I'm really surprised this list doesn't contain any of the big names I'm using. In fact I've never heard of any of these sites.
I'm using many of the book sites and general torrent ones (I won't name them here), but none of these are on the list.
I also think the point is kinda moot because everyone doing torrents in Germany will already use VPN because it's only a matter of time before you get serious letters from lawyers there, demanding about 400 euro per move they've seen you download. ISPs always cooperate in giving subscriber info for each IP. Some lawyer firms actually specialise in this and go after downloaders on their own.
I wonder if they leave the big torrent sites out to provide income for these lawyers?
> As a general rule pirate sites tend to not go in for founder bio's.
I'm no Data Scientist, but would be willing to bet a small round that were we to look, presence of founder bio's and their domicile's extradition policies are not uncorrelated.
[AFAICT there was a lot of paranoia on the Soviet side, and as a basis for that paranoia they pointed to all the Capitalist forces active in russia during the revolution, but in retrospect some part of all that foreign intervention had been due to a problem of their own making: they believed world revolution was only a few years off (and just maybe they didn't want to look inconsistent with their own ideology?), so instead of doing what any reasonable mafia would've done and kept on paying dividends on imperial paper (perhaps even after negotiating an acceptable haircut?) and maybe even paying lip service to IP rights, on both fronts they rather rudely essentially told all the now-former investors to "go to wood"]
Lagniappe: somewhere in Abai's қара сөздері, he says something similar to "you know, it wouldn't do us Kazakhs much harm if once in a while we were to think of something other than how to grift more cows"; with that in mind: https://www.smbc-comics.com/comic/life-3
It's not a surprise at all that people doing extraordinary things aren't quite the same as regular people. The average same-belief-having person isn't going to do anything like make sci-hub because fitting in is their priority.
She technically identifies as a communist. Besides, she needs some protector to prevent being extradited to the Land of The Free & Home of The Brave. You saw what happened to Kim Dotcom.
Read the expanded version in russian[0]. Page 71, 3rd paragraph, explicitly saying “I was a patriot and supported Putin.”
And here is the source claiming she was attempting to join the Comminist Party of Russia[1] (though she ended up not being able to, because she wasn’t a russian citizen, which is a requirement)
Want to be a communist is not new. Even some French philosophers were or at least if trying to be. But joining Soviet Union then or Russia now … is that even communist ? Btw, based on that article it seems openness is ok in Russia or is it just another rip-off like communism-on-market. The experiment of coummunism by itself always failed. But mix it then you have to ask yourselves is it communism or market is an essential part to it, not just use it as a step.
In brief where those science paper coming from, Russia?
Idrc who she worships, she thinks information should be free. The parasitic corporations in the west don't. Rich people are more of a threat to the well-being of society than foreigners who see the world differently
Starting a panegyric to JV Stalin with words from IE Aleshkovsky is an editorial choice which shows AA Elbakyan takes CE Shannon seriously; I for one am looking forward to a future essay equating pirate site shutdowns with the 7 June (415 BC) early morning mutilation of the herms.
You haven't heard of the biggest source of paywalled research papers on the planet? It's a fantastic resource for when you don't want to pay 40 Euros for a single paper and you don't happen to be part of a university that happens to be subscribed to the right journal.
Yeah I'm not really an academic, although I did study at university decades ago. I'm much more practically aligned. So I don't ever read research papers :)
Ot of curiosity, how does this work? If a site is over https, then the only information I would think the ISP would have is the subscriber downloaded from randompiratesite.xyz what seems to be a single X GiB file. They could see that the size roughly corresponds to FooBar.mp4 on that site (plus some HTTP headers). But this seems pretty unreliable. (Like what if someone was using a download manager to get multiple large files at once, using multiple download streams per file?)
I'm sure that you can get in plenty of trouble for downloading a ton of data from randompiratesite.xyz or whatever, but how the ISP determine the number of movies they've seen you download?
