[HN Gopher] Quad9 and Sony Music: German Injunction Status
___________________________________________________________________
Quad9 and Sony Music: German Injunction Status
Author : ameshkov
Score : 387 points
Date : 2021-06-24 16:52 UTC (6 hours ago)
(HTM) web link (quad9.net)
(TXT) w3m dump (quad9.net)
| lehi wrote:
| Verizon has also been blackholing routes to ddos-guard for the
| past few weeks, cutting off access to any sites protected by
| them: https://torrentfreak.com/why-is-verizon-blocking-pirate-
| site...
| [deleted]
| apazzolini wrote:
| I've been a happily paying customer of Spotify for nearly a
| decade now.
|
| This is the kind of shit that makes me reconsider returning to
| piracy.
| unethical_ban wrote:
| I really, really don't like DNS censorship. I think that if a
| site is bad enough to warrant being taken down, it should be
| taken down by the authorities that host it.
|
| OR, these governments should have a formal enforcement regime
| that monitors and sends takedown requests to DNS resolvers.
|
| Then, high-tech people will either use .onion, or we will see
| again the popularity of alt-root DNS services.
|
| So will the alt-root DNS website (whose domain is on the
| "official" root) be taken down, because it is a pointer to a
| pointer to potentially illegal stuff?
|
| Where does it end? Or will the goal be simply to make it hard
| enough that only 1% of people know how to access it, vs. 20%?
| superkuh wrote:
| Unfortunately .onion is not a permanent address. All .onion
| addresses are transient and The Tor Project reserves the right
| to completely remove support for addresses whenever they feel
| it might impact the privacy/security of the tor network.
|
| For example, on October 15th of this year all Tor addresses
| from the last 15 years of Tor v2 will stop being supported and
| will vanish into thin air.
| javajosh wrote:
| I don't like it either, but I think it's the lesser evil.
| Consider the fact that you don't even need DNS to put something
| on the internet; ergo, removing a DNS entry _only_ increases
| the friction to accessing the resource. I think the approach
| the MPAA is taking is indeed to just make it harder for the
| 20%, and probably have a realistic understanding that they 'll
| never get to 0 and approach a low asymptote, and have to be
| satisfied with that.
|
| Or, to put it another way, the MPAA is attacking discovery not
| hosting. Which I think is pretty smart - its good bang for the
| buck. The people who have legit binaries to share can do so
| pretty easily (e.g. torrent a linux distro). It would step over
| the line if they tried to, I don't know, outlaw the bittorrent
| protocol. But taking down freemoviesXXX.com doesn't exactly
| raise my hackles.
| yarcob wrote:
| Also, making illegal sites slightly harder to visit by
| blocking certain domains is really a rather mild form of
| copyright enforcement.
|
| I'd much rather have that then companies suing some kid who
| downloaded a torrent.
| michaelmrose wrote:
| Taking down freemoviesXXX.com in the court of the nation
| where it is hosted is materially different from making a DNS
| provider fail to resolve a valid address hosted elsewhere. If
| you want to be heard you must both fight for the legal right
| to host content in one county and the right to be read in
| every other country.
|
| This creates both a concept of there being a censorship list
| one can be added to and incentivizes escalating attempts to
| control what can be viewed.
|
| DNS is extremely easy to bypass which is really only half the
| problem. The other half is the complexity of bypassing
| blocking can trivially be outsourced to devs of sharing apps
| who can both implement search and DNS or even vpn.
|
| Technical barriers that are basically boxes for clients to
| tick are entirely useless your citizens may manage limited
| complexity budgets but they can outsource those to
| developers.
|
| The logical path this leads you to are technical and
| restrictions on what content applications are allowed to
| display, what applications one is allowed to install based on
| their compliance with point one, restrictions on what OS one
| is allowed to install based on compliance with point two.
|
| Then you can control ability to access network resources
| based on compliance with point three.
|
| This was all speced out decades ago and the technology
| embedded in your motherboard and somewhat in play on mobile
| platforms.
|
| Once you have this you will actually have effective
| censorship tools and now have to worry about how they might
| be misused when previously we might be reassured by our
| ability to bypass censorship at need.
|
| When you come down to it the entire content producing
| industry is of only modest value compared to say science and
| technology and has more resources than it's ever had before
| and freemoviesxxx.com is little actual threat to it's
| existence. It mostly prevents useless people without a
| creative bone in their body who have never contributed to
| society in any fashion from maximizing their revenue
| sufficient to afford a second yacht.
|
| Twisting consumer tech the necessary gateway for all modern
| communication and culture to increase their revenue slightly
| is the tail wagging the dog.
|
| Any attempt to take one step down the road ought to result in
| the offenders being nuked from orbit because their entire
| destruction would be better end result for society than their
| success.
| pyrale wrote:
| > I think that if a site is bad enough to warrant being taken
| down, it should be taken down by the authorities that host it.
|
| That is essentially saying that nothing is bad enough to
| warrant being taken down ever.
|
| People shouldn't have to tour every possible jurisdiction on
| earth to have something taken down in the jurisdiction they
| live in.
| caeril wrote:
| > People shouldn't have to tour every possible jurisdiction
| on earth to have something taken down in the jurisdiction
| they live in.
|
| Yes, they should. Or they can save a lot of effort and just
| block it locally.
|
| One sovereign people shouldn't be prevented by another
| sovereign people from conducting their lives as they see fit.
| Global rules are incompatible with respecting the vast
| diversity of humans on this planet.
|
| Hopefully, 9.9.9.9 can apply this ruling specifically to
| German CIDRs and be done with it.
| programmarchy wrote:
| Check out blockchain domains [1] which implement an NFT
| standard for domain names. So far Opera and Brave have added
| built-in support for .crypto and there are extensions for other
| browsers.
|
| [1] https://unstoppabledomains.com
| ryan29 wrote:
| I've looked at blockchain based domains. There's also ENS
| (.eth) and HNS (namebase.io). The biggest problem with them
| is they're a huge pain to purchase. You need to buy their
| vBucks style coins first (ETH or HNS) and many western
| governments treat those like a security. That makes it tough
| for someone like me who wants to buy legit, brandable domains
| in those systems.
