
DeSopa: a Firefox addon to easily bypass SOPA DNS blocking - kibwen
https://addons.mozilla.org/en-US/firefox/addon/desopa/
======
nostromo
It would be quite ironic if the ultimate legacy of SOPA is to strengthen the
web by evolving the nature of DNS.

I'm reminded of the past "victories" of the copyright lobby that ended up
doing more harm (from their perspective) than good: shuttering Napster (which
lead to the much better decentralized systems used for piracy today) and
passing of the DMCA (which actually ended up giving legal coverage to
businesses that profit from infringement).

~~~
dangrossman
The worst part of SOPA, in my opinion, is the ability for a rightsholder to
ask any ad network or payment provider to stop doing business with any website
merely by claiming the site's primary function is infringement... and the
liability incentives the bill creates for doing so without a trial.

We can route around DNS blocks to get to the sites, but what does that matter
if the sites close themselves because their funding was cut off? A site like
YouTube would not be profitable without access to US-based ad networks.

~~~
tomjen3
Microtransactions in Bitcoin (or heck ads paid with bitcoin).

You can't cut of bitcoin transactions because there is by its very definition
no place to cut them of.

If this is the case, we are only going to get that much closer to the end
game.

~~~
dlikhten
I have to say, as much as bitcoin is in a downfall, this actually makes a ton
of sense. That was the initial goal of bitcoin, to create a de-centralized
currency. As long as the BTC is a STABLE currency this works out well. Or
short-term stable. It can become a medium of financial transfer: I buy 10 BTC,
donate it, they claim 10 BTC, convert to cash. Done.

It would be great if there was a tool to literally facilitate this transaction
without directly giving from one company to another, thus bypassing SOPA. I
give the "holder" $10, the "holder" gives me 10 BTC. Then I give 10 BTC to say
PirateBay. Then the "holder" guarantees that piratebay can sell 10 BTC to them
for $10. Thats it. They only converted BTC to/from cash. I directly gave BTC
to pirate bay. SOPA is ignored.

HOWEVER THIS IS EXACTLY WHAT THE INTERNET IS AGAINST. This will prevent all
sort of anti-fraud that is going on now. You will wind up bypassing years of
innovation to create a black market. It will be detremental.

~~~
JoshTriplett
> HOWEVER THIS IS EXACTLY WHAT THE INTERNET IS AGAINST. This will prevent all
> sort of anti-fraud that is going on now. You will wind up bypassing years of
> innovation to create a black market. It will be detremental.

Right now, in meatspace, I have both options: I can pay with cash and have
little to no recourse or record, or I can pay with check or credit card and
have a record and various fraud protection measures. I want to have both
options on the Internet as well.

Also note that various bitcoin escrow agencies have popped up, which serve the
obvious function. Assuming an agency exists that both parties trust, you can
have the fraud protection you want if and when you want it.

~~~
dangrossman
> various bitcoin escrow agencies have popped up

But bitcoin escrow agencies don't solve the SOPA problem -- once you have a
small number of intermediaries paying these websites, they become the place
where the law can apply its force. They will be ordered/coerced to stop
funding ThePirateBay or whatever site the media industry targets, so these
sites either can't have reliable BC payments or they are subject to being cut
off by these laws without trial.

~~~
JoshTriplett
Only if they operate in jurisdictions that can apply such force, and only if
they make a connection between their online presence and their offline
presence. An escrow agency could operate pseudonymously online without having
an offline presence, as long as they built a trusted reputation around their
online pseudonym and cryptographic identity.

------
gkoberger
SOPA specifically (without actually naming it) calls out addons.mozilla.org
for the whole mafiaafire thing -- so under SOPA, this add-on wouldn't be
allowed to stay up.

"[T]his version targets software developers and distributors as well. It
allows the Attorney General (doing Hollywood or trademark holders' bidding) to
go after more or less anyone who provides or offers a product or service that
could be used to get around DNS blacklisting orders."

