>For now the seized domains are in legal limbo. David Snead, a lawyer specializing in Internet cases who is representing the owner of torrent-finder.com, speculated that it might be 30 to 60 days before he would be able to see a seizure order. “The government is providing zero information to help us determine what he is being charged with,” he said. “It’s a black hole.”
That's just plain wrong. Under what rational reason have they seized these without notice, and without declaration of wrongdoing? Is it part of a sting operation, or are they being labeled as terrorists?
If not, it's simply impeding justice, and seems to me to probably be motivated by the desire to have this go through smoothly; if they can wait out the initial surge of internet-interest, and then make weak claims, there won't be as many people scrutinizing them. Plus, this sort of event might just drive a few of the sites out of existence anyway, so their goals are served regardless, just by keeping their mouths shut.
What is worse is that some anti-piracy groups are refusing to release the names of sites they are shutting down. Brein recently shut down nearly 30 file-sharing sites and has refused to release info on the targeted sites.
Just a reminder: this isn't a crazy overreach by "Homeland Security". DHS is a very new cabinet department formed, like a beaurocratic Voltron, from a smorgasbord of peripherally-related agencies. One of those agencies was Customs/ICE, which for logical and historical reasons hosts federal anti-counterfeiting enforcement. DHS "acquires" Customs and bam, finds itself in the IP enforcement business.
You could, but this has been part of ICE's charter for a long time. I'm only making the point that this isn't some crazy RIAA subversion of the Department of Homeland Security. Homeland Security sounds scary, like, "the US Government thinks the RIAA's IP claims are vital to national security!".
So you're saying that you think it would be perfectly reasonable if the FDA or agriculture department happened to be tasked with enforcing music piracy prevention ?
Joking aside, I guess this is part of the problem with naming departments cutesy Orwellian names like "Homeland Security".
I think it's not an indication that the government thinks the RIAA's problems are homeland security concerns, and would prefer not to be baited into discussing anything else I think about it.
Fair enough, though I look forward to the day when there is just one governmental department and it's called the "Vanquishers of Evil" for the sake of clarity.
While no one ever claimed it, tptacek was correct in assuming people were thinking it. Or, at least, a person was thinking it.
I'm really glad to see a possible explanation for why Homeland Security would be cracking down on music blogs. While I don't agree with the DoHSs actions, I now have a foothold in understanding the situation. It may or may not be correct, but as a fairly logical interpretation of the scenario, it'll suffice.
I'm disappointed to see your fairly dramatic response (though I like the elipses and poetic linebreaks :) ) and 'yummyfajitas's pat response earn collectively more upvotes for delivering far less information (no offense).
To me, jurisdictional questions around the particular authority claimed by ICE to censor the web are interesting only in relation to the larger political decision to censor the web.
Tptacek focuses on only the first question and righteously refuses to look at the latter question. He "prefer not to be baited into discussing" the substantial question here. What I consider an important and disturbing development: the US government effectively taking up the authority to censor websites sans any conviction of web master for anything (sure they "file a lawsuit" but they do NOT have to actually convict or even serve the webmaster in question. It's the effective negation of free speech whatever the ostensible argument).
I thus think the various responses are appropriate. I've disagreed with Yummy on plenty of other issues but he decodes the misdirection in the GP well here.
Tptacek doesn't have to look at the latter question. He simply made a useful point that this has nothing to do with the department of homeland security (and by inference the excessive laws passed as part of the war on terror) but instead another department that is administratively connected.
Of course the US government is acting badly here, and if someone is making a strawman argument it is right to call it out as misdirection, but to my mind, tptacek was simply providing a useful fact.
I suppose this is teaching people about intellectual property...
...how some intellectual property, that owned by large corporations, is so important that other intellectual property should be confiscated by fiat to protect it!
He provided a useful piece of background on the thread. I was about to post a comment about "oh look, they overreached with the too-wide anti-terror laws and are using them on music pirate, quelle surprise," so it is useful to know that, except in name and org chart, this has nothing to do with homeland security (and any of the laws associated with the war on terror.)
The C in ICE is Customs, which has been charged with stopping counterfeit goods produced abroad from entering the USA, such as knockoff Rolex watches and Prada Handbags. Counterfeit goods have been charged with "reducing the desire" to own original goods, much like pirated music has been charged with reducing the desire to actually buy the CD.
If anything, ICE is probably the only department that administratively is capable of combatting piracy, since they have been doing it for so long under their own banner. They now get to do it under the Homeland Security banner.
Let me get this straight. A division of the Department of Homeland Security is shutting down hip-hop blogs to help out the RIAA and you don't see it as a crazy overreach?
