I was sued in Germany by Axel Springer due to an ad blocker I wrote. The lower court of Hamburg ruled against me. They openly admitted they did not know what they were doing because the case was too technical for them. They were just happy to please the big corporation.
Hamburg is a favourite for such cases because they just have no clue about technology. They are just old fashioned.
As a small indie developer, I could not afford to keep on fighting. I gave up. I was a psychological wreck. And since it is not binding, big entities can afford to sue you non-stop.
Hamburg was the second time I was in a court. I got sued by the same big corporation. I won the first one.
Despite not being binding Sony will use this as a precedent and they will start going against the bigger DNS players, till all of them have to comply with their demands.
>They were just happy to please the big corporation
In Germany?! Never! /s
This reminds me how the gyms in Germany were told by the government they were not allowed to collect membership fees during the lockdown but the big chains did it anyway on the basis of "what are you gonna do about it?". So if you wanted gyms to comply, each customer had to take their gym to court on an individual basis but most never bothered.
It's crazy, from a foreigner's perspective, with how much shenanigans big business in Germany can get away with legally, considering how strict and bureaucratic Germany is. And don't get me started on customer service.
Nope, most banks(specially online-only) will decline your charge back citing some super complex directive that is totally unrelated & you can't appeal. Charge backs will work for no name small merchants mostly.
That's really strange logic. It's the government which block the people to use the gym service, not the gym. The damage was caused by the government and if somebody to compensate the damage, it should be the government.
The problem is that this precedent applies not just to DNS operators, but to literally _any_ unrelated bystander. Sony make very clear in their complaint that Quad9 has no relationship with any party to the alleged infringement. That's why their so excited about this, it's a step further than they've ever taken before.
Are you a German resident or otherwise subject to their jurisdiction? What would happen if you just ignored the lawsuit, and/or ignored the final judgment?
Eventually they'll sue you for damages, the court will rule that you have to stop what you are doing (as they already did so, and violating a court order seems like a surefire way to escalate the situation), plus the monetary compensation for the damages. And at that point it's just easy-peasy call the collections agency, and they'll just make your life more and more miserable by taking your stuff/car/home/etc. (Similarly if "you are" a company.)
As a company, they can only take what belongs to the company. Even if you're selfemployed they should only be able (IIRC, IANAL) to take things that are 100% part of the business.
That's because in that case the legal entity of the company and the natural entity behind it are the same. A GmbH and similar are not directly associated with that. The quick way to prevent issues is to quickly register private insolvency if the money of your corporation is not enough to cover your bills. That means you get to keep a profit of 1.178,59€ monthly plus any necessities like rent and gas/power bills. At most this takes five years and you're free.
This reminds me of hearing about a surge of tech patent cases being litigated in the Eastern District of Texas, though according to this paper, there were perhaps reasons other than selecting a jurisdiction based on purported lack of the locals’ familiarity with technology: https://scholar.smu.edu/cgi/viewcontent.cgi?article=1146&con...
Why are you asserting that Switzerland is a third world country? If that's true, it's a fact that I'm unaware of. Could you specify what your definition of third world is?
Or third or any-th world country. Big corps are big business, big money, big power. Germany is 6th on this list, Norway is 1st. Japan is 15th [0] and Hong Kong is 16th [1] the US is not in the top 20.
The moral solution is to fix justice, the pragmatic solution is to not use your real name. In that light, I also have to ask, why did you use your real name?
It's not solved. If you're based in Germany, as soon as you are doing any business and collect information from people, or better - money, you gotta do it.
Interestingly, you only have to do it IF you have an online presence. As in, you don't have to have an online presence when running a business.
nope. it's not solved. If anybody knows who you are, if you still live in germany, you will be fined. the law has nothing to do with an ending of the dns or some stupid shit. it only applies to juridical persons in germany.
I think the point here is to not disclose your identity online as a defense against bullshit lawsuits. Whether you agree with the approach itself is one thing, but if it works at protecting against lawsuits it'll definitely work at protecting against enforcement of this law.
It will kind of. Law enforcement does not have unlimited resources, and its limited resources have to be prioritized based on the severity of the infringement. Lack of an "impressum" by itself would be quite tame unless there has been some other crime committed (or at the very least a credible tip or complaint) that would justify law enforcement looking into it in the first place.
Furthermore, when it comes to the lack of "impressum", merely determining whether the law has been broken would be difficult with proper anonymity. Let's say he's based in Germany but anonymously purchases hosting in the US or another country and never discloses his German residency on the website - in this case it's impossible from the outside to even determine whether he is actually breaking this law, removing the probable cause for an investigation in the first place. As far as I'm aware, Germany does not - and wouldn't have the resources anyway - to thoroughly investigate every foreign-hosted website to determine whether its owner is actually based in Germany and is thus breaking the law by not publishing an "impressum".
"The civil law system is often contrasted with the common law system, which originated in medieval England, whose intellectual framework historically came from uncodified judge-made case law, and gives precedential authority to prior court decisions."
There are precedents in civil law too. It's just that judges have less leeway in "creating" law than in the common law systems and thus precedents are not as binding because the law is supposed to be already laid our precisely.
And civil law systems are not all tuned the same way.
>because the law is supposed to be already laid our precisely
Well that's the problem right there. Some times the laws are stupid or out of date so you end up getting screwed by some unscrupulous megacorp willing to abuse said outdated laws.
