Let’s pretend there was a consensus of malicious internet companies, and a sufficient number of people wished to strip those companies of their power. That group of people could establish a new network of DNS servers which specifically refuse to resolve the perceived malicious domains.

Let’s just take one example. Let’s pretend there is a website that serves video content, but this website tracks its users aggressively. Their domain is example.com.

Even some of the users who dislike the example.com service might want to be able to consume the video content, so there could even be proxy servers which would provide access to the content without allowing things like the tracking javascript to leak through.

I’m massively oversimplifying the technical details of how this would be achieved, but I’m just curious if anyone else had considered this possibility.

Maybe DNS is the wrong layer to execute this political action, but I feel like there exists a technical approach to such political action.

Edit: I completely glossed over the SSL/CA implications of the proxying service, not because I don’t know the implications exist, but because it’s a complicated topic, and I’m not exactly sure how best to resolve it, especially for users who would not understand the risks of sharing things like user credentials over a proxy service like this.

I hope this can serve more as a discussion starting point than a prescription.

One more clarification: I imagine something like one or more Political Action Committees running these DNS servers. That person or group of people would choose a list of domains to blacklist, and deny DNS resolution for those domains or resolve to 127.0.0.1.

  • BlackLotusOP
    link
    fedilink
    arrow-up
    1
    ·
    5 years ago

    Who and how would determine if a said entity is malicious? Where would the line be drawn?

    I was talking about establishing a pattern of behavior. Like minded people get together, decide companies A, B, and C really suck. Set up a “Political Action DNS Server.” Block those three sites. Publish the DNS server somewhere with those details (A, B, C blocked.) People can subscribe if the want.

    Group 2 likes C but doesn’t like D, repeats the behavior with A, B, and D blocked.

    Not one ring to rule them all.

    Just don’t use them. At all.

    I get where you’re coming from here, and I have already done it. This idea is something I had in mind for people with less willpower.