I was about to post a comment about "oh look, they overreached with the too-wide anti-terror laws and are using them on music pirate, quelle surprise," so it was useful to know that, except in name and org chart, this has nothing to do with homeland security (and any of the laws associated with the war on terror.) It's a crazy overreach and some Americans need to sort it out, but in some useful senses it has nothing to do with "homeland security".
This is really scary for me, and I'm not even hosting any sort of illegal content.
For me the internet has always been a wild-west kind of place, one of the last places where politics and government and all of the paranoia-driven American madness didn't have a hold. No matter what crazy shit was going on in the "real world," it probably wouldn't touch the fabric of the internet. And today I wake up to find the RIAA using the government as hired hitmen to shut down seemingly harmless sites without any kind of warning or due process.
I know it was bound to happen sometime, and it would be naive to think the government was never involved in the dealings of the internet, but this truly saddens me. Our bought-and-paid-for government is finally making itself known in our last haven.
Has it really come time to move our domains to China, of all places?! And if we move them to a foreign power, who's to say that power won't tomorrow start doing what we're doing now?
I wish I had the money to donate to the EFF; but I don't, and I feel completely powerless.
Does anyone understand how domain seizing technically works? What are they actually doing?
Whois'ing the domain shows the nameservers are with GoDaddy. Is it so simple that they are just asking GoDaddy to change the site to this image?
I was going to assume that the government used ICANN to point it to their own name servers. Anyway, I'm just curious and would love if someone could shine some light on this.
they are not doing it at the Registrar level(by contacting the registrar for the domain and forcing them to update the authoritative name server info to point to NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the agency who controls the top level domain. In this case, all the “seized domains” appear to be .com and the agency/company who has the ICANN contract for this TLD is VeriSign(which also controls .net TLD).
Isn't this why the ICANN contract for a TLD should not belong to an American corporation? Logically, it should go a company in Switzerland, who have traditionally handled such things, and continue to be perceived as low in corruption [1] and high in democracy [2], with strong property rights [3]. They tend to be neutral in wars, and are not part of the EU (which is probably a bad idea for an independent TLD.)
Registrant:
Seized Domains
ATTN SEIZEDSERVERS.COM
care of Network Solutions
PO Box 459
Drums, PA. US 18222
Domain Name: SEIZEDSERVERS.COM
Administrative Contact, Technical Contact:
Solutions, IT
ATTN SEIZEDSERVERS.COM
care of Network Solutions
PO Box 459
Drums, PA 18222
US
570-708-8780
Record expires on 24-Nov-2011.
Record created on 24-Nov-2010.
Domain servers in listed order:
NS1.SEIZEDSERVERS.COM 74.81.170.109
NS2.SEIZEDSERVERS.COM 74.81.170.108
Heh, guess you can change the A record of a name without having to update the whois info. All of these domains are just pointed to http://74.81.170.110/
since .com/.net/.org are controlled by US companies, is the next step (for blogs/sites such as these) to move to .ru? or some other company not controlled by US companies?
if you're going for a non com/net/org domain, I'm assuming you'd have to register it with a company that's not US based too, so no ordering .nl domains through Godaddy, cause that can still cause problems.
I'd love to agree, but I don't see a way out of what seems to be a fundamental problem with any such system:
How does the system decide who gets domain-X in cases of conflicts? And there will be conflicts, and malicious ones at that, so there must be a resolution technique, and it must not be decided in each case by end-users - they have no way of knowing quickly / accurately enough, and it would prevent the average person from being able to use it. Plus, it could simply be spammed with billions+ of claims, shutting down the usefulness of the entire system, especially if it's first-come first-served.
Meanwhile, if there are any higher-priority deciders, they can be manipulated similar to how DNS hosts are in this circumstance (or certificate authorities, in the https world). So it must be distributed... it strikes me as a paradox.
edit: the only way out being that a distributed DNS could be a mirror of official ones... but what happens when domain-X gets seized, and then sold to another, assuming it's a legitimate purchase for non-phishing reasons? And how do you resolve domain ownership transfers - they look the same as seizures, from a data standpoint, except they don't have a big "Your Gov't Wuz Heer" stamp on them.
I wonder if such a system really even needs domains anymore. Would it be possible to scrap domains altogether and use IPs only?
The link structure of the web is almost completely based on domain urls, but I wonder if there's not some way to work around that in a DNS-less/P2P system.
Many common services (HTTP, SMTP, IMAP, POP3, and especially DNS, if you think about it) are provided by daemons that don't really care much about the domain name of the machine they're running on. For example, you can configure your web server to deliver pages for www.example.com, and it will, as long as that domain is in the HOST: header of the request. No DNS is required, you just point the request at the web server's IP address.