|
| So the only people left are the ones mining coins and
| skirting KYC/AML laws and I think that leads to a scenario
| where they'll gain a reputation of being a "nefarious"
| technology even though there's _some_ merit in the idea.
|
| DNS based censorship by western countries is a risky game
| IMO. That makes the system vulnerable to a developing country
| coming in, setting up alternate DNS roots, and refusing to
| filter / censor for copyright infringement. It won't take
| much for western users to learn they need to use a foreign
| search engine to find things the western countries want
| censored.
|
| China's citizens will be using US search engines and US
| citizens will be using Chinese search engines. Lol.
| programmarchy wrote:
| Thanks for the thoughtful response.
|
| I imagine it will become easier to buy with checkouts that
| can take a credit card. It looks like some already have a
| Stripe checkout workflow.
|
| One thing that is easier about owning a domain as an NFT is
| that it's not a subscription; you pay once and own it until
| you want to transfer it to someone else.
| Karrot_Kream wrote:
| > I've looked at blockchain based domains. There's also ENS
| (.eth) and HNS (namebase.io). The biggest problem with them
| is they're a huge pain to purchase. You need to buy their
| vBucks style coins first (ETH or HNS) and many western
| governments treat those like a security. That makes it
| tough for someone like me who wants to buy legit, brandable
| domains in those systems.
|
| Yeah I don't know why any of these blockchain DNS systems
| don't have an easy fiat on-ramp. Most people don't care
| about holding a token, they just want their domain name.
| It's fairly easy these days too with all the stablecoins
| around.
| blablablerg wrote:
| Because then they need to do KYC and all kind of other
| regulatory stuff.
| mike_d wrote:
| Namebase is pretty painless for getting Handshake names.
| ryan29 wrote:
| I signed up, but didn't do any of the verification. I'm
| from Canada and they're not in FINTRAC (our KYC/AML
| regulator), so I'm not willing to give them any personal
| information beyond what I'd use for a normal credit card
| transaction.
|
| The thing is I wanted a brandable name that I could
| likely get for less than $.50, but I'd be willing to pay
| $50 via credit card to avoid dealing with HNS. I would
| literally pay 100x the market rate to avoid dealing with
| their crypto currency because, by the time I deal with
| the bookkeeping and taxes of a crypto purchase, it costs
| me more than $50 in time and effort.
| ryan29 wrote:
| > Most people don't care about holding a token
|
| I definitely do NOT want the token/coin. As soon as I
| touch it the transaction becomes a taxable event for me.
| It's a nightmare. Imagine if every store in your city
| used a different foreign currency and the government made
| you track every transaction you make so you can report
| your foreign currency gains/losses on your taxes.
| Y_Y wrote:
| "The Net interprets censorship as damage and routes around it".
|
| - John Gilmore
| mnouquet wrote:
| Worked so well for Parler, Damore, or even Trump.
| dane-pgp wrote:
| Parler is online again, and I don't think Gilmore was saying
| that the internet would prevent you from losing your job.
| lscotte wrote:
| We're in a very dark period where people are fine with
| censoring viewpoints that they don't agree with, especially
| around political boundaries. It's very unfortunate -
| censorship is censorship, plain and simple.
| zero_deg_kevin wrote:
| The problem with opposing civil rights movements is that
| reciprocity matters in the real world. People are
| disinclined to support your rights if they see you as
| advocating against theirs.
| mnouquet wrote:
| This might have been the case maybe 30 years ago, today's
| mentality is really all about submission to power, their
| power. If they say "put a hand on your stomach, one on
| your head, and turn from right to left singing the
| International on a single hand", you better do it, or
| fear being cancelled.
| zero_deg_kevin wrote:
| I'm not accepting your assertion as fact. There are
| currently multiple civil rights movements facing
| organized conservative resistance.
|
| You can invent whatever moralizing obligation you want,
| but I don't think it's reasonable expect an organized
| effort from the {$outgroup} community to defend the
| rights rights of the people who designated them the
| outgroup.
| mnouquet wrote:
| Existence of such groups is not your original assertion.
| You stated:
|
| > People are disinclined to support your rights if they
| see you as advocating against theirs.
|
| By that argument, the Libertarians would be loved by
| everybody, but they aren't, because it's no longer a
| discussion on ethics, it's a fight over holly dogma. The
| ACLU will no longer support people on the Right in the
| name of Free Speech. Lines in the sand have been dug by
| the left, and they no longer crosses them. The right,
| (ie. the MSM's fascist) however do it all the time
| because they are the most open ones. If you are a gay 1sh
| amendment absolutist, you aren't gay, you're just a nazi.
| The ancients Greeks are no longer the bases of our
| culture/civilization, they're esclavagist.
| NaturalPhallacy wrote:
| Yup. I gave up arguing with the posters and even founder of
| TechDirt about it. They call it 'content moderation' when
| they agree with it and censorship when they don't, based on
| whether it's left leaning (Good(tm)) or right leaning
| (Bad(tm)).
|
| It's so bizarre how the left controls the house, the
| presidency, academia, the mainstream media for the most
| part, all of the big tech companies, but complain that the
| Republicans are the fascists.
|
| We either have free speech, or we have fascism. And it's
| not the right trying to censor and cancel people, it's the
| authoritarian left who feel like they know better than
| everyone else. Very irritating as a libleft, because they
| read my disagreement as being right leaning rather than
| freedom loving.
| emj wrote:
| If you are a freedom lover foremost perhaps you should
| work more on making the issue seperate from right vs left
| rhetorics. Always look at why someone wants to censor,
| rather than just assume it's because of ordinary left vs.
| right. The scale seems to a lot more binary in the US
| than I'm used to.
|
| It's not a left right issue, we do need to have sex-ed in
| schools, you need to talk about homosexuality, and the
| problem with nationalism even the american flavour. I
| don't even think those are issues that all left leaning
| people agree on. Dig deeper.
| mnouquet wrote:
| > Always look at why someone wants to censor
|
| Just as if logic was working. Last time I checked from
| the Smithsonian woke bullshit, logic itself is racist...