Sure, the right sollution is to change the laws but you're in court right NOW and the process of changing laws is slow and the lawmakers heavily influenced by lobbyists and powerful interest groups to resist changes that affect them.
This, again, is like the local phone company being forced to block your ability to call people because of an assertion that the person being blocked has infringed on their copyright. It's clear that the phone company has nothing to do with the situation and it's a massive legal overreach to compel them to get involved.
But media megacorps have never cared about logic or sanity. They make their own reality with their piles of money and lawyers.
No, actually, that was where things stood BEFORE this injunction. The phone company is an intermediary party, with a relationship to at least one of the parties to an alleged infringement. The whole point of this injunction is that it applies to us as a party with NO relationship to the alleged infringing parties. It relies upon a German law that says that uninvolved bystanders are also liable.
And yet is what they do in my country to “close” piracy sites: ask the national internet providers to block the resolution on that domains. Of course in most situations you can just change the DNS to 1.1.1.1, or if the provider redirects all DNS request to their server just use DNS over HTTPS…
I really, really don't like DNS censorship. I think that if a site is bad enough to warrant being taken down, it should be taken down by the authorities that host it.
OR, these governments should have a formal enforcement regime that monitors and sends takedown requests to DNS resolvers.
Then, high-tech people will either use .onion, or we will see again the popularity of alt-root DNS services.
So will the alt-root DNS website (whose domain is on the "official" root) be taken down, because it is a pointer to a pointer to potentially illegal stuff?
Where does it end? Or will the goal be simply to make it hard enough that only 1% of people know how to access it, vs. 20%?
I don't like it either, but I think it's the lesser evil. Consider the fact that you don't even need DNS to put something on the internet; ergo, removing a DNS entry only increases the friction to accessing the resource. I think the approach the MPAA is taking is indeed to just make it harder for the 20%, and probably have a realistic understanding that they'll never get to 0 and approach a low asymptote, and have to be satisfied with that.
Or, to put it another way, the MPAA is attacking discovery not hosting. Which I think is pretty smart - its good bang for the buck. The people who have legit binaries to share can do so pretty easily (e.g. torrent a linux distro). It would step over the line if they tried to, I don't know, outlaw the bittorrent protocol. But taking down freemoviesXXX.com doesn't exactly raise my hackles.
That's not the point here. The music companies all know that they make way more money on music that gets pirated than music that doesn't; lots of studies have borne that out. The point of this ruling is that it lets them extract money from people who DON'T have a relationship with an infringing party. The neighbor of the kid who downloaded the torrent.
Taking down freemoviesXXX.com in the court of the nation where it is hosted is materially different from making a DNS provider fail to resolve a valid address hosted elsewhere. If you want to be heard you must both fight for the legal right to host content in one county and the right to be read in every other country.
This creates both a concept of there being a censorship list one can be added to and incentivizes escalating attempts to control what can be viewed.
DNS is extremely easy to bypass which is really only half the problem. The other half is the complexity of bypassing blocking can trivially be outsourced to devs of sharing apps who can both implement search and DNS or even vpn.
Technical barriers that are basically boxes for clients to tick are entirely useless your citizens may manage limited complexity budgets but they can outsource those to developers.
The logical path this leads you to are technical and restrictions on what content applications are allowed to display, what applications one is allowed to install based on their compliance with point one, restrictions on what OS one is allowed to install based on compliance with point two.
Then you can control ability to access network resources based on compliance with point three.
This was all speced out decades ago and the technology embedded in your motherboard and somewhat in play on mobile platforms.
Once you have this you will actually have effective censorship tools and now have to worry about how they might be misused when previously we might be reassured by our ability to bypass censorship at need.
When you come down to it the entire content producing industry is of only modest value compared to say science and technology and has more resources than it's ever had before and freemoviesxxx.com is little actual threat to it's existence. It mostly prevents useless people without a creative bone in their body who have never contributed to society in any fashion from maximizing their revenue sufficient to afford a second yacht.
Twisting consumer tech the necessary gateway for all modern communication and culture to increase their revenue slightly is the tail wagging the dog.
Any attempt to take one step down the road ought to result in the offenders being nuked from orbit because their entire destruction would be better end result for society than their success.
How would you feel about javajosh.com being taken down for linking to unlicensed content at some point in the past? This is a great example of the “first they came for…” scenario.
Its a great example of a slippery slope fallacy. I agree it's troubling, in general, to attack the mechanisms used to commit crime. On those grounds you could legitimately outlaw cars ("get-away vehicles!") the post office ("a conduit for illegal drugs, porn, etc!"), computers, ("an essential tool for hackers!").
I'm just saying, taking down the DNS entry for "obviously" criminal domains doesn't bother me. And yes, when it's not obvious, or worse, is maliciously abused by power to silence dissent, then yes, it's worth being upset about. The slippery slope fallacy is all about extrapolating how power could be abused, leaving the only response to take away power entirely. But that's impossible, because power exists. So let's have an adult conversation about how to use it for the good of all.
Unfortunately .onion is not a permanent address. All .onion addresses are transient and The Tor Project reserves the right to completely remove support for addresses whenever they feel it might impact the privacy/security of the tor network.
For example, on October 15th of this year all Tor addresses from the last 15 years of Tor v2 will stop being supported and will vanish into thin air.
