Over a decade ago, a ton of tech companies (including Google) coordinated a “blackout the Internet” day of protest against U.S. legislation that would have required them to alter DNS to fight piracy. Interesting that now that France actually does it, they say they will comply.
In the last decade Tech has become part of the establishment. They are one of the dominant controlling forces.
The blackout was _not_ about preserving free speech, or any other moral high road. It was purely about control. Tech hadn’t yet cemented their position as a dominant player and didn’t want to cede the control they had.
Now that they’ve embedded themselves in the ruling class they don’t care as much because they already have control.
Tech has always been part of the establishment, funded by capital trying to solve capital's problems. The only part of tech that really deviates from this is the free software community, which has always been hostile to capital. The blackout day emerged from people, not the industry, and people have changed.
This is the right line of thinking. My interpretation is slightly different - I think the tech companies have run afoul of various norms when it comes to things like the privacy of customers, anti-trust, taxation, etc. Because they are now reliant on these unethical ways of holding onto economic power or growing their economic power, they need to not get into trouble with governments. This means playing nice with them so that they do not become subject to legislation that will rein them in.
What? The tech ( dns in this case) is as neutral as you can get, these are french courts ordering the block, and the dns technicians are controlled by american corps. Dns just executes the orders of the corp, which in turn obeys the local courts.
Tech is under corp in the chain or command, which in turn is under national law.
Chinese state employees physically manage the computers. Apple abandoned the encryption technology it used elsewhere after China would not allow it. And the digital keys that unlock information on those computers are stored in the data centers they’re meant to secure.
Yep. Net neutrality, my left foot. MAANG are all about participating in PRISM, monopolizing access, and choosing who can and can't speak because they compromise a for-profit, oligopolic, technocratic cartel.
Piracy is simply Terrible, it's chopping the dear copyright holders off at the knees, they are frequently having to go on food stamps, and it's unclear how they'll continue on.
/s
Fighting online piracy: First world, or even zeroth world problem.
It's not loke the pirates are saying "hmm, should I pay exorbitant rates for this or should I pirate it?"
The real competition is alternatives: "should I bother pirating this or just go do some other activity."
Bottom line: In most cases it's actually free marketing, and has a net positive effect for the copyright holders. The continual attempts to aggressively clamp down really says a lot about the mentality of the Big Market Forces, *iaa, *aa, and now MS and Elgoog. Even when it's good fertilizer for their perpetual evergreen money tree, they still flip out.
It's all about profit protectionism of the moats around streaming to enforce the arbitrary extraction of gotcha capitalism subscription fees from as many people as possible for as much as possible.
It was not about standing up against IP juggernauts in the interest of users, but in the interest of themselves -- it was tech companies flexing their strength to show that cooperation with tech companies was required, and that they are open to cooperation in other ways too.
Hilarious how the article mentions the domain names at the end. It's like Google showing links of DMCA-striken lists, so you can easily find out the actual places to pirate.
> It's like Google showing links of DMCA-striken lists
Used to be like that. Now they have renamed “Chilling Effects” to “Lumen Database” and require submitting an email address to view each individual complaint.
Also, the phrasing in both, but especially the HN title made me think Cloudflare chose to do something, but it turns out the French court is forcing all of them.
Also, the country (france) is ordering the "poisoning", these american companies just comply with local regulations.
Heavily biased article.
Remember that dns/ip systems are decentralized at the national precisely so that countries have sovereignity.
The editorial line would have us believe that france is committing a free speech crime or overturning internet infrastructure, while in actuality they are exherting their national rights.
This is literally just a framing issue. Note first that people generally believe in universal human rights, e.g. states shouldn't be allowed to do horrible things (e.g. genocide) just because they would be asserting their national rights.
Further the action of a single state often influences other states, as is especially true when it comes to the internet which is global by nature.
One of the interesting technical questions is how these vendors will choose to reflect the forbidden DNS entries in protocols like DoH where they have a choice. For example a reasonable thing for a DoH server to say when asked a DNS question it has been forbidden to answer truthfully, is HTTP 451 Unavailable for Legal Reasons.
That would be a layer/protocol violation. The HTTP status codes used in DoH are used to discuss the semantics of the DNS query itself, unrelated to the DNS response. For example an NXDOMAIN response is still a 200, not a 404.
The only provider here who is stated to have said they will be complying is Google, right? So not only is singling out cloudflare incorrect, the title itself is incorrect. “French court orders Cloudflare, Google, and Cisco to poison DNS to stop piracy block circumvention” is the correct title for the article contents, possibly with an addendum of Google saying it will comply.
It is times like this that I recommend technically inclined people to try setting up your own dns resolver and see how minimal impact a few/handful of milliseconds on first access has on the internet experience. Practically all popular domains also uses some form of anycast network, so the benefit of a single large shared resolver that caches the dns answers has steadily decreased each year.
