47 comments

[ 3.5 ms ] story [ 101 ms ] thread
I don't see the value in a high profile stolen domain for a trader. Anyone have any ideas on why this would be financially worthwhile? I am assuming financial motives.
It would be valuable for a large entity to censor content that would make it look bad; by disrupting operations & breaking existing links to content.
This looks like a job for: Blockchain!

Seriously, though, imagine a public, distributed, append-only log, containing the hashes of the content stored by archive.is, with the data effectively signed by a (e.g. wallet) private key of the archive maintainers. People could volunteer to locally store copies of all the data that was archived, but only serve the data that goes "missing" from archive.is.

With such a dead man's switch in place, there would be no harm in archive.is taking down any content that they were threatened (legally or otherwise) over, and then other sites (hopefully too many to attack) could publish the taken down content, alongside the cryptographic proof that the data was originally published by archive.is.

You're right though that there would still be disruption, as the original archive.is links would (in the worst case) return unhelpful error pages.

or archive.is could just post regular signed backups. No need for blockchain, as there is no need to form a consensus in this case.
Yes, regular signed backups would be almost as good. What a blockchain adds is the inability to fraudulently backdate material (in case a key was compromised) and a financial incentive for making sure that at least the existence of the hash remains a public record (unless the value of the entire blockchain becomes zero, which is more likely for some blockchains than others).

I suppose I'm inspired by this idea:

https://www.reddit.com/r/Bitcoin/comments/6aiysw/the_whole_i...

a blockchain doesn't uniquely add that - there are cryptographic constructs that prevent that sort of attack, such as (I believe, I'm not a cryptographer) merkle trees that enforce a causal ordering. Really, the cost of a blockchain massively outweighs the value it brings to the table. The only instance where a blockchain is needed is where you need a tamper-proof distributed consensus between untrusted parties.
Yes, you can create a merkle tree which enforces a causal ordering, but anyone with the (potentially compromised) key can generate such a tree with whatever ordering they want (or missing items). I concede, though, that the existence of multiple signed orderings would at least prove that the key had been compromised.

You're also right that there is a huge cost to creating a secure blockchain from scratch, but the incremental cost of using an already secure public blockchain (such as Ethereum's) can be lower than the amount of value it brings to the table.

Proving the existence of data, at specific timestamps in the past, when keys may have later been compromised, does seem like a use case that requires tamper-proof distributed consensus between untrusted parties. Whether that use case is particularly valuable or not is harder to judge, though, I admit.

This misses the point of censorship. A party determined to sow misinformation can hijack a domain to do so. All the blockchain in the world won't solve that problem.
That why we will solve censorship by mining my blockchain node hash with a sharding fork! /s
it's hilarious, to underscore the fragility of the conventional domain name system under pressure of politics and money, and portray it as an argument against blockchains,... this is literally what Namecoin (probably the second significant blockchain proposal) was designed for! of course lots of time has past now, and better mechanisms have been formalized (especially Algorand)...
Maybe it's an attempt at blackmailing to get something deleted?

31 Jan 2018, "I will make a donation every month. Please delete what we ask": https://twitter.com/archiveis/status/958760127359840257

(comment deleted)
(comment deleted)
Serious question, in that thread some guy is attempting to have an old blog with his face pic deleted... id suport that. But then if some other news or political or corporate arm was seeking to get something deleted to prevent them from looking bad, then im against it...

So what is the middle ground here, or how should one view this dilema?

You can't un-ring a bell.
That's not an excuse for other people to sit there re-broadcasting it.

There's a strong case to be made that we're actually substantially better off with certain kinds of information having a generally ephemeral and hard-to-collect nature.

That doesn't really justify the decision to continue publishing private information. Just because someone somewhere may have access to it doesn't mean you need to make it easier for everyone to have access to it.
The point is so that anything that is available to anyone, is available to anyone else.

It might have been unfortunate for some things to have ben made public in the first place, but once it's done, there is no value in letting just some people still know the truth while everyone else is subject to manipulation by a few who know some truth.

It's about equalizing the power to harm and the power to defend against harm. The reason to preserve and re-publish something that was once known, is so that no single party gets to use it, or use it's absense, against everyone else. All deleting something does is reduce the number of people with the power to use it. It does not make it actually go away. It just makes it go away from you, while someone else who you may not like still has it.

