Hacker News new | past | comments | ask | show | jobs | submit login
Cloudflare DNS Must Block Pirate Sites, Italian Court Confirms (torrentfreak.com)
58 points by rc00 on April 3, 2023 | hide | past | favorite | 47 comments



We predicted this would happen when cloudfare blocked sites at times for their own political reasons. They proved to the countries of the world that they are not independent or neutral, they do take sides, they are not impartial and they will censor.

Ironically the CEO of cloudfare explicitly and publicly recognised the danger the first time he did this, and then possibly forgot as they continued to do it as they preferred to be able to censor.

My own opinion is that it's necessary and often good to censor but it's worse to pretend and lie that you are some independent platform above such things.


You're right that they took a side, they fought the court's ruling twice according to the TFA.


Sad to remember that at one point, internet was decentralized and was not as easy to censor as today.


It's going to get worse as HTTPS everywhere becomes the unchangable default and Google/MS/Apple eventually drop HTTP/1.1 support from their browsers. Without the ability to even make a connection to an IP, not just a domain, without the approval of a third party CA corporation the web will become very much smaller and more easily controlled.


I don't expect the major browsers to drop HTTP for some practical reasons, namely logging into routers and captive portals.


Why does this make it worse? People who can override the DNS server their ISP advertises over DHCP can't just install an open CA, or use a browser that lets them bypass certificate verification?


I keep hearing this but afaik letsencrypt is free and doesn’t have restrictions on generating it.


Let's Encrypt is free right now, but it is still centralized. A court could order them to revoke certificates from specific websites and stop issuing new ones.


The more likely outcome wouldn't be a certificate being revoked, but a renewal of the certificate being declined. The certs are only valid for 3 months.


And this is why it’s important to have these CAs in different justifications.

It’s been a pain convincing companies to fund them though.


They could easily revoke your certificate, and deactivate your website.


DNS is still decentralized. Cloudflare DNS is just one of many.


It seems to have a big impact that the default DNS of Cloudflare WARP, a free VPN application, is 1.1.1.1.

There seem to be countless choices of DNS services, from big names like Google DNS, NextDNS and Adguard DNS to personal hobby projects, but in reality there are surprisingly few DNS services that are reliable enough for regular use.


Not really. Verisign can censor any .com, .net, or .name domain. Since they run 1 of the 13 root servers they can technically somewhat censor any domain by MitM all top level domains.


You can always host your own instance: https://www.icann.org/root-server-system-en


Yes, but in that case .com, .net, and .name would all still be censorable.


I don't know what you want.


A domain that isn't fragile enough that one company can take it down. Systems like namecoin or ens don't suffer from this problem because they are actually decentralized.


You have to host somewhere ... and that is usually owned by, you guessed it, one company. There's always a single point of failure, whether it is your power company, yourself (you will die one day, or get injured, or sick)... there are so many failure modes.

It is infinitely more likely wherever you are hosting your domain to shut you down vs. DNS.


Systems like Namecoin and ENS suffer from accessibility though because major browsers haven't adopted support for .bit or .eth domains.


You aren't wrong. Most people don't care about decentralization so browsers don't prioritize it either.


dns was never decentralized, but i am not sure it matters, probably 99% of the internet will be generated within 2 years or so

tbh sharing a hosts file with few friends and going back to talk(2) on a pubnix machine is a future i am looking forward to


The web is not the same thing as the internet, just a reminder. DNS is an underlying system to the whole thing.


At least this time Cloudflare is being ordered to do it, as opposed to just doing it because the CEO feels like it. I'm not sure which is worse.


The CEO restricting access to a legal site without a court order is way worse.


Just want to make sure we are talking about the same thing here.

The “legal site” you are referring to was the Nazi filled one that had the stated aim of trying to dox and harass minorities and kept a running tally of how many they could get to kill themselves?

That’s the one you are more upset about getting blocked?


Things people generally approve of have no need for protection.

