[HN Gopher] 17-Year-Old Student Exposes Germany's 'Secret' Pirat...
___________________________________________________________________
17-Year-Old Student Exposes Germany's 'Secret' Pirate Site
Blocklist
Author : isaacfrond
Score : 370 points
Date : 2024-08-23 13:20 UTC (9 hours ago)
(HTM) web link (torrentfreak.com)
(TXT) w3m dump (torrentfreak.com)
| _blk wrote:
| Given the secrecy of the list, the lack of court orders and
| little to no accountability, I'm very impressed to find "only"
| 104 main domains.
| ulbu wrote:
| (unimportant comment, but) clean up the internet by blocking sci-
| hub? excuse me, are you f*ing daft?
| netsharc wrote:
| The use of clearing here means something like
| https://en.wikipedia.org/wiki/Clearing_house_(finance) , i.e.
| an independent body so that copyright holders don't have to
| contact every single ISP, and ISPs just have to argue against
| the DNS blocks with a single party instead of many copyright
| holders.
| fsckboy wrote:
| > _the site also links to various options available to the public
| to circumvent the blocking efforts. This includes switching to
| third party DNS resolvers_
|
| says what is blocked is at the DNS level; I guess that means not
| blackholing routing to the IP addresses
|
| interestingly, the benchmark sites I use to conduct my censorship
| research are not even in their list?
| treprinum wrote:
| I can confirm, they are banned but VPN or Tor can access them
| without any issues. So it's only to prevent normies from
| accessing them.
| johannes1234321 wrote:
| It's even simpler: Those blocks are implemented in DNS. Pick
| 8.8.8.8 or some other public DNS server and blocks are
| bypassed.
|
| (And pick another ISP - it's their job to provide neutral net
| access, not mess with it, especially not mess with it without
| court order or something just by request of some private
| companies)
| SoftTalker wrote:
| Some ISPs prevent you from using other DNS. Comcast/Xfinity
| modem/routers for example.
| haswell wrote:
| This can still be overridden on each client system behind
| those routers, but this is also another good reason to
| avoid renting your modem/router.
|
| Products like NextDNS also provide a client app to simplify
| the process of overriding DNS.
| hobofan wrote:
| Most stock ISP routers in Germany I've seen allow you to
| set custom DNS in a straightforward manner.
|
| And even if they don't, for a few years now there is a law
| that guarantees you the right to choose your own router
| (because previously we had quite bad bundling that forced
| you to rent the ISPs router), so ISPs can't lock you in
| like that.
| Asmod4n wrote:
| There are two types of routers consumers get here. Those
| where you can nearly change everything regarding DHCP and
| such and those given you by cable companies where you
| can't even change the IP address of said router.
|
| The latter usually allows you to disable its IPv4 DHCP
| sever though but enforce itself as the IPv6 DNS server
| across your network, which can't be disabled on your own.
| Systemmanic wrote:
| Looks as though this Comcast "security feature" can be
| disabled via your account settings.
|
| Also, DNSSec?
| vladvasiliu wrote:
| I'm not an expert on DNS, but I don't think DNSSec can
| actually help here, and by help I mean "unblock".
|
| Sure, their NXDOMAIN (or whatever) response will appear
| bogus, but your client won't be able to rebuild the
| missing response.
| chii wrote:
| how does that work? You can just set your operating system
| to not use the ISP provided DNS server, even if the ISP
| provided router/modem is locked and cannot be changed.
| cortesoft wrote:
| They could block all outgoing traffic to port 53,
| although you could work around that by setting up a DNS
| server on a different port outside the network
| SoftTalker wrote:
| Yes I'm pretty sure this is what they do. The DHCP from
| the router gives 75.75.75.75 and 75.75.76.76. I've tried
| overriding that with different resolvers in my
| /etc/resolv.conf and it doesn't work. And logging in to
| the modem/router config does not offer any option to
| change DNS settings.
