Let’s pretend there was a consensus of malicious internet companies, and a sufficient number of people wished to strip those companies of their power. That group of people could establish a new network of DNS servers which specifically refuse to resolve the perceived malicious domains.

Let’s just take one example. Let’s pretend there is a website that serves video content, but this website tracks its users aggressively. Their domain is example.com.

Even some of the users who dislike the example.com service might want to be able to consume the video content, so there could even be proxy servers which would provide access to the content without allowing things like the tracking javascript to leak through.

I’m massively oversimplifying the technical details of how this would be achieved, but I’m just curious if anyone else had considered this possibility.

Maybe DNS is the wrong layer to execute this political action, but I feel like there exists a technical approach to such political action.

Edit: I completely glossed over the SSL/CA implications of the proxying service, not because I don’t know the implications exist, but because it’s a complicated topic, and I’m not exactly sure how best to resolve it, especially for users who would not understand the risks of sharing things like user credentials over a proxy service like this.

I hope this can serve more as a discussion starting point than a prescription.

One more clarification: I imagine something like one or more Political Action Committees running these DNS servers. That person or group of people would choose a list of domains to blacklist, and deny DNS resolution for those domains or resolve to 127.0.0.1.

  • k_o_tM
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    5 years ago

    Are you proposing a decentralized/trustless DNS solution? Or are you talking about creating an alternative but traditional in the technical sense DNS database that would specifically exclude the domains of those entities deemed bad™?!

    In the first case, there’s already Namecoin, and also ENS and a couple of other projects.

    But if you mean the latter, then I’m a little confused about the point of it all, and there are so many potential issues/problems with such implementation… And wouldn’t that be basically censorship? And isn’t there a much better way to express your dislike of the actions of the aforementioned companies?

    • BlackLotusOP
      link
      fedilink
      arrow-up
      1
      ·
      5 years ago

      Or are you talking about creating an alternative but traditional in the technical sense DNS database that would specifically exclude the domains of those entities deemed bad™?!

      Yes, precisely. Completely traditional in the technical sense.

      But if you mean the latter, then I’m a little confused about the point of it all, and there are so many potential issues/problems with such implementation… And wouldn’t that be basically censorship?

      The point of it, in my view, is to provide a simple way to opt-in to a secondary, blocking DNS system, exactly. My goals are pretty straightforward, I don’t want my systems to ever use these malicious services. A DNS server that automatically blocks them for the purposes of political action would make it slightly easier.

      You could make the argument that it’s censorship, but that’s why I’m saying these would be political action DNS servers into which you could opt-in. Because it’s not forced upon people, I maintain the position that this is merely boycotting, rather than censorship. Anyone could opt-out by changing DNS later if they decided they did not like the limitation, political policy, or for any other reason.

      My justification for such a boycott is that there exists companies which have committed crimes against humanity. Those companies would be on my personal boycott list.

      And isn’t there a much better way to express your dislike of the actions of the aforementioned companies?

      Probably, and I do take lots of other actions.

      I’m not opposed to an argument that this is just straight up a bad idea, by the way. I’ve just been in a brainstorming mood today, and this one seemed interesting to me.

      Pi-hole basically does this for ads. I don’t think we should stop there.

      • k_o_tM
        link
        fedilink
        arrow-up
        1
        ·
        5 years ago

        The point of it, in my view, is to provide a simple way to opt-in to a secondary, blocking DNS system, exactly. My goals are pretty straightforward, I don’t want my systems to ever use these malicious services.

        But it would be next to impossible to achieve this. Who and how would determine if a said entity is malicious? Where would the line be drawn? More importantly who would be able to spend their time on a) maintaining the said server, b) moderating the data-base of malicious entities, c) etc etc?

        My justification for such a boycott is that there exists companies which have committed crimes against humanity. Those companies would be on my personal boycott list.

        Pi-hole basically does this for ads. I don’t think we should stop there.

        Yes, but all people have different needs, threat models and levels to which they are comfortable going to to protect their privacy. Accounting for all of them would be impossible I think. Additionally, while tools like uMatrix and Pi-hole provide an easy and more importantly instant way of blocking/unblocking a particular IP address, with DNS it is a lot more difficult (at least I don’t think I know any easy way to configure this).

        People should totally boycott crappy companies, but there’s a much more easier way to do this:

        Just don’t use them. At all.

        • BlackLotusOP
          link
          fedilink
          arrow-up
          1
          ·
          5 years ago

          Who and how would determine if a said entity is malicious? Where would the line be drawn?

          I was talking about establishing a pattern of behavior. Like minded people get together, decide companies A, B, and C really suck. Set up a “Political Action DNS Server.” Block those three sites. Publish the DNS server somewhere with those details (A, B, C blocked.) People can subscribe if the want.

          Group 2 likes C but doesn’t like D, repeats the behavior with A, B, and D blocked.

          Not one ring to rule them all.

          Just don’t use them. At all.

          I get where you’re coming from here, and I have already done it. This idea is something I had in mind for people with less willpower.