Just make sure its not configured to be a public resolver, and only allow local network or whitelisted addresses.
Setting up your own recursive DNS resolver to circumvent ISP blocks is pointless unless you do so on a VPS or something, because otherwise, your ISP will just hijack the recursive queries it makes. And DNSSEC doesn't help if the ISP just wants to block you from learning the real IP.
> your ISP will just hijack the recursive queries it makes
This level of deep packet inspection and injection is not what ISPs commonly do in my experience. At this point, it is much easier to just block the service's IP addresses than deep-inspect DNS traffic and match the query identifier and stuff to inject a false response. Why spend that engineering time when people will just fix the DNS server and can access the site directly? Might as well force people to set up a full tunnel (such as a VPN) to bypass the block, if your ISP or court order shows this level of motivation anyway.
Insofar as I've experienced these things: fetching the mapping yourself, from a server not operated by your ISP, will circumvent DNS blocks your ISP was ordered to put in place.
Currently I've got live access to one such blocking mechanism:
$ dig +short thepiratebay.org
195.121.82.125
$ dig +short +trace thepiratebay.org | tail -1
A 162.159.137.6 from server 172.64.35.164 in 5 ms.
The +trace option makes dig trace the delegations from root server ("who is .org?") until authoritative answer ("who is piratebay.org?"), basically this makes it a recursive resolver whereas in the default case it just asks your configured nameserver.
The first IP address is a block page (accessible from outside the network, if anyone wants to take a look), the second one of the real IP addresses
I personally have zero interest in streaming soccer games, but the process involved here does leave me wondering just how resilient 1.1.1.1/9.9.9.9 (which I use with https-dns-proxy because I basically don't trust the business side of my local telco/cable monopolies as far as I can throw them) really are in practice. I'm starting to feel like someone should bring back ORSN and throw some (cryptocurrency-free, old-school cypherpunk) Merkle tree or DHT magic on top of it or something.
I mean, there are already issues with 1.1.1.1 where archive.is/.vn/etc sites don't work. I know this is due to that site's admin specifically blocking cloudflare, but it already happens. The real answer is to run your own recursive DNS resolver. It's not for the complete technical novice but it's the same amount of work as setting up pihole and requires the same amount of low-spec hardware. I don't think this is out of reach for anyone who is already using a non-default DNS, since with the reconfigured images available it really isn't too much of a lift.
Repressive governments have a history of legal orders telling Google to block protestors from accessing twitter.com but Google always refuses to comply. So their new policy of complying isn't about legality. France is a big market. Perhaps it's about money.
The entire ad revenue market (desktop + mobile + social + ....) in France, in 2023, was 5.8 billion dollars (The spread in public sources data seems to be 5.0billion-6.2 billion, so i just took the high side)
1. Google made over $240 billion in ad revenue in 2023, so even if it had 100% of all ads revenue in France, France would only account for 2.5% of Google's revenue.
2. However, Google's share in France is nowhere close to 100%. Search + Display overall is currently sitting at 20-25% of the french ad revenue above (same sources). Let's assume Google has 100% market share in France in those areas.
Then France would account for about 1.25 billion dollars of revenue for google, or about 0.5 percent of Google's revenue. Which is not a lot.
But it's still something.
Or it would be, except:
3. France has fined Google 224 million so far in 2024.
Google's margins are around 25%. So that 1.25 billion of revenue produces around 312.5 million of profit. Maybe less
Of which they've been fined 224 million :)
If Google gets fined in France again this year, it would probably be operating at a loss.
Uh, there's nothing in your link about a government ordering Google to block Twitter? Since you say this is a common occurence, I'm guessing it'll be easy for you to find a source that actually supports your claim.
I think the main point is that it's trivial for people to circumvent the DNS level block by simply finding new DNS servers (in this case something other than local ISPs, Google, CF etc... still many out there) by asking others or simple googling here and there, and in extreme cases, at a physical level as in the article.
If it is what public DNS providers do, then they should get a bad reputation and then people should not use them. People can make their own, and/or to just use IP addresses directly (or other methods) if they know what they are from other sources. You can also use the hosts file.
Or just footybite.cc will become footybite1.cc, then footybite2.cc... so on. The people writing these laws are seemingly clueless about the internet. Or perhaps, the lawyers just don't care as they are getting paid.
The problem is that if everyone does that, DNS no longer scales; or it should be done smartly with only recursing censored answers. And then it will escalate with IP-level blocking of root servers or NS servers of censored websites.
