Sunday, November 20, 2011

(Adios Censorship, Hola ODDNS) Internet Censorship: state & solution

We are (and have been) living in a dark era of corrupted & controlled information, not because of hackers or e-criminals but due to white collared, bureaucratic Legal Organizations trying to control Internet.

They used to control books in old ages; newspapers since several numerous years and news channels for past few decades. This control was over information available to public.
The more informant they are, the less power Legal Agencies have to guide them on their determined decision.

They started with shutting down (supposed to be) bothering web portals, forcing them to change content and even leak information about their users.
When they found out they can't (without any controversy) dominate all web services around the globe. They started taking DNS servers under control.
 InteXnet CensoXship
Now just for those unsure how controlling DNS servers help.
In easy words... dns server is the service to which you tell the web portal name and guides you with the address format that all networking devices understand and help you reach the destination web server.

So, the problem why DNS Servers can be controlled currently is because of their structure.
DNS Servers have a tree-like hierarchical set-up.
It has few Root DNS Servers at the top, which contain the entire Internet Domain Name registration database and its relative IP. These are maintained by independent agencies, but maximum of those reside in U.S. and few others distributed over globe.
Then there are lower level DNS Servers maintained by Internet Service Providers, some Universities and also some IT organizations. These DNS servers contain a more specific subset of DNS entries specific to the domain requests they mostly serve.
If the queried lower DNS server doesn't have reply to an entry it contacts daddy DNS, retrieves the address and replies.

The thing is, these network address resolvers are very concentrated and dependent. So if these Legal Organization face threat from any newer (or even older) web portal, say www.wiki-still-leaks.org.
Only thing they need to do is block address resolution of that particular (and many more as per required) web portal name.
As you wouldn't be able to resolve network address for that particular website, you would find it offline.

Currently, how non government liked sites (as thePirateBay) handles it is making multiple dns entries.
Recently there was a firefox plug-in ThePirateBayDancing released by mafiaafire, which makes available portal jumping randomly over proxies.

In late 2010, when U.S. blocked WikiLeaks..... ThePirateBay floated around the idea of P2P DNS.
Peter Sunde (PirateBay co-founder) gathered coders to work on it. Cjd working on it, shifted his operations to cjd#irc.

This idea of P2P DNS was picked upon by vinced and put down as namecoin. A decentralized dns service based on Bitcoin. Now, that is the main problem with this..... its based on a money exchange system architecture. You either mine namecoins for a domain name or buy them.

Jimmy Rudolf is out with ODDNS : Decentralized and Open DNS. It removes intermediaries dns servers from the scene removing their crippled dns resolutions.