"If it were really the case that terrorists "hate us for our freedoms," we'd be getting more popular with Al Qaeda every month." -- Julian Sanchez of Reason.com
"Why SOPA and PIPA Suck" - A quick-start guide to how this legislation may very well fuck up the internet.
This was originally written as a textfile, so I apologize if the formatting is off.
***DISCLAIMER*** I threw this together quickly, in an effort to get the information out there. I attempted to ensure the technical accuracy of the information, and provide adequate resources so that
interested individuals could easily dig deeper into this matter. I apologize for any errors in grammar, technical information, or general stupidity. It's been a long day. If you find any errors, please let me know.
|||===================================================================
||| I. INTRODUCTION
|||===================================================================
The "Stop Online Privacy Act" (aka "SOPA", H.B. 3261) is a bill that was proposed to help fight
online piracy, such as counterfeit goods and intellectual property/copyright infringement. -[1,2]-Although
there has been much speculation in the online communities about what specific methods would be used to
block "bad" sites, a lot of attention has been placed on DNS filtering, and therefore will be the focus
of this pastebin. Also of interest is the Preventing Real Online Threats to Economic Creativity and Theft
of Intellectual Property Act of 2011 (aka "PROTECT IP", S.968). -[4]-The PROTECT IP Act is a similar bill
which was started in the Senate.
In an article dated November 18th, 2011, CNET quotes Markham Erickson, who states:
"It would cover IP blocking...I think it contemplates deep packet inspection." -[3]-
Assuming the legislation passes (in either form), there are a number of ways to go about blocking
these terrible websites that are causing so much harm. The first method I will present is the DNS filter -
in short, this is a rather ineffective method of filtering, and may end up actually "breaking" the web.
But more on that later.
Another, more effective method, is IP blocking - in other words, your ISP (Verizon, Comcast, etc.) would
receive a notice to block all requests for a certain IP address. In effect, the Peoples Republic of
America could make any site (or computer for that matter) essentially disappear from the internet.
The last method I will quickly mention is "deep packet inspection". This is a method that China uses
to block their subjects from seeing anything "harmful" to their state interests.* -[6]- In brief, deep
packet inspection involves the government reading NEARLY EVERY SINGLE BIT OF DATA that you send or view
online. This, in my opinion, is the only truly effective way of enforcing censorship, and comes at the
price of Big Brother regularly viewing and scanning each and every word, picture and file that is
transmitted via the internet. If this sounds like universal wiretapping to you, then you are right. In
2008, a bipartisan group of representatives denounced NebuAds attempts at deep packet inspection,
stating it was "flatly illegal". -[7]- Flatly illegal, that is, unless it's Congress trying to do it.
***DISCLAIMER: OPINION***
It is often difficult for us average folk to sympathize with the billionaire performers in
Hollywood and RIAA/MPAA who claim that we are stealing from them and compromising profits. We often defend
this point with "Kanye/Britney/whomever can afford to lose that $0.99 I would pay on iTunes", which they
undoubtedly can. They are correct - it is stealing, plain and simple. However, you dont see blanket
legislation that infringes our basic privacy for any other crime, like shoplifting. In fact, I would be
willing to bet that, dollar-for-dollar, more money is lost in the retail world through petty theft each
year than in the music/movie industry. To the best of my knowledge, Congress has never enacted this type
of blanket legislation that invades our privacy - except in the name of combating terrorism, of course.
One more quick note - I know, I know. I used Wikipedia for several sources. Fuck off, this isn't a
scholarly paper, its a quick-start guide for folks who are not familiar with the technical implications
of this legislation.
|||===================================================================
||| II. WHAT IS "DNS"?
|||===================================================================
DNS stands for "Domain Name System", which is a system of servers that routes internet traffic,
making it easier for humans to navigate to their favorite websites. The DNS allows us to type in a URL,
such as "www.example.com" and arrive at the website, rather than remember an IP address (123.456.789.00).
In a simplified example, your computer queries a DNS server to ask directions to a website. Your computer
has a list of pre-defined servers to ask first - usually set by your ISP (e.g., Comcast) in order to
speed up your internet service.
This DNS lookup sounds something like this:
COMPUTER: "Hey, anyone know where "foo.com" is at?"
DNS SERV: "Yeah, try 123.456.78.90."
[COMPUTER looks at 123.456.78.90]
SERV 2: "Can I help you?"
COMPUTER: "Yeah, I am looking for "foo.com". Any idea where it's at?"
SERV 2: "Sure, its over at 444.555.66.77."
[COMPUTER connects to foo.com]
In this conversation, the DNS SERV would be the first place your computer would ask for directions - this
is typically determined by your computer's settings and your ISP. This server would in turn reply with
a server who can give better directions, or maybe it knows by itself. Typically, you are routed several
times.
In short, the DNS is often likened to a "map" or "phonebook" for the internet world. It lets us browse
to the correct sites by simply remembering the (hopefully) human-friendly URL. Without the DNS, we
would not necessarily be lost, we would just have to keep a hard copy directory that lists the website and its
respective IP address.
|||===================================================================
||| III. WHAT IS "DNS FILTERING"?
|||===================================================================
DNS filtering is commonly employed by companies, educational institutions and other places which
may not want their employees or students accessing non-work-related sites, commonly social media and
pornography sites. DNS filtering works by pointing your computer to the filter as the DNS server. The
filter is the first server your computer will ask for directions. This server recognizes that you are
trying to access a forbidden site, and gives your computer bad directions - usually to that "This webpage
is blocked" page.
|||===================================================================
||| IV. CIRCUMVENTION OF DNS FILTERING
|||===================================================================
The easiest way to circumvent DNS filtering is by accessing the site directly by IP. Instead of
typing "google.com" into your address bar, try typing "http://74.125.113.104/". You should arrive at the
same page. By doing this, your computer does not need directions, because you gave it the exact address
to go to. Unfortunately, this does not always work, because many sites use various forms of redirection
and other sites to host their content. For example, Twitter (IP: http://199.59.149.230/) also uses a site
called twimg.com to store images and style/layout data. Most DNS filters will block these sub-components,
resulting in the page loading incorrectly.