I’ve always been curious why dns is a go-to for oppressing unwanted websites. Is it truly difficult to block at an IP level? There would be collateral damage in doing so, but it wouldn’t take long for most VPS providers to dump piracy sites if the alternate is their entire network block being dropped.
In Italy we gave rights to a private company to tell all ISPs what sites should be blocked by ip. Eventually, other websites go down when some cloudflare ip gets blocked
"A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around 117 pirate sports streaming domains."
Most if not all of these domains probably use Cloudflare as their authoritative DNS servers because they are using Cloudflare CDN. Why not just ask Cloudflare to "poison" those RRs. No need to issue orders to a selection of cache operators.
Because those are not under the French government's jurisdiction unlike responses served to French users. Many of the used TLDs are even explicitly under other countries' governance.
There are many such local laws limitations that big techs have to bow to (that smaller obscure companies choose not to). For example, Google won't offer its VPN service as part of Google One in India. Whereas, proton/mullvad works just fine.
I’d just add the IPs to my LMHOSTS file (Windows) if I really wanted to watch sports badly enough. I mean, I was doing that back in the day for local development anyway.
Theft is theft, don't matter if it's irl or online. As a developer who periodically witnesses users spending hours trying to circumvent 1 dollar payments I think that the time has come for the piracy culture to end. And I used to do piracy too
Copyright infringement is not theft -- false comparison.
Also, have you considered how likely the people who are trying to get around your payment would be to pay up if they didn't find a way? If what you say about how long they try is true, I'd say the chance is extremely close to 0%.
That's the dirty secret of the anti-piracy campaigns of rightsholders. The "lost sales" narrative is a load of made-up horseradish, and they know it.
Is there some decentralized anti-censorship technology that can prevent this type of action, where ISPs and DNS providers and other points of centralization are forced to implement things on behalf of other parties (like Canal+ or a government)?
1. Recursively lookup DNS, so domains will have to be blocked at the registrar level, since DNS is unencrypted, it can be blocked at ISP level as well.
2. Use a protocol alternative to DNS, a good mature example is GNS. It aims to replace DNS, with a built from group up, modernish protocol. Using a DHT and public-key cryptography.
3. There are "block chain" solutions to the whole domain problem, look at Handshake, ENS etc.
No matter how decentralized something is, ultimately you need to have a server and cables connecting it to the internet located somewhere. That somewhere will be within some legal entity or sovereign's jurisdiction which you must answer to and comply with.
As long as the protocol is easy to detect and block.
If whatever technology that is being used is so intertwined into the base of all use cases (including totally legal) and legal vs. illegal is practically indistinguishable at scale, then decentralization cannot be blocked without physically blocking all the legal use cases too: sure they can "cut cables" but it will have much more greater consequences as they have just cut cables connecting all the legal activity too.
Decentralized and global consensus are contradictory properties, in order to have an otherwise arbitrary ASCII string resolve to a particular machine EVERYWHERE, you need a central authority to say who's who.
If you just want to prevent other central authorities (e.g. France) from barging in on the existing central authorities your computer expects to get answers from (e.g. ICANN, Verisign etc) there are plenty of projects for semiuncensoring DNS in a distributed way. But nobody is stopping, say, the US from doing to ICANN or Verisign what France is doing to CloudFlare and Google.
AFAIK pihole still relies on an external recursive resolver (at least by default), so you'd still be subject to whatever blocks your ISP/cloudflare/google imposes.
They could, but it would be weird. They use anycast for their DNS, so it will land on the French server before they know what the query is. There isn't really a way to tell a client, "no go to another server with the same IP address". But also they still want all the other French traffic to go to the French servers for performance reasons, so they wouldn't want to send all French traffic outside the country.
Childishness aside, this is a dumb idea because it's going to piss off more users than appease. Most don't care about the struggle for internet freedom or whatever, and just want their sites to work. For them blocking legitimate sites a sign that their ISP is broken, especially when their friends/colleges report that it's working fine on their connections. Moreover blocking illegal streaming sites is court sanctioned whereas blocking the plaintiff's sites is not, and likely expose them to getting sued for tortious interference or similar.
Rampant? Read the article before commenting, they are talking about 800 people in the whole of France.
It's clearly not about severity, but about control. They would try the overreach even if there is no damage to be found (like using ridiculous "this is the money we lost" calculations).
>Rampant? Read the article before commenting, they are talking about 800 people in the whole of France.
800 is the figure given by google's attorney for people that would be affected by the block enforced by public DNS servers, not the total amount of "rampant piracy" that's going on.
* Domestic abuse is the victim's fault because they shouldn't have made their partner angry.
* The Chinese GFW is the fault of the people who criticized the government. They shouldn't criticize the government.
* Israel indiscriminately bombing Gaza is the fault of the Gazans who fought back the last time Israel did that.