> If a site is over https, then the only information I would think the ISP would have is the subscriber downloaded from randompiratesite.xyz what seems to be a single X GiB file
That isn't how torrent sites work. You visit site.xyz and download a .torrent file in the realm of 10s-100s (typically) of kB and that contains some metadata that a dedicated torrent client consumes. The torrent client connects to (1) some tracker via http (or https, but usually http) which may or may not be associated with the site the .torrent came from, to register as part of the swarm, and (2) any number of peer torrent clients. The actual data (X GiB) transfer comes from those peers; not the original site.xyz nor the tracker.
ISPs can observe DNS lookups / connections to site.xyz; tracker "announces" (that's (1) above), especially if they are http. And even the peer-to-peer traffic has a distinct protocol which is recognizable with packet inspection. But the main avenue for finding offenders, I believe, is just downloading the same .torrents for some specific copyrighted content and using the torrents' associated tracker(s) to enumerate swarm peer IP addresses.
Thats not how piracy in germany works. Torrenting for german content is quite uncommon. Normally the pages either point to sites hosting a streamabale version of the video content or point to a external file hoster (e.g. Rapidgator).
> Torrenting for german content is quite uncommon.
Obviously, because, as the chain of comments above your shows, torrent users are easily caught and get fined to hundreds of euros per downloaded movie. Then they stop using torrent and tell all their friends about the experience. This has been going on for more than a decade, maybe two. So by now, German culture has adapted and people don't use torrents.
The cease and desist fine (about 900 euros these days) is what the lawyer wants. Max return on investment for a single letter. You don’t have to react to this letter which will bring about the second letter with the generous offer to pay less, this repeats until around 340 Euro are reached.
Then you may get a court order that states what the lawyer accuses you of and this you have to react to. The court just states this and gives you 2 checkboxes. If you check the one saying “I reject the accusation completely” the lawyer needs to decide. He invested some 40 euros into the court order but going to court is a different ballgame and not his main business model so they have to weigh the chances.
The owner of the router that the file went through is responsible for access to the router. Since the owner has so far not said anything to his Defence there is a possibility that multiple people including family members had access to the router and the lawyer might, in court, be presented with a list of people and their addresses which satisfies the defendants task to erschütter the accusation for the court and leave the lawyer with the option to figure out whodunnit or rather who in the list is going to fold and pay.
This is really not his business model. That said they do go to court and people get sentenced to pay the fine.
Years ago I did exactly this by modifying my client to never seed/share, and also to fake my reported sharing stats so the private trackers wouldn’t boot me for failing to share.
Those were the days.
Now, I no longer fear the ISP or copyright holder chasing me (seems ISPS and laws moved on where I am) and don’t bother with modifications any more.
There are some services where you send a torrent file/magnet link and it’ll download the file for you, so you can download over HTTPS. I believe those particular services intentionally don’t reseed.
That's a very technical nitpick — GP's general point ('Obviously, because, as the chain of comments above your shows, torrent users are easily caught and get fined to hundreds of euros per downloaded movie.') stands.
You are downvoted, but from my experience, you are pretty correct. Most people I know will use a streaming site, then sharehosters (good old boerse comes to mind - Megaupload, Rapidshare and Uploaded were the big hosters I remember)
I even know of more people using Usenet then torrents! The amount of work to use torrents safely just isn't worth it for most people.
They are downvoted because it was an obvious and low-quality statement, as another comment outlined. Torrents publicly expose IPs and thus can be seen by copyright Nazis, but streaming/direct downloading has so far been safe.
True but it is possible for them to capture one of these sites and go through the logs to check for IPs. So it would be best to use these with a VPN also.
I'm not aware of this having happened for movie downloading but it has happened to data breach forums, the police in Holland have contacted some downloaders there after they took down a platform (raidforums): https://tweakers.net/nieuws/208638/politie-mailt-duizenden-n... (in Dutch, sorry)
So it's not unprecedented and certainly within the legal realm of possibility even though this is a different country.
It's not the sites, it's torrenting. Without a VPN, they get your IP, and you are on the hook for "commercial distribution" (as clients also upload) unless you pay X00 euros.
You should move to Germany and argue this exact point in front of a bored 54-year old regional judge (who does not own a smartphone) on a Wednesday afternoon.
Just violating copyright wouldn't really matter. Damages would be tiny, and so would be what the lawyers can blackmail you for. It's being on the hook for the damages of distribution that gets the high fees.