| chii wrote:
| i wonder if this will circumvent that sort of blocking:
| https://support.mozilla.org/en-US/kb/firefox-dns-over-
| https
| SoftTalker wrote:
| I just tried it. I enabled it at the "Max Protection"
| level, used the default provider setting (Cloudflare) and
| it works. So it seems the answer is yes. So that's a
| pretty simple workaround that covers most cases. I'm
| guessing that most of the DNS lookups that people would
| want to be private are happening via a web browser.
| pimeys wrote:
| I'm in Germany, and running my custom opnsense router
| with adblocker DNS connected to one of the big DoH
| providers. Never had any issues, not even with using
| plain old DNS in port 53.
|
| Vodafone Kable, so YMMV.
|
| Always a bit scared to switch providers of course, you
| never know if you get cgnat and blocked DNS servers. They
| are building a Deutsche Telekom fiber to our street this
| summer. It's tempting for the 200 Mbps uplink, But I have
| no idea is it then CGNAT and do they even provide real
| IPv6. It's never mentioned in the advertisement.
| lasr_velocirptr wrote:
| I am sure if you use DoT or DoH it's going to be very hard
| for ISP to block using your own DNS even if you rented a
| modem/router from them. It does need client-side support
| though.
| pxc wrote:
| > It does need client-side support though.
|
| Not really! You can buy a router that ships with OpenWrt
| out-of-the-box and just toggle a little checkbox. Plug
| that into your ISP's router (or use a wireless bridge in
| client mode, that's supported, too) and connect all of
| your devices through that. Now all your devices use DoH
| and don't even know it.
| Asmod4n wrote:
| No need for client support, you could just deploy it on a
| Linux vm running somewhere on your network and let that
| be the dns server served via dhcp.
|
| For extra points you could deploy a firewall which
| intercepts all DNS requests and forwards them to that
| machine. Some apps have hardcoded DNS servers and ignore
| what you have configured.
| codedokode wrote:
| ISP can simply compile a blacklist of publicly available
| encrypted DNS resolvers and block them.
| lasr_velocirptr wrote:
| not really feasible for non technical folks but at that
| point you start to run a dns proxy in cloud with static
| ip and proxy all your dns requests using DoH to that IP.
| That would be really hard to block without blocking all
| outbound https connections
| saghm wrote:
| Is it possible to use your own router/modem for Comcast?
| Between my last two apartments and my current one I've had
| Spectrum, Optimum, and RCN as ISPs in the past decade or
| so, and with all three of them I was able to use my own
| router and modem (doing a quick google ahead of setup to
| make sure that I found instances of people online saying
| the hardware I had worked for them). It definitely
| _shouldn't_ be something people have to do in order to be
| able to have unrestricted internet, but sadly it's far from
| the only thing that sucks about ISPs. In my current
| apartment, I have no other option for ISP other than
| Spectrum, and they seem to get outages far more often than
| they should (and don't "notify" me until around 20 minutes
| after I check their website for outages in my area and it
| says there aren't any).
| pxc wrote:
| You can always plug your own router into the LAN port of
| a shitty ISP's combo modem/router device, too, even if
| they won't give a connection to any other device than
| their own and they defeat all your spoofing attempts.
|
| I haven't used a proprietary router in my entire adult
| life, except as a WAN connection for my 'real' router
| with some shitty ISPs.
| SoftTalker wrote:
| Yes, you can use your own modem, but they give you
| incentives to use theirs. You can also put their combo
| modem/router into bridge mode and use your own router.
| But that's a bit more of a reach for the average person,
| vs. just changing the DNS addresses in a config page
| (which is already more than 95% of people will do).
| 0xffff2 wrote:
| > even if they won't give a connection to any other
| device than their own
|
| AFAIK they are legally required to maintain a list of
| compatible devices and accept any modem that is on that
| list.