* The Holocaust is the Jews' fault for not fleeing the country sooner.
>* Domestic abuse is the victim's fault because they shouldn't have made their partner angry. * The Chinese GFW is the fault of the people who criticized the government. They shouldn't criticize the government. * Israel indiscriminately bombing Gaza is the fault of the Gazans who fought back the last time Israel did that. * The Holocaust is the Jews' fault for not fleeing the country sooner.
Except in all those cases, you can vaguely make the case that the "victims" were in the right (eg. the right to be not physically assaulted). It's far more questionable to claim that people have the right to free live sports streaming.
Your claim would make sense if they had no operations in France, but I highly doubt that's the case. If you operate in those countries, you have to comply with their laws. The fact that your company is incorporated elsewhere is irrelevant.
> rightsholders can demand “all proportionate measures likely to prevent or put an end to this infringement, against any person likely to contribute to remedying it.”
Rightsholder: "Let's see, life insurance payouts are €1M and we are losing at least €50M to these sites, so..."
This looks like such a non issue to be honest. Government branches should have technical and legal capabilities to block domestic and foreign hosts. Legitimate foreign service providers, should either comply with local government, cease operations in that country, or be prepared for war.
Over a decade ago, a ton of tech companies (including Google) coordinated a “blackout the Internet” day of protest against U.S. legislation that would have required them to alter DNS to fight piracy. Interesting that now that France actually does it, they say they will comply.
https://en.m.wikipedia.org/wiki/Protests_against_SOPA_and_PI...
In the last decade Tech has become part of the establishment. They are one of the dominant controlling forces.
The blackout was _not_ about preserving free speech, or any other moral high road. It was purely about control. Tech hadn’t yet cemented their position as a dominant player and didn’t want to cede the control they had.
Now that they’ve embedded themselves in the ruling class they don’t care as much because they already have control.
Tech has always been part of the establishment, funded by capital trying to solve capital's problems. The only part of tech that really deviates from this is the free software community, which has always been hostile to capital. The blackout day emerged from people, not the industry, and people have changed.
6 replies →
This is the right line of thinking. My interpretation is slightly different - I think the tech companies have run afoul of various norms when it comes to things like the privacy of customers, anti-trust, taxation, etc. Because they are now reliant on these unethical ways of holding onto economic power or growing their economic power, they need to not get into trouble with governments. This means playing nice with them so that they do not become subject to legislation that will rein them in.
There's also the nuance that while SOPA/PIPA were bills being legislated for potential passage, France is citing laws already in effect.
For better or worse, if you do business in <x> you follow <x>'s laws or GTFO.
8 replies →
If they had control they wouldn’t comply
What? The tech ( dns in this case) is as neutral as you can get, these are french courts ordering the block, and the dns technicians are controlled by american corps. Dns just executes the orders of the corp, which in turn obeys the local courts.
Tech is under corp in the chain or command, which in turn is under national law.
Gross lack of extra-technical nuance here.
Same with tech and China. They fold like paper without any protest:
https://www.nytimes.com/2021/05/17/technology/apple-china-ce...
Apple have repeatedly thrown their customers under the bus especially in China. At least Google had the courage to withdraw entirely.
14 replies →
I think these firms are all compromised. Poisoning dns is such a bad idea.
Yep. Net neutrality, my left foot. MAANG are all about participating in PRISM, monopolizing access, and choosing who can and can't speak because they compromise a for-profit, oligopolic, technocratic cartel.
Piracy is simply Terrible, it's chopping the dear copyright holders off at the knees, they are frequently having to go on food stamps, and it's unclear how they'll continue on.
/s
Fighting online piracy: First world, or even zeroth world problem.
It's not loke the pirates are saying "hmm, should I pay exorbitant rates for this or should I pirate it?"
The real competition is alternatives: "should I bother pirating this or just go do some other activity."
Bottom line: In most cases it's actually free marketing, and has a net positive effect for the copyright holders. The continual attempts to aggressively clamp down really says a lot about the mentality of the Big Market Forces, *iaa, *aa, and now MS and Elgoog. Even when it's good fertilizer for their perpetual evergreen money tree, they still flip out.
It's all about profit protectionism of the moats around streaming to enforce the arbitrary extraction of gotcha capitalism subscription fees from as many people as possible for as much as possible.
It was not about standing up against IP juggernauts in the interest of users, but in the interest of themselves -- it was tech companies flexing their strength to show that cooperation with tech companies was required, and that they are open to cooperation in other ways too.
Technically, google did it right (using the "censored" error code: https://datatracker.ietf.org/doc/html/rfc8914#name-extended-...):
Technically interesting but unless browsers start showing the error to the user about 0% of affected users will benefit from this.
