Notebook (Posts about net neutrality)/categories/net-neutrality.atom2019-05-05T21:20:57ZToni MüllerNikolaBT hijacks DNS queries/posts/2015-02-12-bt-hijacks-dns-queries/2015-02-12T00:00:00+01:002015-02-12T00:00:00+01:00Toni Mueller<div><p>I just configured a new DNS name in one of my domains, which did not
exist before. The associated IP number is routed to Germany. But while
the name was not really up, the answer should have been NXDOMAIN,
meaning that the name does not exist. Example:</p>
<pre class="code literal-block"><span></span>$ dig blablablablabla.oeko.net
<span class="p">;</span> <<>> DiG <span class="m">9</span>.9.5-8-Debian <<>> blablablablabla.oeko.net
<span class="p">;;</span> global options: +cmd
<span class="p">;;</span> Got answer:
<span class="p">;;</span> ->>HEADER<span class="s"><<- opco</span>de: QUERY, status: NXDOMAIN, id: <span class="m">38513</span>
<span class="p">;;</span> flags: qr rd ra<span class="p">;</span> QUERY: <span class="m">1</span>, ANSWER: <span class="m">0</span>, AUTHORITY: <span class="m">1</span>, ADDITIONAL: <span class="m">1</span>
<span class="p">;;</span> OPT PSEUDOSECTION:
<span class="p">;</span> EDNS: version: <span class="m">0</span>, flags:<span class="p">;</span> udp: <span class="m">4096</span>
<span class="p">;;</span> QUESTION SECTION:
<span class="p">;</span>blablablablabla.oeko.net. IN A
<span class="p">;;</span> AUTHORITY SECTION:
oeko.net. <span class="m">139</span> IN SOA a.ns.oeko.net. hostmaster.oeko.net. <span class="m">1021018254</span> <span class="m">16384</span> <span class="m">2048</span> <span class="m">1048576</span> <span class="m">2560</span>
<span class="p">;;</span> Query time: <span class="m">10</span> msec
<span class="p">;;</span> SERVER: <span class="m">127</span>.0.0.1#53<span class="o">(</span><span class="m">127</span>.0.0.1<span class="o">)</span>
<span class="p">;;</span> WHEN: Thu Feb <span class="m">12</span> <span class="m">21</span>:33:53 CET <span class="m">2015</span>
<span class="p">;;</span> MSG SIZE rcvd: <span class="m">105</span>
</pre>
<p>But instead, they gave a fake answer:</p>
<pre class="code literal-block"><span></span>$ dig bla.oeko.net
<span class="p">;</span> <<>> DiG <span class="m">9</span>.9.5-8-Debian <<>> bla.oeko.net
<span class="p">;;</span> global options: +cmd
<span class="p">;;</span> Got answer:
<span class="p">;;</span> ->>HEADER<span class="s"><<- opco</span>de: QUERY, status: NOERROR, id: <span class="m">9013</span>
<span class="p">;;</span> flags: qr rd ra<span class="p">;</span> QUERY: <span class="m">1</span>, ANSWER: <span class="m">1</span>, AUTHORITY: <span class="m">0</span>, ADDITIONAL: <span class="m">0</span>
<span class="p">;;</span> QUESTION SECTION:
<span class="p">;</span>bla.oeko.net. IN A
<span class="p">;;</span> ANSWER SECTION:
bla.oeko.net. <span class="m">20</span> IN A <span class="m">92</span>.242.132.15
<span class="p">;;</span> Query time: <span class="m">32</span> msec
<span class="p">;;</span> SERVER: <span class="m">192</span>.168.1.254#53<span class="o">(</span><span class="m">192</span>.168.1.254<span class="o">)</span>
<span class="p">;;</span> WHEN: Thu Feb <span class="m">12</span> <span class="m">19</span>:55:14 GMT <span class="m">2015</span>
<span class="p">;;</span> MSG SIZE rcvd: <span class="m">46</span>
$
</pre>
<p>As a result, I am unable to check whether my DNS performed correctly,
until they deceided to throw the fake answer away.</p>
<p>Of course, this has huge potential for censorship of all kinds, which I
have seen in action elsewhere already. I am not the only person
aggravated by this kind of behaviour. Please follow the link below to
read other people's take on this problem.</p>
<p>Thank you!</p>
<p>Links:</p>
<ul>
<li>http://linuxforums.org.uk/index.php?topic=11464.0</li>
</ul></div>Joy And Fun with(out) Network Neutrality/posts/joy_and_fun_without_network_neutrality/2011-11-03T11:24:00+01:002011-11-03T11:24:00+01:00Toni Mueller<div><p>Just today I had an experience about what it can mean to have no
network neutrality, taken from my professional work:</p>
<p>A client wanted to check out his brand-new VPN gateway, utilising
<a href="http://en.wikipedia.org/wiki/Ipsec">IPSEC</a> from his road-warrior
client and a mobile connection, but it just didn't seem to work. While
testing, we found the following:</p>
<ul>
<li>The client could not ping his VPN gateway.</li>
<li>No ISAKMP packet arrived at the gateway.</li>
</ul>
<p>He then cross-checked with <a href="http://www.wireshark.org/">wireshark</a> to
see which packets actually leave the system, and found that the
relevant packets were being sent out by the PC, but didn't arrive at
his VPN gateway. This is a strong indication that <strong>the mobile carrier
blocked his IP packets</strong>.</p>
<p>This is not the first, but only the latest such incident I saw in my
career.</p>
<p>Needless to say, a carrier who blocks users' packets, is about as
useful as a car without an engine...</p>
