[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
brad at stop.mail-abuse.org
Thu Jul 13 02:35:41 UTC 2006
At 10:23 AM -0700 2006-07-12, David Ulevitch wrote:
> I want to point out what we're releasing today in a test form for
> greater things to come:
> I hope this takes care of issues #1, #2, and #3.
Nope, Nope, and Nope.
> This should also
> make clear that a Site Finder comparison is inappropriate.
I disagree. The business model is such that you have a strong
incentive to direct people to your typosquatting advertisement pages,
as opposed to someone else's typosquatting advertising pages. Today,
you may be redirecting only those results which otherwise would have
resulted in NXDOMAIN, but it is very telling to read your own
discussions about what your own customers are asking you to do.
>> 4. because i don't want any central authority to see what Q's i'm
> Did you mention that to ATT and the NSA? Drop your peering sessions
> with them? ;-)
Paul can drop his peering with AT&T, if that suits him. I don't peer
with them, and I can't drop the peering with them that Road Runner
has, and I don't have a lot of options for alternative ISPs that do
not likewise have a peering with them.
Nevertheless, I don't want AT&T or the NSA to be gathering this kind
of information about me, and I don't want to tempt them to put in a
sniffer (or a paid informant) in some place where someone else is in
a position to gather this kind of information.
I worked at the Pentagon. I had clearance. I know how these guys think.
Any centralized collection of data *will* be abused by those in
power, sooner or later -- more likely sooner. Even if the data isn't
being collected centrally, they'll pass a law or the President will
sign an executive order and the FBI and NSA will send out their
letters, and if the data is passing through your pipes and you
haven't been collecting it so far, then they will come along and
either collect that data themselves, or will force you to collect it
> editing it. I also want to make it explicit what we do store and for
> how long so you know what we have on file if the DHS comes knocking.
Extreme Measures against the person who is guilty of that crime, you
still can't un-ring that bell. The only way to make sure that bell
cannot possibly be rung is to make sure that bell is not allowed to
come into existence.
> I truly appreciate the discussion here, hopefully those who know me
> know this is going to be done right and those who don't will figure
> out I do things right. To those of you who have sent me notes and
> bugs and ideas off-list, thanks so much. We've fixed a bunch and are
> working on the rest we know about.
I'm not worried about any of the technical issues. I'm not worried
about the people who are working there today.
I'm worried about where this precedent is going.
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
Founding Individual Sponsor of LOPSA. See <http://www.lopsa.org/>.
More information about the dns-operations