| Oh well.
|
| > we do need to have sex-ed in schools, you need to talk
| about homosexuality
|
| Over my dead body. My children will not hear about any
| trans / Kinsey reports bullshit, or even CRT clusterfuck
| for that matter.
| dane-pgp wrote:
| > And it's not the right trying to censor and cancel
| people
|
| Are you sure about that?
|
| https://www.dailydot.com/debug/parler-banning-leftist/
|
| https://www.buzzfeed.com/stephenlaconte/conservatives-
| love-c...
| MomoXenosaga wrote:
| This is what the TOR browser is for.
| Dah00n wrote:
| No, this is what DNS sevices like uncensoreddns.org is for.
| rad_gruchalski wrote:
| Until Sony goes after them. Circle of life.
| kayson wrote:
| I wish they hadn't complied. It wouldn't be the first time a tech
| company stood up to this kind of thing. (Github and youtube-dl,
| Digg and HDDVD key, etc).
|
| Not familiar with German law. What would happen if they simply
| ignored the injunction?
| caeril wrote:
| Yes, it's unfortunate, but it's still a far superior position
| than, say, Google or GoDaddy.
|
| In this case, Quad9 is being compelled by a court, with the
| force of law, to do so.
|
| GoDaddy and Google will yank your _entire domain_ if enough
| anonymous communists complain on Twitter that your content is
| undesirable.
| joshuaissac wrote:
| Neither Digg nor GitHub stood up to a court order in either of
| these cases. A DMCA notice was used with no court involvement
| in both cases.
| mullen wrote:
| The police might come take their DNS servers.
| merb wrote:
| probably impossible since they are sitting in switzerland and
| are not subjected to this directly.
| iratewizard wrote:
| That would have been really nice, but I can't blame them. If I
| were in their position, I would save my company and employees
| first. Making noise about it comes after their wellbeing.
| airhead969 wrote:
| That's not how activism works. No one will pay attention and
| writing White House online petitions doesn't do anything
| either.
| Dah00n wrote:
| I'm pretty sure it would be the first time. Normally they fight
| it in court, they don't disobey court orders after the fact.
| Neither of your examples did. If they did their hardware would
| be confiscated by the police.
| curiousfab wrote:
| Fun fact: The same court ruled in 2008 that access providers may
| not be forced to block DNS: https://www.telemedicus.info/lg-
| hamburg-bestaetigt-wirkungsl...
|
| This Hamburg court in particular has produced hundreds of
| scandalous injunctions over the years, many of which were
| overturned later.
| xxpor wrote:
| Unfortunately Germany has a Civil Law system, so precedents
| aren't binding.
| jimbob45 wrote:
| Can you explain what you mean by that? I know precedent law
| in the US doesn't guarantee a verdict but it vastly speeds up
| the appeals process.
| eindiran wrote:
| See:
|
| * https://en.wikipedia.org/wiki/Common_law
|
| vs
|
| * https://en.wikipedia.org/wiki/Civil_law_(legal_system)
|
| "The civil law system is often contrasted with the common
| law system, which originated in medieval England, whose
| intellectual framework historically came from uncodified
| judge-made case law, and gives precedential authority to
| prior court decisions."
| skywal_l wrote:
| There are precedents in civil law too. It's just that
| judges have less leeway in "creating" law than in the
| common law systems and thus precedents are not as binding
| because the law is supposed to be already laid our
| precisely.
|
| And civil law systems are not all tuned the same way.
| ChuckNorris89 wrote:
| _> because the law is supposed to be already laid our
| precisely_
|
| Well that's the problem right there. Some times the laws
| are stupid or out of date so you end up getting screwed
| by some unscrupulous megacorp willing to abuse said
| outdated laws.
|
| Sure, the right sollution is to change the laws but
| you're in court right _NOW_ and the process of changing
| laws is slow and the lawmakers heavily influenced by
| lobbyists and powerful interest groups to resist changes
| that affect them.
| skywal_l wrote:
| I am not defending any system here.
|
| And the common law system has also many shortcomings,
| especially when judges are basically political
| appointees.
| zorked wrote:
| Alternatively: good thing it has a Civil Law system, so that
| _this_ horrible precedent isn 't binding.
| xxpor wrote:
| True!
| dragonwriter wrote:
| Even in common law system like the US, trial court rulings
| aren't binding precedent.
| xxpor wrote:
| That's actually kind of complicated, see page 800: https:
| //scholars.law.unlv.edu/cgi/viewcontent.cgi?referer=&h...
| sebyx07 wrote:
| 1.1.1.1 is the solution?
| omoikane wrote:
| Also 8.8.8.8
| airhead969 wrote:
| Cloudflare's public DNS would need to be within this
| jurisdiction or be hit in a similar way in another
| jurisdiction.
|
| Edit: whoops, I thought Quad9 was an ISP.
| spinax wrote:
| What makes you think CloudFlare (or Google/8.8) could not be
| hit with the same legal injunction? This is a court order and
| Quad9 must comply, as would CloudFlare or Google.
| cmeacham98 wrote:
| I am not aware of 1.1 or 8.8 ever being forced to
| block/change DNS. While this does not prove they won't in the
| future, considering the popularity of the services this
| suggests US law is on their side.
|
| Additionally, Cloudflare has previously shown commitment to
| deliver DNS exactly as it receives it with no changes (see
| archive.me debacle).
| markn951 wrote:
| Except in the case of deciding to exclude EDNS Client
| Subnet, which in my experience completely borks CDNs. Which
| is why I switched to Quad9 in the first place.
| spinax wrote:
| I get what you're saying, but we're talking about a very
| specific action: a court injunction. Whether or not it will
| be overturned or invalid is a followup - I am not versed at
| all on German law but I would assume it's a criminal
| penalty to refuse to comply with a court injunction (for
| anything, not just this). As stated in the blog, they will
| comply and fight the injunction's validity.
| pyrale wrote:
| > considering the popularity of the services this suggests
| US law is on their side.
|
| That won't help much if they're brought before EU courts.
