Policy

Circumventing SOPA is as Easy as Installing a Browser Add-On

|

Circumventing the website blocking mechanism proposed by the Stop Online Piracy Act (SOPA) is as easy as adding a browser extension. Via Andy Greenberg at Forbes:

While Congress has postponed the second half of its hearing on SOPA until next year, a developer named Tamer Rizk has been busy building an add-on for Firefox called DeSopa, which aims to give any Firefox user access to sites that SOPA's copyright protection measures have blocked. "This program is a proof of concept that SOPA will not help prevent piracy," reads a note including on DeSopa's download page. "If SOPA is implemented, thousands of similar and more innovative programs and services will sprout up to provide access to the websites that people frequent. SOPA is a mistake. It does not even technically help solve the underlying problem, as this software illustrates."

DeSopa takes advantage of an blatant weakness in how SOPA's controversial filtering mandate would function under the current version of the bill. The new copyright infringement regime would allow editing of the Domain Name System, the registry that converts websites' domains (like Google.com or Yahoo.com) into an Internet Protocol address (like 74.125.157.99 or 98.137.149.56). When you type "Google.com" into your browser, your computer communicates with DNS servers that convert that name into an IP address. But type the IP address directly into your browser, and it works just as well.

Since SOPA would lead to editing American DNS servers' IP lists to insert errors for sites deemed illegal, DeSopa simply checks with foreign DNS servers to find the correct IP address and navigates directly to whatever blocked site the user enters. To avoid incorrect IP addresses in those foreign servers, the program even checks domains with three DNS servers and grabs whichever IP address has at least two agreeing answers. 

As currently envisioned, SOPA looks like a stunning anti-success: Not only would it undermine core elements on the Internet's architecture, it wouldn't stop much piracy. Indeed, as Greenberg points out, it would probably make the Internet substantially less secure:

Just because SOPA's DNS censorship can be defeated, however, doesn't mean the bill won't damage the Internet. Engineers have been warning Congress that monkeying with DNS will make it impossible to implement DNSSEC, a new DNS protocol designed to prevent DNS spoofing attacks that hijack users' browsing and take them to untrusted sites even when they enter the domain of a trusted one.

For a infuriating sense of just how clueless and careless Congress is when it comes to regulating both technology and speech, it's worth reading this open letter opposing SOPA and its sister legislation, PIPA, from 83 Internet engineers and inventors. Here's a sample:

The current bills—SOPA explicitly and PIPA implicitly—also threaten engineers who build Internet systems or offer services that are not readily and automatically compliant with censorship actions by the U.S. government. When we designed the Internet the first time, our priorities were reliability, robustness and minimizing central points of failure or control. We are alarmed that Congress is so close to mandating censorship-compliance as a design requirement for new Internet innovations. This can only damage the security of the network, and give authoritarian governments more power over what their citizens can read and publish.

The US government has regularly claimed that it supports a free and open Internet, both domestically and abroad. We cannot have a free and open Internet unless its naming and routing systems sit above the political concerns and objectives of any one government or industry. To date, the leading role the US has played in this infrastructure has been fairly uncontroversial because America is seen as a trustworthy arbiter and a neutral bastion of free expression. If the US begins to use its central position in the network for censorship that advances its political and economic agenda, the consequences will be far-reaching and destructive.

The good news is that as opposition to the legislation, led by folks like Democratic Sen. Ron Wyden and Republican Rep. Darrell Issa, has swelled, it's been put on the back burner in Congress, with a vote delayed until sometime next year. 

Read my previous take on how SOPA would break the Internet without stopping piracy here