Well, I can't read German, but don't need to to know there's a bit of creative license involved here - I was never consulted in any form about the article, nor was I involved or familiar with the proposed German system.
But what would I have said if asked? There's certainly an opportunity here to be crucified for something I do say. Suppose I had been asked for an opinion on the proposed German system?
First, I'd say that I keep my nose out of German affairs. There's a quote attributed to John Quincy Adams, an early American President, which says "We are the friends of liberty everywhere, but the custodians only of our own." I'd apply it to the present to say that while I'll advocate a position for the US Internet, and recommend it to others, it's up to them to decide their own policy.
Second, I oppose censorship, malware and child porn and don't see that I have to let the bad guys of the Internet loose on child surfers, the general public, or myself in order to support liberty. But there are choices involved.
But let's focus first on the DNS, and then on Nominum's role in the DNS.
In the public Internet the way I get to Obama's message is to access Whitehouse.gov, the Internet site of the current US administration. My local DNS server takes "whitehouse.gov" and translates it to the IP address with the web content. If I wanted a gambling site, I might go to FullTiltPoker.com. Since there are certainly thousands and maybe millions of websites with titles that suggest the full range of pornography, I'm sure I could find almost anything with a certain amount of work. There are also sites that are not at all what they seem: Whitehouse.com has no apparent connection to Whitehouse.gov though it offers "healthcare reform" information at the moment. Occasionally, legitimate websites are hacked to have graffiti or even malware that's hazardous to you.
So it comes as no surprise that the original idea of a totally open and consistent DNS has yielded to the practical reality thatit's possible to limit access and improve security by preventing the DNS from accessing certain names and providing those IP addresses or the like:
- The first, and most popular version, allows companies to "hide" domain names used in their internal network from the outside world. Hardly anyone objects to that.
- The case for today is whether to use the tactic to limit access to child porn, hate speech, political opponents, malware sites, or say evolution or creation science.
The practice is akin to filtering by IP address, URL, or other criteria. And obviously, there are many, many, different opinions on what is "undesirable".
As a practical matter, I say it isn't censorship if I have an unfettered choice of nameserver. Second, I want my default DNS to be filtered. I may want unfiltered DNS as well if I want to run a honeypot which offers itself to malware in order to see what attacks. I'd love the ability to have different filters for my use and my children's. There's a wide variety of reputation sources around to do the filtering, and what I really want is a combination of mulitiple reputation sources, both blacklists and whtelists.
OK, what about Nominum?
The technology here is still under devlopment, and Nominum provides a way for ISPs to do DNS filtering. ISPs have been doing such filtering before Nominum and for almost as long as the DNS has been around, but making it effective, configurable, and selectable still needs work.
It's not a complete security solution; for example, it doesn't look at the content of a website or email. I'm neither censored nor protected if I choose to use a name server that doesn't filter. I'm protected but not censored if I knowingly use a filtered name server. Providing at least both options seems like the right choice.
There's a sea of details and choices, and many folks are working to address them.
(By the way, I use advice from the Guide Michelin to filter what restaurants I go to; perhaps ZDnet should investigate why the Guide Michelin does censorship around the world.)
No comments:
Post a Comment