Technology Trumps ICE Domain Seizures: Browser Plugin Fix Created In Just Days

from the you-can't-stop-technology dept

As Homeland Security continues to defend the actions of ICE seizing domains names without real due process or concern for prior restraint, it’s not surprising that technologists are quickly designing systems to route around such hamfisted attempts to censor websites without a trial or conviction. Apparently, a group of technologists who were fed up with such overbearing government maneuvers have created a rather straightforward Firefox add-on (Chrome support coming soon) called MAFIAAfire. What it does is pretty straightforward. If a site seized by ICE sets itself up on an alternative domain (as most of the copyright-related sites have — contrary to claims by ICE and the MPAA), this addon will automatically redirect visitors. It even goes so far as to allow sites to pre-register alternative domains, in case ICE decides to seize their domain.

The developers have more info on their website — including a timeline. The key point, in my mind, is the timeline:

Yeah, you read that right. The guy had the idea on a Sunday and had no idea how to make a Firefox plugin, but by Thursday he had a working version. This is what ICE and supporters of such domain seizures are up against. When someone who doesn’t even know how to program this kind of thing can build a tool that lets everyone route around your censorship in a few days… you’re fighting a losing battle. Just imagine what happens when people who actually do have the skills jump in.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Technology Trumps ICE Domain Seizures: Browser Plugin Fix Created In Just Days”

Subscribe: RSS Leave a comment
83 Comments
aldestrawk says:

Re: Win

This is a very good point. Mafiaafire will find out that making a plug-in was the easy part, maintaining the lists will be an ongoing pain. What criteria will they use to determine which ICE domain blocks they will get around? Certainly websites that allow file sharing of music and video will be on the list. Websites that allow general file sharing should be OK, even if some files shared are clearly repugnant like child porn. Is a dedicated child porn site OK? What about a website that sells counterfeit items without telling you they are counterfeit? Maybe a website that is upfront about selling counterfeit items is OK. The problem here is that Mafiaafire have now placed themselves as an arbiter of what is good, separate from ICE. Unless, they want to be a supporter of a dedicated child porn website they will also be involved in censorship, just less censorship than ICE does.
They will also have to constantly investigate to make sure they don’t include the malware installation sites or those that want to spoof a real site. How do they confirm that a request to register is from the domain’s true owner?
Another problem that is introduced is how does a user decide who they can trust to download and install a plug-in?
Mozilla does check on plug-ins but if they allow Mafiaafire then why not others who look like they are legit at first. As a matter of fact my new Firefox plug-in, MalwareHelper, is much better than Mafiaafire.

MAFIAAFire (profile) says:

Re: Re: Win

> They will also have to constantly investigate to make sure they don’t include the malware installation sites or those that want to spoof a real site.

People can report if the site has gone rogue by clicking on the “link” as the page is redirecting.

>How do they confirm that a request to register is from the domain’s true owner?

We use the same tech as Google to verify the site is owned by the person who claims so… Try adding your site and you will see how ๐Ÿ˜‰

> Another problem that is introduced is how does a user decide who they can trust to download and install a plug-in?

The plugin’s source is easily readable and is going to be open source…

Yogi says:

Gulag Time

This just proves that current law enforcement measures are insufficient to stem the tide of free speech and civil rights that is drowning this country’s out-dated business models.

Obviously we need a 1960s gulag for economic dissidents – a place with no internet, no computers, no independent media, with one, single radio station and one movie theater that are wholly owned and operated by the RIAA and the MPAA.

Spaceboy (profile) says:

Re: Gulag Time

You have been flagged for re-education. Please report with your family to Edutainment Pod R-5622. Also you will need to bring a list of all friends and family members, even acquaintances. They will need re-education as well.

Remember, it is every citizen’s duty to report Entertainment License Violations to their local RIAA or MPAA office. If you hear it in a public place, it’s probably illegal. Don’t let the terrorists win. Do your duty!

Spaceboy (profile) says:

Re: Re: Re: Gulag Time

You have been flagged for re-education. Please report with your family to Edutainment Pod R-5622. Also you will need to bring a list of all friends and family members, even acquaintances. They will need re-education as well.

Remember, it is every citizen’s duty to report Entertainment License Violations to their local RIAA or MPAA office. If you hear it in a public place, it’s probably illegal. Don’t let the terrorists win. Do your duty!

Ron Rezendes (profile) says:

Re: Re: Re:4 Gulag Time

iPod is a registered trademark of Apple, Inc.

You have been flagged for re-education. Please report with your family to Edutainment Pod R-5622. Also you will need to bring a list of all friends and family members, even acquaintances. They will need re-education as well.

