I used to think it was .onion. I owned my .onion domains in the sense than only I had the private key that corresponded to the hash that was my brute forced vanity domain. I thought that meant I had control over them. I was wrong.
It turns out that even in p2p networks if there's one one dominant development group then that group owns your domains. The Tor Project decided that tor v2, with all it's potential exploits, could not exist alongside tor v3 and so all the tor v2 domains will disappear to the official tor clients this october 26th.
I don't own my .onions so I won't be making v3 sites.
You literally explain in your comment that you’re mad that you can’t continue to use a known vulnerable system which has been out of vogue for years. I’m confused.
Most people hear "tor" and they immediately think of illegal, shady stuff. And yeah, there's a lot of that there. So, for the last decade The Tor Project has been promoting onion sevices as a thing for everyone and that people should put their normal sites on tor too. There's more normal people than shady people and if we all use tor it could legitimize it.
Well, I did. I really put all my normal sites on tor too as hidden services. And I got a lot of traffic, even after I stripped out the bots that made up 3/4 of it. My usage didn't really depend on absolute security. Even with the possible hash collisions it was safer than giving all trust to some centralized corporation at the start. So, I wanted to keep using it.
But the tor projects real priorities, obviously, lie with absolute security. They were never serious about making tor and onion services a place for everyone. They only care about the people that care about security to the detriment of all else.
So... knowing this, I'll stop using tor for my websites since it's only for security first and only types.
> Most people hear “tor” and they immediately think of illegal, shady stuff.
To be fair, the US intelligence community created it for (what is, from the perspective of the governments in whose juridiction the actions were to be carried out, at least) extremely illegal, shady stuff, and relies on lots of people using it, including for other illegal, shady stuff, to make use for and concealment of the kind of illegal, shady stuff it is meant for effective.
So, that’s exactly what people should think. All other use is incidental and supportive of the primary purpose.
You do have control over them because, indeed, you have the private keys (and the NSA too, reminds me of the Facebook setting "only me+NSA" (only three quarters joking)). You want to run v2 domains? Go ahead, but the people that want to visit your legacy addresses must use the legacy software. It seems like an inherent risk with software-controlled domains that the (old) software (version) might not be used anymore.
Given the exploits in the v2 onion sites, (suitably modified HSDirs being able to discover them and whatnot) the writing has been on the wall since well before then and it shouldn't be a surprise that they're going away.
Well that was abrupt. I was just getting into it, hit pagedown, and promptly hit the bottom of the page where the EU was dismissed and Iceland promptly declared victorious (together with .onion to which no laws apply in the first place).
What's wrong with Switzerland? Norway? I know very little about Chad or Japan or Micronesia, perhaps they have great TLD rules as well? Heck, what even was the issue with the EU in the first place? I can think of GDPR as being seen as problematic in some constrained context, but privacy rules don't apply to TLD ownership so this reader is just left wondering.
According to ISNICs bylaws they do have a dispute mechanism:
Article 31
A Board of Appeals handles disputes regarding the registration of domains. The Board of Appeals is autonomous and independent. ISNIC carries out decisions of the Board within 10 days after they have been passed or on the next business day thereafter, if the current registrant does not accept the verdict. ISNIC will not carry out the Board of Appeal's judgements if legal proceedings have been instigated in respect of the same issue or an injunction been placed on the use of the domain in question before the Board of Appeals has reached a decision. Cases involving the registration of domains or refusal to register domains may be referred to the Board of Appeals.
I have domains on a European ccTLD. This is what they "resolve to":
holder.............: Private person
registrar..........: Private person
The registrar's name (that's me) used to be visible but that changed with stronger privacy requirements, soon after GDPR.
European trademark & hate speech laws (plus dns blocking of various domains associated with pornography or piracy) probably still apply so .is could be a free-er choice.
It's still registered though. Check any .nl domain on https://sidn.nl/en (you could try to put 'rop' in the 'check domain name' box), you just need to set a checkmark and agree to the Google terms of service to resolve their captcha and off you go.