While there are reasons to forget history, the reasons for preserving it far far far outweigh the reasons for forgetting it. And there is NO valid reason to allow editing history. Selective forgetting allows for substitution, revision, balkanization, manipulation, and at the very least, doubt.

> there is no value in letting just some people still know the truth while everyone else is subject to manipulation by a few who know some truth.

Just because my SSN got leaked to a few people doesn't mean it needs to be leaked to the world. Most people aren't going to take advantage of my SSN, so having it leaked to a few arbitrary people is a relatively minor risk. And if it does get abused, there's a very small pool of suspects. Having my SSN get publicly broadcast to the world pretty much guarantees I'll be plagued by identity theft forever and gives me no suspects when it happens.

Same goes for plenty of other private information. Just because it's leaked to some people doesn't remotely justify giving it to the whole world.

> The reason to preserve and re-publish something that was once known, is so that no single party gets to use it, or use it's absense, against everyone else.

We're not talking about secret cheat codes that give the owner power over everyone else. We're talking about private information. If a "single party" has my private information, they have power over me, but that doesn't give them power over anyone else. In this scenario your argument seems to be "if one person has power over me, that's unfair to everyone else who doesn't, so they should be given the same power over me as well", which is of course complete nonsense.

> The reason to preserve and re-publish something that was once known, is so that no single party gets to use it, or use it's absense, against everyone else.

I don't understand this argument. If, say, my credit card information is published, it can only be used to harm me. Removing it causes no harm to anyone else, so leaving it published _only_ causes more harm.

Archive.is is notorious for not deleting anything. Not even a dox with SSN and more.
Sounds like someone really wants to push the narrative that, say, Zoe Quinn is a genius game designer and an innocent victim of targeted harassment, not a horrid person who herself organized harassment mobs against people she disagreed with -- and is running into the problem of all that pesky evidence to the contrary getting in the way.
There are many more obvious reasons why someone might want to seize an archive domain without needing to delve into ridiculous gamer gate conspiracy theories.

Besides, stealing the domain doesn't delete any content on the servers.

The best information about Zoe Quinn is on Kiwi Farms, where the posters tend not to take sides in GG -- and they use archive.is extensively. It doesn't have to be Zoe specifically -- KF is full of profiles on people who would really rather not have their public internet activity preserved because it's so damning. Stealing the domain wouldn't make the content go away, but it would invalidate all the links which have been already posted.
A single line unix command run on KiwiFarm's servers could replace every instance of "archive.is" with "archive.today" in posts. Nobody is going to attempt a high profile take over like this for something that can be circumvented in minutes by a half-asleep sysadmin.

Also, for anyone not aware KiwiFarms is a notoriously shitty forum that publically stalk, dox, slander and harass people online.

If you need evidence, just go read the forum post and kf wiki page about her. They repeatedly make unsourced claims, insults, editorial opinions about her motives, wild speculations and just outright lies. At one point the wiki diagnoses her with BPD without evidence. The title on the forum post about her calls her a "Cunt". She's constantly called a con artist without evidence, and is repeatedly accused of somehow forcing bored white teenage boys to harass her for years by "baiting her own harassment"

At best, it's unjournalistic garbage and at worst it's actual gang stalking.

I don't know you personally, bitwize, but I know you're better than this trash.

It could be a large organization who is upset for some links archived. Taking .is would make existing links break. Or big media upset with view hijacking. Or it could just be malware.

Whatever the reason, it's terrible.

I don't see how this could get very far, considering that the people in Iceland who run the root for .IS are known to the network engineering community of ISPs in Iceland. The population just isn't that high. People with the equivalent of root or enable on core ISP infrastructure are maybe less than 50 persons in the entire country.

You could literally take public transit across Reykjavik and go knock on the door of the persons responsible.