To fix this, we can modify the HOSTS file, which is on virtually every operating system. The
HOSTS file is typically empty, but can act as a map or phonebook for your computer, in lieu of, or to
supplement, the DNS. By adding websites and their IP addresses to the HOSTS file, our computer no longer
needs to query the DNS for directions. While editing your HOSTS file can result in loss of some internet
connectivity if done incorrectly, it's not much more difficult than using proper grammar in an e-mail.
There is also the possibility of manually setting your computer to point to DNS servers that will
give you the answers you want. For example, you could point your computer to DNS servers outside the USA
that would return the correct IP address for a blocked website, thereby completely circumventing any
filtering that the government puts into place.
Finally, there are several browser plug-ins and programs that will attempt to resolve the IP
address for you, without consulting the DNS. These were specifically developed to circumvent internet
censorship. Tor is a common program that is used by Chinese citizens to get past their governments
censors. You can download Tor at https://www.torproject.org. You may need to download the "bridge"
portion of the program, too.
|||===================================================================
||| V. SECURITY RISKS CREATED BY GLOBAL DNS FILTERING
|||===================================================================
If you have not guessed by now, users WILL circumvent any DNS filtering that the US puts into
effect. However, as anyone who has ever gotten one of those pesky "redirect viruses" knows, this poses
major security risks.
First and foremost, the sheer number of users desperate to download the latest song or movie will
eventually click on ANYTHING that lets them download what they want. There are a number of studies online
that show with overwhelming evidence that most internet users are not the smartest, and despite knowing
that a link or file may contain a virus, will click on it anyway. Feel free to google for this data.
A malicious user could easily craft a script to modify the HOSTS file on your computer to point
your bank website to a phishing site, under the guise of giving you access to pirated media. Also, a
malicious user could give you erroneous DNS information, claiming it would give you access to the sites
you want. However, you are now routing ALL of you internet traffic through THEIR servers. This should
immediately be a red flag to anyone who has ever heard the words "computer" and "security". -[8]-
There are several other major risks involved, and I will refer you to a Technical Whitepaper -[9]-
for more details. The last one I will touch upon is the fact that such widespread DNS filtering and
redirection could very well "break the internet". If you use online banking, or sites like eBay or Amazon
you are already familiar with secure browsing. Most sites currently use some form of authentication,
typically in the form of SSL (HTTPS), certificates, etc. A better solution has been proposed, which is
DNSSEC (DNS Security Extensions) -[10]-. In short, the governments interference with the DNS will cause
a break in the chain of trust - similar to a problem you have probably already encountered when your
browser gives you the "You are about to be redirected to a connection that is not secure." error.
Finally, there are several other concerns, and I will again refer you to the Whitepaper (-[9]-) for
further detailed explanation. You should now be familiar with some of the basic principles, and how
these acts could very well destroy the internet as we know it today, as well as create a giant step
backwards in internet security. I should take this time to once again state that I do not have a problem
enforcing illegal downloads, as it is technically theft, but I believe that, once again, Congress has
given in to lobbyists and created blanket legislation in the interests of one single group, thus
continuing to neglect the rights of the American people.
|||===================================================================
||| VI. REFERENCES, RESOURCES AND OTHER PROOF THAT I AM NOT PULLING THIS OUT OF MY ASS
|||===================================================================
[1] Bill Text: 112th Congress (2011-2012) H.R. 3261 -- Stop Online Privacy Act
---> http://thomas.loc.gov/cgi-bin/query/z?c112:H.R.3261:
(Accessed 19-DEC-2011)
[4] Bill Text: 112th Congress (2011-2012) S.968 -- Preventing Real Online Threats to Economic
Creativity and Theft of Intellectual Property
---> http://thomas.loc.gov/cgi-bin/bdquery/z?d112:s.00968:
(Accessed 19-DEC-2011)
[5] "PROTECT IP Act" (Wikipedia)
---> http://en.wikipedia.org/wiki/PROTECT_IP_Act
(Accessed 19-DEC-2011)
[7] "NebuAd Grilled Over Hot Coals in Congress on Privacy" Pub: 17-JUL-2008
---> http://news.cnet.com/8301-13578_3-9993554-38.html
(Accessed 19-DEC-2011)
[8] "What is a host hijack?"
---> http://www.adoko.com/hijackers-host.html
(Accessed 19-DEC-2011)
[9] "Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP
Bill - A Technical Whitepaper" Pub: May 2011
---> http://www.circleid.com/pdf/PROTECT-IP-Technical-Whitepaper-Final.pdf
(Accessed 19-DEC-2011)
[10] "Domain Name Service Security Extensions" (Wikipedia)
---> http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions
(Accessed 19-DEC-2011)
Cast your vote on this article 10 - Highest, 1 - Lowest
Comments: Published: 5 comments.
HackThisSite is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.