Hilarious how the article mentions the domain names at the end. It's like Google showing links of DMCA-striken lists, so you can easily find out the actual places to pirate.
> It's like Google showing links of DMCA-striken lists
Used to be like that. Now they have renamed “Chilling Effects” to “Lumen Database” and require submitting an email address to view each individual complaint.
It still shows the domains for me, which is super useful, since I just go to the domain directly and then search again there
Will read the article now thank you
This kind of comment is best left on reddit to keep the signal-to-noise ratio on HN as high as possible.
Just hit that upvote button instead. :)
2 replies →
Yes, censorship by establishment makes public curious. Often it is best PR of those sites.
Streisand effect.
But these names aren't resolvable (through compliant resolvers), while the transparency links would be.
They aren't resolvable with the listed in the article DNS providers, which makes it easy to find the other ones such as Quad9.
2 replies →
only in France
The title on the website is “Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention”.
Curious why Cloudflare has been singled out in the submission title?
Same concern here.
Also, the phrasing in both, but especially the HN title made me think Cloudflare chose to do something, but it turns out the French court is forcing all of them.
They could fight and choose not to. They could ignore this and choose not to. They deserve our judgement for that
33 replies →
It's almost as if the headline isn't the whole story.
1 reply →
Fixed now, although leaving out the court order is also misleading.
If anyone wants to suggest an accurate, neutral title that gets it all under the 80 char limit, we can change it again.
Asked ChatGPT, it came up with this
Court Orders Google, Cloudflare & Cisco to Poison DNS to Stop Piracy
1 reply →
Google, Cloudflare, and Cisco will poison DNS to Block Piracy as Ordered by Court
Also, the country (france) is ordering the "poisoning", these american companies just comply with local regulations.
Heavily biased article.
Remember that dns/ip systems are decentralized at the national precisely so that countries have sovereignity.
The editorial line would have us believe that france is committing a free speech crime or overturning internet infrastructure, while in actuality they are exherting their national rights.
This is literally just a framing issue. Note first that people generally believe in universal human rights, e.g. states shouldn't be allowed to do horrible things (e.g. genocide) just because they would be asserting their national rights.
Further the action of a single state often influences other states, as is especially true when it comes to the internet which is global by nature.
4 replies →
Google runs widely used public DNS server 8.8.8.8
Cloudflare runs widely used public DNS server 1.1.1.1
That's my guess why these two companies were singled out.
Probably because HN limits titles to 80 characters, so OP had to choose one to get under the limit.
No, it's editorialising. The original title "Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block Circumvention" is 77 characters.
They're the most respected / most surprising?
Respected by who?
2 replies →
Doubtful.
One of the interesting technical questions is how these vendors will choose to reflect the forbidden DNS entries in protocols like DoH where they have a choice. For example a reasonable thing for a DoH server to say when asked a DNS question it has been forbidden to answer truthfully, is HTTP 451 Unavailable for Legal Reasons.
That would be a layer/protocol violation. The HTTP status codes used in DoH are used to discuss the semantics of the DNS query itself, unrelated to the DNS response. For example an NXDOMAIN response is still a 200, not a 404.
Edit: for what it’s worth, Google is doing this the “right” way in the DNS protocol itself, see: https://news.ycombinator.com/item?id=40698650
> The HTTP status codes used in DoH are used to discuss the semantics of the DNS query itself.
And the the response is that the server cannot faithfully answer the DNS query due to legal reasons.
The only provider here who is stated to have said they will be complying is Google, right? So not only is singling out cloudflare incorrect, the title itself is incorrect. “French court orders Cloudflare, Google, and Cisco to poison DNS to stop piracy block circumvention” is the correct title for the article contents, possibly with an addendum of Google saying it will comply.
It is times like this that I recommend technically inclined people to try setting up your own dns resolver and see how minimal impact a few/handful of milliseconds on first access has on the internet experience. Practically all popular domains also uses some form of anycast network, so the benefit of a single large shared resolver that caches the dns answers has steadily decreased each year.
Just make sure its not configured to be a public resolver, and only allow local network or whitelisted addresses.
Setting up your own recursive DNS resolver to circumvent ISP blocks is pointless unless you do so on a VPS or something, because otherwise, your ISP will just hijack the recursive queries it makes. And DNSSEC doesn't help if the ISP just wants to block you from learning the real IP.
> your ISP will just hijack the recursive queries it makes
This level of deep packet inspection and injection is not what ISPs commonly do in my experience. At this point, it is much easier to just block the service's IP addresses than deep-inspect DNS traffic and match the query identifier and stuff to inject a false response. Why spend that engineering time when people will just fix the DNS server and can access the site directly? Might as well force people to set up a full tunnel (such as a VPN) to bypass the block, if your ISP or court order shows this level of motivation anyway.
