ly, which while they have some rather
draconian rules because of their religion, I have a strong feeling they would
tell the US to eff off if they were asked to take a site down at the DNS
level.

I hope more and more businesses move their domains, and perhaps even their
operations to other countries to avoid all this nonsense. This is less money
in the US, less taxes to the US, and we will learn our lesson. Money talks,
and usually pretty quick.

Imagine if facebook.com became facebook.ly all of a sudden. Granted, they
would never do this to facebook even if child porn were on the front page for
months. Not all of us are facebook though.

~~~
skymt
.me is a popular choice for sites fleeing US TLDs. Montenegro isn't being
actively targeted by IP lobbyists, and the registry is marketing the TLD
worldwide.

------
Natsu
This raises an interesting point: that by promoting the adoption of DNSSEC, we
can preempt such legislation technologically.

~~~
davidu
DNSSEC doesn't prevent censorship in the DNS like the kind being suggested in
Protect IP.

-David

~~~
Natsu
But it does stop them from poisoning (if not from blocking) results we get
from DNS servers that are still trustworthy.

~~~
davidu
Your understanding of DNSSEC is incorrect.

~~~
Natsu
Can you elaborate?

Are you saying that they can alter DNS responses, or that trustworthy DNS
servers won't exist, or something else?

~~~
davidu
I'm saying stub's don't validate and resolvers can disregard queries before
setting the DO bit and making a recursive query.

