Anonymous "dimnet" tries to create hedge against DNS censorship

[Eugen Leitl]

http://arstechnica.com/tech-policy/news/2011/11/anonymous-bit-dimnet-tries-to-be-a-hedge-against-dns-censorship.ars

Anonymous "dimnet" tries to create hedge against DNS censorship

By Sean Gallagher | Published November 17, 2011 7:00 PM

With concern mounting over the potential impact of the Stop Online Piracy Act
and claims that it could make the Domain Name Service more vulnerable, one
group is looking to circumvent the threat of domain name blocking and
censorship by essentially creating a new Internet top-level domain outside of
ICANN control. Called Dot-BIT, the effort currently uses proxies,
cryptography, and a small collection of DNS servers to create a section of
the Internet's domain address space where domains can be provisioned, moved,
and traded anonymously.

So far, over 4,000 domains have been registered within Dot-BIT's .bit virtual
top level domain (TLD). Those domains are visible only to people who use a
proxy service that draws address information from the project's distributed
database, or to those using one of the project's two public DNS servers. 

While it's not exactly a "darknet" like the Tor anonymizing network's .onion
domain, .bit isn't exactly part of the open Internet, eitherbcall it a
"dimnet." Just how effective a virtual top-level domain will be in preventing
censorship by ISPs and governmentsbor even handling a rapidly growing set of
registered domainsbis unclear at best.  How it works

Dot-BIT is derived from a peer-to-peer network technology called Namecoin,
derived from the Bitcoin digital currency technology. Just as with Bitcoin,
the system is driven by cryptographic tokens, called namecoins. To buy an
address in that space, you either have to "mine" namecoins by providing
compute time (running client software that uses the computer's CPU or
graphics processing unit) to handle the processing of transactions within the
network, or buy them through an exchange with cash or Bitcoins. All of those
approaches essentially provide support to the Namecoin distributed name
system's infrastructure. 

You can also get an initial payout of free namecoins from a "faucet" site
designed to help bootstrap the network. The cost of entry is pretty low:
currently, registering a new domain costs about 1.6 namecoins, which can be
had for about five cents.

Your registration isn't associated with your name, address, and phone
numberbinstead, it's linked to your cryptographic identity, preserving
anonymity. Once you've registered a domain, you can assign it by sending out
a JSON-formatted update request, mapping the domain to a DNS or providing IP
addresses and host names to be distributed through Dot-BIT's proxies and
public DNS servers. That information is then spread across all of the
network's peer systems.

Simple, right?

Namecoin's approach heavily favors early adopters, since once you've
registered a domain, you can transfer it to someone elsebor squat on it until
someone pays you for it. That seems to be what a lot of early .bit adopters
are counting on. For example, using Firefox and the FoxyProxy add-on to surf
.bit-land to audi.bit lands you on a "this domain for sale" page.

But while Dot-BIT may allow for an anonymous and relatively secure exchange
of DNS information, it won't necessarily prevent censorship by ISPs. If the
.bit top-level domain becomes the target of laws like SOPA, it can be shut
down pretty quickly by cutting off the headbits own internal DNSbeither
through port blocking or other filtering. And since it lacks the anonymizing
routing abilities of "hidden" networks like Tor's .onion domain, it won't
protect the identities of publishers and users who visit sites that use a
.bit name.

At the moment, then, it's not certain what purpose .bit will actually serve,
other than as an experiment in novel ways to create a DNSbor someplace for
hackers to spend their illicitly earned Bitcoins.