|
| The reason Google doesn't get brought to courts like that
| is because they already comply with rights owners.
| rad_gruchalski wrote:
| > I am not aware of 1.1 or 8.8 ever being forced to
| block/change DNS.
|
| Maybe because both have a DMCA process in place and don't
| see the need fighting in the courts?
| T3RMINATED wrote:
| If Quad9 complies, I would stay away from Quad9 services as they
| are not fighting for the right thing.
| [deleted]
| roody15 wrote:
| The fact that Quad9 so easily complies = will not use quad9
| annoyingnoob wrote:
| Your loss.
| progbits wrote:
| I hope this is not frowned upon here but I believe the domain in
| question is canna[dot]sx. You can confirm this by taking some of
| the URLs in the report and substituting the blacked out domain
| with it and it indeed shows the Evanescence album that the
| document points to.
|
| (I got this by doing reverse dns lookups on some of the IPs they
| list without censoring)
|
| Edit: I have tried resolving using 9.9.9.9 and get the same
| answer as other DNS servers, even running from a VPS in Germany.
| It appears they have not blocked it yet?
| zinekeller wrote:
| Have you tried the .to domain? The .sx domain is recently
| registered (probably because SME also obtained an injunction
| against 1&1 and Telekom to block it), and I can confirm that
| the .to domain is blocked inside Germany.
| progbits wrote:
| Good point, it might be a replacement domain that just has
| the same content so my URL check doesn't mean that is what
| they requested.
|
| As for .to, it does resolve fine for me via 9.9.9.9 from
| multiple locations including Germany but maybe my VPS IP just
| doesn't resolve to the right geolocation.
| zinekeller wrote:
| Either that Quad9 (unintentionally) haven't included the IP
| range in the scope or Quad9 is intentionally only applying
| the filter in residential connections (because business
| won't engage in piracy, right?)
|
| Edit: Resolves in Versatel (which is a business-grade
| connection). The offending domain is blocked by 1&1's
| (Versatel's parent) DNS resolvers though.
| varispeed wrote:
| > Artists deserve to be compensated,
|
| I like this dig at Sony. I don't believe for a second that Sony
| has any interest of the artists in mind. It's all about their own
| profits at all cost. They wouldn't care in the slightest if
| artists died of hunger. But that's just my opinion from dealing
| with the record labels myself.
| airhead969 wrote:
| Sony BMG can talk a long walk off a short pier. They're blood-
| sucking, rent-seeking, cannibal vampires.
|
| If people would watch it, they would pay homeless people to
| dance and fight each other in LA's canals during a storm,
| monetize it, advertise it on all platforms, and they would
| still sleep OK at night.
| jfengel wrote:
| It's true. Sony doesn't care about artists, any more than your
| boss or company cares about you.
|
| But they are, nonetheless, the ones paying the artists. Not
| nearly enough, and with plenty of shenanigans, but that doesn't
| change the fact that every movie ends with a long, long, long
| list of people who got paid for working on it -- by Sony.
|
| It's disingenuous for Sony to pretend they care about anything
| other than their own profits. It's just tugging at
| heartstrings. Few of them actually get a share of the profits.
| They work for a paycheck.
|
| But they've nonetheless got a point: they hire artists, lots of
| 'em. Some of their profits go into making the next movie.
|
| Arguably, that's better than caring about them. I don't
| particularly like facile capitalist arguments, but Adam Smith's
| quote about the baker really does apply here: the artists don't
| need Sony to care, they just need Sony to pursue its own self
| interest because it happens to also profit them.
|
| You won't see me crying over Sony's lost profits, and I'd love
| for more people to see movies other than studio blockbusters.
| But I know a lot of people who make movies and they do, in
| fact, get their paychecks and royalty checks from Sony.
| GekkePrutser wrote:
| Oh well. I use Quad9. But at least now when a torrent site won't
| work I'm reminded to turn on the VPN .
| seviu wrote:
| I was sued in Germany by Axel Springer due to an ad blocker I
| wrote. The lower court of Hamburg ruled against me. They openly
| admitted they did not know what they were doing because the case
| was too technical for them. They were just happy to please the
| big corporation.
|
| Hamburg is a favourite for such cases because they just have no
| clue about technology. They are just old fashioned.
|
| As a small indie developer, I could not afford to keep on
| fighting. I gave up. I was a psychological wreck. And since it is
| not binding, big entities can afford to sue you non-stop.
|
| Hamburg was the second time I was in a court. I got sued by the
| same big corporation. I won the first one.
|
| Despite not being binding Sony will use this as a precedent and
| they will start going against the bigger DNS players, till all of
| them have to comply with their demands.
| ChuckNorris89 wrote:
| _> They were just happy to please the big corporation_
|
| In Germany?! Never! _/ s_
|
| This reminds me how the gyms in Germany were told by the
| government they were not allowed to collect membership fees
| during the lockdown but the big chains did it anyway on the
| basis of "what are you gonna do about it?". So if you wanted
| gyms to comply, each customer had to take their gym to court on
| an individual basis but most never bothered.
|
| It's crazy, from a foreigner's perspective, with how much
| shenanigans big business in Germany can get away with legally,
| considering how strict and bureaucratic Germany is. And don't
| get me started on customer service.
| z3ncyberpunk wrote:
| get your bank to charge back the card for fraudulent charges
| to your account
| TeeMassive wrote:
| Thus the saying: "More laws, less justice"
| ezoe wrote:
| That's really strange logic. It's the government which block
| the people to use the gym service, not the gym. The damage
| was caused by the government and if somebody to compensate
| the damage, it should be the government.
| kuschku wrote:
| The gyms got paid compensation by the government.
| IndignantNerd wrote:
| Are you a German resident or otherwise subject to their
| jurisdiction? What would happen if you just ignored the
| lawsuit, and/or ignored the final judgment?
| hawski wrote:
| Which first or second world country doesn't abide by big
| corporations? Is there a useful ranking that would measure it?
| I'm really curious.
| z3ncyberpunk wrote:
| "Ignorance is no excuse"
| 88840-8855 wrote:
| Why did you put your name under that ad blocker?