| pxc wrote:
| My cellular ISP doesn't seem to be bound by that, even
| though every cable ISP I've been with has. :(
|
| If there's some US law I can cite at them like a magic
| invocation to make their dumb combo device go away in
| favor of my own cellular modem, though, I'd like to.
| staplers wrote:
| They make it difficult but I've done it for over a
| decade. They incentivize by offering no data cap if you
| use their bs router.
|
| However, once you learn how much data is collected/sold
| about you from the router level you won't want to go
| back.
| SoftTalker wrote:
| > They incentivize by offering no data cap if you use
| their bs router.
|
| Yes, this is why I switched over to their modem-router, I
| was starting to hit their caps every month and it was
| costing me a lot of money.
|
| I really don't care if they monitize that my live-in
| mother-in-law streams game shows all day.
| salad-tycoon wrote:
| 1.2 tb is a lot according to them.
|
| >However, once you learn how much data is collected/sold
| about you from the router level you won't want to go
| back.
|
| I need to be scared straight. Go on.
| pxc wrote:
| Do they block DNS-over-HTTPS? I bet not.
| matheusmoreira wrote:
| ISP equipment should be considered compromised. They even
| have remote access. We should buy our own routers and
| bridge them to the networks of ISPs.
| loeg wrote:
| I was a Comcast customer for 10+ years prior to 2017 and at
| the time they did not block foreign DNS servers.
| SoftTalker wrote:
| They don't block them generally, but their newer consumer
| modem/router/WAP "appliances" do. If you use your own,
| you can set whatever DNS you want, but you will have
| lower data caps and lose some incentive pricing that you
| can get if you use theirs.
|
| I'd guess if you get business tier service you have more
| options also, but I've never had that.
| loeg wrote:
| I was on ordinary residential service. At the time, using
| their device cost more money than BYO, and the data caps
| were identical (or rather, there mostly weren't data
| caps).
| redprince wrote:
| As this particular issue of DNS blocking pertains to
| Germany: By law (EU Commission Directive 2008/63/EC and
| national law TKG SS 73 Abs 1) the ISP must allow the free
| choice of routers and has to provide all access codes. So
| even if an ISP provided router would be uncooperative,
| there is always the choice of just not using it.
| marci wrote:
| I imagine a lot of the normies that got blocked trying to get
| to sci-hub didn't remain normies for long.
| sulandor wrote:
| true
|
| it's an annoying precedent besides the tech-support labor of
| folks like us trying to fix it.
| darreninthenet wrote:
| What's the betting that cuiiliste.de is added to the list next at
| the "request" of some anonymous rights holder...?
| Retr0id wrote:
| UK ISPs block similar list-of-other-sites sites
| thesnide wrote:
| I feel that some will feel a kind of
| https://en.wikipedia.org/wiki/Streisand_effect soon
| wkat4242 wrote:
| Yeah I bet this is exactly why they didn't publish the list :)
| Jun8 wrote:
| Other than sci-hub they seem to be almost wholly sports and movie
| sharing sites (one site I saw had Nintendo switch games).
| Surprised that libgen is not on the list.
| krtkush wrote:
| I have a RPi 5 running as a Tailscale exit node in my parent's
| house in a developing country. The said country does not care
| much about what people download. qbittorrent-nox makes it very
| easy to download stuff by just using my browser. Plus, I have
| access to local, region locked streaming content and very cheap
| Netflix subscription.
| killingtime74 wrote:
| New Zealand?
| d3m0t3p wrote:
| New Zealand, developing country ?
| kridsdale3 wrote:
| Until all the sheep have iPhone 15 Pro Max in their hooves,
| it is.
| passwordoops wrote:
| I get the sense New Zealand is too Australia what Canada
| is to the US
| rukuu001 wrote:
| So you're just insulting everyone now?
| red-iron-pine wrote:
| a vast source of natural resources and hockey stars?
| tamimio wrote:
| Replace sheep with moose and kiwis with geese first.
| grecy wrote:
| More importantly, Australia is to New Zealand what the US
| is to Canada.
