
Someone is trying to steal archive.is's domain - dimensi0nal
https://twitter.com/archiveis/status/1081276424781287427
======
walrus01
I don't see how this could get very far, considering that the people in
Iceland who run the root for .IS are known to the network engineering
community of ISPs in Iceland. The population just isn't that high. People with
the equivalent of root or enable on core ISP infrastructure are maybe less
than 50 persons in the entire country.

You could literally take public transit across Reykjavik and go knock on the
door of the persons responsible.

------
Bucephalus355
DNS Monitoring is a mandatory security requirement for anyone serious about
DNS Security today. [https://dnsspy.io](https://dnsspy.io) is a good example
of this.

Also, although I don’t think there is 100% agreement on this in the community,
use LONG ttl’s. No reason to make yourself vulnerable by constantly reaching
out to DNS every 5 minutes. Also makes you more likely to pick up a spoofing /
hijacking attempt.

NOTE: also quick shout out to GCP here. I make all my money within AWS so if
anything should not be saying this but there DNS security is amazing. They
have DNSSEC + the crazy obscure records like IPSECKEY and TLSA and SSHFP. Wow.

~~~
viraptor
> use LONG ttl’s

It really depends on what you want to achieve. Australian census for example
shot themselves in the foot by publishing relatively long ttl and not being
able to migrate away from a failing system fast enough.

~~~
Bucephalus355
Acknowledged and this is a really good point. Currently I’m straddling the
fence on this one and doing a 2 hour DNS Record time.

Also want to mention GEOIP blocking. I hate it’s come to this for the
interment, but for a lot of sites, especially small businesses and local/state
gov, there is very little reason someone outside the country or say outside
the EU / bordering countries might need to access your site. Again this is
debatable advice but worth considering. All of the major cloud providers have
GeoIP Blocking or are rolling it out.

~~~
nicolaslem
In real life geoip blocking is terrible. IPs are traded from one organization
to another all the time. It often takes months for services to update their
databases mapping IPs to locations.

What is a user supposed to do when a random website blocks him because it uses
an outdated database?

~~~
viraptor
This also impacts law enforced limits. What do you do when you're a Polish
user under an ISP sharing a block of IPs with Ukrainian part of that company,
which is now blocked because of being geolocated in Crimea.

------
pixelmonkey
I really hope this domain hijacking doesn't succeed, because I use archive.is
all the time.

~~~
cpach
Not to worry. They have other domains too, as stated in the Twitter thread:
.TODAY .FO .LI .VN .MD .PH

~~~
kaffee
I'm not sure the existence of alternatives, advertised through Twitter, is
much of a comfort here. The integrity of the domain name system shouldn't
depend on someone having a well-known twitter account that can advertise
alternatives in the event of a hostile takeover.

~~~
troquerre
The integrity of DNS shouldn’t depend on someone having a well-known twitter
account but unfortunately DNS is a poorly designed system and this kind of
thing happens all the time. Just a few months ago Zoho’s registrar blocked
their domain because of just two customer complaints, even though Zoho has
tens of millions of paying customers.
[https://twitter.com/zoho/status/1044249648993525760?s=21](https://twitter.com/zoho/status/1044249648993525760?s=21)

Disclaimer: building [https://namebase.io](https://namebase.io) which is a
registrar for seizure-resistant names on the Handshake blockchain.

------
linkmotif
Could someone please explain this? What is going on? Either you hack a domain
or you don’t—but once the owner finds out, shouldn’t they be able to verify
that it’s locked down. How can someone steal a domain, permanently, and trade
with it. Can this happen at any TLD or is .is just negligent/apathetic? Why
would I ever buy a .is domain if the TLD lets people steal it? I don’t
understand...

~~~
StavrosK
I'm guessing the Icelandic registrar has some provision that you have to be a
citizen to get a domain, and someone told the registrar that the owner is not,
so they can get it canceled and then take it.

~~~
KenanSulayman
You don’t need to be a citizen of Iceland, but the address needs to be valid.
The broker can’t see the address because ISNIC per default hides this
information.

------
celticninja
I don't see the value in a high profile stolen domain for a trader. Anyone
have any ideas on why this would be financially worthwhile? I am assuming
financial motives.

~~~
keketi
Maybe it's an attempt at blackmailing to get something deleted?

31 Jan 2018, "I will make a donation every month. Please delete what we ask":
[https://twitter.com/archiveis/status/958760127359840257](https://twitter.com/archiveis/status/958760127359840257)

~~~
samstave
Serious question, in that thread some guy is attempting to have an old blog
with his face pic deleted... id suport that. But then if some other news or
political or corporate arm was seeking to get something deleted to prevent
them from looking bad, then im against it...

So what is the middle ground here, or how should one view this dilema?

~~~
reaperducer
You can't un-ring a bell.

~~~
lilyball
That doesn't really justify the decision to continue publishing private
information. Just because someone somewhere may have access to it doesn't mean
you need to make it easier for everyone to have access to it.

~~~
Brian_K_White
The point is so that anything that is available to anyone, is available to
anyone else.

It might have been unfortunate for some things to have ben made public in the
first place, but once it's done, there is no value in letting just some people
still know the truth while everyone else is subject to manipulation by a few
who know some truth.

It's about equalizing the power to harm and the power to defend against harm.
The reason to preserve and re-publish something that was once known, is so
that no single party gets to use it, or use it's absense, against everyone
else. All deleting something does is reduce the number of people with the
power to use it. It does not make it actually go away. It just makes it go
away from you, while someone else who you may not like still has it.

While there are reasons to forget history, the reasons for preserving it far
far far outweigh the reasons for forgetting it. And there is NO valid reason
to allow editing history. Selective forgetting allows for substitution,
revision, balkanization, manipulation, and at the very least, doubt.

~~~
lilyball
> _there is no value in letting just some people still know the truth while
> everyone else is subject to manipulation by a few who know some truth._

Just because my SSN got leaked to a few people doesn't mean it needs to be
leaked to the world. Most people aren't going to take advantage of my SSN, so
having it leaked to a few arbitrary people is a relatively minor risk. And if
it does get abused, there's a very small pool of suspects. Having my SSN get
publicly broadcast to the world pretty much guarantees I'll be plagued by
identity theft forever and gives me no suspects when it happens.

Same goes for plenty of other private information. Just because it's leaked to
some people doesn't remotely justify giving it to the whole world.

> _The reason to preserve and re-publish something that was once known, is so
> that no single party gets to use it, or use it 's absense, against everyone
> else._

We're not talking about secret cheat codes that give the owner power over
everyone else. We're talking about private information. If a "single party"
has my private information, they have power over me, but that doesn't give
them power over anyone else. In this scenario your argument seems to be "if
one person has power over me, that's unfair to everyone else who doesn't, so
they should be given the same power over me as well", which is of course
complete nonsense.

------
mirimir
Overall, it seems to still work:
[https://archive.fo/BMFOL](https://archive.fo/BMFOL)

------
troquerre
Just a few months ago Zoho’s registrar blocked their domain because of just
two customer complaints, even though Zoho has tens of millions of paying
customers.
[https://twitter.com/zoho/status/1044249648993525760?s=21](https://twitter.com/zoho/status/1044249648993525760?s=21)

DNS wasn’t built to support the growth it has experienced. Both it’s security
model (Certificate Authorities)and governance model (ICANN) are highly flawed.
The internet needs to switch to a better system as it becomes an increasingly
important part of our lives.

Disclosure: building [https://namebase.io](https://namebase.io) which is a
registrar for seizure-resistant domain names on the Handshake blockchain.