Remember, it is every citizen’s duty to report Entertainment License Violations to their local RIAA or MPAA office. If you hear it in a public place, it’s probably illegal. Don’t let the terrorists win. Do your duty!

Spaceboy (profile) says:

Re: Re: Re:5 Gulag Time

My original post is copyrighted and trademarked material. You did not have my express written consent or authorization. My rights have been violated.

I am willing to settle however. I demand that you pay me $10 per infringing letter, or I will sue you for $1,000 per infringing letter.

Don’t you know that ever time you infringe someone’s copyrighted material a terrorist boils a puppy? Why would you do that?

Now report to your assigned re-education pod or things will get double-plus bad for you.

Anonymous Coward says:

Re: Re: Re:

I have been able to get on Rojadirecta for sometime now since they seized as when you googled it the IP address for it came up.

Not that it matters now as they have just got a new domain.

Evidently the US government have learnt nothing from whats happening in the middle east.

Technology will always win out.

SD says:

Re: Re:

I don’t think that’s a good idea. If someone decided to copy a URL with the old domain name and posted it on twitter for example, anyone without the browser add-on would still get the seizure page. Webmasters would also have to individually set up their sites with rewrite rules and HTML filters to accommodate their old domain names. It’s questionable whether they’re going to get those domain names back in the future or if the usage of the old domain name only by people with an add-on would be substantial enough to warrant extra coding & CPU usage.

Michael (profile) says:

Circumvention Device

Does this constitute a circumvention device?

“to 「circumvent a technological measure」 means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner”

Looks like it is bypassing a technological measure put in place by ICE.

Marcus Carab (profile) says:

Re: Circumvention Device

Interesting notion, and I wouldn’t put it past them to argue this, but I don’t really think it qualifies.

ICE didn’t put up any sort of blocking or prevention system – they did nothing to actively prevent access to the site, certainly not by adding any sort of technological measure. Instead they removed a technological measure for easily locating the site, and all this plugin does is supply another convenient way of doing that. It doesn’t actually bypass anything that I can see.

r (profile) says:

Re: Re: Re: Circumvention Device

ICE has done, effectively, nothing until they decide to press charges. Their actions, while on the surface may appear technological, are effectively meaningless annoying censorship attempts wherein they, clearly, haven’t the foggiest about what they’re dealing with (If I turn off my TV the world will no longer be able to watch it – type of stuff). They’re attempting to insert government control of the Internet where the government has none, nor will it ever especially as it pertains the PEOPLE, their VOICES and their CHOICES. They(us are them, them are us) can only succeed with dark wires. LAW and INTERNET – the perfect conundrum. IMHO the future of the global society and the wellness of its peoples.r

Michael (profile) says:

Re: Re: Re: Circumvention Device

No, if the site owner was the copyright holder in these cases, why would they want their site taken down. Many of these seizures in question are in response to copyright claims by the entertainment industry that their copyright is being violated by these sites.

ICE is a third party taking action on their behalf. You can have a locksmith install a lock. Nowhere in the DMCA does it state that the copyright holder has to create the technological measure they use.

Ron Rezendes (profile) says:

Re: Re: Re:2 Circumvention Device

Ah yes, but without due process it is only a “claim”, and nothing has been decided on a legal basis. This is why ICE is directly and intentionally overstepping the law and their authority and people just aren’t happy when the government denies the citizens their legal rights as defined by the Constitution.

The problem here is the government is using the Constitution, more or less, as toilet paper and it’s hard to know what your rights are anymore because there is so much shit in the way now!

G Thompson (profile) says:

Re: Re: Re:2 Circumvention Device

The original site owner is the absolute copyright holder of the Domain NAME that they invented for the purpose of differentiating themselves from other sites.

ICE DO NOT own the Domain name until a court grants it to them, they have only stopped usage of that name until a court decides one way or the other. Until that time the Site owner still owns the copyright of the DNS Name.

Whether there was alleged copyright infringing material on the site is irrelevant to the copyright on the DNS name. The only thing the ICE might have claim to is if their was an alleged trademark violation of the DNS itself, though their are easier and more legal ways to handle that with a problematic DNS name.

ICE is NOT a third party, since that means they ware acting as agents of private corporations when in fact they are Government entities acting under Government statutes for the benefit (supposedly) of the USA under what the US Congress has enacted.

If ICE is stating they are acting as agents of the Private organisations (Copyright holders) well you have more problems than just accusations of lack of due process.

Michael (profile) says:

Re: Re: Circumvention Device

“The copyright owner has no direct hand in seizing the domain”

I’m really interested in why you think that matters. I’m not sure it does.