The obvious problem is that, to my knowledge, you can't embed a HOST: header in a URL to fetch that resource from an arbitrary IP address (something like http://HOST:www.example.com@192.0.2.144/).
Like HTTP, SMTP servers will gladly accept messages for domains it is configured to handle. But it also depends on DNS to get MX (or A) records to deliver to domains it doesn't handle. It's trivial to support email addresses that use IPs instead of domains (like bob@192.0.2.144), but such addresses are less portable than using domains and also create conflicts because two users cannot have the same name, even if they operate in different realms. Besides, they're butt-ugly and harder to remember than domains.
tl;dr: Using IPs only creates problems and DNS is a HUGE part of the solution. Any replacement will have to solve the same problems.
DNS, URIs, and application-level protocols such as HTTP and SMTP work together, but that doesn't mean they are the same beast. The reason for the existence of URIs is to provide identifiers for resources. DNS makes these human-readable. Applications in turn use these facilities.
When the user types http://www.example.com into the address bar, it's the web browser that figures out what to do next. Which is: realize it needs to to a HTTP request. Where to? Not an IP, ask DNS. Now connect to the IP address. But an HTTP server can host multiple domains, so include the host name in the request (that's the Host header). The web server then looks in its configuration, and sends the right page back. Note that the HTTP headers are specific to the application protocol, and are irrelevant both at the DNS and URL level. It just happens to be the same string :)
Domains make IPs human-readable and human-rememberable, and allow multiple servers to identify as the same site (ie, for human and CA purposes), and allow them to move. Somewhere you need a translation and connection system.
You could most definitely change your links to go to IP addresses. But they're more fragile.
Server IP addresses change every time you switch to a different provider.
Ironically the DNS actually provides a layer of resilience against being forced offline by targeting your provider, but that moves the vulnerability up one level, now you rely on the DNS to do its thing, and it too is under the control of a single institution.
The bar is a bit higher than a C&D to your provider but apparently not nearly high enough.
It depends on what your objectives are. If they are to ensure that no single legal jurisdiction can force a domain that has already been issued to stop working by taking actions in that jurisdiction (except via the domain owner), that is easily achievable without major problems.
E.g. the system could have the following components:
1) A centralised issuer (CI) of time-stamped certificates for a TLD, which certify someone is the owner of a domain. Certificates are only issued for domains that don't exist yet. The public key is in the certificate, and the private key is kept by the owner.
2) A network of TLD nameserver operators (TLDNSO) for the TLD. TLDNSOs have stable IP addresses which are distributed to client software in advance - and there is a centrally agreed on list. TLDNSOs are geographically dispersed, and spread across many different legal jurisdictions.
3) All certificates from the CI are sent to all TLDNSOs. Certificates without a timestamp that corresponds within a limited threshold to the time the certificate was received are rejected, as are certificates for domains when another certificate for the same domain is held by the TLDNSO.
4) TLDNSOs accept domain resource record (RR) updates - e.g. nameserver records - from anyone, provide they are signed with the private key that only the domain owner has. Likewise for the equivalent of WHOIS details.
5) Domain owners can sign a transfer certificate, which includes the public key of the new owner, and is signed with their private key, and sending the transfer certificate to the new owner. The new owner sends it to all TLDNSOs, who will from then on accept requests with the new owner's key, rather than the old one.
6) Clients can query TLDNSOs using DNS or DNSSEC, or using a new protocol which lets them inspect the certificates from the CI and any ownership changes. Clients using the new protocol query several TLDNSOs in several jurisdictions - there could be a fairly complex set of conflict resolution rules, but one of the most important would be that if two CI certificates were received, more TLDNSOs get queried, and the most frequent answer is the one that is accepted.
This makes most kinds of attacks on existing domains difficult:
1) The CI can be compelled by authorities in its jurisdiction to issue certificates, possibly backdated, but they won't be accepted by TLDNSOs except the ones that can be compelled to accept them (a minority in the case of unilateral government action), because they already have a certificate for the domain. The new CI certificate will be rejected by clients if only a minority of TLDNSOs present it.
2) TLDNSOs can be compelled to remove CI certificates for individual domains, but if only a minority are in any one jurisdiction, clients will get the record from other TLDNSOs.
3) Only the domain name owner has the private key needed to revoke or transfer a domain name. Obviously, the domain name owner can be compelled to reveal they private key (if they have it in that jurisdiction anyway), but that is outside the scope of this document. They could encrypt the key with a secure password and refuse to disclose it - that would be legal in some jurisdictions and illegal in others. By this point, authorities would probably focus on taking down the servers hosting the website rather than the DNS.
