[dns-operations] FW: [IP] Sonic.net implements DNSSEC, performs MITM

Livingood, Jason Jason_Livingood at cable.comcast.com
Fri Oct 10 20:09:59 UTC 2014

Noticed this on another list. It made me wonder if it was worth resurrecting & trying to publish this old individual I-D, which contained recommendations for opt-in and opt-out, among other things that would have been useful in this case.

Old drafts:

- Jason Livingood

On 10/10/14, 2:33 PM, "Dave Farber via ip" <ip at listbox.com<mailto:ip at listbox.com>> wrote:

---------- Forwarded message ----------
From: "Lauren Weinstein" <lauren at vortex.com<mailto:lauren at vortex.com>>
Date: Oct 10, 2014 2:04 PM
Subject: [ NNSquad ] "Sonic.net implements DNSSEC, performs MITM against customers. Are they legally liable?"
To: <nnsquad at nnsquad.org<mailto:nnsquad at nnsquad.org>>

"Sonic.net implements DNSSEC, performs MITM against customers. Are they
legally liable?"

(Gname): http://permalink.gmane.org/gmane.comp.encryption.general/21150

    > Sonic implemented and deployed DNSSEC - and put it on their shiny
    > new servers along with an 'RBZ service' that censors supposed malware
    > and phishing sites.  And while they told their customers about
    > DNSSEC, they didn't mention the 'RBZ service.'
    > They didn't get prior informed consent from their customers.  In fact
    > they didn't inform their customers, beyond quietly putting up a few
    > mentions on webpages their customers normally have no reason to look
    > at.
    > They didn't provide a click-through link enabling customers to get the
    > content anyway.
    > And they diverted traffic to a page that does not mention who is doing
    > the diversion, how, or why, or how to opt out.
    > Black hats immediately found a way to get sites they dislike onto
    > the list of supposed malware and phishing sites.
    > Among the blocked sites:
    >   Local democratic party campaigners (first post).
    >   Financial services and markets - at a crucial time. (page 4).
    >   Software development sites (apparently some devs use the same
    >      utility network libraries used by malware devs, so the
    >      unknown-because-todays-compilation executables have code
    >      in common with known malware and aren't on the whitelist...)

 - - -

Lauren Weinstein (lauren at vortex.com<mailto:lauren at vortex.com>): http://www.vortex.com/lauren
 - Network Neutrality Squad: http://www.nnsquad.org
 - PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
I am a consultant to Google -- I speak only for myself, not for them.
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800<tel:%2B1%20%28818%29%20225-2800> / Skype: vortex.com<http://vortex.com>
nnsquad mailing list
Archives<https://www.listbox.com/member/archive/247/=now>[https://www.listbox.com/images/feed-icon-10x10.jpg]<https://www.listbox.com/member/archive/rss/247/11628208-43aa1cd2> | Modify<https://www.listbox.com/member/?member_id=11628208&id_secret=11628208-20874b84> Your Subscription | Unsubscribe Now<https://www.listbox.com/unsubscribe/?member_id=11628208&id_secret=11628208-33eb44fc&post_id=20141010143359:FDB071EE-50AB-11E4-9334-B5E9EBE6CC05>   [https://www.listbox.com/images/listbox-logo-small.png] <http://www.listbox.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141010/04570978/attachment.html>

More information about the dns-operations mailing list