Latest news of the domain name industry

Recent Posts

How Protect IP will get you hacked

Kevin Murphy, July 14, 2011, 15:12:57 (UTC), Domain Policy

The collection of DNS experts opposing the Protect IP Act today held a press conference to outline exactly why the proposed US piracy protection legislation is dangerous.
Protect IP, currently making its may through Congress, would force ISPs to intercept and redirect domain name look-ups for proscribed piracy sites.
It’s the latest in a series of attempts by the IP lobby to push through legislation aimed at curbing the widespread bootlegging of digital content such as music and movies.
But ICANN chair Steve Crocker, DNS uber-hacker Dan Kaminsky, David Dagon of Georgia Tech, VeriSign’s Danny McPherson and BIND supremo Paul Vixie all think the Act will have unintended and dangerous consequences.
They published a white paper explaining their concerns in May, which I wrote about here, and today ramped up the campaign by talking to reporters in Washington, DC.
Here’s the problem as they see it:
Today, the vast majority of internet users take the default DNS service from their ISP. Usually, the servers are configured automatically when you’re installing the ISP’s software.
Many users are also aware of alternative DNS providers such as Google and OpenDNS. Whatever you think of these services, you can be pretty confident they’re not out to steal your identity.
What Crocker et al are worried about is that content pirates will set up services similar to OpenDNS in order to enable users to visit domains that are blocked by Protect IP in their country.
Users can configure such a service in just 30 seconds, with a single click, the experts said. If they want access to the latest movies and music, they may do so without considering the consequences.
But if you sign up to use a DNS server provided by a bunch of movie pirates, you don’t necessarily have the same reassurances you have with OpenDNS or Google.
You’re basically signing up to pass all your domain name look-up data to proven rogues, what Kaminsky referred to during the press conference as “unambiguously bad guys”.
These bad guys may well direct you to the correct server for the Pirate Bay, but they may also hand you over to a spoof web site when you try to visit your bank.
You’ll think you’re looking at your bank’s site, and your computer will think it got a genuine IP address in response to its DNS query, but you’re really handing your login credentials to a crook.
DNS blocking already takes place with respect to content such as child pornography, of course, but it has not to date created a huge reaction with millions of users taking their DNS overseas.
“The scale of the reaction is what we fear,” Kaminsky said. Vixie added: “To the extent that the content is extremely popular the bypass mechanisms will also be popular.”
The measures proposed by Protect IP would also break DNSSEC, but that’s still pretty much pie-in-the-sky stuff, so the press conference did not spend much time focusing on that.

Tagged: , ,

Comments (1)

  1. Lee Graczyk says:

    As this group of DNS experts says, if enacted the PROTECT IP Act “will have unintended and dangerous consequences.” Not only would it raise grave security concerns, but it would also take away Americans’ access to safe, affordable prescription medications online–even from trusted, legitimate Canadian and other international pharmacies. This is because the PROTECT IP Act fails to make a distinction between rogue online pharmacies that do not require valid prescriptions and trusted, safe pharmacies that always do. RxRights is a national coalition of individuals and organizations dedicated to promoting and protecting American consumer access to sources of safe, affordable prescription drugs. The Coalition is encouraging consumers to take action now by sending letters to Pres. Obama and Congress urging them to state their opposition to the PROTECT IP Act in order to protect access to affordable medicine. For more information or to voice your concern, visit

Add Your Comment