So, basically, DNS+CA, with mob-rule for conflict resolution for both servers and clients.
I like it - it can be implemented along-side DNS, mirroring DNS entries where the owners will agree to create a key. A progressive take-over is possible, layered on top of existing services.
It's not really "p2p" in that it needs hosts that must still be large and unmovable, thus a target, but a definite improvement. I'd still like to see/find/come up with a way to make something as totally host-free as possible, but no doubt it'd be incredibly slow compared to a more centralized solution.
Actually I think that a Bitcoin-style approach would be better.
Basically just use something like Bitcoin's block chain, but store domain registrations instead of only transactions.
So you only get a domain if you can prove that you've send some computational power of your computer. In addition, once you've registered a domain and the registration is sufficiently far in the past, it is infeasible for an attacker to manipulate your domain due to the block chain (and the computational power required to attack or delete it).
In fact, the simplest would be "mirror + backtrack".
If a given site had an earlier dns entry, the alternative dns would point to that earlier entry as the second alternative. If you think the second alternative is "really it", you can make that permanent for you.
It wouldn't solve everything but it would make a variety seizure approach not work well in the short term.
You'd still have trouble if you lost your ip address(es) but this would mean seizure would need multiple points of failure.
Moreover, this would need only a minimum of centralization.
A browser plugin to "find hidden/seized sites" might actually be trivial to produce. Name it something catchy. Anyone would to work on this?
But what that means is that the internet goes from being a www.com => globally-identifiable site to everyone having their own version. Links, URIs, Universal Resource Identifiers are no longer universal, and can't be used to reliably direct people around. It could be mitigated by changing the scheme (say: http://version/www.com/), but then every address-reading system on the planet has to be changed to handle it without throwing validation fits.
The average person will not understand this and will simply use whatever comes through automatically. If it doesn't lead them where they expected, they simply turn back. Leaving us back where we started.
Heck, you can already do this: you have a hosts file. Just map www.seized.com to the original IP. As long as the servers are running, it'll still work. The problem comes when traffic drops to zero, ad revenue drops to zero, and the reason for the site's existence is lost. Which is precisely the same problem with running alternatives; the average person, who accounts for most of most site's traffic, will take whatever is served to them and not manage it on their own.
Any system like this would eventually bloat to unmanageable levels, as again, ownership transfers look the same as seizures (or the reverse can be made to be true, with the intent to trick people). Eventually, loads of sites would have tons of alternatives. People could nab the servers / IP addresses of the old ones, and run phishing sites that look like the originals, further degrading the use of any alternative addresses...
... so people will use what's already decided for them. Which is what we have now. The fraction of a fraction of 1% of people who will visit the alternatives will not prevent their eventual death. Only the most popular seized pages will have any chance of continuing to exist... at which point their servers are simply seized along with their domains (where possible. governments cooperating in this is only increasing, and if the ACTA goes through it'll likely become the standard, done automatically, instead of the exception).
---
All of this also relies completely on the internet backbone routers not being manipulated. All it would take is a re-write rule, and any attempts to reach the address are taken out entirely. If a distributed DNS gains traction, do you honestly think this won't become a government's weapon of choice? Those routers exist somewhere.
"But what that means is that the Internet goes from being a www.com => globally-identifiable site to everyone having their own version. Links, URIs, Universal Resource Identifiers are no longer universal, and can't be used to reliably direct people around."
Yeah, it suck the state is breaking the Internet. I don't like it.
We should be clear. We shouldn't claim consider this to be an improvement. We should consider this a counter-measure to something like an act of war on the Internet, which it is.
"The average person will not understand this and will simply use whatever comes through automatically. If it doesn't lead them where they expected, they simply turn back. Leaving us back where we started."
The average user is smarter and smarter. This is something like a war. Normally fat, dumb and happy humans can often sudden exhibit more intelligence in this kind of situation.
Only the most popular seized pages will have any chance of continuing to exist...
The state cares most about these sites too. The state doesn't like actions which dilute it's power. Even when they don't really work, they also make it look bad, which should not be underestimated. Basically, this an electronic form of civil disobedience. And I believe things have come to the point that this might matter.
And relying on more and more complicated tools that run more and more automatically. For example: it seems to me that one of the major reasons password managers (and thus better passwords) are gaining ground is because they're better in every way - you don't need to remember anything. It makes things easier and more automatic, so people use it.