|
| (Note: I'm Australian, been living in Canada for almost
| 20 years and only recently had someone explain that to me
| and suddenly it all made sense!)
| lostlogin wrote:
| There aren't many sheep. We have moved on to cows.
| Brajeshwar wrote:
| I think Maharashtra, India.
| bloqs wrote:
| Is there a service to rent these?
| veqq wrote:
| How much would you pay for that - compared to existing VPN
| solutions? You can find cloud hosts or server rentals in
| Bosnia, Colombia or wherever fairly easily.
| amatecha wrote:
| You can technically just get any ol' VPS and install the
| respective/relevant software on it. Just check that the VPS
| provider doesn't forbid torrenting/etc. in their ToS, I
| guess :)
| fragmede wrote:
| A service like that would be worth a premiumize amount
| kridsdale3 wrote:
| ISWYDT
| everforward wrote:
| This sounds similar to a seedbox, a server rented to do
| piracy so DMCA complaints and such are sent to your seedbox
| provider instead of you.
|
| The seedbox providers are typically headquartered somewhere
| where they can just burn DMCA notices. The servers themselves
| are also often located in piracy friendly jurisdictions (the
| Netherlands used to be common, not sure what's current).
|
| They usually come pre-installed with a remotely accessible
| torrent client like Deluge, Transmission, etc. Also often
| includes other software like VPNs, Plex, etc.
|
| You should be relatively safe using one. The server does all
| the torrenting, you just download the files over FTP so you
| never appear in the swarm directly. It's also a huge pain in
| the ass for law enforcement because it becomes international
| quickly. You're in country X, the server with its IP in the
| swarm is in country Y, and the company that has the rental
| agreement with the data center for the server is in country
| Z.
|
| Anecdotally, I used to spend some time in the space and I
| can't recall a seed box provider ever getting raided. I think
| they just generally don't bother with folks technical enough
| to go that far; there are easier fish to fry.
| princevegeta89 wrote:
| Are these guaranteed to be permanently online?
|
| Do they come with root access if we end up renting one?
| lyu07282 wrote:
| Depends on the seedbox most will give you root/ssh,
| others just give you a APi/web interface to a managed
| torrent client which can be convenient. Check r/seedboxes
| princevegeta89 wrote:
| thanks! this sounds interesting
| everforward wrote:
| They're guaranteed to be permanently online as much as
| such a thing can be for $20/month or whatever. They don't
| shut it down if you're not using it, if that's what
| you're asking but they do occasionally come down for
| upgrades/migrations/incidents/etc. I'd ballpark most
| providers in the 99% uptime range.
|
| Some provide root, some don't. Last I checked, you'll pay
| more for root because most of the servers are physical so
| you have to rent a whole server basically.
|
| The servers are typically IO bound on the NIC so they
| aren't super picky about what you do with CPU and memory.
| They won't let you run a crypto miner or do heavily
| parallel transcoding, but if you want to chuck a
| Python+SQLite web app on there I doubt they'd care.
| Xen9 wrote:
| It's by the way interesting idea that developing countries
| entertrainment industries may develop very differently due
| to internet piracy being already prevalent, though foreign
| investment may lead to this not happening, IE an
| "agreement" like TiSA or TTP will mean laws that lead to
| loss of investments like "no copyright" would become
| "illegal."
|
| I'd hope someone prepares for that, and when it happens
| proposes a vote or public address, for laws that make the
| attempts backfire.
| sulandor wrote:
| "residential proxy"
|
| providing such a service (-network) is a popular monetization
| option for all kinds of useless crapware. this is very
| useful, but even more shady than regular vpn providers.
| princevegeta89 wrote:
| Netflix subscription - Netflix stopped access to streaming for
| accounts unless you're in the original country of billing. Are
| you streaming Netflix through your tunnel as well?
| manmal wrote:
| Why not, that's one of the main use cases for Tailscale.