Insofar as I've experienced these things: fetching the mapping yourself, from a server not operated by your ISP, will circumvent DNS blocks your ISP was ordered to put in place.
Currently I've got live access to one such blocking mechanism:
The +trace option makes dig trace the delegations from root server ("who is .org?") until authoritative answer ("who is piratebay.org?"), basically this makes it a recursive resolver whereas in the default case it just asks your configured nameserver.
The first IP address is a block page (accessible from outside the network, if anyone wants to take a look), the second one of the real IP addresses
3 replies →
I’ve heard this before. Is there a way to reliably detect if this is occurring or case studies of where this has occurred?
Edit: I assume dns over https prevents this also, right?
3 replies →
DJB was right.
This was a big surprise for me when I set up a local DNS for work. Everything suddenly felt much snappier.
https://docs.pi-hole.net/guides/dns/unbound/
I personally have zero interest in streaming soccer games, but the process involved here does leave me wondering just how resilient 1.1.1.1/9.9.9.9 (which I use with https-dns-proxy because I basically don't trust the business side of my local telco/cable monopolies as far as I can throw them) really are in practice. I'm starting to feel like someone should bring back ORSN and throw some (cryptocurrency-free, old-school cypherpunk) Merkle tree or DHT magic on top of it or something.
I mean, there are already issues with 1.1.1.1 where archive.is/.vn/etc sites don't work. I know this is due to that site's admin specifically blocking cloudflare, but it already happens. The real answer is to run your own recursive DNS resolver. It's not for the complete technical novice but it's the same amount of work as setting up pihole and requires the same amount of low-spec hardware. I don't think this is out of reach for anyone who is already using a non-default DNS, since with the reconfigured images available it really isn't too much of a lift.
Could you please share names/links?
https://www.mic.com/articles/85987/turkish-protesters-are-sp...
Repressive governments have a history of legal orders telling Google to block protestors from accessing twitter.com but Google always refuses to comply. So their new policy of complying isn't about legality. France is a big market. Perhaps it's about money.
France is not a big market for Google.
The entire ad revenue market (desktop + mobile + social + ....) in France, in 2023, was 5.8 billion dollars (The spread in public sources data seems to be 5.0billion-6.2 billion, so i just took the high side)
1. Google made over $240 billion in ad revenue in 2023, so even if it had 100% of all ads revenue in France, France would only account for 2.5% of Google's revenue.
2. However, Google's share in France is nowhere close to 100%. Search + Display overall is currently sitting at 20-25% of the french ad revenue above (same sources). Let's assume Google has 100% market share in France in those areas.
Then France would account for about 1.25 billion dollars of revenue for google, or about 0.5 percent of Google's revenue. Which is not a lot.
But it's still something. Or it would be, except:
3. France has fined Google 224 million so far in 2024.
Google's margins are around 25%. So that 1.25 billion of revenue produces around 312.5 million of profit. Maybe less
Of which they've been fined 224 million :)
If Google gets fined in France again this year, it would probably be operating at a loss.
Uh, there's nothing in your link about a government ordering Google to block Twitter? Since you say this is a common occurence, I'm guessing it'll be easy for you to find a source that actually supports your claim.
I think the main point is that it's trivial for people to circumvent the DNS level block by simply finding new DNS servers (in this case something other than local ISPs, Google, CF etc... still many out there) by asking others or simple googling here and there, and in extreme cases, at a physical level as in the article.
2 replies →
If it is what public DNS providers do, then they should get a bad reputation and then people should not use them. People can make their own, and/or to just use IP addresses directly (or other methods) if they know what they are from other sources. You can also use the hosts file.
Total non-sense - just pushes people to use VPN or their own custom DNS which tunnels back to 1.1.1.1 or whatever.
Or just footybite.cc will become footybite1.cc, then footybite2.cc... so on. The people writing these laws are seemingly clueless about the internet. Or perhaps, the lawyers just don't care as they are getting paid.
How will users find the new domains? If they can reliability do so then dns is not needed in the first place. If not, then the laws are effective.
5 replies →
Could be malicious compliance at any level. Maybe the judge likes to stream football too?
Most people don't want effective censorship and effective censorship is much more technically difficult as well as dangerous.
I'm happy for them to claim ignorance and implement easily circumventable blocks, rather than go full North Korea.
A great example of why you should be running your own validating recursor instead of relying on a third party
The problem is that if everyone does that, DNS no longer scales; or it should be done smartly with only recursing censored answers. And then it will escalate with IP-level blocking of root servers or NS servers of censored websites.
Can you elaborate on the validating part?
https://www.icann.org/resources/pages/dnssec-what-is-it-why-...