> People shouldn't have to tour every possible jurisdiction on earth to have something taken down in the jurisdiction they live in.
Yes, they should. Or they can save a lot of effort and just block it locally.
One sovereign people shouldn't be prevented by another sovereign people from conducting their lives as they see fit. Global rules are incompatible with respecting the vast diversity of humans on this planet.
Hopefully, 9.9.9.9 can apply this ruling specifically to German CIDRs and be done with it.
> Or they can save a lot of effort and just block it locally.
That's essentially the purpose of DNS bans. They are enforced by a given jurisdiction, but they let you solve the root problem rather than running around host providers in foreign jurisdictions.
No, that doesn't work. If anybody could say what should happen globally, and nobody would argue about it, then we wouldn't need courts and borders. The whole point of courts and borders and jurisdictions is to resolve disputes. We wouldn't have copyright law if there weren't copyright disputes. So you can't just say "if any court anywhere decides something, it should apply globally." Because the next court over, in the next jurisdiction, can rule the opposite way. What then?
Check out blockchain domains [1] which implement an NFT standard for domain names. So far Opera and Brave have added built-in support for .crypto and there are extensions for other browsers.
I've looked at blockchain based domains. There's also ENS (.eth) and HNS (namebase.io). The biggest problem with them is they're a huge pain to purchase. You need to buy their vBucks style coins first (ETH or HNS) and many western governments treat those like a security. That makes it tough for someone like me who wants to buy legit, brandable domains in those systems.
So the only people left are the ones mining coins and skirting KYC/AML laws and I think that leads to a scenario where they'll gain a reputation of being a "nefarious" technology even though there's _some_ merit in the idea.
DNS based censorship by western countries is a risky game IMO. That makes the system vulnerable to a developing country coming in, setting up alternate DNS roots, and refusing to filter / censor for copyright infringement. It won't take much for western users to learn they need to use a foreign search engine to find things the western countries want censored.
China's citizens will be using US search engines and US citizens will be using Chinese search engines. Lol.
> I've looked at blockchain based domains. There's also ENS (.eth) and HNS (namebase.io). The biggest problem with them is they're a huge pain to purchase. You need to buy their vBucks style coins first (ETH or HNS) and many western governments treat those like a security. That makes it tough for someone like me who wants to buy legit, brandable domains in those systems.
Yeah I don't know why any of these blockchain DNS systems don't have an easy fiat on-ramp. Most people don't care about holding a token, they just want their domain name. It's fairly easy these days too with all the stablecoins around.
I definitely do NOT want the token/coin. As soon as I touch it the transaction becomes a taxable event for me. It's a nightmare. Imagine if every store in your city used a different foreign currency and the government made you track every transaction you make so you can report your foreign currency gains/losses on your taxes.
I signed up, but didn't do any of the verification. I'm from Canada and they're not in FINTRAC (our KYC/AML regulator), so I'm not willing to give them any personal information beyond what I'd use for a normal credit card transaction.
The thing is I wanted a brandable name that I could likely get for less than $.50, but I'd be willing to pay $50 via credit card to avoid dealing with HNS. I would literally pay 100x the market rate to avoid dealing with their crypto currency because, by the time I deal with the bookkeeping and taxes of a crypto purchase, it costs me more than $50 in time and effort.
I imagine it will become easier to buy with checkouts that can take a credit card. It looks like some already have a Stripe checkout workflow.
One thing that is easier about owning a domain as an NFT is that it's not a subscription; you pay once and own it until you want to transfer it to someone else.
Reading the suit, it is interesting that it is very much based around the fact that Quad9 already blocks resolution for "malicious" domains, and therefore already has a censorship process in place. Basically "you're already censoring, one more domain won't hurt."
That's the assertion Sony makes, but that doesn't actually make it true. Quad9 doesn't do any blocking, Quad9 relies entirely upon third-party expert malware analysts to define the blocks. Quad9 only decides what _not_ to block. Also, Quad9 blocks the same malware and phishing everywhere, because we don't know who or where users are. So Sony asserts that this is possible, but they certainly don't demonstrate how it could be done, much less who would pay for it.
I run an email forwarding[0] app and I need to do a lot of DNS query(for spam filtering purpose), I run dnsmasq top load balance between CloudFlare, OpenDNS, GoogleDNS, Quad9 and Hetzner DNS. Quad9 outperform the rest with 2-4x faster and more reliable. In term of reliable I meant they won't rate limit me.
If anyone need reliable DNS, Quad9 rocks it. I'll contribute my part on this battle too.
Thank you! We hugely appreciate it! If this were just about us, we could have the Swiss courts throw it out, like US courts would, but that would leave the precedent standing and usable against anyone in the EU. So we need to fight this in Germany, and that's going to be expensive. Eco, the German Internet association, have committed a bit to the legal defense fund, and we're talking with the EFF and Digital Freedom Fund.
I think that you may have just accidentally put them in harm's way (if Sony is reading here), since they're in Denmark (which the Hamburg court could also reach).
I have run my own DNS resolver since that time when VeriSign decided to hijack all unregistered .com and .net domains (https://en.wikipedia.org/wiki/Site_Finder); by running your own recursive DNS resolver, it could detect the hijacked responses and turn them back into the correct NXDOMAIN response.
It could make the root server hosted in one country do so, at which point hopefully the other roots would simply de-list that faulty root server (and start seeking to establish another root server elsewhere).