| krtkush wrote:
| > Are you streaming Netflix through your tunnel as well?
|
| Yep!
| konstantinua00 wrote:
| why was it kept secret?
| marcosdumay wrote:
| To be fair, a public list of DNS blocking is guaranteed to work
| even worse than a secret one.
| wkat4242 wrote:
| I'm really surprised this list doesn't contain any of the big
| names I'm using. In fact I've never heard of any of these sites.
|
| I'm using many of the book sites and general torrent ones (I
| won't name them here), but none of these are on the list.
|
| I also think the point is kinda moot because _everyone_ doing
| torrents in Germany will already use VPN because it 's only a
| matter of time before you get serious letters from lawyers there,
| demanding about 400 euro per move they've seen you download. ISPs
| always cooperate in giving subscriber info for each IP. Some
| lawyer firms actually specialise in this and go after downloaders
| on their own.
|
| I wonder if they leave the big torrent sites out to provide
| income for these lawyers?
| sudobash1 wrote:
| Ot of curiosity, how does this work? If a site is over https,
| then the only information I would think the ISP would have is
| the subscriber downloaded from randompiratesite.xyz what seems
| to be a single X GiB file. They could see that the size roughly
| corresponds to FooBar.mp4 on that site (plus some HTTP
| headers). But this seems pretty unreliable. (Like what if
| someone was using a download manager to get multiple large
| files at once, using multiple download streams per file?)
|
| I'm sure that you can get in plenty of trouble for downloading
| a ton of data from randompiratesite.xyz or whatever, but how
| the ISP determine the number of movies they've seen you
| download?
| Semaphor wrote:
| It's not the sites, it's torrenting. Without a VPN, they get
| your IP, and you are on the hook for "commercial
| distribution" (as clients also upload) unless you pay X00
| euros.
| rurban wrote:
| Private torrenting is certainly not commercial
| distribution.
| Semaphor wrote:
| Tell that to our courts ;)
| gruez wrote:
| Commercial distribution isn't the only way you can
| violate copyrights
| Semaphor wrote:
| Just violating copyright wouldn't really matter. Damages
| would be tiny, and so would be what the lawyers can
| blackmail you for. It's being on the hook for the damages
| of distribution that gets the high fees.
| Semaphor wrote:
| Please tell me what's wrong about my comment instead of
| blindly downvoting, thank you.
| leafmeal wrote:
| If they're also downloading or seeding the torrent, the learn
| the IPs of their peers, so they know you were downloading
| that particular file.
| wkat4242 wrote:
| Yeah you can use peerblock/peerguardian, but in general
| there's no point. It's much less risky to simply use a VPN
| because there's always a risk that new IPs are not on the
| blocklist.
| loeg wrote:
| > If a site is over https, then the only information I would
| think the ISP would have is the subscriber downloaded from
| randompiratesite.xyz what seems to be a single X GiB file
|
| That isn't how torrent sites work. You visit site.xyz and
| download a .torrent file in the realm of 10s-100s (typically)
| of kB and that contains some metadata that a dedicated
| torrent client consumes. The torrent client connects to (1)
| some tracker via http (or https, but usually http) which may
| or may not be associated with the site the .torrent came
| from, to register as part of the swarm, and (2) any number of
| peer torrent clients. The actual data (X GiB) transfer comes
| from those peers; not the original site.xyz nor the tracker.
|
| ISPs can observe DNS lookups / connections to site.xyz;
| tracker "announces" (that's (1) above), especially if they
| are http. And even the peer-to-peer traffic has a distinct
| protocol which is recognizable with packet inspection. But
| the main avenue for finding offenders, I believe, is just
| downloading the same .torrents for some specific copyrighted
| content and using the torrents' associated tracker(s) to
| enumerate swarm peer IP addresses.
| Hypnosis6173 wrote:
| Thats not how piracy in germany works. Torrenting for
| german content is quite uncommon. Normally the pages either
| point to sites hosting a streamabale version of the video
| content or point to a external file hoster (e.g.