|
| I remember "the good old web" (tm) where people did stuff
| anonymosly. In this way people can stay safe and continue
| publishing stuff.
| stavros wrote:
| The moral solution is to fix justice, the pragmatic solution
| is to not use your real name. In that light, I also have to
| ask, why did you use your real name?
| 88840-8855 wrote:
| I forgot that HN is a place for pure ideology.
|
| Honestly, if the world was run by such people, we would be
| still in discussions and evaluations.
|
| Sometimes you just have to accept facts and move on.
| czottmann wrote:
| In Germany, if you run a website of any kind, it has to
| include an imprint, which is required to list a legal
| entity which usually is a person.
|
| See https://de.wikipedia.org/wiki/Impressumspflicht#Telemed
| ienge...
|
| Source: I'm a German, I publish websites.
| stavros wrote:
| Right, but you don't need an impressum for a GitHub repo
| or a browser extension, right? I guess the GP probably
| did run a website.
| 88840-8855 wrote:
| Then run a .com address and you do not need an Impressum.
| Problem solved. LOL.
|
| Source: I am also a German, I publish .com websites.
| rad_gruchalski wrote:
| It's not solved. If you're based in Germany, as soon as
| you are doing any business and collect information from
| people, or better - money, you gotta do it.
|
| Interestingly, you only have to do it IF you have an
| online presence. As in, you don't have to have an online
| presence when running a business.
| merb wrote:
| nope. it's not solved. If anybody knows who you are, if
| you still live in germany, you will be fined. the law has
| nothing to do with an ending of the dns or some stupid
| shit. it only applies to juridical persons in germany.
| Nextgrid wrote:
| > If anybody knows who you are
|
| I think the point here is to not disclose your identity
| online as a defense against bullshit lawsuits. Whether
| you agree with the approach itself is one thing, but if
| it works at protecting against lawsuits it'll definitely
| work at protecting against enforcement of this law.
| merb wrote:
| it won't work at protecting against law enforcement. if
| they want you, they will find a way.
| Vaslo wrote:
| How does Quad9 make money? Just through sponsors? Just seems like
| they don't have any income with a free service but maybe I don't
| understand.
| Taniwha wrote:
| Essentially they are the good guys providing a public service
| C19is20 wrote:
| So your answer is.......?
| Taniwha wrote:
| they don't make money, they exist as a public service and
| AFAIK are funded as a non profit by people of good
| intention, not from related business
|
| Disclaimer: I know one of the principals, for whom I have a
| lot of respect
| ulnarkressty wrote:
| Quite a lot of these lawsuits happening in Germany against local
| businesses. But can a German court really order a company located
| in Switzerland to comply? I thought that was the main selling
| point of Swiss-based companies.
| jaywalk wrote:
| > But can a German court really order a company located in
| Switzerland to comply?
|
| They sure can! It's just one of the many "perks" of the EU.
| intellirogue wrote:
| Switzerland isn't in the EU. In this case it is a separate
| treaty which allows it.
| intellirogue wrote:
| The "almost-EU" countries (Switzerland, Norway and Iceland)
| have a treaty with the EU covering cross-border civil disputes,
| called the Lugano Convention. That gives the Hamburg court
| jurisdiction in this matter.
| _ink_ wrote:
| I don't get it. Quad9 is Swiss based. How is it relevant what the
| clowns from the court in Hamburg think?
| _-david-_ wrote:
| If they don't comply they could be blocked in Germany.
| amarshall wrote:
| Is the censorship applied globally or just to their resolvers in
| or near Germany? Unfortunately the domain names are redacted so
| it's not straightforward to test this.
| ketzu wrote:
| Independent of the current case (and Hamburg rulings in gernal),
| I haven't made up my mind yet about DNS blocking.
|
| The countless analogies don't really help me to find the right
| approach to handle these kinds of things.
|
| First, the "it only increases friction" argument: Basically
| everything is like that. Barely anything is absolute in the
| regard. If locked doors are effective at stopping most get-ins,
| it doesn't matter that they can easily be opened with a bit of
| skill.
|
| Second, should every country have to accept everything that is
| legal to host in any other country, i.e., should countries be
| allowed to make and uphold their own laws? I mostly think so, but
| am not sure how to achieve this. Violations can easily be outside
| of the reach of the country but there is still a desire to
| prevent the influence. Is DNS resolution an appropriate point to
| attack this problem? I am not sure, neither from an effectiveness
| nor an sensibility point of view, but I find the point of view to
| pursue everyone in their home jurisdiction (if it can be
| determined at all) convincing either.
| api wrote:
| So now we know why the push to centralize DNS even more... ?
| djrogers wrote:
| I can see why one would be concerned about a heavily
| centralized DNS, but what I've experienced in the real world is
| that today's DNS gives me infinitely more options than I had
| back when I started on the Internet.
|
| Back in the day, you were often limited to one or two widely
| known public servers (MCI's for example) or your ISPs. Today I
| have tons of providers of public DNS, all with different
| advantages and tradeoffs, including paid features and support.
| This alone is radically better than the choices we had ~20
| years ago.
|
| Add to that the fact that I can run my own caching resolver
| _without_ reading a 642 page paper bound book (see pihole vs a
| dog-eared copy of DNS and BIND by Liu and and Albitz), and we
| 're far from the dystopian nightmare you seem to be referring
| to.
| jsjohnst wrote:
| > you were often limited to one or two widely known public
| servers
|
| I have a found memory for the days when you could still use
| ns.sun.com (192.9.9.3) as a recursive resolver as it was such
| an easy to remember IP (for those days anyway).
| Dah00n wrote:
| Unless he edited his comment it said nothing of the sort. It
| states there's a push and there is.
| intellirogue wrote:
| Reading the suit, it is interesting that it is very much based
| around the fact that Quad9 already blocks resolution for
| "malicious" domains, and therefore already has a censorship
| process in place. Basically "you're already censoring, one more
| domain won't hurt."
| avh02 wrote:
| you can also add *.sony.* to that "one more" list. pretty sure
| there'd be no law against that - wonder if they'd appreciate it
| though.