I might be misunderstanding something since I've never been a DNS expert, but wouldn't root servers only be able to block at the level of entire TLDs? Not to say that governments couldn't be interested in doing that, but the flexibility seems limited (without e.g. requiring the root server to return government-approved servers and implementing the blocking on those servers).
Unless they wanted to delist an entire country for some reason it's the TLD servers they would need to go after, not the root servers. And yes, they could attempt to go after the TLD itself and not just the ISP's caching recursive resolver. This is why distributed, censorship-resistant domain resolution is so important. The Internet may be distributed and capable of routing around censorship, but the current DNS system is relatively centralized and thus vulnerable to attack.
I like this dig at Sony. I don't believe for a second that Sony has any interest of the artists in mind. It's all about their own profits at all cost. They wouldn't care in the slightest if artists died of hunger. But that's just my opinion from dealing with the record labels myself.
It's true. Sony doesn't care about artists, any more than your boss or company cares about you.
But they are, nonetheless, the ones paying the artists. Not nearly enough, and with plenty of shenanigans, but that doesn't change the fact that every movie ends with a long, long, long list of people who got paid for working on it -- by Sony.
It's disingenuous for Sony to pretend they care about anything other than their own profits. It's just tugging at heartstrings. Few of them actually get a share of the profits. They work for a paycheck.
But they've nonetheless got a point: they hire artists, lots of 'em. Some of their profits go into making the next movie.
Arguably, that's better than caring about them. I don't particularly like facile capitalist arguments, but Adam Smith's quote about the baker really does apply here: the artists don't need Sony to care, they just need Sony to pursue its own self interest because it happens to also profit them.
You won't see me crying over Sony's lost profits, and I'd love for more people to see movies other than studio blockbusters. But I know a lot of people who make movies and they do, in fact, get their paychecks and royalty checks from Sony.
Sony BMG can talk a long walk off a short pier. They're blood-sucking, rent-seeking, cannibal vampires.
If people would watch it, they would pay homeless people to dance and fight each other in LA's canals during a storm, monetize it, advertise it on all platforms, and they would still sleep OK at night.
No, it's more like mandating map companies do not even list certain addresses in an effort to thwart freight companies from servicing them. A DNS resolver like Quad9 just provides the addresses. There's no allegation here that any infringing content was served by or delivered through Quad9.
Yep. "Offend our commercial legal monopoly for exploiting creators, and the laws and legal precedents we bought order all cartographers to damnatio memoriae your IP and/or location."
No, that's not what the injunction says. It says we have to pay because we were negligent in failing to inspect every web site on every domain that we answer for. To come to an informed determination about whether the web sites contain infringing content. Tens of millions of times per second.
This is a strange case in my opinion. Quad9 and other open DNS servers such as CloudFlare, AddGuard, CleanBrowsing, Comodo, Google, OpenDNS, UltraDNS, Dyn, Yandex, HE.net and other open recursive servers are additive. They are not authoritative for the offending domain, nor are they promoting it. Just because some of these servers happen to filter malicious sites does not mean their role or legal responsibility is to filter sites that break copyright laws. This is the wrong target and sets a bad precedent in my opinion. I am not a lawyer. The right approach would be to have the domain seized and removed from the root servers. There is already a process in place for this as I am sure Sony is aware.
I could see some people equating Quad9 to a CDN but that is not the same. CDN's require the offender to set up an account and manually point the CDN to their site after accepting an acceptable use policy. An open DNS server requires no setup by the offender and no AUP. Anyone can point their client to the open DNS servers and request any domain.
I hope this is not frowned upon here but I believe the domain in question is canna[dot]sx. You can confirm this by taking some of the URLs in the report and substituting the blacked out domain with it and it indeed shows the Evanescence album that the document points to.
(I got this by doing reverse dns lookups on some of the IPs they list without censoring)
Edit: I have tried resolving using 9.9.9.9 and get the same answer as other DNS servers, even running from a VPS in Germany. It appears they have not blocked it yet?
Have you tried the .to domain? The .sx domain is recently registered (probably because SME also obtained an injunction against 1&1 and Telekom to block it), and I can confirm that the .to domain is blocked inside Germany.
Good point, it might be a replacement domain that just has the same content so my URL check doesn't mean that is what they requested.
As for .to, it does resolve fine for me via 9.9.9.9 from multiple locations including Germany but maybe my VPS IP just doesn't resolve to the right geolocation.
Either that Quad9 (unintentionally) haven't included the IP range in the scope or Quad9 is intentionally only applying the filter in residential connections (because business won't engage in piracy, right?)
Edit: Resolves in Versatel (which is a business-grade connection). The offending domain is blocked by 1&1's (Versatel's parent) DNS resolvers though.
Though they redacted the domain name at issue, they failed to redact the IP address that it resolves to. As a result, I can say that the domain at issue is www.canna.to. Further confirmation of this is that the banner of the forum associated to that page, board.canna.to, has a banner warnings its users that it's moved to board.canna.tf to avoid the DNS block ("Um einer DNS-Sperre auch des Boards vorzubeugen, haben wir es von canna.to abgekoppelt.").
We're in a very dark period where people are fine with censoring viewpoints that they don't agree with, especially around political boundaries. It's very unfortunate - censorship is censorship, plain and simple.