| Rapidgator).
| bonoboTP wrote:
| > Torrenting for german content is quite uncommon.
|
| Obviously, because, as the chain of comments above your
| shows, torrent users are easily caught and get fined to
| hundreds of euros per downloaded movie. Then they stop
| using torrent and tell all their friends about the
| experience. This has been going on for more than a
| decade, maybe two. So by now, German culture has adapted
| and people don't use torrents.
| looperhacks wrote:
| You are downvoted, but from my experience, you are pretty
| correct. Most people I know will use a streaming site,
| then sharehosters (good old boerse comes to mind -
| Megaupload, Rapidshare and Uploaded were the big hosters
| I remember)
|
| I even know of more people using Usenet then torrents!
| The amount of work to use torrents safely just isn't
| worth it for most people.
| tourmalinetaco wrote:
| They are downvoted because it was an obvious and low-
| quality statement, as another comment outlined. Torrents
| publicly expose IPs and thus can be seen by copyright
| Nazis, but streaming/direct downloading has so far been
| safe.
| loeg wrote:
| This thread[1] is talking about torrents in particular.
|
| [1]: https://news.ycombinator.com/item?id=41330098
| Krasnol wrote:
| They've been blocked because they became too popular.
|
| I've heard from kinox from people I would have never suspected
| to be even capable of finding such a site.
|
| Guess those people have been the marker.
| Sakos wrote:
| Probably been told about it by friends. Whenever I find a
| decent site, I pass it on to anybody I know who needs it.
| kinox used to be one of those sites.
| Green-Man wrote:
| 700EUR per movie is a current rate, plus a couple of hundreds
| as legal fees.
| ThatMedicIsASpy wrote:
| nsw2u is something I've used when I wanted to look at the
| current state of switch emulation
| imhoguy wrote:
| Sci-Hub domains are listed, that is big.
| wkat4242 wrote:
| What is that? I've never heard of it.
| __MatrixMan__ wrote:
| It's where we go to get peer reviewed scientific journal
| articles.
| manmal wrote:
| An alternative that often works being annas-archive.org.
| mazdayasna wrote:
| It's also run by a Putin and Stalin worshipping crazy
| lady
| Sakos wrote:
| You haven't heard of the biggest source of paywalled
| research papers on the planet? It's a fantastic resource
| for when you don't want to pay 40 Euros for a single paper
| and you don't happen to be part of a university that
| happens to be subscribed to the right journal.
| amelius wrote:
| And libgen?
| rightbyte wrote:
| It wouldn't surprise me if not having access to Sci-hub is
| about as bad for research and academiaishnesshood as ...
| dunno... like really bad.
| Sakos wrote:
| I use and have used a large number of these. Many of them are
| primarily German streaming sites. Ziperto is a file hosting
| site, which you'd only come into contact with through certain
| kinds of direct download piracy sites. I'm not surprised you
| haven't heard of any of them, even though they are actually
| quite popular in some circles.
| cynicalpeace wrote:
| "Secret" and "German" in the same sentence makes your ears perk
| up
| grishka wrote:
| DNS-based blocking? As someone living in a country with ever-
| increasing internet censorship, that's not blocking, that's a
| trivially ignorable gentle suggestion to not visit these sites.
| pwg wrote:
| For 99.8% of internet users, DNS based blocking is a hard stop
| (for them).
|
| For the remaining 0.2% who know how things work, they are a
| brief bump in the road to getting to the site they want to pull
| up.
| redprince wrote:
| The solutions are just a Google search away and easy to
| implement. If that stops anyone even slightly motivated I
| must wonder what they are generally able to achieve with a
| computer.
| dunefox wrote:
| So, 99.8% of people on the internet. I know of maybe four
| people who could circumvent this DNS block, three of which
| I work with at the it department.