“What is being bypassed is DNS and DNS is always just a first step to using the IP address directly”

That seems like a flimsy argument. You could make that argument against lots of DRM solutions. Many of them are simply ways of blocking access to content – so bypassing them is just another way of getting to a TCP/IP packet download. Unless your DRM solution was direct encryption of the content itself, the anti-circumvention clause would be meaningless.

r (profile) says:

Re: Re: Re: Circumvention Device

You seem to be reaching into a cookie jar with no cookies.

They changed (usurped) DNS entries. So what? This in no way shape or form denies entry to what was originally behind said changed DNS records. They’ve “prevented” nothing. You cannot circumvent a block when there is no block. It’s really quite simple actually.

It might be like.. perhaps.. taping over the title of a book or perhaps changing the library’s DD entry for the title but leaving it on the shelf – if you really wants it.. finds it.. Yeah, hide and seek.

However, I suspect your argument is not entirely off base consider ass munch lunacy these days – thus, I’d suspect, the tool is authored by “anonymous” – the law (ICE) would, truly, have a real live, life size whac-a-mole game.

So I say go it – challenge it – bring on censorship circumvention technological advances and enhancements – bitches and hoes knows.r

aldestrawk says:

Re: Re: Re: Circumvention Device

That was my comment, I wasn’t logged in at the time:

I believe your initial comment was a reference to DMCA. Circumvention deals with bypassing a technological measure put in place by the copyright holder. The technological measure in question, blocking the original domain name from being used to access an infringing website, was put in place by ICE. Bypassing that protection doesn’t even get you to a website owned by the copyright holder. That technological measure is intended to benefit the copyright holder but I believe the circumvention can only qualify for measures put into place by the copyright holders themselves.

I am not arguing that DNS is a weak security measure. I am arguing that DNS can’t be considered a security measure at all. It is just a convenience for humans and a level of abstraction allowing for IP addresses to change while the domain name remains the same. Both Linux and Windows have host files that can be used to map a domain name to an IP address. This also bypasses DNS but is intentionally designed into the OS. So, in no way could adding an entry to a host file be considered illegal circumvention. Similarly, filling in the browser’s address bar with an IP address or using the Mafiaafire plug-in cannot be considered circumvention.

A couple of circumvention examples:

One of the weakest possible methods of content security is to not publish direct links to web-pages but still have those web-pages with the path name portion of the URL being sequential. Bypassing that could still be considered circumvention.

Another example concerns the NY Times paywall. Deleting cookies is one method of bypassing the paywall. It could be considered circumvention, and thus illegal under DMCA, to do that. However, most browsers all a user to deleted cookies. In fact, it is generally recommended that you delete cookies periodically. Given that, you couldn’t consider it illegal to delete cookies.

G Thompson (profile) says:

Re: Re: Re: Circumvention Device

I am curious to understand how you think that DNS (Domain Name System), and that includes the other people who responded to this comment, is in any shape or form a security device?

DNS is ONLY a database of meaningful names for humans into its corresponding numerical identifiers. ie: IP address

This is in no way shape or form a security device. It isn’t even security by obfuscation. It is oNLY a form of translation from one readable format to another.
Sort of like ASCII to HEX.

Most people understand that Two Hundred and Fifty Five is written as 255.. though it can also be written as FF. DNS is really just the same thing. Makes the unreadable readable

Some people might say. Oh but what about DNSSEC.. but that is NOT about what the DNS is but more about what information is associated with the DNS entry and not of what it translates to

SD says:

Some suggestions

I’ve noticed that the plugin doesn’t forward embedded content(img & object html tags that use the old domain). There isn’t wildcard support to forward subdomains from the old site to the new, only “www”. The EFF’s HTTPS Everywhere add-on for FireFox has solved both of those problems, it’s just not being marketed for redirecting seized domain names. Unfortunately for Chrome users, their implementation of forwarding URLs, and possibly MAFIAAfire’s method too, may be incompatible with Chrome due to the way it currently handles HTTP requests.

MAFIAAfire updates it’s ruleset every time the browser starts which is inefficient and can bog the source servers down. A better implementation would be to store the ruleset, only update it every 3-5 days via subscription, and have a manual override button. Users should be able to put in their own ruleset URLs too, which would be a crucial feature if all of the 4-5 default ruleset mirrors died.

Pre-registration of alternate domain names can be a honeypot whether it’s intended by the author to be one or not. Torrent-finder verified their old domain name prior to the seizure on Google Webmaster Tools, and used the “Change of address” feature after it was seized. A system like that can expedite the change fast enough without exposing the new domain name.