Yup. I gave up arguing with the posters and even founder of TechDirt about it. They call it 'content moderation' when they agree with it and censorship when they don't, based on whether it's left leaning (Good™) or right leaning (Bad™).
It's so bizarre how the left controls the house, the presidency, academia, the mainstream media for the most part, all of the big tech companies, but complain that the Republicans are the fascists.
We either have free speech, or we have fascism. And it's not the right trying to censor and cancel people, it's the authoritarian left who feel like they know better than everyone else. Very irritating as a libleft, because they read my disagreement as being right leaning rather than freedom loving.
If you are a freedom lover foremost perhaps you should work more on making the issue seperate from right vs left rhetorics. Always look at why someone wants to censor, rather than just assume it's because of ordinary left vs. right. The scale seems to a lot more binary in the US than I'm used to.
It's not a left right issue, we do need to have sex-ed in schools, you need to talk about homosexuality, and the problem with nationalism even the american flavour. I don't even think those are issues that all left leaning people agree on. Dig deeper.
>If you are a freedom lover foremost perhaps you should work more on making the issue seperate from right vs left rhetorics.
I have tried. It simply doesn't work. Proudly censorious authoritarian leftists. They see themselves as the good guys saving the world, and if that means free speech has to go, then so be it.
I'm reminded of this quote:
>“There is no worse tyranny than to force a man to pay for what he does not want merely because you think it would be good for him.”
― Robert A. Heinlein, The Moon Is a Harsh Mistress
The problem with opposing civil rights movements is that reciprocity matters in the real world. People are disinclined to support your rights if they see you as advocating against theirs.
This might have been the case maybe 30 years ago, today's mentality is really all about submission to power, their power. If they say "put a hand on your stomach, one on your head, and turn from right to left singing the International on a single hand", you better do it, or fear being cancelled.
I’m not accepting your assertion as fact. There are currently multiple civil rights movements facing organized conservative resistance.
You can invent whatever moralizing obligation you want, but I don’t think it’s reasonable expect an organized effort from the {$outgroup} community to defend the rights rights of the people who designated them the outgroup.
Existence of such groups is not your original assertion. You stated:
> People are disinclined to support your rights if they see you as advocating against theirs.
By that argument, the Libertarians would be loved by everybody, but they aren't, because it's no longer a discussion on ethics, it's a fight over holly dogma. The ACLU will no longer support people on the Right in the name of Free Speech. Lines in the sand have been dug by the left, and they no longer crosses them. The right, (ie. the MSM's fascist) however do it all the time because they are the most open ones. If you are a gay 1sh amendment absolutist, you aren't gay, you're just a nazi. The ancients Greeks are no longer the bases of our culture/civilization, they're esclavagist.
Independent of the current case (and Hamburg rulings in gernal), I haven't made up my mind yet about DNS blocking.
The countless analogies don't really help me to find the right approach to handle these kinds of things.
First, the "it only increases friction" argument: Basically everything is like that. Barely anything is absolute in the regard. If locked doors are effective at stopping most get-ins, it doesn't matter that they can easily be opened with a bit of skill.
Second, should every country have to accept everything that is legal to host in any other country, i.e., should countries be allowed to make and uphold their own laws? I mostly think so, but am not sure how to achieve this. Violations can easily be outside of the reach of the country but there is still a desire to prevent the influence. Is DNS resolution an appropriate point to attack this problem? I am not sure, neither from an effectiveness nor an sensibility point of view, but I find the point of view to pursue everyone in their home jurisdiction (if it can be determined at all) convincing either.
> should countries be allowed to make and uphold their own laws? I mostly think so
Isn't that backward? The question is, should people be free to make their own choices and live their own lives? I don't care about countries, I care about people.
I think the answer to that depends heavily of ones own philosophical point of view - we may not even agree on what makes people free.
I do care about countries as a governing body for the society that creates it, as I think societies should be allowed to self govern. Further, as I am not an anarchist, I believe that laws and governments are a valid way to do so.
It is, however, debatable (even for me) which laws are "okay" for a society to implement on itself. There are laws I would consider fundamentally unacceptable. A mostly uncontroversial example would be slavery.
> I think the answer to that depends heavily of ones own philosophical point of view - we may not even agree on what makes people free.
I think that's a philosophical debate, but mostly nonsense in practicality. It's not a matter of belief or opinion, for the most part; it's not hard to understand. It's just trendy for authoritarians to attack human rights as some subjective matter of relativistic ideas - that would be convenient for them.
> societies should be allowed to self govern
People have a right to self-govern, and to protect that right and others, 'governments are instituted among humans'. The word 'society' is often a construct used by the powerful to justify their control of the weak - the powerful are 'society', they assert, kind of like old-fashioned divine appointment.
Yes, both of the above are correct. In addition, I'd have two years of prison if I entered Germany again, which I normally do relatively frequently, to look after our servers in Frankfurt and Munich and Berlin and Düsseldorf and Dortmund and Wuppertal and, ironically, two locations in Hamburg.
But more to the point, although the Swiss courts will happily tell Hamburg to get stuffed, that would leave the precedent standing, for application against literally anyone in the EU.
Ridiculous! A terrible precedent and failure of logic. I'm struggling to find words to express my frustration. They don't even list the domains that we aren't allowed to resolve!
Can we use this precedent to sue the US government in court for using DNS to kill Yemenis (drones run software like libc, libc uses DNS), or perhaps to sue Kellogg's for making breakfast cereal that was eaten by someone on the morning they decided to kill someone?
