[anti-abuse-wg] DNS Abuse, Abuse of Privacy & Legitimizing Criminal Activity

Richard,

We are in agreement about despots, thank you for adding semantics and
details. In order to communicate the problem, I found that it is
required to argue it in terms of "post-truth" otherwise, your pov will
be rejected, outright or, at best, result in very long explanations
(and being called a troll, etc) Many people are simply stuck in what
they think the truth is and showing them "another truth" is not that
easy. More so, if they are strongly opinionated DNS ops whom believe
that they are "doing the right thing"

Anyway, my main objection still is that we cannot legitimize
Distributed Denial of Service software. We cannot legitimize Brute
Force cracking Software - So we also cannot legitimize RPZ

RPZ is unethical.

************
Arguing that RPZ is used for good is EXACTLY the same as using a DDOS
tool to "take out" a network or server.

a botnet or drt-botnet can be used for "good" in exactly the same
fashion RPZ is used for "good"
************

RPZ is simply unethical and very wrong. There is no due process, there
is simple vigilante behavior. And there is lies to users and then
deception, on top of different lies.

Reference to President Elect Donald Trump and North Korea IS 100%
related to this WG, here is why:

RPZ is a tool that works in exactly the same way as nuclear weapons do:

If 8.8.8.8 tells you example.com is at c.c.c.c and someone else that
example.com is at q.q.q.q - and simply starts making up its own answers
it will be far too late for you to even try to explain to anyone that
there is a problem as the people that understands the problem and will
listen to you ARE GETTING FEWER each passing day.

Of course: 8.8.8.8 will be telling you these lies - TO PROTECT YOU, so
it is perfectly fine...?????


Then there is the simple TECHNICAL view: 
----------------------------------------------------------
DNS firewalls are stupid.

This is NOT the real reason we have RPZ...

The real reasons we have RPZ has NOTHING to do with abuse protection,
as it is a stupid tool.

The people that are actively using RPZ to "protect" their users are
finding that it is a piss poor method and that their users are as
compromized as any other non RPZ user pool.

"protecting users" is simply a smoke screen as the real reasons for RPZ
is quite EVIL.

And, it is EVIL for almost everyone (99%), from ethical ISP's, to low life cyber crime scumbags.

Andre

 

On Fri, 6 Jan 2017 12:18:30 +0000
Richard Clayton <richard at highwayman.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> In message , ox <andre at ox.co.za> writes
> 
> >The Bind software is the dominant DNS software on the planet.
> >
> >The IETF doc, relating to RPZ - is intended for Bind ops.
> 
> Not really -- it's an attempt to document what Bind does in a way that
> will make it easier for other platforms to do the same thing (it turns
> out that there's a lot of interaction with the innards of Bind and
> setting out the semantics in a way that is platform independent is not
> as simple as you might initially think).
> 
> >If left unchallenged, RPZ will become a standard (RFC)
> 
> Not in the short term and not in the medium term either... there is a
> difference between a standard and an RFC -- as Jon Postel set out two
> decades ago
> 
>         https://tools.ietf.org/html/rfc1796
> 
> >Which will legitimize it. 
> 
> As it happens, I agree with that view (since I think that many people
> completely erroneously conflate RFCs with standards).
> 
> >What I am objecting to, is that non ethical software and systems are
> >being legitimized.
> 
> As it happens, I agree that there are serious ethical issues with RPZ
> And I said so in an academic paper about ethics (as applied to
> research into online criminality) several years back
> 
>         http://www.cl.cam.ac.uk/~rnc1/ntdethics.pdf
> 
> I've recently re-expressed my opinion on the relevant IETF list, that
> the document should not be adopted by the Working Group.
> 
> Essentially I believe documenting RPZ in a platform independent way
> will lead to some Governments taking the view that they can censor
> the web by compelling the consumption of an Officially Endorsed RPZ
> feed -- at present, the fact that many platforms do not implement RPZ
> at all (or in what is probably an inconsistent manner) gives them
> some pause. I think we remove that (admittedly small for some regimes
> around the world) roadbump at our peril.
> 
> - -- 
> richard                                                   Richard
> Clayton
> 
> Those who would give up essential Liberty, to purchase a little
> temporary Safety, deserve neither Liberty nor Safety. Benjamin
> Franklin 11 Nov 1755
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPsdk version 1.7.1
> 
> iQA/AwUBWG+LFju8z1Kouez7EQKaMwCeOntURBJAr/IKbWtos9rb5yQzsOMAnRNO
> QmGUXnqCk56ANjr9wLoXHvxn
> =A6Jd
> -----END PGP SIGNATURE-----
>