[liberationtech] SOPA and DNS-level Censorship Circumvention

Griffin Boyce griffinboyce at gmail.com
Mon Jan 9 16:41:23 PST 2012 

Hey all,

  With the SOPA vote on the horizon, now seems to be a good time to talk
about censorship at the DNS level.

  Computers use Domain Name Servers to make the connection to websites.
These large servers act as online address books for websites, telling
computers where the site they want to visit is located.  So the flow is
typically *Website Address -> DNS Server -> Website's Host*. If SOPA
passes, sites alleged to be infringing copyright will be blocked from
visitors in the US: *Website Address -> US DNS Server -> Block Page*.

  You can customize which servers your computer uses to fetch addresses,
and bypass these types of blocks entirely. A good tutorial on how to do
that is here: http://code.google.com/speed/public-dns/docs/using.html Though
keep in mind that the server addresses mentioned on that tutorial are
located in the United States.  So anyone looking to bypass
*American*censorship will need to use servers in an uncensored country
like Iceland
or Belgium.

  Another good option is using a browser plugin.  For FireFox, there are
two currently: Soapy and DeSopa.  DeSopa automatically fetches server
details for websites, but relies on a website that is likely to be blocked
once SOPA goes into effect. However, it does work until blocked. I made
Soapy with all of the rules it needs to function built into it. With Soapy,
every site that is enabled must have redirection rules created for it, but
it's also quite light (<50kb, each site is ~200bytes) and easily updated
with new sites.

DeSopa: https://addons.mozilla.org/en-US/firefox/addon/desopa/
Soapy: http://griftastic.com/soapy.html

  These browser plugins are really quick hacks designed to get into
people's hands quickly. (And there aren't any for Chrome, Opera, Safari, or
IE yet).  There has to be a more elegant and robust solution that we can
create for people affected by this type of censorship -- not just in the
US, but around the world.  It's completely possible to run
censorship-resistant DNS servers in uncensored countries, but the critical
missing element is a highly usable piece of software that will adjust the
user's network settings without a major hassle.  DnsJumper might work, but
isn't open-source and users have to find unblocked servers to use.

  What do you all think about this?

All the best,
Griffin Boyce

-- 
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120109/cfe35eb7/attachment.html>

More information about the liberationtech mailing list