Quad9 does not make money. Quad9 is a public-benefit not-for-profit foundation. It's supported by donations. Which are very much appreciated right now, because German lawyers aren't free.
Quite a lot of these lawsuits happening in Germany against local businesses. But can a German court really order a company located in Switzerland to comply? I thought that was the main selling point of Swiss-based companies.
The "almost-EU" countries (Switzerland, Norway and Iceland) have a treaty with the EU covering cross-border civil disputes, called the Lugano Convention. That gives the Hamburg court jurisdiction in this matter.
If anyone from Quad9 is still here, I have an interesting suggestion.
While finding a legal solution, the resolvers could mark if a block was done due to a legal reason (ie. censorship), so that clients can react to that and ask another resolver instead. If enough resolvers would adhere to this practice, it would render these censorship attempts useless. Of course, client software would need to support this too.
I haven't talked to the team yet here at https://safing.io/, but I think we'd be willing to implement that in our DNS client.
Damn, that is my standard DNS by now. I hope they win the case, although chances are very low. I live a short trip outside the city where the judges preside and the court is quite infamous on rulings like these. They are old, afraid and wrong about many issues and won't see that DNS provider aren't responsible for content. Germany isn't able to tackle modern communication infrastructure and related problems. On the other hand it has the capacity to ruin one of the best human developments in recent history. It is not beyond their capabilities.
Is the censorship applied globally or just to their resolvers in or near Germany? Unfortunately the domain names are redacted so it’s not straightforward to test this.
There is no censorship. This is an ongoing dispute between a court in Hamburg and a non-profit in Switzerland. When the dispute is eventually settled, Quad9 either will or will not be providing service in Germany.
"Quad9 commits to obey the law in any country in which it operates. Therefore, it will only operate in countries with a rule of law compatible with Quad9's ethics and moral duty to protect users. If a government were to use national law to attempt to force Quad9 to act in a way that would harm users (such as collecting information that might de-anonymize an at-risk individual), Quad9 would withdraw from operations in that country. This does not mean users within that country would be prevented from using the Quad9 service (unless the country itself prevented them); the service will operate from locations in nearby countries."
Caving in to Sony’s lawyers again. DNS resolution is not copyright infringement and someone needs to put Sony/BMG in their place and make them go after those who are actually infringing instead of those who are providing internet backbone services.
This isn't a case of caving to the lawyers. Those lawyers got a JUDGE to grant an INJUCTION. Once that happens, you're not caving to lawyers - you're going to follow the letter of that injunction while you appeal it, or throw up your hands and follow it forever.
Also FTA:
"We have retained counsel, and we are in the process of filing an objection to the injunction, though we are required to comply with it."
I know, Sony went to a judge and bought their way to an injunction forcing Quad9 to blacklist DNS resolution. Same went for Homeland Sec here in the US some time ago. It’s still Sony’s lawyers, it’s still not right, and a judge should know the difference between telecom lines and operators and their users, as this is the same thing analogy wise. It’s like me getting you to not eat dairy by banning you from ice cream shops because I’m lactose intolerant. It’s a huge over reach and abuse of power.
Don't see anywhere I agued it wasn't, but I was responding to your comment which sounded like Quad9 was caving to Sony's lawyers, as opposed to the more specific accusations of judicial bribery in this follow-up post.
Is it common for German judges to be bought and/or specific judgements to be paid for in Germany?
There is no bribery accusation. They said "sony bought their way". This is a vague statement that could include bribery, but also could mean "spent a lot of money on lawyers who found a judge that would side with them" or "sony spent a lot of money on lawsuits in many jurisdictions trying to find one that sided thier way" and a hundred other things.
Here: “Sony went to a judge, and bought their way to an injunction”. Better? I’m not accusing them of bribery, though I wouldn’t put it past them. Scratch our backs kind of thing. I hate Sony.
It's more that Sony has effectively bought "justice" (i.e. a court decision) favorable to its interests by bringing overwhelming legal resources to bear.
The corporations own all elected officials (executive, legislative, and judicial) and MSM except some ostensible, powerless dreamers who think they can make a difference nibbling on the ephemeral periphery. The most rational and bravest voices in media (Hedges, Chomsky, Nader, Maté, Blumenthal) are currently ostracized as effectively-mute dissidents, conflated with conspiracy theorists and religious zealots for their crimes of factual, professional reporting.
"It is difficult to get a man to understand something, when his salary depends on his not understanding it." ― Upton Sinclair
The prevailing filter bubble of the bourgeoisie and the rich is intent on remaining secure at all costs, assassinations included. Just look around the world where journalists are murdered most and then where they are deplatformed.
Yes, again I agree, but those people weren't saying anything. They just dismissed the comment and down voted it and went on their way. Nothing gained at all because of using words that everyone knows will cause this reaction. Shotgun meet foot.
You make generalizing statements like “everyone knows”.
I genuinely don’t understand what kind of reaction you think “everyone knows”. That some people will be inexplicably scared when the the name of Karl Marx is invoked?
While our donors appear to be happy to pay for us to contest this, it's very difficult for me to imagine anyone paying what it would cost to implement compliance.
"The assertion of this injunction is, in essence, that if there is any technical possibility of denying access to content by a specific party or mechanism, then it is required by law that blocking take place on demand, regardless of the cost or likelihood of success."