Second paragraph: [https://www.eff.org/deeplinks/2011/11/hollywood-new-war-
on-s...](https://www.eff.org/deeplinks/2011/11/hollywood-new-war-on-software-
freedom-and-internet-innovation)

(Disclosure: I'm a developer on addons.mozilla.org; EDIT: Changed the post to
add a source)

~~~
delimitted
SOPA has not yet passed, it is not yet the law and I hope that Mozilla leaves
it up for now. The DeSOPA program is meant to discourage passage of the bill
by showing congress how easily it can be circumvented, so if it is removed
after passage so be it. The link is:

<https://addons.mozilla.org/en-US/firefox/addon/desopa/>

or

[add-ons mozilla base URL ] (slash) en-US (slash) firefox (slash) addon
(slash) desopa (slash optional)

in case it is filtered.

Disclaimer: I developed it

~~~
gkoberger
I didn't mean at all to imply Mozilla would be taking it down; just that the
government wasn't happy with the mafiaafire add-on and has included text in
SOPA specifically targeted at making add-ons like this "illegal". Just another
reason SOPA is bad :)

------
CWuestefeld
_This program is a proof of concept that SOPA will not help prevent piracy.
The program, implemented as a Firefox extension, simply contacts offshore
domain name resolution services to obtain the IP address for any desired
website_

Part of SOPA is a provision that any tools for circumventing the DNS hijacking
are themselves banned. So this extension would have to be removed from the
Mozilla repository. At best, it would be distributed underground, and hence
would not help to preserve the freedom of the average user.

~~~
lloeki
> So this extension would have to be removed from the Mozilla repository.

IM unfamiliar with the bill, but given SOPA's wording, could it be that the
whole of addons.mozilla.org, or even mozilla.org end up banned?

> At best, it would be distributed underground

If it were to happen, I envision a world where Aunt Jackie will ask little
nephew Steve to enable her the full internets because she can't watch some
photos on Flickr anymore, just like she could not install the Flash ten years
ago. Steve will simply be asked to provide a piece of software to bootstrap,
which if banned from the internets, will be distributed on underground network
channels then diffused on a local scale through sneakernet.

It looks awfully like the BBS and early Internet in the '90s, with those warez
sources like IRC DDC bots, and a select few having access to such sources and
able to distribute pirated games on high-price CD-Rs.

~~~
delimitted
I think if SOPA passes, Mozilla will remove extensions such as this. I hope
this extension is a deterrent to SOPA passing at all.

~~~
delimitted
finnw, the code is actually pretty trivial and does not make use of very
special functionality. Further, if SOPA does pass, many even more innovative
programs will come out of the woodwork, at the OS layer. I think forcing a
patch like that would be a hard sell.

~~~
vidarh
You don't need a OS patch.

I run dnsmasq on my machines, for example, and its primary purpose is to alter
DNS resolution - my nameserver is set to localhost, and my dnsmasq
configuration sets which DNS servers to use for what top level domains etc.,
and routes *.local to a flat file on my home server, for example.

Dnsmasq itself isn't suited to avoid SOPA, but it's a good proof of concept
for a small dns server that mediates the lookups based on rules, but defer to
"regular DNS" for everything else. There are tons of simple DNS servers out
there that can easily be modified to do detect likely SOPA blocked domains and
use whatever mechanisms to resolve it through non-US servers (even if your
upstream ISP gets forced to filter DNS).

Worst case? Distribute zone files of blocked domains as torrents
automatically, or hide lookups in otherwise innocuous looking traffic.

If they IP block the sites, the same mechanism can be used to serve up lists
of addresses of proxies instead of the real sites.

The system just needs to be faster than the SOPA proponents manage to send
their extortion letters to ISPs.

The beauty is that if/when mechanisms like this start becoming commonplace,
the cat is out of the bag - they'll never regain control.

------
grecy
_This program is a proof of concept that SOPA will not help prevent piracy.
The program, implemented as a Firefox extension, simply contacts offshore
domain name resolution services to obtain the IP address for any desired
website_

I thought a major part of SOPA will be censoring sites, not just removing them
from DNS. So even if you can resolve them offshore, they are going to be
censored versions of the sites you know and love.

~~~
thebigshane
SOPA (officially) only addresses foreign sites. So they order removal from DNS
servers and interrupt advertising or other funding processes from US based
companies. But the ability to change the content on a server that is hosted in
another country (I believe, IANAL) is beyond their capability. Someone please
correct me if I'm wrong.

Also, the issue between domestic and foreign sites is still a bit vague in
regards to SOPA. Supporters claim it only addresses foreign sites but most
opponents claim (I think) that domestic sites can also be affected.