Huh, that is super interesting, are you 100% certain it wasn’t torrents and thus including distribution? Hundreds of euros is crazy, that’s what people pay for distribution.
Sure, but private distribution is something completely different than commercial distribution. And private distribution under friends up to 15 is even legal.
Yes, sharing privately using for example a flash drive, sending file via messaging app, or a private download link that's not shared publicly is not distribution. But I was replying to your comment that said "violation of copyright", which implies distribution - torrents in my case. Fortunately I didn't distribute much, I had the torrent client set to a low speed, so I was able to settle it out of court.
There have been courts that decided downloading is copying, is infringement. But even if I used incorrect wording, I specifically mentioned distribution being the issue in my original comment.
No, there is a specific ruling says that says downloading for personal use is not infringement or violation of copyright. The person who uploaded it is the one infringing by giving out copies, not the person downloading. That's why downloading gets a pass. Any violation of copyright in Europe necessarily includes uploading.
Yeah you can use peerblock/peerguardian, but in general there's no point. It's much less risky to simply use a VPN because there's always a risk that new IPs are not on the blocklist.
I actually kind of appreciate the laws there. It's sort of weird because it's one of those things where -- if you just use a VPN it totally negates the problem. Like somehow it's just "common knowledge" that you can do any of that with a VPN and you're risk free. It's this loophole that... you can't really close as a government without being completely authoritarian.
So it's not shocking that some might want to shut down VPNs or make using a VPN illegal (like, uh, North Korea, Belarus, Iraq, Oman, Turkmenistan... oof).
> I'm really surprised this list doesn't contain any of the big names I'm using.
This might be more a proof for this whole blocking-business actually working. kinox, serienjunkies and similar named domains were very famous and huge 5-10 years ago. Since then, they have been raided, sued, blocked, etc. So it seems they've been fallen in grace and awareness with their target-group.
Probably been told about it by friends. Whenever I find a decent site, I pass it on to anybody I know who needs it. kinox used to be one of those sites.
I use and have used a large number of these. Many of them are primarily German streaming sites. Ziperto is a file hosting site, which you'd only come into contact with through certain kinds of direct download piracy sites. I'm not surprised you haven't heard of any of them, even though they are actually quite popular in some circles.
Yeah I didn’t know about this when coming to Germany and downloaded something without a VPN. Thankfully I was spared. But now I always use one with a reasonable good kill switch setup and forcing the torrent client to use the vpns network device
I have a RPi 5 running as a Tailscale exit node in my parent's house in a developing country. The said country does not care much about what people download. qbittorrent-nox makes it very easy to download stuff by just using my browser. Plus, I have access to local, region locked streaming content and very cheap Netflix subscription.
Netflix subscription - Netflix stopped access to streaming for accounts unless you're in the original country of billing. Are you streaming Netflix through your tunnel as well?
This sounds similar to a seedbox, a server rented to do piracy so DMCA complaints and such are sent to your seedbox provider instead of you.
The seedbox providers are typically headquartered somewhere where they can just burn DMCA notices. The servers themselves are also often located in piracy friendly jurisdictions (the Netherlands used to be common, not sure what’s current).
They usually come pre-installed with a remotely accessible torrent client like Deluge, Transmission, etc. Also often includes other software like VPNs, Plex, etc.
You should be relatively safe using one. The server does all the torrenting, you just download the files over FTP so you never appear in the swarm directly. It’s also a huge pain in the ass for law enforcement because it becomes international quickly. You’re in country X, the server with its IP in the swarm is in country Y, and the company that has the rental agreement with the data center for the server is in country Z.
Anecdotally, I used to spend some time in the space and I can’t recall a seed box provider ever getting raided. I think they just generally don’t bother with folks technical enough to go that far; there are easier fish to fry.
It's by the way interesting idea that developing countries entertrainment industries may develop very differently due to internet piracy being already prevalent, though foreign investment may lead to this not happening, IE an "agreement" like TiSA or TTP will mean laws that lead to loss of investments like "no copyright" would become "illegal."
I'd hope someone prepares for that, and when it happens proposes a vote or public address, for laws that make the attempts backfire.
> The servers themselves are also often located in piracy friendly jurisdictions (the Netherlands used to be common, not sure what’s current).
Definitely not piracy friendly jurisdictions most of the time, most are located in Netherlands (most popular), Germany, Canada, United States, Finland and France.
> I used to spend some time in the space and I can’t recall a seed box provider ever getting raided.
Most seedbox providers don't officially allow piracy and don't promote piracy and will listen to valid legal requests, they're safe, you aren't. If they get in legal trouble that involves you, they will totally throw you under the bus to save themselves.
A lot of seedbox providers also don't allow public trackers because that attracts legal notices.
> It’s also a huge pain in the ass for law enforcement because it becomes international quickly. You’re in country X, the server with its IP in the swarm is in country Y, and the company that has the rental agreement with the data center for the server is in country Z.
Actually, it really isn't.
They just don't care as long as the providers stay legal (example: Whatbox (Incorporated in Canada, servers in NL and US) and RapidSeedbox (Incorporated in Hong Kong, servers in NL) started forwarding the legal notices to their users to avoid issues, Ultra.cc (Incorporated in Singapore, servers in NL, CA and Singapore) and Hostingbydesign (Incorporated in Denmark, servers in NL and DE) blocked some trackers to avoid issues)
It's when you stop following the law that you get into trouble, like Hostingbydesign's owner who ran another seedbox provider and got arrested, sentenced and fined when he knew about the piracy and ignored it.
They’re guaranteed to be permanently online as much as such a thing can be for $20/month or whatever. They don’t shut it down if you’re not using it, if that’s what you’re asking but they do occasionally come down for upgrades/migrations/incidents/etc. I’d ballpark most providers in the 99% uptime range.
Some provide root, some don’t. Last I checked, you’ll pay more for root because most of the servers are physical so you have to rent a whole server basically.
The servers are typically IO bound on the NIC so they aren’t super picky about what you do with CPU and memory. They won’t let you run a crypto miner or do heavily parallel transcoding, but if you want to chuck a Python+SQLite web app on there I doubt they’d care.
Depends on the seedbox most will give you root/ssh, others just give you a APi/web interface to a managed torrent client which can be convenient. Check r/seedboxes
How much would you pay for that - compared to existing VPN solutions? You can find cloud hosts or server rentals in Bosnia, Colombia or wherever fairly easily.
You can technically just get any ol' VPS and install the respective/relevant software on it. Just check that the VPS provider doesn't forbid torrenting/etc. in their ToS, I guess :)
I used to do this, but virtually all streaming sites etc block VPS IP ranges now. The beauty of OPs idea is that you get a nice domestic IP instead of one belonging to AWS/GCP/etc.
I've also resorted to putting tailscale exit nodes in foreign relatives homes with Pis in the past.
There are enough weird issues with pretending to be a domestic internet connection from a VPS IP that I've given up trying.
>Just check that the VPS provider doesn't forbid torrenting/etc. in their ToS
They almost always do. But many of them forbid only in tos, and not exactly do something about it
providing such a service (-network) is a popular monetization option for all kinds of useless crapware. this is very useful, but even more shady than regular vpn providers.
Actually in New Zealand getting into trouble for downloading is fairly rare.
The Studios and Music Companies lobbied and got a law passed but the ISPs managed to have the law include a small charge ($20 from memory) for each notice. So the Movie/TV people never bother sending any notices and the music people only rarely do it.
sudo systemctl enable dnscrypt-proxy (or system service dnscrypt-proxy start|enable)
sudo mv /etc/resolv.conf ~/resolv.conf.bak
sudo rm /etc/resolv.conf
sudo nano /etc/resolv.conf
nameserver 127.0.0.1
#back up to dns over plaintext not recomennded if your dnscrypt-proxy service stops for whatever reason (enable in systemd, too lazy to write here)
#nameserver 1.1.1.1
sudo chattr +i /etc/resolv.conf
Always use DoH / DoT (DNS over HTTPS / TLS)
in firefox, settings -> DNS in search select Max protection choose NexDNS, make a NexDNS account for further privacy/setting up your local DNS restrictions like ad/tracker blocks
or use cloudflare.
