A German ISP tampered with their DNS - specifically to sabotage my website
130 points by freddyb
130 points by freddyb
This is from February 2025. The latest is here: https://lina.sh/blog/cuii-gives-up
I live in Germany and didn’t know this was a thing. Saw the list on Wikipedia and it made me wonder, what stopped them from blocking piratebay and other very famous torrenting platforms?
I personally was not affected by this, but it’s good that they have been exposed and now require proper court procedure before they can be the judge, jury and executioner.
That’s the company I work for (in Spain, but they also do blocks here), and this is one of the things I’m most ashamed to say. I think we’re loosing the battle. Some western countries block because copyright, others are starting to do it because “security” and “children” (UK, Brazil, …). At least now, according to @Student link, there’s some auditing. Here in Spain, initially they said they just blocked Cloudflare, and some people here and in the orange site said that it was fine because Cloudflare didn’t collaborate. But nowadays we see more random websites getting blocked on football days, not hosted on Cloudflare. But there’s no way to see which ones were blocked in reality because there’s no public log what has been blocked! For example, last weekend some colleagues told me that there was an urgent fix that they needed to deploy for a router configuration system. It did not worked and it was because of our own football blocks!
When SOPA and PIPA came out, there was a coordinated response. This time around, there’s a whimper.
I feel like many people are waking up to the censorship machine, but there is a sense of inevitability and hopelessness about it everywhere.
Are you willing to strike with me?
Why would I strike? My employer is not part of the censorship machine* and treats me fairly. I’d be willing to participate in a demonstration for the free exchange of information and privacy.
* technically, everyone is part of the censorship machine by paying taxes and being complicit with The System.
What are you going to demonstrate? Your willingness to do what?
Protesting (which is what I think you meant to say), does nothing. You need to bring some new information to the table if you wish for the situation to change. “People are protesting this” is not new information.
We, the information workers, are the social group currently responsible for the bulk of GDP growth across the globe. We are not farming more, we are not mining more, we are not making more steel, we are automating work. So I think we do have some leverage. If we collective decide that we won’t tolerate this and withdraw our work, it will have an impact. The next obvious step is sabotage, but we don’t necessarily have to go there if we apply our soft power correctly.
Protesting (which is what I think you meant to say), does nothing.
I meant to say exactly what I wrote. Demonstration. Also, citation needed. There are many historical examples where it worked or at least moved things in the right direction.
I apologize, I went by my linguistic feel which seems to be misaligned with mainstream basically using protest, demonstration and rally as synonyms. It’s a shame we do not have better means of communication.
I feel it would be useful to communicate the difference between “a large crowd of people came, in organized fashion, laid out their demands and list of steps they will follow if their demands are not met by given deadline, of which you can be sure given they have demonstrated their determination by organizing and attending this event” and “a large crowd of people came, clapped to random speeches about how bad idea the policy is and then went home, feeling like they accomplished something” without so many words.
So, how much are you willing to risk in order to prevent this policy from being enacted? So seem open to the idea of coordinated action, at least.
I also see some Internet freedoms that we have taken for granted in Europe being taken away from us.
That’s why I have been using Tor as my default browser since this year for most of my Internet browsing.
The experience has been quite pleasant until now, most of the sites that I use work without an issue, loading a page can sometimes take more time, but the difference is mostly negligible for me.
I see no reason for freely providing my ISP (or a VPN provider) with records of all of the sites that I visit, it is none of their business whatsoever!
Is not running your own DNS resolver at home good enough?
No, not at all. That still would not address the problem of your ISP knowing which sites you are trying to reach.
Sure, your DNS queries wouldn’t hit their resolvers, but the rest of your traffic will still be visible to your ISP. Your ISP knows exactly which IPs you are contacting after your DNS queries are locally handled.
When you reroute your whole Internet traffic through Tor, your ISP only knows that you are sending packets to a Tor relay, but it has no idea what the final destination of those packets is.
Take a look at this diagram from EFF, I think it is very informative at presenting the benefits to your privacy when you use Tor.
Although on the modern internet, increasingly all your ISP can tell is that you’re connecting to Yet Another Site Behind Cloudflare
This diagram is wrong. Whole NATO + Five Eyes have treaties and laws in place that ensure that ISPs are required to accommodate optical taps that provide carbon copy of all traffic to black boxes communicating with some kind of local intelligence service. All those services share data.
With all this in place, it is trivial to perform correlation analysis on Tor-related or VPN flows.
Just about the only realistic defense here would be drowning the Tor network in noise shaped as regular browsing.
But yeah, I guess it works for non-state actors.
Actually, you can see that the NSA is represented in the diagram, tapping the traffic from your local ISP and the ISP of the site you are contacting. So, this represents the scenario that you describe of an intelligence service sniffing on the Tor traffic and being capable of performing correlation analysis.
Yeah, but it’s missing NSA at the end user ISP. And if that same residential user ever uses non-Tor Internet and accesses a collaborating site (e.g. pays online), they get unmasked on the IP basis even without collaborating ISP. So ~NSA simply, to a good approximation, sees all metadata.
And now I’ve also realized this likely means Palantir will eventually see it as well. Sigh.
Even then, they could still sniff all your unencrypted DNS traffic if they were so inclined. You’d need to be using DoH or DoT to your preferred upstream DNS servers.
If you are exclusively browsing with Tor browser, you are not performing any DNS queries yourself, therefore your ISP only sees your traffic with the first Tor node.
“Tor transports the hostname (inside the Tor protocol) to the exit relay, which resolves it for you.”
See this discussion.
Oh, I meant for outside of the Tor browser. It was in response to “Is not running your own DNS resolver at home not good enough?”.
Author is an 18-year old girl. This reads like a Cory Doctrow novel.
And how exactly is this relevant?
I mean, pretty damn impressive for an 18-year-old (both the quality of writing and the technical content).
How do we know they’re 18? This is an anonymous person’s blog.
This thread is becoming a bit weird, but she says so in the very first sentence of her home page.
If this were a press interview conducted by a journalist who could verify the author’s age, it might be worth applauding their precociousness. But I get the impression from the author’s story and follow-up post that they prefer not to be known, so it weirds me out that people here are talking so much about their identity. So yes, agreed, let’s stop, please.