| scbrg wrote:
| For your anecdata is somewhat relevant you need to know
| around 2,000 people well enough to accurately judge
| whether they're capable of circumventing a DNS block :-)
| bonoboTP wrote:
| > wonder what they are generally able to achieve with a
| computer
|
| Stuff they actually do day to day. Scroll social media, use
| messaging apps, watch Netflix, Youtube, Twitch etc, in the
| older generations (millennial and up) also email and MS
| Office.
| chgs wrote:
| Do you have any citation for those numbers?
|
| When dns blocks were in Turkey using non isp servers was
| common enough for it to be graffitied
|
| https://www.mic.com/articles/85987/turkish-protesters-are-
| sp...
| Krasnol wrote:
| Blocking content, even or especially not pirate content, is
| common in Turkey.
|
| It is not in Germany.
|
| Therefore, more people in Turkey would know about measures
| to circumvent it than in Germany.
| bonoboTP wrote:
| It's a hard stop because Germans don't really care so much.
| They are rich enough that they can just pay for a legal
| streaming platform or to just buy the movies and games. In
| actually poor countries where the price is a real stumbling
| block, people do figure out how to use the required tools. In
| Eastern Europe, usage of torrent is common knowledge among
| average people. Everyone has some friend or family member who
| will explain and install it for them and they are motivated
| to learn. It's remarkable how much better people become at
| computer skills once it's about getting access to your
| favorite TV shows, movies or games.
| throwaway290 wrote:
| > In Eastern Europe, usage of torrent is common knowledge
| among average people. Everyone has some friend or family
| member who will explain and install it for them and they
| are motivated to learn
|
| Germans are not using torrent not because they don't have
| the knowledge but because they will get sued unless they
| take other anonymization measures that cost money and slow
| down speed so why not just pay for Netflix. In developing
| countries enforcement is not so great that's all
| azernik wrote:
| The point is:
|
| 1. Cynically, for bureaucrats to be able to claim they're doing
| something about an issue the politicians care about, but which
| the bureaucrats think is a non-issue. 2. Less cynically, to
| take away plausible deniability for the torrenter about whether
| the thing is allowed or not.
| sulandor wrote:
| germany had really nice internet until a few years ago
|
| but yea, it's very annoying
| 6510 wrote:
| Besides my opinion about file sharing this scheme seems to bypass
| the legal system but pretends to be based on legal grounds. What
| we have here is [more] privatization of the legal system and
| bypassing democracy.
|
| To state the obvious: If you have someone doing things you don't
| like in office you can vote them out and replace them with
| someone who doesn't do those things. This is already a slow and
| cumbersome process that may take decades to materialize.
|
| Or does this provide a framework for implementing direct
| democracy? Have a website with law proposals that can be
| implemented in a privatized way, have the citizens vote for and
| against them then pressure corporations to implement them.
| matheusmoreira wrote:
| Copyright monopolists employ lobbyists. They basically buy laws
| which favor and protect their own monopolies and rent seeking.
| Voting does absolutely nothing to stop this trillion dollar
| industry.
| 2-3-7-43-1807 wrote:
| so many interesting new websites to check out ... LOL ...
| pazimzadeh wrote:
| yeah I appreciate them putting this together
| WhatsName wrote:
| My theory is that DNS blocking is chosen deliberately. There are
| more effective means of blocking, but if the bypass is just 5min
| work, those who care will bypass it and those who don't care
| enough will get blocked.
|
| It's just after people get accustom to having a censorship
| infrastructure in place, it slowly starts spreading like cancer
| and gaining momentum...