It when you have to protect the rights of those who you find horrible that your principles are actually put to the test.

You failed that test here.


Nobody has to protect the rights of trying to drive people to suicide for their own amusement.

It’s good to draw lines in the sand otherwise you end up standing for nothing worth defending.

The argument was never to only defend things you agree with. That was something you just made up to reframe things so you could defend the Nazis and tell yourself you were actually just enlightened.


I like that Germany is honest. They straight up say - if you deny the Holocaust - we will put you in prison. The rules are clear. Everyone knows what to expect.

Meanwhile Americans say that they have the first amendment, freedom of speech, blah blah blah. But when you actually say what the law allows you to say then they will try to punish you anyway.

I hate this dishonesty and extra-judicial punishments. I prefer people who are honest.


I believe he passed. Absolutism in the defense of Nazis is a vice, as I see it. Cloudfare is not a government entity, concepts of governmental speech suppression do not apply to it.


In my county founding a Nazi or a Communist party is illegal. Pass a law that criminalises being a Nazi and put them in prison.


If whatever they are doing is illegal then sue them and get the site taken down with a court order.


You do understand that the internet crosses borders while national laws don’t right?

It’s perfectly ok in a personal and professional sense to have your own standards rather than just throwing up your hands and saying “well it’s not technically illegal… in this country”


Power and water providers could also have "their own standards" and refuse to provide service to people whose opinions they don't like.

See where this is going?

I prefer clear rules for everyone not - we have freedom of speech, but we'll find a way to punish you if you say something some rich person doesn't like.


Literally nobody is talking about that here. Once again you seem to be trying to reframe the argument into something so abstract that it no longer has any meaning.

In actuality we are talking about an incredibly specific and concrete thing here which you don't appear to be really interested in trying to defend head on for what I assume are obvious reasons.

That is the problem with just relying on these jingoistic approaches of "let the courts deal with it". There are a whole bunch of scenarios where that doesn't work. You and I both know that which means we need other options.

We can talk about where the lines should be and under what circumstances but not doing business with Nazi's who have a history of real world harm without relying on a court order to legally prevent you from taking their money is not in the same league as any of the scenarios you are describing. The argument you are making really doesn't stand up to even the lightest of scrutiny the moment you start to get into the details.


In my country a Nazi or a Communist site would simply be shut down with a court order, because that sort of thing is illegal here.

See - it actually works. There's no Nazi party here. Nobody is marching with Nazi flags. And nobody is hosting Nazi sites.

So pass a law that criminalises Nazism like most European countries have done.

I prefer clear rules of what speech is forbidden and not having extra-judicial punishments for speech that is legal.


I think you just failed the Turing test. I’m done here. Have a good one.


“Germany finds hundreds of Nazi-linked staff in security agencies

A German interior ministry report says a three-year-long review found 327 employees linked to right-wing extremism.”

Source: https://www.aljazeera.com/amp/news/2022/5/13/germany-finds-h...

Your logically flawed arguments are also wrong on a factual level.


99% of the times your ISP DNS resolver is a sensible choice.

For the rest 1% - `unbound` most likely is the answer.

Want something extra-fancy? https://pi-hole.net/

Valley companies, "European public" or others aren't the answer to your DNS needs.


Italy is on a role lately. ChatGPT, English, fake meat, this…


Next up: Italy bans Italy


Damn Italy, they ruined Italy.


[flagged]


Except that this is a court order and has nothing to do with the current government. You know, separation of powers, blabla. But it's just too easy to point the finger and yell "fascists".


Lmao you can call these incompetents and corrupts all the name that you want but it doesn't change the fact that they are not neofascists or else, they are just playing a role, pretending to be on the right, in reality they are only fraudsters who siphon public money



This is about their DNS resolver, it makes no difference if the sites ordered to be blocked make use of Cloudflare's services.


I wonder if "alternative remedies" mentioned in TFA will include following the example of Gutenberg Project in Germany.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: