[Infowarrior] - SOPA Haters Are Already Finding Easy Ways To Circumvent Its Censorship

Richard Forno rforno at infowarrior.org
Wed Dec 21 14:24:15 CST 2011


(c/o JH)

SOPA Haters Are Already Finding Easy Ways To Circumvent Its Censorship

http://www.forbes.com/sites/andygreenberg/2011/12/21/sopa-haters-are-already-finding-easy-ways-to-circumvent-its-censorship/ 

“The Internet interprets censorship as damage and routes around it,” goes the saying coined by Sun Microsystems coder and EFF founder John Gilmore. Now the Internet’s communities of coders and free speech advocates have interpreted the Stop Online Piracy Act (SOPA) as intolerable digital damage before it has even come to a vote, and are already working on tools anyone can use to route around its roadblocks to foreign, copyright-infringing sites.

While Congress has postponed the second half of its hearing of SOPA until next year, a developer named Tamer Rizk has been busy building an add-on for Firefox called DeSopa, which aims to give any Firefox user access to sites that SOPA’s copyright protection measures has blocked. “This program is a proof of concept that SOPA will not help prevent piracy,” reads a note including on DeSopa’s download page. “If SOPA is implemented, thousands of similar and more innovative programs and services will sprout up to provide access to the websites that people frequent. SOPA is a mistake. It does not even technically help solve the underlying problem, as this software illustrates.”

DeSopa takes advantage of an blatant weakness in how SOPA’s controversial filtering mandate would function under the current version of the bill. The new copyright infringement regime would allow editing of the Domain Name System, the registry that converts websites’ domains (like Google.com or Yahoo.com) into an Internet Protocol address (like 74.125.157.99 or 98.137.149.56). When you type “Google.com” into your browser, your computer communicates with DNS servers that convert that name into an IP address. But type the IP address directly into your browser, and it works just as well.

Since SOPA would lead to editing American DNS servers’ IP lists to insert errors for sites deemed illegal, DeSopa simply checks with foreign DNS servers to find the correct IP address and navigates directly to whatever blocked site the user enters. To avoid incorrect IP addresses in those foreign servers, the program even checks domains with three DNS servers and grabs whichever IP address has at least two agreeing answers. “Similar offshore resolution services will eventually maintain their own cache of websites, without blacklisting, in order to meet the demand created by SOPA,” writes Rizk.

For the last two weeks, users on Reddit have been assembling their own lists of IP addresses for key sites that might be blocked under SOPA, what some of them call the “Emergency List.” Users could simply check the list for the IP address of a blocked site they want to visit and navigate directly to its IP. Or, as the redditors have discussed, they could edit the “hosts” file on their own machines, a locally-stored list that overrides DNS and tells Web browsers which domains correspond with which IP addresses.

Editing hosts files is far from a perfect solution: Because sites’ IP addresses frequently change, users would often find certain sites inaccessible and need to go searching for a more current IP. But as DeSopa illustrates, SOPA’s thin layer of DNS censorship means users are sure to find a way to keep their locally-stored versions of DNS up to date and visit blacklisted sites.

Just because SOPA’s DNS censorship can be defeated, however, doesn’t mean the bill won’t damage the Internet. Engineers have been warning Congress that monkeying with DNS will make it impossible to implement DNSSEC, a new DNS protocol designed to prevent DNS spoofing attacks that hijack users’ browsing and take them to untrusted sites even when they enter the domain of a trusted one. Those security concerns are one reason SOPA’s discussion in Congress has been postponed until the new year to allow for more technical research. “No one in Congress intended to break anything,” says Dan Kaminsky, a leading DNS security researcher who has vocally opposed SOPA’s proposed changes to the system. “They intended to address a legitimate economic concern. But thanks to the law of unintended consequences, their efforts in DNS filtering run counter to our efforts in DNS authentication.”

The end result of SOPA in its current form, in other words, would be to reinforce the Internet’s fundamental security problems without blocking access to copyright-infringing sites for any user savvy enough to use simple software tools. Vint Cerf, one of the founders of the Internet, said as much in his letter to Congress earlier this month, even listing the exact ways DNS filtering would be circumvented. “This collateral damage of SOPA would be particularly regrettable because site blocking or redirection mechanisms are unlikely to make a significant dent in the availability of infringing material and counterfeits online, given that DNS manipulation can be defeated by simply choosing an offshore DNS resolution provider, maintaining one’s own local DNS cache or using direct IP address references,” he wrote.

Cerf, after all, helped to design the Internet to be robust above all else, finding its way around physical and digital hurdles to reliably deliver data. Thanks to a few angry geeks, it will likely find its way around any legal hurdles, too.

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.



More information about the Infowarrior mailing list