Sure but I mean it's centrally registered in the central WHOIS database. Of course the registrar has whatever data you put in their order form, that's obvious enough; what I mean is that they still forward your personal info to a central registry and the only thing GDPR changed about the WHOIS database is output filtering, or in SIDN's case not even that. I find it totally weird and invasive that this must be centrally registered in the first place (I grew up with my parents telling me not to use my real name anywhere online, let alone put it in a public database; maybe the problem is that I wanted a domain as a teenager and now it weirds me out?). Using privacy options means my paid-for domain is now not legally mine and I can't make use of any dispute procedure because the registry organisation has nothing in place for when my real name is not tracked in their database.
How can you expect it to be legally yours if your name isn't even recorded as being the owner anywhere? It seems like you have two fundamentally exclusive desires here: Complete anonymity, but also bulletproof ownership. I guess there's some blockchain solutions that meet your requirements, but no one uses them.
Nope also that e.g. land ownership is recorded and publicly accessible.
Hah, but nah, way simpler: submit a hash. No chain that needs to be kept alive, just a simple old commitment scheme[1]. Or even just a name that you pick for yourself: similar to how authors can have the benefits of copyright without revealing their real name, why ought one not be able to operate lucb1e.com under the worldwide unique nickname lucb1e?
For .ca in Canada, which is administered by CIRA which is a non-profit corporation, the following is the policy:
--
When doing a WHOIS lookup, you can find details such as:
Status (i.e. if a domain is currently available or registered)
The creation, expiry, and updated dates
Registrar information
Registrant information*
Administrative, Technical and Billing Contacts*
*The registrant name and administrative and technical contact information of non-individual registrants, such as corporations, is displayed by default. The registrant name and administrative and technical contact information of individuals, such as Canadian citizens or permanent residents is not displayed in WHOIS per the CIRA Privacy Policy. Generally non-individuals are public and individuals are private.
I had an interesting experience with the registrar of a less-known ccTLD. I was happy to get my company’s three-letter domain at a fitting ccTLD, and had reluctantly accepted that the TLD doesn’t allow WHOIS privacy. Shortly thereafter I was straightening out a name server issue out with my registrar and I mentioned the WHOIS privacy bummer. Their response was something like “Oh, no problem. I’ll change it.”
Our WHOIS entry now has our registrar’s version of “Domains by Proxy” as the contact, despite the ccTLD not allowing Whois privacy. (And it was free.)
Then only the TLDs are listed which "only avenue for domain takedown is through a local court, rather than through an arbitrator order or trusted notifier".
Additionally countries that are part of the 5 eyes, 9 eyes or 15 eyes, see picture at the top of the article, are out, too.
For the EU part, I think it has to do with the EU tendency of surveillance laws. On the one hand the EU claims privacy and security as a main goal and the other hand they try to backdoor E2E encrypted messengers.
> Additionally countries that are part of the 5 eyes, 9 eyes or 15 eyes, see picture at the top of the article, are out, too.
That makes a lot more sense for excluding countries. They still made a bit of a leap with saying all of the EU is bad, we're more than 15 countries, but let's presume the 'eyes' countries cover the remaining TLDs that had this local court thing and that explains the author's selection.
That is, if local court is the only standard you want to go by. Another thing the article leaves as an exercise for the reader is whether any of those arbitration places have favorable rules compared to even the courts of Iceland for all I know.
That paper is a good read. It’s really disappointing that ICANN allowed the ngTLDs to engage in back room deals with the media and pharmaceutical industries. I think there was an effort to bring the ogTLD agreements inline with the ngTLD agreements, so I wonder if they’ve set it up so the ogTLDs can start doing the same.
ogTLD and ngTLD aren’t real names afaik. I use them for the original gTLDs and the new gTLDs.
I hope one day, we will have some crypto blockchain gTLD that will resolve in the general DNS infrastructure. I know namecoin was a thing, but it never really picked up steam.
name -> IP address in a blockchain feels like one of the ideal use cases of it.
Maybe a premine started by a commercial entity would have enough financial backing to get started on it.
