A recent clarification to draft domain name regulations by China's Ministry of Industry and Information Technology (MIIT) indicates greater engagement and openness with the domain name market, not a contraction as some had feared. Following the MIIT's announcement on March 25th 2016, the same Ministry issued a clarification on Wednesday March 30th stating that its new draft regulations will not affect any foreign enterprises or foreign websites from resolving in China. more
As a strong proponent of the private right of action for all Internet endpoints and users, I've long been aware of the costs in complexity and chaos of any kind of "blocking" that deliberately keeps something from working. I saw this as a founder at MAPS back in 1997 or so when we created the first RBL to put some distributed controls in place to prevent the transmission of unwanted e-mail from low reputation Internet addresses. What we saw was that in addition to the expected costs (to spammers) and benefits (to victims) of this new technology there were unintended costs to system and network operators whose diagnostic and repair work for problems related to e-mail delivery was made more complex because of the new consideration for every trouble ticket: "was this e-mail message blocked or on purpose?" more
Iran's political filtering during the recent 2009 presidential campaign and the role of the Internet in the post-election turmoil has brought a heightened level of attention to the country's Internet filtering system. According to a status report just updated by the OpenNet Initiative, the Internet censorship system in Iran has become one of the most comprehensive and sophisticated in the world. Iran and China are the only countries that aggressively filter the Internet using their own technology. Iran's aggressive filtering measures "have contributed to the implementation of a centralized filtering strategy and a reduced reliance on Western technologies," says OpenNet. more
The Egyptian government has disabled most Internet and cell phone services in an apparent effort to disrupt the anti-government protests gripping the country. Egypt's four primary Internet providers all stopped moving data early Friday, effectively cutting off Egyptians from the outside world and each other. more
I confess, I don't get it. Much has been written about the apparent desire by the United Nations, spurred by China, Cuba, and other informationally repressive regimes, to "take control of the Internet." Oddly, the concrete focus of this battle -- now the topic of a Senate resolution! -- is a comparatively trivial if basic part of Net architecture: the domain name system. The spotlight on domain name management is largely a combination of historical accident and the unfortunate assignment of country code domains like .uk and .eu, geographically-grounded codes that give the illusion of government outposts and control in cyberspace. more
Looking back at 2010, here is the list of top ten most popular news, blogs, and industry news on CircleID in 2010 based on the overall readership of the posts (total views as of Jan 1, 2011). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2011. Happy New Year! more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
One of the more persistent founding myths around the internet is that it was designed to be able to withstand a nuclear war, built by the US military to ensure that even after the bombs had fallen there would still be communications between surviving military bases. It isn't true, of course. The early days of the ARPANET, the research network that predated today's internet, were dominated by the desire of computer scientists to find ways to share time on expensive mainframe computers rather than visions of Armageddon. Yet the story survives... more
If a national government wants to prevent certain kinds of Internet communication inside its borders, the costs can be extreme and success will never be more than partial. VPN and tunnel technologies will keep improving as long as there is demand, and filtering or blocking out every such technology will be a never-ending game of one-upmanship. Everyone knows and will always know that determined Internet users will find a way to get to what they want, but sometimes the symbolic message is more important than the operational results. more
In a recent op-ed piece in TheHill.COM, some friends and I described the futility of mandated DNS blocking as contemplated by the SOPA (H.R. 3261) and PIPA (S. 968) bills now working their way through the U.S. Congress: No Internet user is required to use the Domain Name servers provided by their ISP. And if millions of American citizens who for whatever reason want to engage in online piracy can no longer do so because Congress has passed this law and their ISP is now filtering the citizen's DNS lookups... more
I've written recently about a general purpose method called DNS Response Policy Zones (DNS RPZ) for publishing and consuming DNS reputation data to enable a market between security companies who can do the research necessary to find out where the Internet's bad stuff is and network operators who don't want their users to be victims of that bad stuff... During an extensive walking tour of the US Capitol last week to discuss a technical whitepaper with members of both parties and both houses of the legislature, I was asked several times why the DNS RPZ technology would not work for implementing something like PROTECT-IP. more
Whistleblower website WikiLeaks has released the list of newly blacklisted websites by Thailand's Ministry of Information and Communication Technology (MICT). The list was leaked by advisory board member CJ Hinke, director of Freedom Against Censorship Thailand, according the WikiLeaks website. From WikiLeaks' announcement: "The 1,203 blocked websites are located in Australia, Brazil, Canada, Czech Republic, France, Germany, Hong Kong, Hungary, India, Ireland, Israel, Italy, Japan, Mexico, The Netherlands, New Zealand, Poland, Russia, South Korea, Spain, Sweden and Vietnam..." more
Forbes just published this article that's being shared all over my facebook friends feed. I left a comment on the article that I've copied and pasted here, as it is just about long enough to qualify as a CircleID post by itself... The problem is that peering isn't always settlement free -- and even if it is, if and only if there's an equitable amount of traffic exchanged between two ISPs. And then there's transit, where you pay another network to carry your packets for you. more
If anyone needs another reason why the UN should not be in charge of the internet, they need look no further than the upcoming UNESCO conference on "Freedom of Expression in Cyberspace." The United Nations Education Scientific and Cultural Organization conference will discuss "whether universal free expression standards should be applied to the Internet and how free expression can be protected while respecting individual privacy, national laws and cultural differences." The conference is being held in preparation for the second phase of the UN's World Summit on the Information Society (WSIS)." more
After the court's decision, the PTA ordered all the operators in the country to block the website, www.facebook.com, until further orders. It said the directives had been issued by the ministry of information technology and telecommunication in view of the LHC's order. All the ISPs of Pakistan have blocked access to all the hosting servers of www.facebook.com. ...all the Mobile Network Operators of BlackBerry Services in Pakistan were also trying to block access to the FaceBook.com but they could not do it because the Blackberry Services are routed through RIM... more