My basic theory on humanity is that people aren't stupid, we're just lazy. And I mean that in a good way; laziness often leads to efficiency. Especially when taken to a global scale, things change when they become easier, not necessarily better.
I don't think we'll agree here though, so I won't debate that point further.
>We should consider this a counter-measure to something like an act of war on the Internet, which it is.
Sadly, yeah, it does seem to legitimately be under attack. From all sides. Something along these lines might work to make a parallel internet, which could be useful, but I don't see it as a solution, so something still needs to be done, and the sooner the better. Why not now?
I'm not really sure. I need a bit more crypto knowledge & math, and a good chunk of time to brainstorm for it; no solution comes to mind. They're all necessarily bound by that you need to trust at some point; but ease-of-use is paramount in my opinion, if you want to actually change things. No matter what, there are gives and takes.
Browser plugins might be the eventual solution's first steps, though they're more and more becoming sandboxed websites (which I like. Fewer security issues, easier programming, etc), so you'd have to go with something lower-level, which means it's harder to do cross-platform. But that's likely to be the case regardless, unless a single platform wins or virtualized, standard OS APIs become the norm.
All that said, I'm not sure there is a best solution, nor one which I'd actually be happy with. Much less something which works efficiently on a global scale. But I'm essentially a communication-anarchist: I generally think it would be best if anyone, anywhere could privately, anonymously communicate with anyone else. And I realize just what a can of worms that would be.
edit: Just for clarification, as I sometimes come off this way: this is meant in no way to be an attack on the idea / goal / you. And if I'm missing something, I'd love to know. Discussions like these often lead to solutions though, so I enjoy them and end up saying a lot :) I think some of it comes from having both of my siblings in debate teams, and having judged at a few debate competitions; I tend to come off more certain / forceful than I intend.
I'm not particularly defensive here, just fishing for people who'd like to help on the idea - which I came up with right on the thread above.
The thing is, the dns-backtracking-browser-plugin sounds like a simpler and more doable approach compared to anything else I've heard of. Any more elaborate approach would have to settle who owns a domain and that's not any easy thing for the present system.
It would certainly need to be system/browser specific but otherwise doesn't sound hard. Indeed, I could do it in a couple weeks and a really smart person could do it in a day.
Obviously it's a stop-gap. The distributed peer-to-peer client featured here a couple of weeks ago is a far more robust solution. (see http://news.ycombinator.com/item?id=1985431). That would include a system fairly similar to what you describe.
I've been meaning to read through the details on that for a while... guess I'll just have to do it.
But yeah, trackerless-torrents are about the epitome of such a system, though I think it'd have to be changed drastically to support a fast query architecture like DNS-like services need.
What steps can one best take to get their domain portfolio out of reach of US authorities?
All my domains are at Godaddy (with private registration) right now. (Nothing involving sharing of IP products, but I fear this slippery slope won't end well.)
No, but if you had a .com and .ly version of each domain/site then you could probably be reasonably confident that if one got seized the other would be ok (I'm assuming that the US and Libya are sufficiently far apart politically that they are unlikely to collaborate on this kind of thing).
Germany has some of the strongest privacy protection laws, which is part of the reason I use Joker as my registrar. It doesn't get you out of reach of the TLD masters, but for everything else it's good peace of mind.
Rapescan terminals in the airports, domain names seized with no information provided, wtf, did the 4th Ammendment go down for a reboot or something? If so when can we expect it to come back online?
The line between what totalitarian regimes (such as China) do to the Internet and what the US government does to the internet becomes thinner and thinner. Think about it — both governments now use their control of the Internet infrastructure to limit access to undesirable content.
What I find most scary, though, is the very limited reaction this gets.
Actually, there is no paywall, yet, just need a free user account to get thru the "anon-wall", though I hear they will be adding a true paywall in 2011.
easy.
They want Google to index that content and they want to show up in the search index. At one point I think some sites tried showing one thing to Google-bot and a pay-wall to the rest of the Net.
But Google realised that was a terrible experience for users -- I've googled somethign and now when I go to the page that google recommends to me - I can't see what I'm looking for.
So Google effectively laid down the law -- If you want to show up in Search Results -- then users who have found you via Search need to be able to read what you are showing..
That's just plain wrong. Under what rational reason have they seized these without notice, and without declaration of wrongdoing? Is it part of a sting operation, or are they being labeled as terrorists?
If not, it's simply impeding justice, and seems to me to probably be motivated by the desire to have this go through smoothly; if they can wait out the initial surge of internet-interest, and then make weak claims, there won't be as many people scrutinizing them. Plus, this sort of event might just drive a few of the sites out of existence anyway, so their goals are served regardless, just by keeping their mouths shut.