[liberationtech] SOPA and DNS-level Censorship Circumvention
Griffin Boyce
griffinboyce at gmail.com
Mon Jan 9 18:33:49 PST 2012
Jordan,
I absolutely agree -- this type of censorship is one of the easier to
bypass consistently, but it opens up a whole world of phishing potential.
If we could get an open-source piece of software on the market that is
maintained by a reputable organization, that would go a long way to helping
prevent problems. Working on my own, there's no way I could get an app on
the market in the next two weeks that is bug-free. SOPA might not pass,
but the tools could be used by anyone, so hopefully these bills will
re-ignite interest in circumvention tools.
~Griffin
On Mon, Jan 9, 2012 at 9:17 PM, Jordan McCarthy <jrmccarthy at stanford.edu>wrote:
> **
> As I was reading your email, it occurred to me that one of the (many)
> detrimental by-products of this whole SOPA/PROTECT IP debacle may be to
> severely exacerbate the U.S.'s already-nasty malware problem. As you point
> out, the second any legislation of this kind is enacted, a host of
> circumnavigation tools are going to immediately hit the market. While the
> ones you describe (and have been so kind as to implement) are obviously
> well-intentioned, I can't imagine that it'll take more than three seconds
> for scam-artists of all stripes to jump on the bandwagon, and start putting
> out their own "auto-configuration anti-censorship utilities" based on their
> own poisoned DNS servers (ie, ones that direct wellsfargo.com to
> wellsfargo.com.%34%63%22...). Of course, they've already done this sort of
> thing in various ways, but it seems very, very likely that SOPA will only
> make the phenomenon a whole lot worse.
>
> For the purposes of this discussion, though, I suppose my main point is
> that any system of the kind under consideration should optimally have some
> sort of VERY easy-to-understand trust/authentication mechanisms built-in,
> and be accompanied by an extensive public-awareness campaign, to prevent
> unwitting users from being duped into sending their credit card numbers
> straight to the blackhats' databases (to an even greater extent than they
> already are).
>
> Nevertheless, I'm exceedingly grateful that people are starting to think
> about and code up some of these utilities. It looks like we might need
> them.
>
> - Jordan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120109/58bb9657/attachment.html>
More information about the liberationtech
mailing list