My worry about Blockchain gTLD is one disgruntled employee who has access to your setup could transfer your domain off, and there would be no legal or technical way to ever get it back. You would just have to change to a new domain.
Austria (.at)
Germany (.de)
Iceland (.is)
Russia (.ru)
Of these, the blog simply makes the claim that Iceland has the "strongest laws for individuals". Of those, I probably would have guessed that - germany doesn't have a great rep, and Russia...well.
So I don't necessarily disagree; but there is absolutely no justification actually given for elevating Iceland, and including that would seem to be half the value of the blog post.
.de is one of the largest ccTLDs in the world (used to be the largest not long ago), also very cheap, but it still has some 4 letter domains free (even 3, if you include digits)
Looks like there are no restrictions on nationality or language (like .cat).
I was unable to set up my domain with Cloudflare's name servers because you need to register the domain first and the registration process requires that the domain is served by the name servers you enter. I ended up selecting "parked" instead and should be able to switch it later.
Not sure how Iceland (.is) is outside EU laws, it's in the EEA, which I'm pretty sure means it's subject to (almost) all the EUs laws with little-to-no voting power or influence.
Iceland also doesn't have its own military but does have US military bases and the US has promised to defend the country. This means that Iceland is dependant on a good relationship with the US and would act when requested.
I think in general the US has tried to not be too overbearing with Iceland compared to other countries where the US has/had a military presence, but there's a few instances I can think of
The US leaned on Iceland really hard to reject China's invitation to the Belt and Road initiative (to the point where our politicians looked like complete jackasses), but I believe Iceland still hasn't joined in.
Going back way much further in history, the US also publicly pressured Iceland into desegregating Keflavik, after private negotiations didn't work out
> The US government complied with an Icelandic government request not to station black soldiers on the US base in Keflavík, Iceland until the 1970s and 1980s when black soldiers began to be stationed in Iceland.
Having a bigger army always wins, and if Iceland is faced with ultimatums of losing such a sizable ally (the US) they'll do whatever they can, assuming they're worried about being invaded and conquered by a foe.
This always seems like such an important caveat that is rarely included in these lines of thought - Assuming they're worried about being invaded.
Thankfully, most countries are not in a position where they're even slightly concerned about a physical invasion. We have almost universally decided that invasion/conquest is a morally bad thing to engage in, so to my mind the continued effort to expand military forces implies an intention to break this agreed upon moral standing or at the least a lack of commitment to the stance.
There are allegedly 20 aircraft in the Irish Air Corps [1] and I sure hope we're in advanced enough stage of society that we're not solely reliant on those to protect ourselves!
In February 2015, two Russian Tupolev Tu-95 "Bear" nuclear-capable strategic bombers entered Irish-controlled airspace without permission, without forewarning, with their transponders switched off and failed to file flight plans, causing serious concern at the Irish Aviation Authority (IAA), which was forced to divert a number of civil passenger aircraft out of the path of the Russian bombers as a precautionary measure.[24] The Russian military aircraft were interrogated by RAF Eurofighter Typhoon jets scrambled from the United Kingdom, demonstrating the lack of an Irish military response and the reliance on the UK for the protection of Irish airspace.
...
The reports revealed that the Irish Department of Defence, Department of Foreign Affairs and Irish Aviation Authority entered into a bilateral agreement with the British RAF, Civil Aviation Authority, Ministry for Defence and Foreign and Commonwealth Office permitting the British military to conduct armed operations inside Irish sovereign or Irish-controlled airspace in the event of a real time or envisaged threat of an aerial terrorist-related attack on Ireland or on a neighbouring country.
Completely fair and accurate, but I think I didn't make my intention clear in my original post. I don't think the binding force of security is ever really militarily based. I don't think the only reason Irish airspace isn't inundated with threats is because of an agreement with the UK. I think internationally the overwhelming binding force of security is mutual agreement be it through trade arrangements, potential economic disruptions of being ostracized by the international community, etc etc.
I think all that fundamentally rests on the foundation of the raw military capacity of that "international community". Which, like most low-level implementation details, is something we only notice when it breaks.