Finally, it’s too focused on the United States even though it isn’t the only country seizing domain names. Having a politically loaded name like that might get the plugin booted from the mozilla add-ons directory. I commend the author of the plugin for making it, but he should realize it’s not just movie & music companies that want to seize domain names. If the EFF’s plugin had a ruleset subscription feature it could serve the same purpose without so much of the baggage.

SD says:

Re: Re: Some suggestions

I’m not knocking the guy for his first try. I’ve never programmed a FireFox add-on in my life, nor created a patch privately or publicly, besides updating the required version string ๐Ÿ™‚ I only know some of the ins and outs of how it’s done.

This was a good first step and even if development stopped tomorrow, it has at least has brought awareness that domain name seizures can be bypassed a lot easier with a browser add-on compared to the other options that have been proposed.

Ron Rezendes (profile) says:

Re: ICE Domain Seizures...

In their efforts to enforce copyright at the request of the entertainment industry which likes to lock things up forever they have spurred innovation in an entirely different field to help the masses avoid the tyrannical rule the media companies themselves so desire! I find it hilarious that the media companies shoot themselves in the foot so often then when they actually point the gun at the masses, they still end up shooting themselves in the other foot! All we need to do now is push the wheelchair bound industry down the stairs and be done with them! However, I suspect they will probably do this to themselves anyway so we can all just sit back and watch as the industry actually becomes the entertainment itself.

hardyharhar says:

The work around is so damn easy its a joke

AND what did the morons spend to get that made law? WHAT WASTE DID THE BROKE STATES OF AMERICA SELL YOU?

HARDY HAR HAR LOOKS GOOD ON THEM.
there all now nothing but a bunch a twisted sister lawyers form hell bent on global knowledge domination and guess what?

Mister poopy pants say you cant have it. OH say that to an american a day and watch em go postal ROFL.

Ryan Diederich says:

Its a great idea...

Although this isnt the end all solution to the ICE seizure problem, it is certainly a step in the right direction.

This makes it easy for the common layman to find seized sites. Install the add-on, and never worry again.

So they took down your favorite site, well instant redirect, you dont have to find the new server and change your bookmark.

MAFIAAFire (profile) says:

Hello!

Hi!
I’m the guy who made the website ๐Ÿ™‚
We did have help in the plugin code (a lot) so I cannot take credit for it myself (it looks nice on the site that way though…I did pay someone else for code), but I was the guy who had the idea.

Yes, a lot can be improved but it had to be _simple_.

For a pirate like me I can google, edit my hosts file and a lot of other tricks… these ICE blocks were not setup for determined guys like me but average Joe who has not idea what a hosts file is – and for the most part this is who we are targeting to install our plugin.
Better still if their tech pal/son etc installs it on their browser and forgets about it.

The reason we are not caching the “redirect list” is because if other countries (UK, Denmark) come up with a national block list it will only be as effective as the last time the user started their browser, but if we cache the list it can be blocked for days or more.

A future version would give the user the option of caching.

No donations so far so I just don’t have time to create the Chrome plugin or hire someone else or do any updates – but I do not regret time/money spent or creating this.

Over 7k downloads so far – and 13k hits to the index page.

Any questions, please email us from the site.
Cheers!

MAFIAAFire (profile) says:

Re: Re: Hello!

Hey!

7k is total downloads from our site and official mozilla add-on site.

It might be slightly lower as we count all redirects to the Mozilla site as a download.

E.g: If someone clicks on download (version 1) from our site we redirect them to the mozilla site and the counter registers it as a download; this assumes that that person will install the plugin.

G Thompson (profile) says:

Re: Hello!

Congratulations on a simple solution to a very troubling and controversial dilemma.

You might want to look at different subscription models though, sort of like how Adblock Plus does it, also look at alternate mirrors as well. Maybe organisations like the Pirate party in the EU, Wikileaks, Slashdot, even 4chan and other “underground” sites as alternatives to where the database can be accessed in the event (more likely than not) of the USG trying to make it in some way unlawful.