| felixg3 wrote:
| I am curious if this also applies to their unfiltered version
| 9.9.9.10 then.
| adsche wrote:
| Hm, but they also offer a DNS without the malware filter. Does
| that imply that they would not have to block "pirate" sites on
| the unfiltered resolver?
| slim wrote:
| Which makes their argument about "the cost" mostly invalid
| superkuh wrote:
| This, again, is like the local phone company being forced to
| block your ability to call people because of an assertion that
| the person being blocked has infringed on their copyright. It's
| clear that the phone company has nothing to do with the situation
| and it's a massive legal overreach to compel them to get
| involved.
|
| But media megacorps have never cared about logic or sanity. They
| make their own reality with their piles of money and lawyers.
| ajsnigrutin wrote:
| I mean.. technically is not "blocking your ability to call",
| but just unlisting them from their phonebook and phone-number-
| information-service.
|
| But in the end, this means that people will start using the
| alternatives more.... hopefully.
| alerighi wrote:
| And yet is what they do in my country to "close" piracy sites:
| ask the national internet providers to block the resolution on
| that domains. Of course in most situations you can just change
| the DNS to 1.1.1.1, or if the provider redirects all DNS
| request to their server just use DNS over HTTPS...
| RamRodification wrote:
| > in most situations you can just change the DNS to 1.1.1.1
|
| Or maybe 9.9.9.9 (quad9)! :)
| ThatMedicIsASpy wrote:
| use 9.9.9.11 for ECS support
| sethgecko wrote:
| Until Sony sues Cloudflare/Google etc
| Tijdreiziger wrote:
| I'd love to see that for the entertainment value alone!
| lugged wrote:
| They don't call them the mafiaa [1] for nothin.
|
| [1] http://mafiaa.org/
| kureikain wrote:
| It's amazing Quad9 is run as a non-profit org.
|
| I run an email forwarding[0] app and I need to do a lot of DNS
| query(for spam filtering purpose), I run dnsmasq top load balance
| between CloudFlare, OpenDNS, GoogleDNS, Quad9 and Hetzner DNS.
| Quad9 outperform the rest with 2-4x faster and more reliable. In
| term of reliable I meant they won't rate limit me.
|
| If anyone need reliable DNS, Quad9 rocks it. I'll contribute my
| part on this battle too.
|
| Thanks Quad9
|
| ---
|
| 0: https://hanami.run
| Dah00n wrote:
| While I like Quad9 I get better results (IE. faster, etc.) from
| Uncensored DNS[1] and unlike most, including Quad9 now, it is,
| well, uncensored.
|
| https://uncensoreddns.org/
| zinekeller wrote:
| I think that you may have just accidentally put them in
| harm's way (if Sony is reading here), since they're in
| Denmark (which the Hamburg court could also reach).
| gabereiser wrote:
| Caving in to Sony's lawyers again. DNS resolution is not
| copyright infringement and someone needs to put Sony/BMG in their
| place and make them go after those who are actually infringing
| instead of those who are providing internet backbone services.
| djrogers wrote:
| Not sure you read the article?
|
| This isn't a case of caving to the lawyers. Those lawyers got a
| JUDGE to grant an INJUCTION. Once that happens, you're not
| caving to lawyers - you're going to follow the letter of that
| injunction while you appeal it, or throw up your hands and
| follow it forever.
|
| Also FTA: "We have retained counsel, and we are in the process
| of filing an objection to the injunction, though we are
| required to comply with it."
|
| So they're not throwing their hands up...
|
| --edited for spacing
| rectang wrote:
| It's more that Sony has effectively bought "justice" (i.e. a
| court decision) favorable to its interests by bringing
| overwhelming legal resources to bear.
| airhead969 wrote:
| The corporations own all elected officials (executive,
| legislative, and judicial) and MSM except some ostensible,
| powerless dreamers who think they can make a difference
| nibbling on the ephemeral periphery. The most rational and
| bravest voices in media (Hedges, Chomsky, Nader, Mate,
| Blumenthal) are currently ostracized as effectively-mute
| dissidents, conflated with conspiracy theorists and
| religious zealots for their crimes of factual, professional
| reporting.
|
| "It is difficult to get a man to understand something, when
| his salary depends on his not understanding it." -- Upton
| Sinclair
|
| The prevailing filter bubble of the bourgeoisie and the
| rich is intent on remaining secure at all costs,
| assassinations included. Just look around the world where
| journalists are murdered most and then where they are
| deplatformed.
| Dah00n wrote:
| "And here on the left we see a perfect sample of how a
| good comment that most would likely agree with had it not
| been killed by communist speak."
|
| Sorry, I totally agree with you but people have learned
| that anyone using words like bourgeoisie shouldn't be
| listened to.
| xnyan wrote:
| People have learned that anyone who completely dismisses
| another for use of a word shouldn't be listened to.
| Dah00n wrote:
| Yes, again I agree, but those people weren't _saying_
| anything. They just dismissed the comment and down voted
| it and went on their way. Nothing gained at all because
| of using words that everyone knows will cause this
| reaction. Shotgun meet foot.
| gabereiser wrote:
| I know, Sony went to a judge and bought their way to an
| injunction forcing Quad9 to blacklist DNS resolution. Same
| went for Homeland Sec here in the US some time ago. It's
| still Sony's lawyers, it's still not right, and a judge
| should know the difference between telecom lines and
| operators and their users, as this is the same thing analogy
| wise. It's like me getting you to not eat dairy by banning
| you from ice cream shops because I'm lactose intolerant. It's
| a huge over reach and abuse of power.
| djrogers wrote:
| > It's a huge over reach and abuse of power.
|
| Don't see anywhere I agued it wasn't, but I was responding
| to your comment which sounded like Quad9 was caving to
| Sony's lawyers, as opposed to the more specific accusations
| of judicial bribery in this follow-up post.
|
| Is it common for German judges to be bought and/or specific
| judgements to be paid for in Germany?
| sophacles wrote:
| There is no bribery accusation. They said "sony bought
| their way". This is a vague statement that could include
| bribery, but also could mean "spent a lot of money on
| lawyers who found a judge that would side with them" or
| "sony spent a lot of money on lawsuits in many
| jurisdictions trying to find one that sided thier way"
| and a hundred other things.