So if I type bankofamerica.com, does ENS respond with DNS controlled by whoever purchased it on the chain, or does it first lookup at verisign's root before going to ENS?
You can't purchase .com domains on ENS, only import them by providing a DNSSEC-based proof of ownership. This doesn't solve any of the problems with TLDs (ENS won't prevent the TLD operator from taking away your domain) so to get the benefits you have to use a ENS-centric domain like .eth
Yeah, that's what ENS is too. You're not actually registering .eth when you register an ENS. The .eth is intended to be one of many possible TLDs, with the only distinction that .eth is the default one when you first get it.
ENS has way more adoption and 3rd party support. I think it's our only hope of overthrowing the incumbents (existing centralized DNS system)
Can regular DNS records (A, AAAA) that resolve to an IP actually be used with ENS? And then are there browsers or browser plugins that support .eth as a TLD? As far as I can tell the ENS ecosystem only has IPFS (and wallet) address support. It's frustrating because ENS seems like the obvious answer for decentralized domains but I've never seen it used for anything but vanity names for ETH wallets and static IPFS sites.
gandi.net seems to charge $364/year for any .is domain. Namecheap charges around the same price as isnic.
Any reason why I shouldn't register the domain on isnic directly? Are there benefits to registering the domain via namecheap (or other registrar), apart from getting access to their support?
A big thing to consider with registrars is support for 2FA - can't speak to ISNIC, but I recently moved all my domains to Namecheap because they have first-class support for U2F/Webauthn. (And also Hover lost a domain on me but that's another story)
Process was pretty straightforward and I was able to add my DNS records just fine. Do you know if they have any safeguards against domain transfers? I don't see any settings related to that, other than to transfer my domain.
I’m not sure what you would be using your website for to be worried about being taken down. But Iceland removed the khilafah.is islamic state site website several years ago.
As a Dutch person I have to point out that the name of my birth country is not "Holland" but "the Netherlands" (pars pro toto), and that the flag that is shown in the graphic is the flag of Luxembourg - but upside down. Thanks?
The flag is actually the flag of Yugoslavia, heh. This precise
version, without any symbols or crests, has been used for
the last time back when Serbia And Montenegro[1] was a thing.
You're saying that modifying connection settings that will make something work with everything on your system is considered more complex than using custom software?
Also, OpenNIC TLD's are indeed TLDs, Tor's .onion is not really the same.
I found https://www.orangewebsite.com/ - no idea if it's trustworthy or not, but they promise "Signing Up Anonymously", paying with BTC or Cash-per-mail, etc
Where I'm not clear this analysis is thorough is the consideration that ICANN is a U.S. non-profit corporation incorporated in California.
If we are to go with the laws of the land, the 14th amendment states:
> No state shall...deny to any person within its jurisdiction the equal protection of the laws.
This means that ICANN, itself, is subject to all the laws of the jurisdiction of its location (municipal, county, state, and Federal).
If I understand ICANN's role correctly, they control the entire WWW (DNS, IP address assignment, infrastructure, etc.), so everyone on the WWW is subject to the ICANN jurisdictional limitations.
92 comments
[ 3.7 ms ] story [ 167 ms ] threadIt turns out that even in p2p networks if there's one one dominant development group then that group owns your domains. The Tor Project decided that tor v2, with all it's potential exploits, could not exist alongside tor v3 and so all the tor v2 domains will disappear to the official tor clients this october 26th.
I don't own my .onions so I won't be making v3 sites.
Well, I did. I really put all my normal sites on tor too as hidden services. And I got a lot of traffic, even after I stripped out the bots that made up 3/4 of it. My usage didn't really depend on absolute security. Even with the possible hash collisions it was safer than giving all trust to some centralized corporation at the start. So, I wanted to keep using it.
But the tor projects real priorities, obviously, lie with absolute security. They were never serious about making tor and onion services a place for everyone. They only care about the people that care about security to the detriment of all else.
So... knowing this, I'll stop using tor for my websites since it's only for security first and only types.
