But you know that it is already daily business that Swiss ISP's are
blocking websites?
Just an example:
https://www.esbk.admin.ch/esbk/de/home/illegalesspiel/zugangssperren.html
https://abuse.ch/
I had already requests from customers to grant them access to phishing
sites, only that they can enter their usernames and passwords (facepalm)...
Then phishing and malware is one thing, but there are also connections
to botnets which are used for DDoS etc., so it is also a precaution for
ISP's to protect themselves (Infrastructure, IP-Reputation and so on).
Use other DNS-Servers if you want to be "free", but accept the risk.
Am 23.04.2024 um 09:45 schrieb Andreas Fink via swinog:
I disagree. Its not swisscoms role to censorship the internet. Even if the idea
might be honorable, to keep the bad guys out, the machinery put in place is
resulting in something which will be abused for political agendas. Given
swisscom is state owned, the risk is even higher. Its a risk to democracy you
should not under estimate. Maybe you are too young but you should read George
Orwells 1984 to see where this is going. I have been an indirect victim of a
blocking which costed me 10 years in court case and legal fees of half a
million stacking up. You can not imagine what political blocking can do to your
business. And here we have swisscom put a machinery in place that politicians
can just ask for it by the clock of a button. Now dont tell me they will not
use this powerful weapon one day agains someone they dont like their political
views of. Totalitarian states do it already up to certain extent (Russia,
Turkmenistan, US, Iran, middle east, Turkey...)
Am 23.04.2024 um 11:34 schrieb Daniel Stirnimann via swinog
<[email protected]>:
Yes, I understand the technical issues. And yes it's ugly. But do you have a
better solution?
Swisscom should stop tampering with DNS, as it does not work, and is no
solution to the problem.
I disagree, Swisscom still misses a lot of phishing and malware websites. I would
like them to be way more aggressive. Their support staff has to deal with calls
from infected customers. They might as well try as good a possible to prevent it
from happening in the first place. If you belong to the <0.1% of people who
want unfiltered DNS, just run your recursive resolver.
Part of the problem is that the user doesn’t get an error message at all, and
then mails us „hey, your website is down“.
Eventually, web browser will show better responses for none resolvable domain
names e.g. by utilizing Extended DNS Errors (RFC 8914).
EDE has code points for filtered or blocked DNS responses. Until web browser
care more about DNS, I advice to be as verbose as possible when you block
something.
For example, make the DNS output more verbose so that at least administrators
realize why a domain name is blocked. Swisscom could have used a CNAME in the
answer section to blocked.swisscom.com and they could also add an additional
section with a SOA indicating the origin of the blocking. The RNAME field could
be their report false positive email address and so on.
Daniel
_______________________________________________
swinog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
swinog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
swinog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