<p>I demand that carriers who call their service "Internet", be required
to indiscriminantly allow all (halfway sane) packets through. I am
almost comfortable with someone blocking packets that have no return
route (ie., if someone spoofs their source IP number), but that's
about all restrictions I can think off the top of my head that I might
consider acceptable.</p></div>Net Neutrality, Customized/posts/net_neutrality_customized/2010-06-25T16:12:00+02:002010-06-25T16:12:00+02:00Toni Mueller<div><p>Over the last few years, probably everyone who believes in an open
Internet with non-discriminating access for all interested parties
understood that abolishing Net Neutrality would amount to at least
slowly, if not radically fast, driving small sites out of "the
Internet", ie. present them with barriers-to-entry that they just
can't meet. The result of such an effort would most likely be an
Internet that consists mainly of your favourite state's authorities'
offerings (aka "e-government"), plus the huge amount of
corporation-generated content. Like eg. gambling, advertising, online
television etc, but with a decreasing amount of actual user-generated
content outside of platforms like Facebook or Google-driven
stuff. Perhaps some of the more prominent non-profit projects would
also remain highly visible because they <em>are</em> already prominent, and
because some corporation deigns to sponsor their online activities as
an element of their marketing efforts, but the general tendency is
simply much in favour of big platforms, and against independent users
trying to create their online activity from the ground up.</p>
<p>The efforts to codify Net Neutrality into telecommunications laws
were, from my perspective, noticably supported by an initiative
including Google and other big corporations, roughly arguing that
abolishing Net Neutrality would result in all those small websites
that still may make up the bulk of all web content, becoming roughly
invisible because they will no longer be able to afford decent
Internet access. I fully agree with this assessment. I'm an avid
supporter of Net Neutrality myself, and strongly support the idea that
the Internet should be open to everyone, for any purpose, and on
basically equal terms, and not be reduced to a new technology for
distributing TV.</p>
<p>But now I come across a statement of how
<a href="http://www.datacenterknowledge.com/archives/2010/06/23/google-how-were-making-the-web-faster/">"Google makes the Web faster"</a>
by - gulp - <strong>giving higher page ranks to faster websites,</strong> arguing,
that websites which load faster, are beneficial to the user
experience. I don't dispute that a user might like faster loading
sites better than slow ones, but the question must be asked <em>why</em> some
sites don't load as fast as others. The answer to that question is, in
my opinion, quite often how much the web site owner can, or wants, to
invest in having his site load fast. I see this move by Google as a
change of course, now that they apparently have amassed enough content
and their own broadband interests, to gradually deprecate "foreign"
content, as much as all (other) carriers want to do, and to not
deliver the best <em>content</em>, but only the best <em>user experience</em>. I
understand that Google has to consider their growth, and their
position against competitors, but none of them elided the slogan
"Don't be evil!", and with the position of a market leader, there
comes increased responsibility, too.</p>
<p>To me, this move indicates that Net Neutrality, essential for a
"democratic" Internet, suddenly is not considered a value in itself by
those big players, but only an instrument that may be used against the
competition. I'd say that search (eg.) engines should be obliged to
not discriminate against smaller websites with less-capable hosting,
but exclusively rely on content-related factors instead. Their lesser
visibility will impact search ranking, anyway, since these
low-performing sites simply cannot be crawled as effectively and
efficiently, as can be well-performing sites.</p>
<p>I'd like to take a moment considering the possible impact, political
and otherwise, of this change in the ranking algorithm, and what it
would mean if the tuning would be adjusted further, giving even more
weight to speed. It would play more in favour of centralisation,
restructuring the Internet some more from a level playground for all
participants to a medium where ever fewer players set the rules for
everyone else.</p>
<p>I hope that Net Neutrality can gain enough independent support to
become not only the informal consent amonst old hands of the Internet,
but be secured for all those who possibly don't even yet know what it
is. But we, the users, need to make it happen. Please take the time to
ask your delegates scrutinising questions, and vote accordingly.</p>
<h3>External links:</h3>
<ul>
<li><a href="http://www.savetheinternet.com/">http://www.savetheinternet.com/</a></li>
</ul></div>