To be fair, the US intelligence community created it for (what is, from the perspective of the governments in whose juridiction the actions were to be carried out, at least) extremely illegal, shady stuff, and relies on lots of people using it, including for other illegal, shady stuff, to make use for and concealment of the kind of illegal, shady stuff it is meant for effective.
So, that’s exactly what people should think. All other use is incidental and supportive of the primary purpose.
Huh.
Got a screenshot or citation for that? Very curious, never used facebook.
(Pinterest has a use, for once...)
Given the exploits in the v2 onion sites, (suitably modified HSDirs being able to discover them and whatnot) the writing has been on the wall since well before then and it shouldn't be a surprise that they're going away.
What's wrong with Switzerland? Norway? I know very little about Chad or Japan or Micronesia, perhaps they have great TLD rules as well? Heck, what even was the issue with the EU in the first place? I can think of GDPR as being seen as problematic in some constrained context, but privacy rules don't apply to TLD ownership so this reader is just left wondering.
holder.............: Private person
registrar..........: Private person
The registrar's name (that's me) used to be visible but that changed with stronger privacy requirements, soon after GDPR.
European trademark & hate speech laws (plus dns blocking of various domains associated with pornography or piracy) probably still apply so .is could be a free-er choice.
It's just that different countries offer different degrees of privacy for the holder.
Nope also that e.g. land ownership is recorded and publicly accessible.
Hah, but nah, way simpler: submit a hash. No chain that needs to be kept alive, just a simple old commitment scheme[1]. Or even just a name that you pick for yourself: similar to how authors can have the benefits of copyright without revealing their real name, why ought one not be able to operate lucb1e.com under the worldwide unique nickname lucb1e?
[1] https://en.wikipedia.org/wiki/Commitment_scheme
--
When doing a WHOIS lookup, you can find details such as:
Status (i.e. if a domain is currently available or registered)
The creation, expiry, and updated dates
Registrar information
Registrant information*
Administrative, Technical and Billing Contacts*
*The registrant name and administrative and technical contact information of non-individual registrants, such as corporations, is displayed by default. The registrant name and administrative and technical contact information of individuals, such as Canadian citizens or permanent residents is not displayed in WHOIS per the CIRA Privacy Policy. Generally non-individuals are public and individuals are private.
--
* https://www.cira.ca/ca-domains/whois
Our WHOIS entry now has our registrar’s version of “Domains by Proxy” as the contact, despite the ccTLD not allowing Whois privacy. (And it was free.)
https://www.eff.org/files/2017/08/02/domain_registry_whitepa...
Then only the TLDs are listed which "only avenue for domain takedown is through a local court, rather than through an arbitrator order or trusted notifier".
Additionally countries that are part of the 5 eyes, 9 eyes or 15 eyes, see picture at the top of the article, are out, too.
For the EU part, I think it has to do with the EU tendency of surveillance laws. On the one hand the EU claims privacy and security as a main goal and the other hand they try to backdoor E2E encrypted messengers.
> Additionally countries that are part of the 5 eyes, 9 eyes or 15 eyes, see picture at the top of the article, are out, too.
That makes a lot more sense for excluding countries. They still made a bit of a leap with saying all of the EU is bad, we're more than 15 countries, but let's presume the 'eyes' countries cover the remaining TLDs that had this local court thing and that explains the author's selection.
That is, if local court is the only standard you want to go by. Another thing the article leaves as an exercise for the reader is whether any of those arbitration places have favorable rules compared to even the courts of Iceland for all I know.
ogTLD and ngTLD aren’t real names afaik. I use them for the original gTLDs and the new gTLDs.
thug.life
name -> IP address in a blockchain feels like one of the ideal use cases of it.
Maybe a premine started by a commercial entity would have enough financial backing to get started on it.
So I don't necessarily disagree; but there is absolutely no justification actually given for elevating Iceland, and including that would seem to be half the value of the blog post.
I was unable to set up my domain with Cloudflare's name servers because you need to register the domain first and the registration process requires that the domain is served by the name servers you enter. I ended up selecting "parked" instead and should be able to switch it later.
