[AfrICANN-discuss] Gov't crackdown spurs initiatives to route around DNS

Anne-Rachel Inné annerachel at gmail.com
Sun Dec 12 17:52:21 SAST 2010


http://www.itworld.com/legal/129947/net-censorship-dns-alternativeGov't
crackdown spurs initiatives to route around DNS The Net interprets
censorship as damage and routes around it
by Keith Dawson </%5Bprimary-term%5D/124035/keith-dawson>
20 comments </comments/129947> | 33I like it!
Tags: censorship </censorship>, DNS </dns>, ICANN </icann>
 December 7, 2010, 12:57 PM —  ITworld —

Over the Thanksgiving holiday weekend, US Immigration and Customs
Enforcement (ICE), the principal investigative arm of the Department of
Homeland Security (DHS), led an alphabet soup of government agencies in
seizing the domain names of 82 Web
sites<http://www.ice.gov/doclib/news/releases/2010/domain_names.pdf>(PDF)
that ICE said were "engaged in the illegal sale and distribution of
counterfeit goods and copyrighted works" (See: Operation In Our Sites
v. 2.0<http://www.itworld.com/legal/129947/net-censorship-dns-alternative?page=0%2C1>).
The seizures were accomplished by getting the VeriSign registry, owner of
the *.com* and *.net* top-level domains, to change the authoritative
domain-name servers<http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/>for
the seized domains to servers controlled by DHS.

Regardless of the supposed criminal intent of the affected systems, the
seizure without notice of these domain names by US authorities sent
shock-waves around the Internet world. It got people's attention in a much
stronger way than version 1 of this enforcement operation had — the first
iteration late last
June<http://www.pcmag.com/article2/0,2817,2365902,00.asp>seized the
names of nine sites selling pirated first-run movies. Many people
woke up to the reality of how vulnerable the DNS is to government meddling.

(More recently, the uproar caused by the WikiLeaks publication of US
diplomatic cables — and subsequent attempts to censor the
site<http://news.netcraft.com/archives/2010/12/03/wikileaks-org-taken-down-by-us-dns-provider.html>and/or
to hound
it off the Internet <http://aws.amazon.com/message/65348/> — have resulted
in what developer Dave Winer
calls<http://scripting.com/stories/2010/12/03/wikileaksOnTheRun.html>"a
human DNS" implemented "in a weird sneaker-net sort of way," via
Twitter
and ad hoc bulletin-board sites.)

Within days of the ICE/DHS seizures, at least three separate initiatives to
work around the DNS had been announced, and several existing alternatives
were highlighted in the ensuing discussion. Let's take a look at some of
these proposals — two to route around and one to supplant the DNS — and some
of the obstacles they
face<http://www.itworld.com/legal/129947/net-censorship-dns-alternative?page=0%2C2>
.

*1. 4LW <http://blog.rabidgremlin.com/2010/11/28/4-little-words/>: 4 Little
Words*

This new alt-DNS project got a quick boost from the developer communities at
Hacker News and Reddit. The idea is to map each of the four numbers in an
IPv4 address to one of 256 "little words," in the Mad Libs-inspired pattern
*adjective noun verb noun*. For example, using an online 4LW
generator<http://4lw.org/>,
208.101.51.56 (the IP address of the seized domain name torrent-finder.com)
becomes *simple hair climbs cup*. Reddit user
armooo<http://www.reddit.com/user/armooo>created an open source DNS
server that returns "A" records using the 4LW
protocol. For the example above, visiting
http://simple.­hair.­climbs.­cup.­4lw.org<http://simple.hair.climbs.cup.4lw.org/>takes
you straight to the site formerly pointed to by the seized domain
name. This scheme should continue to work unless 4lw.org itself is
compromised, in which case others could copy the source
code<https://github.com/armooo/4-little-words-DNS-server>and put up
their own servers; meta-servers could emerge to distribute
requests among known 4LW servers; and so on.

*2. P2P DNS <http://p2pdns.baywords.com/2010/11/30/hello-world/>: Peering
Around It*

This project has gotten the lion's share of press attention, because
it was initially
suggested <http://twitter.com/brokep/status/8779363872935936> by Peter
Sunde, co-founder of The Pirate Bay. The idea is to create a peer-to-peer
alternative to the DNS, and beyond that nothing has been announced.
Sunde's blog
post <http://p2pdns.baywords.com/2010/11/30/hello-world/> has garnered over
100 comments, most pledging help and some offering concrete suggestions or
pointing out similar efforts across the Net. There are active
brainstorms<http://dot-p2p.org/index.php?title=Brainstorm>in various
media <http://dns-p2p.openpad.me/1?> and a code
repository<https://github.com/DNS-P2P/>,
which is currently empty. Sunde has promised a press release soon.

*3. Project IDONS <http://lauren.vortex.com/archive/000787.html>: Internet
Distributed Open Name System*

This proposal is by Lauren Weinstein, one of the early developers of what
became the Internet and the long-time moderator of the PRIVACY forum (which
predates even the widespread existence of email). Weinstein's vision is of
"an alternative Internet name to address mapping system — fully distributed,
open source, fault-tolerant, secure, flexible, and not subject to
centralized constraints, meddling, and censorship." Other high-level goals
include "no central registries, no registrars, no fees nor charges necessary
for any name or address operations across IDONS."

Weinstein adds in his introduction to IDONS: "Ad hoc attempts to bypass the
existing system (such as those newly proposed by Pirate Bay) are likely to
create fragmentation and confusion, and therefore ironically tend to further
entrench the existing system… ad hoc won't fly for this."

In an interview, Weinstein told me he has had a "couple of thousand"
responses to the IDONS proposal, ranging from substantive technical
suggestions to "Yes I'd like to help." Weinstein said, "The point is not
just to replace the DNS with another DNS. It's to get out from under a
completely limiting condition. Technology is full of these kinds of
situations in which we have to get out from under bad early decisions. In
the case of DNS, the mistake was centralization. That enables not only
censorship, but also the whole gigantic mess that has grown up around domain
registrations" — what Weinstein has taken to calling the "domain industrial
complex." He continued, "This is not just a technical project, it's an
attempt to change the underlying mechanisms we use for names on the
Internet. It involves policy and politics as well as technology." And it's
likely to be a 10-year effort or longer.

At this point the project does not have a website or a mailing list.
Interested parties can contact Weinstein via his
blog<http://lauren.vortex.com/archive/000787.html>
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20101212/82def4c6/attachment-0001.htm


More information about the AfrICANN mailing list