~~~
grecy
So for "infringing" sites hosted in the US (or on .com, .net, .org) What can
SOPA do?

~~~
thebigshane
I would like to know as well but I think they are relying on the existing
DMCA, which I think have similar provisions: domain seizures but no server
manipulation.

~~~
nitrogen
AIUI the DMCA does not provide for domain seizures. Those are done under a
creative interpretation of the property seizure laws that were written to
allow the government to confiscate property used in the commission of a crime,
(e.g. seizing and auctioning off cars that were purchased with drug money).

~~~
thebigshane
Yea I think you are right. I was probably thinking of takedown notices (which
are actually more like the censorship grecy was asking about)

------
vectorpush
This is an outrage. We need to pass a bill that forces ISPs to scan for this
plugin and report users to the government for prosecution. The nerve of these
criminals.

~~~
SquareWheel
Require all operating systems to include a program that searches for this
plugin and removes it.

Then write another program to detect if the user uninstalls the first program.

------
_bbs
Can someone find a link to the source code (it is licensed under the GPLv2)? I
tried to open the xpi in a text editor, but no dice.

I don't have much experience with FF addons, but I'd like to see exactly
what's happening here.

~~~
delimitted
You can rename the extension to .zip and extract. If you have any problems,
let me know via a comment or post a contact method and Ill send you the
source. Its pretty simple. When on, it intercepts URLs, sends the base URL to
three offshore DNS services via HTTP, makes a best effort to check that two of
them are equivalent, caches the IP for the browser session, redirects to the
equivalent URL using the IP, and substitutes out the domain name in the source
code with the IP address for future requests. I admit that it could use some
work, however, I wrote in hopes that I could help create some kind of change
in the events that are about to transpire before the vote.

~~~
JakeSc
Thanks for your work!

The explanation on how the extension works was enlightening. Perhaps I missed
it, but would you mind including the explanation on the download page?

~~~
delimitted
Sure! updated: <http://bit.ly/rvG87g>

------
nostromo
Startup idea: $2 a month DNS servers based in Vancouver, Toronto, The Bahamas,
and Tijuana.

~~~
brettnak
I would pay for one based out of Vancouver.

------
pcvarmint
I don't see how DeSopa can work if ICE seizes domains. As soon as a US-based
domain is seized, it will propagate to foreign DNS servers as well. So merely
using DNS servers outside the US won't help.

DeSopa might help against local ISPs who engage in censoring certain domains
on their nameservers, something the SOPA legislation might mandate, but it
won't help if the domains are seized.

Better would be some kind of P2P DNS system proposed by Peter Sunde of Pirate
Bay -- a decentralized replacement for ICANN and DNS.

------
four
I love this approach!: SOPA? DeSOPA, MF! Yes, run circles around these idiots.

Tamer, you also do a great job of explaining in passionately clear, objective
terms, the SOPA agenda, the weaknesses of its assuptions and it's dire
consequences.

However, I strongly take issue with your own assumptions about the value of
today's internet services.

More » [http://caspiandesign.com/2011/12/21/desopa-great-ff-
extensio...](http://caspiandesign.com/2011/12/21/desopa-great-ff-extension-
bad-dogma/)

------
vlod
Can anyone elaborate if SOPA will have the power to take down _ALL_ TLDs or
only certain ones. i.e do they only control .com, .net and .org?

Wondering if moving to another non US controlled TLD would work.

e.g piratebay.org would also have piratebay.ly which everyone would go to if
SOPA took down their .org site

------
EwanG
So any chance of someone developing a similar addon for Chrome and IE? Not
that I am suggesting I would use such a thing (lest I be marked by the lovely
NSA filter that I'm sure monitors this site among others)...

------
ryusage
Honestly, I've never really understood networking in great depth, so this may
be a dumb question, but isn't bypassing SOPA as easy as specifying a new DNS
server for your network connection?

------
telemekus
Wont SOPA take the Mozilla site offline for something like this?

------
seanp2k2
This is also on Github: <https://github.com/TamerRizk/desopa>