Are you aware of any relevant precedent for this?
The US leaned on Iceland really hard to reject China's invitation to the Belt and Road initiative (to the point where our politicians looked like complete jackasses), but I believe Iceland still hasn't joined in.
Going back way much further in history, the US also publicly pressured Iceland into desegregating Keflavik, after private negotiations didn't work out
> The US government complied with an Icelandic government request not to station black soldiers on the US base in Keflavík, Iceland until the 1970s and 1980s when black soldiers began to be stationed in Iceland.
Thankfully, most countries are not in a position where they're even slightly concerned about a physical invasion. We have almost universally decided that invasion/conquest is a morally bad thing to engage in, so to my mind the continued effort to expand military forces implies an intention to break this agreed upon moral standing or at the least a lack of commitment to the stance.
There are allegedly 20 aircraft in the Irish Air Corps [1] and I sure hope we're in advanced enough stage of society that we're not solely reliant on those to protect ourselves!
[1] https://en.wikipedia.org/wiki/Irish_Air_Corps
https://en.wikipedia.org/wiki/Ireland%E2%80%93NATO_relations
In February 2015, two Russian Tupolev Tu-95 "Bear" nuclear-capable strategic bombers entered Irish-controlled airspace without permission, without forewarning, with their transponders switched off and failed to file flight plans, causing serious concern at the Irish Aviation Authority (IAA), which was forced to divert a number of civil passenger aircraft out of the path of the Russian bombers as a precautionary measure.[24] The Russian military aircraft were interrogated by RAF Eurofighter Typhoon jets scrambled from the United Kingdom, demonstrating the lack of an Irish military response and the reliance on the UK for the protection of Irish airspace.
...
The reports revealed that the Irish Department of Defence, Department of Foreign Affairs and Irish Aviation Authority entered into a bilateral agreement with the British RAF, Civil Aviation Authority, Ministry for Defence and Foreign and Commonwealth Office permitting the British military to conduct armed operations inside Irish sovereign or Irish-controlled airspace in the event of a real time or envisaged threat of an aerial terrorist-related attack on Ireland or on a neighbouring country.
You're not buying domains but instead are buying the TLD itself and then create domains on the TLD.
I haven't read up on it that much but their pitch of "stop renting the thing in front of the TLD, own the actual TLD" is pretty cool.
https://handshake.org/
https://www.namebase.io/
ENS has way more adoption and 3rd party support. I think it's our only hope of overthrowing the incumbents (existing centralized DNS system)
Any reason why I shouldn't register the domain on isnic directly? Are there benefits to registering the domain via namecheap (or other registrar), apart from getting access to their support?
And it's just something about a very aggressive marketing strategy like Hover's that doesn't give me a very secure feeling about their product.
Mileage may vary I guess.
Process was pretty straightforward and I was able to add my DNS records just fine. Do you know if they have any safeguards against domain transfers? I don't see any settings related to that, other than to transfer my domain.
[1]: https://en.wikipedia.org/wiki/Serbia_and_Montenegro
[1] https://www.opennic.org/
Also, OpenNIC TLD's are indeed TLDs, Tor's .onion is not really the same.
This does not seem accurate to me. The Wikipedia [1] page for .org says it is managed/controlled by the Public Interest Registry and not Verisign.
I recall this because of the scummy deal the PIR was trying to do to sell .org to a PE firm.
[1] https://en.wikipedia.org/wiki/.org
https://www.eff.org/sv/deeplinks/2020/12/how-we-saved-org-20...
If we are to go with the laws of the land, the 14th amendment states:
> No state shall...deny to any person within its jurisdiction the equal protection of the laws.
This means that ICANN, itself, is subject to all the laws of the jurisdiction of its location (municipal, county, state, and Federal).
If I understand ICANN's role correctly, they control the entire WWW (DNS, IP address assignment, infrastructure, etc.), so everyone on the WWW is subject to the ICANN jurisdictional limitations.
Am I missing something?