Let’s pretend there was a consensus of malicious internet companies, and a sufficient number of people wished to strip those companies of their power. That group of people could establish a new network of DNS servers which specifically refuse to resolve the perceived malicious domains.
Let’s just take one example. Let’s pretend there is a website that serves video content, but this website tracks its users aggressively. Their domain is example.com.
Even some of the users who dislike the example.com service might want to be able to consume the video content, so there could even be proxy servers which would provide access to the content without allowing things like the tracking javascript to leak through.
I’m massively oversimplifying the technical details of how this would be achieved, but I’m just curious if anyone else had considered this possibility.
Maybe DNS is the wrong layer to execute this political action, but I feel like there exists a technical approach to such political action.
Edit: I completely glossed over the SSL/CA implications of the proxying service, not because I don’t know the implications exist, but because it’s a complicated topic, and I’m not exactly sure how best to resolve it, especially for users who would not understand the risks of sharing things like user credentials over a proxy service like this.
I hope this can serve more as a discussion starting point than a prescription.
One more clarification: I imagine something like one or more Political Action Committees running these DNS servers. That person or group of people would choose a list of domains to blacklist, and deny DNS resolution for those domains or resolve to 127.0.0.1.
But it would be next to impossible to achieve this. Who and how would determine if a said entity is malicious? Where would the line be drawn? More importantly who would be able to spend their time on a) maintaining the said server, b) moderating the data-base of malicious entities, c) etc etc?
Yes, but all people have different needs, threat models and levels to which they are comfortable going to to protect their privacy. Accounting for all of them would be impossible I think. Additionally, while tools like uMatrix and Pi-hole provide an easy and more importantly instant way of blocking/unblocking a particular IP address, with DNS it is a lot more difficult (at least I don’t think I know any easy way to configure this).
People should totally boycott crappy companies, but there’s a much more easier way to do this:
Just don’t use them. At all.
I was talking about establishing a pattern of behavior. Like minded people get together, decide companies A, B, and C really suck. Set up a “Political Action DNS Server.” Block those three sites. Publish the DNS server somewhere with those details (A, B, C blocked.) People can subscribe if the want.
Group 2 likes C but doesn’t like D, repeats the behavior with A, B, and D blocked.
Not one ring to rule them all.
I get where you’re coming from here, and I have already done it. This idea is something I had in mind for people with less willpower.