And how to enable it on `unbound` https://www.howtoforge.com/how-to-set-up-local-dns-with-unbo...
I’ve always been curious why dns is a go-to for oppressing unwanted websites. Is it truly difficult to block at an IP level? There would be collateral damage in doing so, but it wouldn’t take long for most VPS providers to dump piracy sites if the alternate is their entire network block being dropped.
A good amount of these websites are proxied by Cloudflare, so you're connecting to CF and CF connects to the website.
And many websites use CF, so if you were to block a CF IP, you'd block a whole bunch of websites.
In that case, what makes Cloudflare immune to court ordered blocks?
You've identified exactly the problem. They'd be blocking thousands of unrelated innocent websites. Also, changing your IP address is really easy.
That’s something cloudflare doesn’t want either. They wouldn’t even need to do it, just threatening to would have a financial impact on cf.
1 reply →
In Italy we gave rights to a private company to tell all ISPs what sites should be blocked by ip. Eventually, other websites go down when some cloudflare ip gets blocked
It is funny how the article lists the blocked websites and what content could be found there. Barbara strikes again.
are you not aware of torrentfreak?
I'm, but it is still funny.
This is a great opportunity for a VPN provider to come up with an extra product being a paid DNS resolver.
Mullvad has it and it's not even paid, it's free.
"A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around 117 pirate sports streaming domains."
Most if not all of these domains probably use Cloudflare as their authoritative DNS servers because they are using Cloudflare CDN. Why not just ask Cloudflare to "poison" those RRs. No need to issue orders to a selection of cache operators.
Wonder why they don't just go after the DNS registrars for these domains, or the DNS root servers.
Because those are not under the French government's jurisdiction unlike responses served to French users. Many of the used TLDs are even explicitly under other countries' governance.
So, with 1.1.1.1 and 8.8.8.8 being useless then, what DNS Server is recommended going forward?
Personally I use quad9 (https://www.quad9.net)
Maybe opendns or nextdns?
Opendns is literally cisco umbrella with less features. Which is one of the companies in the title.
There are many such local laws limitations that big techs have to bow to (that smaller obscure companies choose not to). For example, Google won't offer its VPN service as part of Google One in India. Whereas, proton/mullvad works just fine.
Well that could be considered a pretty useful list
I’d just add the IPs to my LMHOSTS file (Windows) if I really wanted to watch sports badly enough. I mean, I was doing that back in the day for local development anyway.
A new law requires plant shops to stop selling poisonous plants. If people really want to grow these plants they will find a way. Nature still exists.
Theft is theft, don't matter if it's irl or online. As a developer who periodically witnesses users spending hours trying to circumvent 1 dollar payments I think that the time has come for the piracy culture to end. And I used to do piracy too
Copyright infringement is not theft -- false comparison.
Also, have you considered how likely the people who are trying to get around your payment would be to pay up if they didn't find a way? If what you say about how long they try is true, I'd say the chance is extremely close to 0%.
That's the dirty secret of the anti-piracy campaigns of rightsholders. The "lost sales" narrative is a load of made-up horseradish, and they know it.
Is there some decentralized anti-censorship technology that can prevent this type of action, where ISPs and DNS providers and other points of centralization are forced to implement things on behalf of other parties (like Canal+ or a government)?
Well there are a couple of ways one can do this!
1. Recursively lookup DNS, so domains will have to be blocked at the registrar level, since DNS is unencrypted, it can be blocked at ISP level as well.
2. Use a protocol alternative to DNS, a good mature example is GNS. It aims to replace DNS, with a built from group up, modernish protocol. Using a DHT and public-key cryptography.
3. There are "block chain" solutions to the whole domain problem, look at Handshake, ENS etc.
No.
No matter how decentralized something is, ultimately you need to have a server and cables connecting it to the internet located somewhere. That somewhere will be within some legal entity or sovereign's jurisdiction which you must answer to and comply with.
As long as the protocol is easy to detect and block.
If whatever technology that is being used is so intertwined into the base of all use cases (including totally legal) and legal vs. illegal is practically indistinguishable at scale, then decentralization cannot be blocked without physically blocking all the legal use cases too: sure they can "cut cables" but it will have much more greater consequences as they have just cut cables connecting all the legal activity too.
1 reply →
Have you ever used Tor?
Decentralized and global consensus are contradictory properties, in order to have an otherwise arbitrary ASCII string resolve to a particular machine EVERYWHERE, you need a central authority to say who's who.
If you just want to prevent other central authorities (e.g. France) from barging in on the existing central authorities your computer expects to get answers from (e.g. ICANN, Verisign etc) there are plenty of projects for semiuncensoring DNS in a distributed way. But nobody is stopping, say, the US from doing to ICANN or Verisign what France is doing to CloudFlare and Google.