| djrogers wrote:
| The exact quote is "went to a judge and bought". If
| that's not a direct accusation of bribery, I don't know
| what is.
|
| None of the other options you listed come as close to
| describing what was stated as bribery does.
| Dah00n wrote:
| No it isn't. While this is a bad thing saying it is
| bought is hyperbolic.
| irthomasthomas wrote:
| This is the equivalent of mandating that every freight company,
| shipping agent or port inspect every box for fakes or infringing
| materials.
| yarcob wrote:
| No, it's more like mandating freight companies do not deliver
| to certain addresses.
| anderskaseorg wrote:
| No, it's more like mandating map companies do not even list
| certain addresses in an effort to thwart freight companies
| from servicing them. A DNS resolver like Quad9 just provides
| the addresses. There's no allegation here that any infringing
| content was served by or delivered through Quad9.
| airhead969 wrote:
| Yep. "Offend our commercial legal monopoly for exploiting
| creators, and the laws and legal precedents we bought order
| all cartographers to damnatio memoriae your IP and/or
| location."
| nerdponx wrote:
| I could definitely imagine Google being ordered to remove
| listings for illegal brothels.
| airhead969 wrote:
| Meh. Some service or another will pop-up to list the fun
| stuff governments and their corporate crook masters try
| to squash.
| pyrale wrote:
| "Will" ? It's already there. People simply aren't so
| interested in skirting the bans apparently.
| _aleph2c_ wrote:
| Maybe in retaliation to this "legal" attack on open
| infrastructure, DNS providers should de-list Sony domains.
| vorticalbox wrote:
| There is a firefox addon that blocks domains that abuse the
| dmca system
|
| https://addons.mozilla.org/en-US/firefox/addon/barbblock
| 1vuio0pswjnm7 wrote:
| "The assertion of this injunction is, in essence, that if there
| is any technical possibility of denying access to content by a
| specific party or mechanism, then it is required by law that
| blocking take place on demand, regardless of the cost or
| likelihood of success."
|
| Technically, this block does not stop anyone from getting the IP
| address for a domain. Anyone can resolve a domain name using
| public information that is disseminated from domain name
| registries, domain name registrars and other authoritative DNS
| providers. Quad9 is just a third party DNS provider, not an
| authoritative source for IP addresses. In theory, third party DNS
| providers could refuse to provide (resolve) the IP address for
| any domain name. They could do this on their own accord, to suit
| their own interests, or at the behest of anyone, e.g., an end
| user, a financial contributor (donor), an interested corporate
| partner, or perhaps pursuant to a court-ordered injunction.
|
| In fact, this in exactly what Quad9 does: they block domains.
| They advertise this capability on their website, where even the
| most non-techical reader could find it. From the "About" page:
|
| "Quad9 blocks against known malicious domains, preventing your
| computers and IoT devices from connecting to malware or phishing
| sites."
|
| Third party DNS has a number of potential problems; filtering is
| one. Funny how people have literaly turned that problem into a
| selling point. For example, OpenDNS, now part of Cisco, started a
| business doing DNS-based filtering.
|
| Personally I fail to see why third party DNS (ISP-provided DNS or
| so-called "open resolvers") remains a preferred method of
| retrieving IP addresses or other RRs. IMO, there is no technical
| advantange anymore.
|
| Many years ago I wrote a system for resolving domains without
| using recursion, using only authoritative queries, never setting
| the RD bit. It was very fast. Faster than a cold cache, IME. It
| could actually get faster as it acquires more addresses of
| authoritative servers, because it does not need to look them up
| again. It "learns". The best aspect though is that there are no
| unecessary third party middlemen. Third party DNS providers are
| not authoritative sources for any RR. They are middlemen. They do
| not operate for free. They are potentially subject to influence
| from whomever pays the bills.
|
| People often discuss "privacy" when they discuss third party DNS
| service. IMO, using a shared third party DNS cache seems
| antithetical to "privacy" (not to mention "security"). In any
| event, it enables filtering by someone who is not an authority
| for the DNS data they are serving, a middleman. This is the view
| of an end user, not a corporation nor a developer working for
| one.
| zinekeller wrote:
| > IMO, there is no technical advantange anymore.
|
| So, have you tired resolving a domain on a high-latency
| connection? Or live in an area where the internet routing don't
| make sense but you don't have a choice (or worse, you have a
| choice to different ISPs who all have different weird routing)?
| Not everyone has a good connection, and this is doubly true for
| residential connections. In those cases, "smart" DNS providers
| can steer the users to the fastest route, which in some cases
| resolves to a better server than the answer given to when a
| user does a direct recursive answer (because the authoritative
| servers directs the user into a "bumpy" routing). That's the
| (original) selling point of 1.1.1.1: they will use Cloudflare's
| knowledge of your routing to give you a better server (even if
| the domain you're asking for is not from Cloudflare's network).
| 1vuio0pswjnm7 wrote:
| Yes. Everything I do is designed to deal with those
| conditions. I never assume a powerful computer or a reliable
| connection. But nothing is ever "once-size-fits-all". There
| could be situation where, e.g., a website's authoritative DNS
| servers are barely functional, but a cache like Cloudflare's
| has a copy of the RRs. IME, that is quite rare.
|
| I store the RRs permanently in a custom zone files once I
| retrieve them. Then query the data from a loopback-bound
| authoritative DNS server. No subsequent queries for those RRs
| leave the network interface. This is faster than 1.1.1.1 .
| zinekeller wrote:
| Yes, I do get that your system caches the authoritative
| servers, but as I said above there are times where the
| connection is "weird" and some DNS revolvers are better-
| equipped to solve them. Some authoritative DNS
| administrators wrongly used (for example) MaxMind GeoIP
| (don't do this, use ASes to differentiate connections when
| it comes to DNS steering) to steer their DNS requests, and
| it ends up that the user is getting a suboptimal server.