Talking about Wikileaks etc, you might want to place within your DB the wikileaks mirrors in the even that the USG (or even the BoA) has another coniption fit and tries to take it down again

waylay73 (profile) says:

aldestrawk, absolutely this solution is by no means perfect. As a security professional I would be disinclined to trust it. But what is important is that is shows just how pointless these ICE seizures are. They are grandstanding on behalf of media companies on the taxpayers dollar. They are wasting taxpayer money to buy headlines, putting in place easily circumventable restrictions that are doing nothing to stop downloading/streaming of copyrighted material.

aldestrawk says:

Re: Re:

I wouldn’t say all domain seizures are pointless. As a way of eliminating access to a web-site it is not foolproof and so cannot be the central thrust of law enforcement. ICE’s lack of due process is awful. Their use of domain seizure as a shotgun approach with resulting collateral damage is also awful. Finally, there is the very large issue of a single country mucking with a central component of the worldwide internet (DNS).
I was glad to see that in MafiaaFire’s response to my comment, they said they were limiting what areas the plug-in supports. The following is a list (from Wikipedia) of ICE’s responsibilities within “cybercrime” and are the categories for which ICE would use domain seizure.

* Possession, manufacture and distribution of images of child abuse.

* International money laundering and illegal cyber-banking.

* Illegal arms trafficking and illegal export of strategic/controlled commodities.

* Drug trafficking (including prohibited pharmaceuticals).

* General Smuggling (including the trafficking in stolen art and antiquities; violations of the Endangered Species Act etc.)

* Intellectual property rights violations (including music and software).

* Immigration violations; identity and benefit fraud

I assume that MafiaaFire is limiting their support to sites that only involve intellectual property rights. Is this true?
I think there is generally more support for domain seizures in most of those categories. Within each one there are controversial areas, however, with IP rights violations the entire category is controversial. Playing domain seizure whack-a-mole within the other categories might actually be useful but that won’t be the case for IP rights.

aldestrawk says:

Re: Re: Re:

A recent domain seizure, that was part of a post made on Techdirt yesterday, is the seizure of the domain names used for the Coreflood botnet. They seized the domains so they could legally use the domain names themselves to send their kill command. That has it’s own controversy but I am pointing this out to show that all domain name seizures aren’t for the same purpose.

aldestrawk says:

Re: Re:

I see two general security issues with this type of plug-in. Let’s suppose we can trust MafiaaFire. They say the code will be open source, so that makes trust easy. Even so, MafiaaFire will need to stay constantly vigilant to protect against being used for nefarious purposes not actually related to intellectual property. Mozilla checks their plug-ins to make sure they don’t do bad things. I spoke today with a manager at Mozilla who thought it was likely that their General Counsel would allow this plug-in to remain. However, Mozilla is not going to be checking the domain name replacement lists. Mozilla now has less control over ensuring their browser+plug-ins is secure. Additionally, if Mozilla allows this plug-in how can they be sure that a developer who offers a similar plug-in can be trusted? It’s a general mechanism that basically introduces a security vulnerability.

MAFIAAFire (profile) says:

Re: Re: Re:

I will attempt to answer your multiple questions spanning many posts in this one post, just repost any Q I may skip and you find important:

> I was glad to see that in MafiaaFire’s response to my comment, they said they were limiting what areas the plug-in supports.

Absolutely.
Kiddy porn peddlers are scum, we actually hope some will sign up so we can help trace them and get them some nice cell mates.

Medicine sites are bad because fake medicine harms people. There is no way to know which are the actual “canadian medicine” sellers so all are a no-no.

Replica sites… well, while we can sympathize with the ladies for not wanting to pay the crazy prices again, its hard to say which ones are decent sellers and which ones just want to rip off people with crap… so again a no-no.

Spammers – they need their nuts in a vice (personal opinion), you can take a guess if we will allow them.

Other than that, if you are getting censored… we are (almost always) there to help. Every site will be manually approved.

> Let’s suppose we can trust MafiaaFire. They say the code will be open source, so that makes trust easy.

Download our plug-in right now, rename it to .zip, open it in your fav zip program (winzip,7zip, winrar etc) see for yourself, we even left the comments as is to help you understand the scripting.

> Even so, MafiaaFire will need to stay constantly vigilant to protect against being used for nefarious purposes not actually related to intellectual property.

Thats why we have links on the plugin redirecting and on our site, our users can report a site at anytime and we do a check, any bad sites (both the main and redirected to site) gets blacklisted by us and can never come back.

> Mozilla is not going to be checking the domain name replacement lists.

Of course not, they cannot because it will keep changing. But also keep this in mind, people who download it are the ones who need to trust us, and nobody will download something like this without trusting us which is why we waited for TF to run the article before going live.

> Additionally, if Mozilla allows this plug-in how can they be sure that a developer who offers a similar plug-in can be trusted?

Because the people who use the plugin will not download from WeMayDirectYouToCrap.com
but I do get your point… it can be a bit hard.

ALL servers that supply the lists are ours (mine and friends/colleagues).
I’m a security guy (but don’t work for HBGary :P) security was high on our list

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...