[liberationtech] SOPA and DNS-level Censorship Circumvention

Griffin Boyce griffinboyce at gmail.com
Mon Jan 9 16:41:23 PST 2012

Hey all,

  With the SOPA vote on the horizon, now seems to be a good time to talk
about censorship at the DNS level.

  Computers use Domain Name Servers to make the connection to websites.
These large servers act as online address books for websites, telling
computers where the site they want to visit is located.  So the flow is
typically *Website Address -> DNS Server -> Website's Host*. If SOPA
passes, sites alleged to be infringing copyright will be blocked from
visitors in the US: *Website Address -> US DNS Server -> Block Page*.

  You can customize which servers your computer uses to fetch addresses,
and bypass these types of blocks entirely. A good tutorial on how to do
that is here: http://code.google.com/speed/public-dns/docs/using.html Though
keep in mind that the server addresses mentioned on that tutorial are
located in the United States.  So anyone looking to bypass
*American*censorship will need to use servers in an uncensored country
like Iceland
or Belgium.

  Another good option is using a browser plugin.  For FireFox, there are
two currently: Soapy and DeSopa.  DeSopa automatically fetches server
details for websites, but relies on a website that is likely to be blocked
once SOPA goes into effect. However, it does work until blocked. I made
Soapy with all of the rules it needs to function built into it. With Soapy,
every site that is enabled must have redirection rules created for it, but
it's also quite light (<50kb, each site is ~200bytes) and easily updated
with new sites.

DeSopa: https://addons.mozilla.org/en-US/firefox/addon/desopa/
Soapy: http://griftastic.com/soapy.html

  These browser plugins are really quick hacks designed to get into
people's hands quickly. (And there aren't any for Chrome, Opera, Safari, or
IE yet).  There has to be a more elegant and robust solution that we can
create for people affected by this type of censorship -- not just in the
US, but around the world.  It's completely possible to run
censorship-resistant DNS servers in uncensored countries, but the critical
missing element is a highly usable piece of software that will adjust the
user's network settings without a major hassle.  DnsJumper might work, but
isn't open-source and users have to find unblocked servers to use.

  What do you all think about this?

All the best,
Griffin Boyce

"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman

liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:


If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders.

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list