Let’s imagine the following situation
Let’s suppose that a government (in any country) intends to block on Internet what it considers as illegal content. After many deliberations but without any judicial review, this government allows the filtering of Internet, under the supervision of its police’s services. I am not even getting into the ethical issues that this solution raises – I already wrote a lot about it (on my blog for instance).
Let’s shift our focus on the technical aspect of this proposed suggestion and the obvious consequences it has. As I already mentioned in a previous article: “Centralizing again what should not be centralized will undeniably weaken the Internet’s resistance, which will thus be more vulnerable in the event of an attack or side-effects.”
The problem now is to find a way to become proactive regarding these risks, and not spend time enduring -sooner or later- the malfunctions that will certainly come up.
Filter by using servers’ names
The solution chosen by the “government” we were talking about, is to filter websites’ accesses through the server’s name resolution mechanism (DNS). This “resolver”, often offered by the internet service provider, is what enables the connection between the website you want to access (www.witbe.net for instance) and the physical address of the server supposed to answer this request (22.214.171.124) to be established.
But on many levels, this method is risky, because of:
- Over blocking risks: as it is dealing with an entire server and not the specific webpage that has illegal content
- Uselessness of the solution: considering how easy it is to bypass this type of control
- Overbid risks… when it will be figured out that it is easy to go around this measure, there will be a risk to force the Internet Service Providers to accept resolution name types of request only from their own servers, “under the control” of the government – or even force DPI mechanisms (Deep Packet Inspection) to go even further in controlling who does what, where and when?
- Political risks: for now, we’re living in a democracy. What is going to happen the day we decide -for security reasons- to centralize again the operating of Internet networks, and this control falls into the wrong hands?
- Risks regarding side-effects, and especially the introduction of technologies, modifying the normal Internet mechanisms’ functioning (resolver, routing…), through the introduction of exceptions.