| mrinfinitiesx wrote:
| Openvpn / Wireguard service is preferable, but for free:
| https://github.com/DNSCrypt/dnscrypt-proxy
|
| sudo apt install dnscrypt-proxy
|
| sudo systemctl enable dnscrypt-proxy (or system service dnscrypt-
| proxy start|enable)
|
| sudo mv /etc/resolv.conf ~/resolv.conf.bak
|
| sudo rm /etc/resolv.conf
|
| sudo nano /etc/resolv.conf
|
| nameserver 127.0.0.1
|
| #back up to dns over plaintext not recomennded if your dnscrypt-
| proxy service stops for whatever reason (enable in systemd, too
| lazy to write here)
|
| #nameserver 1.1.1.1
|
| sudo chattr +i /etc/resolv.conf
|
| Always use DoH / DoT (DNS over HTTPS / TLS)
|
| in firefox, settings -> DNS in search select Max protection
| choose NexDNS, make a NexDNS account for further privacy/setting
| up your local DNS restrictions like ad/tracker blocks
|
| or use cloudflare.
|
| Cheap VPS proxy:
|
| on a VPS, do said dnscrypt-proxy
|
| ssh -D 8080 -i ~/.ssh/sshkey username@vps.server (always use SSH
| key auth, no passwords)
|
| in firefox, set up proxy 127.0.0.1 8080 select 'Use DNS through
| proxy' - can set proxy settings at OS level to use DNS.
|
| There's some options for you. Tailscale works, haven't tried it
| though.
| codedokode wrote:
| Both openvpn and wireguard protocols are trivially blocked by
| DPI. Why do people make custom protocols today? Everybody
| should use something standard and indistinguishable, like QUIC,
| DTLS or TLS1.3, for their transport layer.
| red-iron-pine wrote:
| makes me think of the Harvard kid that called in a bomb
| threat via Tor -- and was the only one on campus using Tor.
|
| so even though that stream was itself encrypted, it was
| trivially easy to track down that one guy and tie it to him.
| lyu07282 wrote:
| Correct me if I'm wrong but I don't think any ISP does DPI
| for mass censorship, that would be way to expensive
| codedokode wrote:
| Russia and China uses DPI, although they often use
| relatively simple heuristics (like matching a SNI in the
| beginning of a TLS session).
| ignoramous wrote:
| > _wireguard protocols are trivially blocked by DPI_
|
| There's at least 2 or more different efforts to make
| WireGuard DPI resistant. Ex:
| https://github.com/database64128/swgp-go
|
| Interestingly, Cloudflare (and Apple?) have begun switching
| to MASQUE: https://blog.cloudflare.com/zero-trust-warp-with-
| a-masque
|
| > _Everybody should use something standard ... like QUIC,
| DTLS or TLS1.3, for their transport layer._
|
| Very common for anti-censorship tools (V2Ray, XRay, Clash,
| Hysteria, Trojan, uTLS, Snowflake, SingBox, Outline etc) to
| use these.
| nine_k wrote:
| > _something standard and indistinguishable, like QUIC, DTLS
| or TLS1.3, for their transport layer._
|
| Exactly this does exist, search for xray / xtls-reality.
|
| A node pretends to be a valid web site, with a valid third-
| party TLS certificate (like a CDN node serving that website),
| until a correct secret key is presented, then it looks like
| regular TLS-encrypted web traffic.
|
| E.g. https://github.com/XTLS/Xray-core -- most documentation,
| sadly but expectedly, is in Chinese and Russian, because
| these folks seem to need this most.
| submeta wrote:
| Will using NordVPN help? Anyone knows this?
| 3np wrote:
| https://news.ycombinator.com/item?id=20368963
| mtron_ wrote:
| Austrian Provider liwest is since many years very transparent
| about their DNS blocks. All of them are based on court orders /
| eu sanctions.
|
| https://netzsperre.liwest.at/
| gustavus wrote:
| Just imagine how easy this pirate list could be turned into a
| "misinformation" list. Makes you think.
| tamimio wrote:
| Wait till you know that airplanes and landlords also maintain
| secret, unregulated lists.
| silexia wrote:
| Sunlight and transparency are good. All attempts at secrecy
| should be eliminated.
| mattdee wrote:
| save
___________________________________________________________________
(page generated 2024-08-23 23:00 UTC)