this post was submitted on 19 Oct 2023
357 points (95.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

69109 readers
207 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

🏴‍☠️ Other communities

FUCK ADOBE!

Torrenting/P2P:

Gaming:

💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
db0@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
Andromxda@lemmy.dbzer0.com
CosmicTurtle0@lemmy.dbzer0.com
tenchiken@lemmy.dbzer0.com
unruffled@anarchist.nexus
357
RANT: I hate the fact that my ISP can restrict access to certain sites (lemmy.world)
submitted 2 years ago* (last edited 2 years ago) by ad_on_is@lemmy.world to c/piracy@lemmy.dbzer0.com
95 comments fedilink hide all child comments
 

How can it possibly be, that an ISP, which I'm paying for gets to decid, which sites I'm allowed to have access to, and which not?

All the torrenting sites are restricted. I know, I can use VPN, and such... but I want to do it because of my privacy concerns and not because of some higher-up decided to bend over for the lobbying industry.

While on the other hand, if there's a data breach of a legit big-corp website (looking at you FB), I'm still able to access it, they get fined with a fraction of their revenue, and I'm still left empty-handed. What a hipocracy!!

What comes next? Are they gonna restrict me from using lemmy too, bc some lobbyist doesn't like the fact that it's a decentralized system which they have no control over?

Rant, over!

I didn't even know that my router was using my ISPs DNS, and that I can just ditch it, even though I'm running AdGuard (selfhosted)

you are viewing a single comment's thread
view the rest of the comments
[–] tordenflesk@lemmy.world 174 points 2 years ago (3 children)

...Just don't use your ISP's DNS.

[–] moreeni@lemm.ee 19 points 2 years ago (1 children)

Sometimes the block is on whole different level than a DNS

[–] noride@lemm.ee 4 points 2 years ago (1 children)

Yeah, even if they miss your DNS request, the ISP can still do a reverse lookup on the destination IP you're attempting to connect to and just drop the traffic silently. That is pretty rare though, at least in US, mainly because It costs money to enforce restrictions like that at scale, which means blocking things isn't profitable. However, slurping up your DNS requests can allow them to feed you false error pages, littered with profitable ads, all under the guies of enforcing copyright protections.

[–] moreeni@lemm.ee 2 points 2 years ago (1 children)

It's pretty much the only way they enforce stuff here in Ukraine. Back in 2015 when the government blocked social media websites tied to Russian companies and in 2022 when .ru domains were blocked, changing your DNS provider didn't help. I'm not sure about piracy sites, though, because everyone kinda doesn't care about this stuff here, but I don't think they would invent other mechanisms when they have a working one that doesn't rely on DNS.

[–] noride@lemm.ee 4 points 2 years ago (1 children)

That makes sense! Believe it or not it's actually easier for an ISP to block a whole country than select websites and services. We actually null route all Russian public IP space where I work, that would absolutely be plausible on a national scale as well.

It's imperfect, you can get around it, but it catches 99% of normal users, which is the goal.

[–] Case@lemmynsfw.com 1 points 2 years ago

Not just ISPs, it can be blocked at the enterprise level in a few clicks.

I was temping at a place during the pandemic when my hospitality based IT job shuttered. With their set up, I could just block a country in a couple clicks.

I didn't do the clicking, but we were getting hit with a DDoS from a nation we had no business in, and it was just blocked in a matter of minutes once the meetings and BS were attended to. Those took hours over days.

[–] lemann@lemmy.one 0 points 2 years ago* (last edited 2 years ago) (1 children)

Sadly doesn't work for gov level blocks that look at the SNI rather than blocking at DNS level

Edit: correction from ESNI to SNI

[–] Eufalconimorph@discuss.tchncs.de 0 points 2 years ago (1 children)

You mean SNI, not ESNI. ESNI is the Encrypted Server Name Indication that gets around that, though the newer ECH (Encrypted Client Hello) is better in many ways. Not all sites support either though.

[–] Snowplow8861@lemmus.org -1 points 2 years ago

Bring free on cloudflare makes it widely adopted quickly likely.

It's also going to break all the firewalls at work which will no longer be able to do dns and http filtering based on set categories like phishing, malware, gore, and porn. I wish I didn't need to block these things, but users can't be trusted and not everyone is happy seeing porn and gore on their co-workers screens!

The malware and other malicious site blocking though is me. At every turn users will click the google prompted ad sites, just like the keepass one this week.

Anyway all that's likely to not work now! I guess all that's left is to break encryption by adding true mitm with installing certificates on everyone's machines and making it a proxy. Something I was loathe to do.