Cheap VPS proxy:
on a VPS, do said dnscrypt-proxy
ssh -D 8080 -i ~/.ssh/sshkey username@vps.server (always use SSH key auth, no passwords)
in firefox, set up proxy 127.0.0.1 8080 select 'Use DNS through proxy' - can set proxy settings at OS level to use DNS.
There's some options for you. Tailscale works, haven't tried it though.
Both openvpn and wireguard protocols are trivially blocked by DPI. Why do people make custom protocols today? Everybody should use something standard and indistinguishable, like QUIC, DTLS or TLS1.3, for their transport layer.
The first project (swgp-go) which makes traffic resemble random noise, can be trivially blocked. The DPI calculates the ratio between number of 0 and 1 bits, and if their amount is approximately equal, and traffic doesn't match allowed protocol (like HTTPS), then the connection is blocked.
If you don't want to stand out you should use steganography and masquerade as a legitimate and popular protocol. It seems that MASQUE does exactly this.
HTTP/3 is QUIC. So you can tunnel whatever you want over a connection that is not reliably distinguishable from HTTPS. (You can do heuristics based on packet sizes and timings)
Much more effective, really. I built one such self-hostable proxy on Cloudflare Workers & Deno Deploy: https://github.com/serverless-proxy/serverless-proxy (http-tunneling only works on Deno Deploy, and requires an enterprise plan on Cloudflare but tunneling with websockets works on the free plan, as well).
My observation is that if you use a tunnel not for VPN (which typically uses one long connection) but for a SOCKS proxy (which requires a new connection for every proxied connection) then the timings strongly resemble real HTTPS timings.
> Both openvpn and wireguard protocols are trivially blocked by DPI.
Not so trivially as it seems. I use wireguard from Russia despite their efforts to block it. It needs some tricks to connect, but it works. I believe that openvpn will work too with those tricks.
> Everybody should use something standard and indistinguishable, like QUIC, DTLS or TLS1.3, for their transport layer.
Let them first learn how to block wireguard properly. No point to show them the full scale of the problem they face, so they could get more funding. :)
On a more serious note, it is whack-the-mole game, the idea that sounds like "everybody should use X" for some value of X is not a good idea. Everybody should look for their own way to bypass censorship, and they should do it with as much creativity and tech skills as they have.
Wireguard connection starts with an UDP datagram starting with bytes 1, 0, 0, 0 if I am not making a mistake, so it can be easily detected by DPI unless you apply some "tricks". Of course I understand that you can use you own version of protocol where these values are changed.
You can start with studying research work about Chinese firewall to get the idea how DPI usually works [1]. Then you can start up a Wireshark and try sending different packets and see which are blocked and which pass through, or experiment with modifying VPN packets to make them pass through.
To experiment with this you need to buy a VPS abroad.
If you don't want to do that then you can search for existing utilities like: GoodbyeDPI, XRay/reality, AmneziaVPN etc.
> Both openvpn and wireguard protocols are trivially blocked by DPI.
I don't understand why this matters, it's not like your ISP will ever block this kind of traffic since every company that has any form of IT department uses some form of VPN making it not only a legitimate kind of traffic but also quite common.
I'd think that companies use commercial grade internet, and normal people use residential internet. If so, then it would be easy to imagine that the ISP blocks some features for the residential subscriptions.
Most companies certainly won't be using "commercial grade internet" in the way that term is usually used. That would usually be reserved for large enterprises, which really only covers a small part of the workforce in practice.
Many businesses don't bother even subscribing to a business package, because something like a static IP is unnecessary for them.
Further, the point regarding VPNs still stands -- think of the chaos it would cause for many people working from home (on residential connections). And that's just one example.
I don't find it plausible for an ISP to block this.
Actually, there is "commercial grade internet" at least in my country. The main difference is that it is several times more expensive, and in the office buildings the owner doesn't allow ISPs with cheaper "residential" plans.
Business, yes, that was the word I was looking for, thanks! So the ISP could just limit the residential packages, limit the business packages to actual businesses, and that's all.
> something standard and indistinguishable, like QUIC, DTLS or TLS1.3, for their transport layer.
Exactly this does exist, search for xray / xtls-reality.
A node pretends to be a valid web site, with a valid third-party TLS certificate (like a CDN node serving that website), until a correct secret key is presented, then it looks like regular TLS-encrypted web traffic.
E.g. https://github.com/XTLS/Xray-core — most documentation, sadly but expectedly, is in Chinese and Russian, because these folks seem to need this most.
I actually did some fiddling with Wireshark, and it looks to me that it should be easy to make a tunnel masquerading as TLS 1.3 in Python. Firefox's TLS requests mostly look the same except for several fields (like RandomId, SessionId, SNI) and it is easy to write a tunnel in Python that would send similar initial packets (so that they look exactly like the ones sent by the browser), and after pretending to setup a TLS session, incapsulate real traffic as TLS Application Data records. You don't need to implement real TLS protocol, you just need to make several initial packets by template.
The project you mentioned seems to be pretty complicated; I think it is possible to implement the tunnel in a single Python file without any external libraries. But I was not intending to implement any serious crypto, just masquerade traffic.
Yes, I saw that project and even the English documentation is not easy to read.
Yes, Xray does more than just making the traffic look like typical web traffic. It also makes the open VPN server port look exactly like a port serving a legitimate third-party site, with the proper TLS certificate and all. Put it on port 443, make it proxy something like samsung.com or whatever else your censors find inoffensive.
This protects the VPN node from being blocked after a port scan, and gives you plausible deniability: "Yes, I have visited this IP. Let's open it. Ah, I just wanted to look at the newest Samsung phone model."
DNS-based blocking? As someone living in a country with ever-increasing internet censorship, that's not blocking, that's a trivially ignorable gentle suggestion to not visit these sites.
You need to spend more time with the normies. 99.8% is probably an exaggeration, but if so, not by much. It's easy to forget just how little the average person knows, or wants to know, about how technology works, or their ability to change it to their advantage.
The vast majority of people not only do not understand DNS, they couldn't tell you with any specificity what a domain or IP address even are, and they're afraid of doing anything which might break their computer in a way they don't understand enough to fix.
Doesn't require much understanding to bypass a DNS block or use a VPN.
Easily two thirds of FiFo (Fly In | Fly Out) mine workers in this state, the full on beer swigging head butting rail labourers et al have a rough understanding of the problem and have traded a carton or three with a mate of mate to fix it on their phone | home network so they can get all the p0rn and free movies they can watch on time off.
Real understanding of layered networking protocols from fibre and wire upwards is rare; bypassing DNS blocks is common as muck even sans that fancy CISCO certification.
in fact I would say >90% of -internet users- who are motivated to do so would figure a way to bypass the block. And they don't need to know DNS for that. They find some board that gives them the steps necessary without needing to understand how it all works. Or they know a guy. Why are they motivated? Probably for games, videos, netflix, social media, etc. The walled gardens would motivate them.
Thing is here, only a minority are going to be "into" the pirate site scene, so way less are motivated in the first place. And a lot of them probably have a perfectly fine way to get their stuff from non-blocked pirate sites.
When I look at my grandma use the internet, she knows very little about it, but if she's motivated to do something with tech she always seems to figure out a way.
It's a hard stop because Germans don't really care so much. They are rich enough that they can just pay for a legal streaming platform or to just buy the movies and games.
In actually poor countries where the price is a real stumbling block, people do figure out how to use the required tools. In Eastern Europe, usage of torrent is common knowledge among average people. Everyone has some friend or family member who will explain and install it for them and they are motivated to learn. It's remarkable how much better people become at computer skills once it's about getting access to your favorite TV shows, movies or games.
> In Eastern Europe, usage of torrent is common knowledge among average people. Everyone has some friend or family member who will explain and install it for them and they are motivated to learn
Germans are not using torrent not because they don't have the knowledge but because they will get sued unless they take other anonymization measures that cost money and slow down speed so why not just pay for Netflix. In developing countries enforcement is not so great that's all
The solutions are just a Google search away and easy to implement. If that stops anyone even slightly motivated I must wonder what they are generally able to achieve with a computer.
