Recent Posts
- Nominet brings back second-level .uk proposal
- Demand Media commits Designs.com to new gTLDs
- Google beaten in new gTLD contention set
- Verisign steps up anti-gTLD campaign with attack on ICANN’s war chest
- Are some new gTLD evaluations getting screwed up?
- Innovative Auctions hires storied new employee
- Four failures and 92 passes in latest new gTLD results
- Get live new gTLD program stats
- Donuts loses five of the first six new gTLD auctions
- ICANN hires former ARI exec to head gTLD relations
- Hong Kong telco drops dot-brand gTLD bid
- Microsoft objects to Google’s dotless domains plan
- Directi launches pre-reg site for .host gTLD
- Uniregistry is too .sexy for new gTLD objection
- China pushes .pw to over 250,000 names
- Late new gTLD objections “not unfair”
- Watch .club win its new gTLD for $[censored]
- Big week for new gTLDs as 114 apps pass
- Atallah shunted sideways in ICANN exec rejig
- Six private new gTLD auctions raise $9m
Pirates set up domain seizure workaround
Movie and music pirates are setting up alternative DNS services to help users work around the government seizure of domain names.
A new service, BlockAid.me, launched an open beta at the end of September. It’s currently being promoted prominently on at least one major movie/music/games-sharing site.
The site encourages internet users to reconfigure their computers to use BlockAid’s DNS servers. That way, if a domain name used by a piracy web site is seized by law enforcement, BlockAid will be able to direct surfers to the original owner’s IP address more or less transparently.
This is exactly what the experts predicted would happen.
Ever since the US Immigration and Customs Enforcement agency started seizing domain names associated with pirated content and US politicians have been discussing legislation to streamline the process, workarounds have been expected.
In May, DNS experts including Paul Vixie, Dan Kaminsky and now-ICANN chair Steve Crocker said that the Protect-IP Act in the US would persuade many users to switch to offshore DNS servers.
They warned that this would lead to a rise in cybercrime against consumers, as disreputable or insecure DNS providers send surfers to spoofs of banks and other sensitive sites.
While there’s no reason to believe the BlockAid project has this kind of nefarious activity in mind, if the idea catches on it’s probably inevitable that a similar service operated by crooks will emerge eventually.
Amusingly, BlockAid’s web site says that it may financially support itself in future by showing ad-laden web pages instead of returning NXDOMAIN errors, a much-criticized money-making tactic many ISPs already use.
Note also that the .me registry is managed by Afilias, a heavily US-based company, which likely makes BlockAid.me just as vulnerable to seizure as any .com address.
Cat and mouse game has begun.
So…we are supposed to be sorry for pirates/thieves who knowingly download a piece of software whos sole goal is to provide direct access to illegal software when they end up getting virus’?
I am fine with that, I wish some companies would provide ‘pirated” versions of their products which include virus’
Well… how about if a teenage kid changes the DNS settings on a shared home computer so he can download the latest movies? That’s going to be invisible to dad when he goes to do online banking later.
ICANN Accredited registries such as domainthenet .com and regtime .net are selling alternate root .com transliterations for years and having the ICANN seal on the home page is likely not hurting sales.
Affilias, while having a U.S. subsidiary, is HQ’d in Ireland, and .me is the ccTLD of Montenegro, so not sure I agree that blockaid.me is subject to U.S. seizure — unless you think that blockaid.us would be subject to Montenegro seizure.
Quite a lot of Afilias’ executive team are US-based. It’s my assumption that if Afilias USA was served with a US court order to seize a bunch of .me domains, they would comply.
I concede I may well be wrong.
The other partner in .me is Go Daddy, of course. That company bleeds red, white and blue.
Only using recursive DNS servers which enforce DNSSEC validation can blunt the risk of man-in-the-middle attacks like the ones mentioned here.
The real fear is that nonsense like this starts to undermine the structure of DNS itself, because people lose faith it the hierarchy which has worked so well for 30 years.