A friend of mine has a project that is accross an art project and a political statement, in the form of an experiment:

To exemplify the power of the surveillance capitalists on the very fabric of what we still call “the Internet”, they want to configure a computer to block all connections going to all known services belonging to Google, Amazon and Cloudflare (and later potentially extend this to other companies).

(yes, my friend is very much aware that in practice most of the commercial web would become totally unusable. that’s partly the point of the demonstration to exemplify this…)

For google, they rely on an old (long) list of domains known to belong to the multiple entities composing the behemoth… an /etc/hosts points all of them to 127.0.0.1. brutal but efficient, until new domains, subdomains etc… appear.

How would you do it for amazon and its gigantic AWS platform? how would you do it for cloudflare? collect lists of their IPs (and update them over time)? edit firewall lists based on them that would sink all packets?

Anyone knows of any project going in that direction?

    • Joe BidetOPA
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      curl https://ip-ranges.amazonaws.com/ip-ranges.json | jq ‘.prefixes[].ip_prefix’ | paste -sd “,” - | sed ‘s/"//g’

      seems indeed interesting… the rest of the page mentions some obscure/proprietary technology…

      so a few questions remain:

      how would one use these list of IP addresses using free/libre software?

      also can we trust Amazon themselves to declare all their IPs?

      How do you do the same for Google? Cloudflare?