For your anecdata is somewhat relevant you need to know around 2,000 people well enough to accurately judge whether they're capable of circumventing a DNS block :-)
> wonder what they are generally able to achieve with a computer
Stuff they actually do day to day. Scroll social media, use messaging apps, watch Netflix, Youtube, Twitch etc, in the older generations (millennial and up) also email and MS Office.
1. Cynically, for bureaucrats to be able to claim they're doing something about an issue the politicians care about, but which the bureaucrats think is a non-issue.
2. Less cynically, to take away plausible deniability for the torrenter about whether the thing is allowed or not.
The use of clearing here means something like https://en.wikipedia.org/wiki/Clearing_house_(finance) , i.e. an independent body so that copyright holders don't have to contact every single ISP, and ISPs just have to argue against the DNS blocks with a single party instead of many copyright holders.
It's even simpler: Those blocks are implemented in DNS. Pick 8.8.8.8 or some other public DNS server and blocks are bypassed.
(And pick another ISP - it's their job to provide neutral net access, not mess with it, especially not mess with it without court order or something just by request of some private companies)
Most stock ISP routers in Germany I've seen allow you to set custom DNS in a straightforward manner.
And even if they don't, for a few years now there is a law that guarantees you the right to choose your own router (because previously we had quite bad bundling that forced you to rent the ISPs router), so ISPs can't lock you in like that.
There are two types of routers consumers get here. Those where you can nearly change everything regarding DHCP and such and those given you by cable companies where you can’t even change the IP address of said router.
The latter usually allows you to disable its IPv4 DHCP sever though but enforce itself as the IPv6 DNS server across your network, which can’t be disabled on your own.
I am sure if you use DoT or DoH it's going to be very hard for ISP to block using your own DNS even if you rented a modem/router from them. It does need client-side support though.
No need for client support, you could just deploy it on a Linux vm running somewhere on your network and let that be the dns server served via dhcp.
For extra points you could deploy a firewall which intercepts all DNS requests and forwards them to that machine. Some apps have hardcoded DNS servers and ignore what you have configured.
Not really! You can buy a router that ships with OpenWrt out-of-the-box and just toggle a little checkbox. Plug that into your ISP's router (or use a wireless bridge in client mode, that's supported, too) and connect all of your devices through that. Now all your devices use DoH and don't even know it.
not really feasible for non technical folks but at that point you start to run a dns proxy in cloud with static ip and proxy all your dns requests using DoH to that IP. That would be really hard to block without blocking all outbound https connections
how does that work? You can just set your operating system to not use the ISP provided DNS server, even if the ISP provided router/modem is locked and cannot be changed.
They could block all outgoing traffic to port 53, although you could work around that by setting up a DNS server on a different port outside the network
I'm in Germany, and running my custom opnsense router with adblocker DNS connected to one of the big DoH providers. Never had any issues, not even with using plain old DNS in port 53.
Vodafone Kable, so YMMV.
Always a bit scared to switch providers of course, you never know if you get cgnat and blocked DNS servers. They are building a Deutsche Telekom fiber to our street this summer. It's tempting for the 200 Mbps uplink, But I have no idea is it then CGNAT and do they even provide real IPv6. It's never mentioned in the advertisement.
Telekom DSL and fibre should normally be full IPv4 + v6 dual stack – they're the former state operator and have a relatively generous IPv4 address allocation.
I've run into a different problem: Akamai apparently uses DNS in order to steer you to the correct portion of their CDN, and the set of servers returned by third-party DNS servers turns out to have abysmal peering with my ISP. So third party DNS isn't really useable for me unless I'd run my own custom resolver in order to special-case Akamai.
Yes I'm pretty sure this is what they do. The DHCP from the router gives 75.75.75.75 and 75.75.76.76. I've tried overriding that with different resolvers in my /etc/resolv.conf and it doesn't work. And logging in to the modem/router config does not offer any option to change DNS settings.
I just tried it. I enabled it at the "Max Protection" level, used the default provider setting (Cloudflare) and it works. So it seems the answer is yes. So that's a pretty simple workaround that covers most cases. I'm guessing that most of the DNS lookups that people would want to be private are happening via a web browser.