> Decentralized and global consensus are contradictory properties
That's literally what blockchain solves. ENS (Ethereum Naming Service) already does this.
1 reply →
So, looks like there's a market for non-censoring public DNS providers. Any recommended providers?
So if you're using something like a pihole, and provided you're not using any of the mentioned companies, your go to go?
AFAIK pihole still relies on an external recursive resolver (at least by default), so you'd still be subject to whatever blocks your ISP/cloudflare/google imposes.
Couldn't Cloudflare route these DNS queries outside the country, and therefore not be subject to French laws?
They could, but it would be weird. They use anycast for their DNS, so it will land on the French server before they know what the query is. There isn't really a way to tell a client, "no go to another server with the same IP address". But also they still want all the other French traffic to go to the French servers for performance reasons, so they wouldn't want to send all French traffic outside the country.
That's easy to circumvent.
A VPS host running DNS resolver and point your boxes to it.
You're welcome.
Unless France starts blocking DNS port 53/udp and 53/tcp and start whitelisting DNS servers ... :-/
This would be the point where DNS over HTTPS would save the day if it had more widespread adoption..
1 reply →
No mention in dns0.eu, which is what I use and also hosted in the EU.
I'm sure that will work.
(too bad HN can't load my sarcasm font)
If you need to poison the DNS by court order. Can you also just poison the requestees DNS entries? E.g. Canal+ own websites?
That is really good point. The court is basically giving them permission to do this, by asking them to not have net neutrality.
Childishness aside, this is a dumb idea because it's going to piss off more users than appease. Most don't care about the struggle for internet freedom or whatever, and just want their sites to work. For them blocking legitimate sites a sign that their ISP is broken, especially when their friends/colleges report that it's working fine on their connections. Moreover blocking illegal streaming sites is court sanctioned whereas blocking the plaintiff's sites is not, and likely expose them to getting sued for tortious interference or similar.
You could just redirect it to the page they need to show for the bad sites :)
1 reply →
absolutely appalling on France here
Only in France?
[dead]
[flagged]
Rampant? Read the article before commenting, they are talking about 800 people in the whole of France.
It's clearly not about severity, but about control. They would try the overreach even if there is no damage to be found (like using ridiculous "this is the money we lost" calculations).
>Rampant? Read the article before commenting, they are talking about 800 people in the whole of France.
800 is the figure given by google's attorney for people that would be affected by the block enforced by public DNS servers, not the total amount of "rampant piracy" that's going on.
Logical extensions of this principle:
* Domestic abuse is the victim's fault because they shouldn't have made their partner angry. * The Chinese GFW is the fault of the people who criticized the government. They shouldn't criticize the government. * Israel indiscriminately bombing Gaza is the fault of the Gazans who fought back the last time Israel did that. * The Holocaust is the Jews' fault for not fleeing the country sooner.
I don't think it's a good principle.
>* Domestic abuse is the victim's fault because they shouldn't have made their partner angry. * The Chinese GFW is the fault of the people who criticized the government. They shouldn't criticize the government. * Israel indiscriminately bombing Gaza is the fault of the Gazans who fought back the last time Israel did that. * The Holocaust is the Jews' fault for not fleeing the country sooner.
Except in all those cases, you can vaguely make the case that the "victims" were in the right (eg. the right to be not physically assaulted). It's far more questionable to claim that people have the right to free live sports streaming.
2 replies →
Alternative title:
French courts order American DNS providers to block unlicensed sports streaming websites.
*American multinationals
Your claim would make sense if they had no operations in France, but I highly doubt that's the case. If you operate in those countries, you have to comply with their laws. The fact that your company is incorporated elsewhere is irrelevant.
I agree. It would be pretty wild for courts to issue an order for something outside french soil.
While refuting the fact that said unlicensed streaming websites are not hosted on American DNS servers.
I wonder if it's possible to just use Yandex DNS. Russia won't comply obviously.
Also, Yandex search is the best for certain search queries that google and American companies want/forced to remove.
With this DNS provider, I would be equally if not more worried about what the Russian government forces Yandex to block or censor.
Just add 1.1.1.1 as the second dns server
> rightsholders can demand “all proportionate measures likely to prevent or put an end to this infringement, against any person likely to contribute to remedying it.”
Rightsholder: "Let's see, life insurance payouts are €1M and we are losing at least €50M to these sites, so..."
This looks like such a non issue to be honest. Government branches should have technical and legal capabilities to block domestic and foreign hosts. Legitimate foreign service providers, should either comply with local government, cease operations in that country, or be prepared for war.
Wouldn't China's GFW be considered a good thing by that argument?
Not a fan of categorizing stuff as good or bad.
But yes, countries should have control over their borders, both physical and digital.