Technically, this block does not stop anyone from getting the IP address for a domain. Anyone can resolve a domain name using public information that is disseminated from domain name registries, domain name registrars and other authoritative DNS providers. Quad9 is just a third party DNS provider, not an authoritative source for IP addresses. In theory, third party DNS providers could refuse to provide (resolve) the IP address for any domain name. They could do this on their own accord, to suit their own interests, or at the behest of anyone, e.g., an end user, a financial contributor (donor), an interested corporate partner, or perhaps pursuant to a court-ordered injunction.
In fact, this in exactly what Quad9 does: they block domains. They advertise this capability on their website, where even the most non-techical reader could find it. From the "About" page:
"Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting to malware or phishing sites."
Third party DNS has a number of potential problems; filtering is one. Funny how people have literaly turned that problem into a selling point. For example, OpenDNS, now part of Cisco, started a business doing DNS-based filtering.
Personally I fail to see why third party DNS (ISP-provided DNS or so-called "open resolvers") remains a preferred method of retrieving IP addresses or other RRs. IMO, there is no technical advantange anymore.
Many years ago I wrote a system for resolving domains without using recursion, using only authoritative queries, never setting the RD bit. It was very fast. Faster than a cold cache, IME. It could actually get faster as it acquires more addresses of authoritative servers, because it does not need to look them up again. It "learns". The best aspect though is that there are no unecessary third party middlemen. Third party DNS providers are not authoritative sources for any RR. They are middlemen. They do not operate for free. They are potentially subject to influence from whomever pays the bills.
People often discuss "privacy" when they discuss third party DNS service. IMO, using a shared third party DNS cache seems antithetical to "privacy" (not to mention "security"). In any event, it enables filtering by someone who is not an authority for the DNS data they are serving, a middleman. This is the view of an end user, not a corporation nor a developer working for one.
So, have you tired resolving a domain on a high-latency connection? Or live in an area where the internet routing don't make sense but you don't have a choice (or worse, you have a choice to different ISPs who all have different weird routing)? Not everyone has a good connection, and this is doubly true for residential connections. In those cases, "smart" DNS providers can steer the users to the fastest route, which in some cases resolves to a better server than the answer given to when a user does a direct recursive answer (because the authoritative servers directs the user into a "bumpy" routing). That's the (original) selling point of 1.1.1.1: they will use Cloudflare's knowledge of your routing to give you a better server (even if the domain you're asking for is not from Cloudflare's network).
Yes. Everything I do is designed to deal with those conditions. I never assume a powerful computer or a reliable connection. But nothing is ever "once-size-fits-all". There could be situation where, e.g., a website's authoritative DNS servers are barely functional, but a cache like Cloudflare's has a copy of the RRs. IME, that is quite rare.
I store the RRs permanently in a custom zone files once I retrieve them. Then query the data from a loopback-bound authoritative DNS server. No subsequent queries for those RRs leave the network interface. This is faster than 1.1.1.1 .
Yes, I do get that your system caches the authoritative servers, but as I said above there are times where the connection is "weird" and some DNS revolvers are better-equipped to solve them. Some authoritative DNS administrators wrongly used (for example) MaxMind GeoIP (don't do this, use ASes to differentiate connections when it comes to DNS steering) to steer their DNS requests, and it ends up that the user is getting a suboptimal server.
Here's a real-life example I encountered: Wikimedia (which operates Wikipedia et al.) has historically routed Japanese connections to Singapore, where they're geographically close, but due to how the internet backbone in the area works (it goes via Hong Kong, where switching time adds up to the latency) it made more sense to route them to WM's Los Angeles servers (and some ISPs have done this before WM has formally rerouted it to Los Angeles).
Or even a more frustrating one: I have routed SingTel users to Hong Kong despite also operating a server to Singapore because their routing is so bonkers that SingTel will route the connection to America and back just so they can access a server that they can physically go by using the metro (yes, I have contacted their NOC. No, they haven't changed anything).
Will this break DNSSEC? Absolutely. Will ordinary users care? While I'll care about correctness, more users will care about the speed and quality of their connection rather than correctly routing to a suboptimal server.
Sounds like you would want more manual control over routing if you could have it. You and I want the same type of thing. I'm an end user not an administrator. I just prefer manual control over DNS. When I do purely authoritative lookups I see all the queries made. The way admins have configured things, it can be grossly inefficient, not to mention brittle. With one popular CDN, I can see something like seven queries just to resolve the IP address of a single domain name. I can alleviate some of the inefficiency and unecessary dependencies manually by querying certain servers directly. Geo-based routing makes sense sometimes (most times, perhaps) but, as you point out, not always. Sometimes with CDNs I will retreieve content from certain servers that so-called "smart" DNS-based routing would not recommend. Because in some cases they are in fact faster for me. The point is that it should be the user's choice which server to use. "Smart" stuff, letting others make decisions for us, should be optional not mandated; because, let's face it, this stuff isn't always as "smart" as it could be.
I should clarify what I meant by "there is no technical advantage anymore". There was a time when "personal" computers and internet were so slow, users could not be expected to do their own lookups. No one could be expected to run "BIND" on their own computer. Running something like Unbound, "Pi-hole" (dnsmasq) or countless other options was not feasible like it is today. A shared DNS cache run by a third party made sense. What I am suggesting is those days have passed. One of the authors of the popular O'Reilly books on DNS, a so-called "DNS expert" that most DNS administrators followed back in the early days, more or less admitted this many years ago. Technically, no one needs DNS "nannies" anymore. Users have the ability to exercise some manual control, if they so choose. I do my own DNS-based blocking.