I really hope this domain hijacking doesn't succeed, because I use archive.is all the time.
Not to worry. They have other domains too, as stated in the Twitter thread: .TODAY .FO .LI .VN .MD .PH
I'm not sure the existence of alternatives, advertised through Twitter, is much of a comfort here. The integrity of the domain name system shouldn't depend on someone having a well-known twitter account that can advertise alternatives in the event of a hostile takeover.
I agree, but that’s not what the GP and GGP we’re discussing.
The integrity of DNS shouldn’t depend on someone having a well-known twitter account but unfortunately DNS is a poorly designed system and this kind of thing happens all the time. Just a few months ago Zoho’s registrar blocked their domain because of just two customer complaints, even though Zoho has tens of millions of paying customers. https://twitter.com/zoho/status/1044249648993525760?s=21

Disclaimer: building https://namebase.io which is a registrar for seizure-resistant names on the Handshake blockchain.

Yes, but a lot of links posted around the web (e.g. reddit) are for the .is TLD. Most people won't know to change the url and could even be directed to malware.
Could someone please explain this? What is going on? Either you hack a domain or you don’t—but once the owner finds out, shouldn’t they be able to verify that it’s locked down. How can someone steal a domain, permanently, and trade with it. Can this happen at any TLD or is .is just negligent/apathetic? Why would I ever buy a .is domain if the TLD lets people steal it? I don’t understand...
I'm guessing the Icelandic registrar has some provision that you have to be a citizen to get a domain, and someone told the registrar that the owner is not, so they can get it canceled and then take it.
You don’t need to be a citizen of Iceland, but the address needs to be valid. The broker can’t see the address because ISNIC per default hides this information.
Since the Twitter account has provided no useful details, I'm going to blindly speculate.

My guess is that they are using a virtual business address service that is commonly used by spam/fraud organizations (e.g., fake pharmaceuticals), and maybe ISNIC is cracking down on this due to abuse. They don't want their TLD to be known as a junk TLD like .ck, .gq, .info, etc. Or someone is attempting to take legal action against the owner of the domain and ISNIC can't comply because they just have a fake address with no known physical entity.

DNS Monitoring is a mandatory security requirement for anyone serious about DNS Security today. https://dnsspy.io is a good example of this.

Also, although I don’t think there is 100% agreement on this in the community, use LONG ttl’s. No reason to make yourself vulnerable by constantly reaching out to DNS every 5 minutes. Also makes you more likely to pick up a spoofing / hijacking attempt.

NOTE: also quick shout out to GCP here. I make all my money within AWS so if anything should not be saying this but there DNS security is amazing. They have DNSSEC + the crazy obscure records like IPSECKEY and TLSA and SSHFP. Wow.

> use LONG ttl’s

It really depends on what you want to achieve. Australian census for example shot themselves in the foot by publishing relatively long ttl and not being able to migrate away from a failing system fast enough.

Acknowledged and this is a really good point. Currently I’m straddling the fence on this one and doing a 2 hour DNS Record time.

Also want to mention GEOIP blocking. I hate it’s come to this for the interment, but for a lot of sites, especially small businesses and local/state gov, there is very little reason someone outside the country or say outside the EU / bordering countries might need to access your site. Again this is debatable advice but worth considering. All of the major cloud providers have GeoIP Blocking or are rolling it out.

What do you aim to achieve with geoblocking?
In real life geoip blocking is terrible. IPs are traded from one organization to another all the time. It often takes months for services to update their databases mapping IPs to locations.

What is a user supposed to do when a random website blocks him because it uses an outdated database?

This also impacts law enforced limits. What do you do when you're a Polish user under an ISP sharing a block of IPs with Ukrainian part of that company, which is now blocked because of being geolocated in Crimea.
> especially small businesses and local/state gov, there is very little reason someone outside the country or say outside the EU / bordering countries might need to access your site

That is terribly shortsighted. I'm located long way away from many tiny shops I'm using for presents for friends and family. Local gov's published development plans are likely interesting to foreign investors. There are many other cases surely...

Just a few months ago Zoho’s registrar blocked their domain because of just two customer complaints, even though Zoho has tens of millions of paying customers. https://twitter.com/zoho/status/1044249648993525760?s=21

DNS wasn’t built to support the growth it has experienced. Both it’s security model (Certificate Authorities)and governance model (ICANN) are highly flawed. The internet needs to switch to a better system as it becomes an increasingly important part of our lives.

Disclosure: building https://namebase.io which is a registrar for seizure-resistant domain names on the Handshake blockchain.