As this particular issue of DNS blocking pertains to Germany: By law (EU Commission Directive 2008/63/EC and national law TKG § 73 Abs 1) the ISP must allow the free choice of routers and has to provide all access codes. So even if an ISP provided router would be uncooperative, there is always the choice of just not using it.
Is it possible to use your own router/modem for Comcast? Between my last two apartments and my current one I've had Spectrum, Optimum, and RCN as ISPs in the past decade or so, and with all three of them I was able to use my own router and modem (doing a quick google ahead of setup to make sure that I found instances of people online saying the hardware I had worked for them). It definitely _shouldn't_ be something people have to do in order to be able to have unrestricted internet, but sadly it's far from the only thing that sucks about ISPs. In my current apartment, I have no other option for ISP other than Spectrum, and they seem to get outages far more often than they should (and don't "notify" me until around 20 minutes after I check their website for outages in my area and it says there aren't any).
You can always plug your own router into the LAN port of a shitty ISP's combo modem/router device, too, even if they won't give a connection to any other device than their own and they defeat all your spoofing attempts.
I haven't used a proprietary router in my entire adult life, except as a WAN connection for my 'real' router with some shitty ISPs.
Yes, you can use your own modem, but they give you incentives to use theirs. You can also put their combo modem/router into bridge mode and use your own router. But that's a bit more of a reach for the average person, vs. just changing the DNS addresses in a config page (which is already more than 95% of people will do).
My cellular ISP doesn't seem to be bound by that, even though every cable ISP I've been with has. :(
If there's some US law I can cite at them like a magic invocation to make their dumb combo device go away in favor of my own cellular modem, though, I'd like to.
They don't block them generally, but their newer consumer modem/router/WAP "appliances" do. If you use your own, you can set whatever DNS you want, but you will have lower data caps and lose some incentive pricing that you can get if you use theirs.
I'd guess if you get business tier service you have more options also, but I've never had that.
I was on ordinary residential service. At the time, using their device cost more money than BYO, and the data caps were identical (or rather, there mostly weren't data caps).
Besides my opinion about file sharing this scheme seems to bypass the legal system but pretends to be based on legal grounds. What we have here is [more] privatization of the legal system and bypassing democracy.
To state the obvious: If you have someone doing things you don't like in office you can vote them out and replace them with someone who doesn't do those things. This is already a slow and cumbersome process that may take decades to materialize.
Or does this provide a framework for implementing direct democracy? Have a website with law proposals that can be implemented in a privatized way, have the citizens vote for and against them then pressure corporations to implement them.
Copyright monopolists employ lobbyists. They basically buy laws which favor and protect their own monopolies and rent seeking. Voting does absolutely nothing to stop this trillion dollar industry.
Other than sci-hub they seem to be almost wholly sports and movie sharing sites (one site I saw had Nintendo switch games). Surprised that libgen is not on the list.
>the site also links to various options available to the public to circumvent the blocking efforts. This includes switching to third party DNS resolvers
says what is blocked is at the DNS level; I guess that means not blackholing routing to the IP addresses
interestingly, the benchmark sites I use to conduct my censorship research are not even in their list?
My theory is that DNS blocking is chosen deliberately. There are more effective means of blocking, but if the bypass is just 5min work, those who care will bypass it and those who don't care enough will get blocked.
It's just after people get accustom to having a censorship infrastructure in place, it slowly starts spreading like cancer and gaining momentum...
Since you didn't get a serious answer yet... Yes, VPNs typically use their own DNS and NordVPN is no different. As far as I've seen, the copyright trolls in Europe always go for the lowest hanging fruit which are the IP addresses of residential users. I imagine IP addresses belonging to servers or VPNs are basically disregarded.
I'm using many of the book sites and general torrent ones (I won't name them here), but none of these are on the list.
I also think the point is kinda moot because everyone doing torrents in Germany will already use VPN because it's only a matter of time before you get serious letters from lawyers there, demanding about 400 euro per move they've seen you download. ISPs always cooperate in giving subscriber info for each IP. Some lawyer firms actually specialise in this and go after downloaders on their own.
I wonder if they leave the big torrent sites out to provide income for these lawyers?