Anyway, that's how I see it. One person's opinion.
I can see why one would be concerned about a heavily centralized DNS, but what I've experienced in the real world is that today's DNS gives me infinitely more options than I had back when I started on the Internet.
Back in the day, you were often limited to one or two widely known public servers (MCI's for example) or your ISPs. Today I have tons of providers of public DNS, all with different advantages and tradeoffs, including paid features and support. This alone is radically better than the choices we had ~20 years ago.
Add to that the fact that I can run my own caching resolver without reading a 642 page paper bound book (see pihole vs a dog-eared copy of DNS and BIND by Liu and and Albitz), and we're far from the dystopian nightmare you seem to be referring to.
> you were often limited to one or two widely known public servers
I have a found memory for the days when you could still use ns.sun.com (192.9.9.3) as a recursive resolver as it was such an easy to remember IP (for those days anyway).
The sad thing is, i like Sonys desing and the hardware a lot. But I think now is the point, where I just can't support that company anymore. A bit the same like Windows. Even I was early on Linux for most things, I still allways had Windows beside. But with Win10, I just couldn't agree to the EULA, so im Linux only since then.
The irony is, I’ve never experienced DNS problems with invite only piracy sites with quality and quantity 100x the public ones. And doubly so, because I’m sure a lot of Sony employees use them.
I wonder why companies like Sony only seem to be focusing on attacking small business.
I remember if you wanted pirate content, Google itself was the best search engine for that. You could (and likely still can) find almost anything and yet these companies don't seem to be taking Google to court. Wonder why?
It least at one point in the 2006-2010 range, Google would display a Chilling Effects link to the actual DMCA takedown request when some of your search results were censored by a DMCA takedown. The DMCA takedown request is required to specifically enumerate the censored URLs.
The end result was a DMCA takedown often resulted in an indirect "Certified by Sony" link to non-fake infringing copies.
The other two large recursive resolvers, Google and Cloudflare, are protected by the District Court of Northern California, and more generally, by US law. Although we didn't find out about it until last Friday, the court documents show that Sony got this attack underway just thirty-five days after we moved out from behind the shield of the US courts.
Given enough time, we'll eventually see a case where a studio's master copy gets corrupted, backups are out of date, and the studio does its best by replacing a master with a high quality infringing copy.
I think at least some of this may boil down to the fact that there are people employed in positions that require them to provide some results that justify them keeping their jobs. Sadly.
What makes you think CloudFlare (or Google/8.8) could not be hit with the same legal injunction? This is a court order and Quad9 must comply, as would CloudFlare or Google.
I am not aware of 1.1 or 8.8 ever being forced to block/change DNS. While this does not prove they won't in the future, considering the popularity of the services this suggests US law is on their side.
Additionally, Cloudflare has previously shown commitment to deliver DNS exactly as it receives it with no changes (see archive.me debacle).
Except in the case of deciding to exclude EDNS Client Subnet, which in my experience completely borks CDNs. Which is why I switched to Quad9 in the first place.
I get what you're saying, but we're talking about a very specific action: a court injunction. Whether or not it will be overturned or invalid is a followup - I am not versed at all on German law but I would assume it's a criminal penalty to refuse to comply with a court injunction (for anything, not just this). As stated in the blog, they will comply and fight the injunction's validity.
> We have retained counsel, and we are in the process of filing an objection to the injunction, though we are required to comply with it.
Sir, I interpret your words as what I stated above - you will comply as required by law and fight the injunction as invalid. If you have another meaning, please clarify.
Nothing has yet been proposed which is technically possible to comply with, to the best of our knowledge. There has been no mechanism proposed whereby we could be in compliance, nor has anyone proposed a way of meeting the very substantial cost of making it happen. Nor has anyone yet addressed issues of proportionality, which I gather are central to this part of German law. Nor, as a public-benefit foundation, is it even legal for us to convert resources from the public benefit to Sony's private benefit, and that hasn't yet been addressed. So it is, for many reasons, very premature to be talking about compliance with the injunction.
For now, there's the filing of objection in the Hamburg court, then the appeal to a superior court... There are many steps here, and the first have barely been taken.
I wish they hadn't complied. It wouldn't be the first time a tech company stood up to this kind of thing. (Github and youtube-dl, Digg and HDDVD key, etc).
Not familiar with German law. What would happen if they simply ignored the injunction?
I'm pretty sure it would be the first time. Normally they fight it in court, they don't disobey court orders after the fact. Neither of your examples did. If they did their hardware would be confiscated by the police.
That would have been really nice, but I can't blame them. If I were in their position, I would save my company and employees first. Making noise about it comes after their wellbeing.
Hamburg is a favourite for such cases because they just have no clue about technology. They are just old fashioned.
As a small indie developer, I could not afford to keep on fighting. I gave up. I was a psychological wreck. And since it is not binding, big entities can afford to sue you non-stop.
Hamburg was the second time I was in a court. I got sued by the same big corporation. I won the first one.
Despite not being binding Sony will use this as a precedent and they will start going against the bigger DNS players, till all of them have to comply with their demands.