|
| Here's a real-life example I encountered: Wikimedia (which
| operates Wikipedia et al.) has historically routed Japanese
| connections to Singapore, where they're geographically
| close, but due to how the internet backbone in the area
| works (it goes via Hong Kong, where switching time adds up
| to the latency) it made more sense to route them to WM's
| Los Angeles servers (and some ISPs have done this before WM
| has formally rerouted it to Los Angeles).
|
| Or even a more frustrating one: I have routed SingTel users
| to Hong Kong despite also operating a server to Singapore
| because their routing is so bonkers that SingTel will route
| the connection to America and back just so they can access
| a server that they can physically go by using the metro
| (yes, I have contacted their NOC. No, they haven't changed
| anything).
|
| Will this break DNSSEC? Absolutely. Will ordinary users
| care? While I'll care about correctness, more users will
| care about the speed and quality of their connection rather
| than correctly routing to a suboptimal server.
| 1vuio0pswjnm7 wrote:
| Sounds like you would want more manual control over
| routing if you could have it. You and I want the same
| type of thing. I'm an end user not an administrator. I
| just prefer manual control over DNS. When I do purely
| authoritative lookups I see all the queries made. The way
| admins have configured things, it can be grossly
| inefficient, not to mention brittle. With one popular
| CDN, I can see something like seven queries just to
| resolve the IP address of a single domain name. I can
| alleviate some of the inefficiency and unecessary
| dependencies manually by querying certain servers
| directly. Geo-based routing makes sense sometimes (most
| times, perhaps) but, as you point out, not always.
| Sometimes with CDNs I will retreieve content from certain
| servers that so-called "smart" DNS-based routing would
| not recommend. Because in some cases they are in fact
| faster for me. The point is that it should be the user's
| choice which server to use. "Smart" stuff, letting others
| make decisions for us, should be optional not mandated;
| because, let's face it, this stuff isn't always as
| "smart" as it could be.
|
| I should clarify what I meant by "there is no technical
| advantage anymore". There was a time when "personal"
| computers and internet were so slow, users could not be
| expected to do their own lookups. No one could be
| expected to run "BIND" on their own computer. Running
| something like Unbound, "Pi-hole" (dnsmasq) or countless
| other options was not feasible like it is today. A shared
| DNS cache run by a third party made sense. What I am
| suggesting is those days have passed. One of the authors
| of the popular O'Reilly books on DNS, a so-called "DNS
| expert" that most DNS administrators followed back in the
| early days, more or less admitted this many years ago.
| Technically, no one needs DNS "nannies" anymore. Users
| have the ability to exercise some manual control, if they
| so choose. I do my own DNS-based blocking.
|
| Anyway, that's how I see it. One person's opinion.
| hlieberman wrote:
| Though they redacted the domain name at issue, they failed to
| redact the IP address that it resolves to. As a result, I can say
| that the domain at issue is www.canna.to. Further confirmation of
| this is that the banner of the forum associated to that page,
| board.canna.to, has a banner warnings its users that it's moved
| to board.canna.tf to avoid the DNS block ("Um einer DNS-Sperre
| auch des Boards vorzubeugen, haben wir es von canna.to
| abgekoppelt.").
| the8472 wrote:
| DNS is distributed, you can always run your own resolver
| https://openwrt.org/docs/guide-user/services/dns/unbound
| cesarb wrote:
| I have run my own DNS resolver since that time when VeriSign
| decided to hijack all unregistered .com and .net domains
| (https://en.wikipedia.org/wiki/Site_Finder); by running your
| own recursive DNS resolver, it could detect the hijacked
| responses and turn them back into the correct NXDOMAIN
| response.
| s800 wrote:
| Have there been any attempts/successes to issue injunctions
| against roots?
| nerdbaggy wrote:
| I wonder if any legislation can make the root servers block
| things
| JoshTriplett wrote:
| It could make the root server hosted in one country do so, at
| which point hopefully the other roots would simply de-list
| that faulty root server (and start seeking to establish
| another root server elsewhere).
| 0xcde4c3db wrote:
| I might be misunderstanding something since I've never been a
| DNS expert, but wouldn't root servers only be able to block
| at the level of entire TLDs? Not to say that governments
| couldn't be interested in doing that, but the flexibility
| seems limited (without e.g. requiring the root server to
| return government-approved servers and implementing the
| blocking on those servers).
| [deleted]
| giobox wrote:
| The root servers (ICANN) are still under the remit of the US
| department of commerce, so it's theoretically possible for US
| legislation at least.
| nybble41 wrote:
| Unless they wanted to delist an entire country for some
| reason it's the TLD servers they would need to go after, not
| the root servers. And yes, they could attempt to go after the
| TLD itself and not just the ISP's caching recursive resolver.
| This is why distributed, censorship-resistant domain
| resolution is so important. The Internet may be distributed
| and capable of routing around censorship, but the current DNS
| system is relatively centralized and thus vulnerable to
| attack.
| an_opabinia wrote:
| The irony is, I've never experienced DNS problems with invite
| only piracy sites with quality and quantity 100x the public ones.
| And doubly so, because I'm sure a lot of Sony employees use them.
| varispeed wrote:
| I wonder why companies like Sony only seem to be focusing on
| attacking small business. I remember if you wanted pirate
| content, Google itself was the best search engine for that. You
| could (and likely still can) find almost anything and yet these
| companies don't seem to be taking Google to court. Wonder why?
| nvarsj wrote:
| Google reportedly receives 2 million DMCA requests a day to
| take down content including pirate links on search.
| dgb23 wrote:
| To add: this is not even a small business, but a non-profit
| with a security mission.
| airhead969 wrote:
| Sony: the surreptitious installer of rootkits, COPA violator, and
| payola bribers. Now, with 50% more suck through DNS censorship!
| _trampeltier wrote:
| The sad thing is, i like Sonys desing and the hardware a lot.
| But I think now is the point, where I just can't support that
| company anymore. A bit the same like Windows. Even I was early
| on Linux for most things, I still allways had Windows beside.
| But with Win10, I just couldn't agree to the EULA, so im Linux
| only since then.
___________________________________________________________________
(page generated 2021-06-24 23:01 UTC)