[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks
it would only be fair if swisscom declare their offer not to be "internet" but some "protected network connectivity including part of the internet". At least then the end user can decide. I don't think their concept is compatible with net neutrality otherwise. And you can not opt-in or opt-out if you are not aware. > On 23 Apr 2024, at 12:30, Marc SCHAEFER via swinog > wrote: > > Hello, > > On Tue, Apr 23, 2024 at 10:04:14AM +0200, Stefan via swinog wrote: >> But you know that it is already daily business that Swiss ISP's are blocking >> websites? > > One of the example you give was voted by the Swiss people (Casino blocking). > ISP have no say in that matter. Some countries go way further in blocking > "content" (as was mentionned on the list earlier). > > But here, we are discussing additional security measures that some ISPs, > including Swisscom, are taking: Swiss people did not vote yet about blocking > malware. > > And Swisscom also blocks / intercepts / redirects SMTP for quite a few years > now, for end users. On port 25 (not on 587 nor 465 AFAIK). I think they are > pretty unique in that aspect (other ISPs usually simply block incoming > port 25, they don't AFAIK filter out outgoing). > >> Use other DNS-Servers if you want to be "free", but accept the risk. > > That could be a solution: an opt-out. It *seems* to me that Sunrise, e.g., > actually even offers an opt-in, as their firewalling service is usually > valued at 5 CHF/month but in essence free to the end user (not sure what it > really does) and can be refused when ordering. > > In my opinion, the most important thing is that the blocking be documented to > the end-user, even on every month's invoice, and that opt-out (or opt-in) be > offered for everything that is not compulsory by law. > > Have a nice day. > ___ > swinog mailing list -- swinog@lists.swinog.ch > To unsubscribe send an email to swinog-le...@lists.swinog.ch ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
[swinog] Re: Swisscom DNS issue: spectrum-conference.org wrongfully resolves to a bluewin address in swisscom mobile networks
I disagree. Its not swisscoms role to censorship the internet. Even if the idea might be honorable, to keep the bad guys out, the machinery put in place is resulting in something which will be abused for political agendas. Given swisscom is state owned, the risk is even higher. Its a risk to democracy you should not under estimate. Maybe you are too young but you should read George Orwells 1984 to see where this is going. I have been an indirect victim of a blocking which costed me 10 years in court case and legal fees of half a million stacking up. You can not imagine what political blocking can do to your business. And here we have swisscom put a machinery in place that politicians can just ask for it by the clock of a button. Now dont tell me they will not use this powerful weapon one day agains someone they dont like their political views of. Totalitarian states do it already up to certain extent (Russia, Turkmenistan, US, Iran, middle east, Turkey...) > Am 23.04.2024 um 11:34 schrieb Daniel Stirnimann via swinog > : > > >> >>> Yes, I understand the technical issues. And yes it's ugly. But do you have >>> a better solution? >> Swisscom should stop tampering with DNS, as it does not work, and is no >> solution to the problem. > > I disagree, Swisscom still misses a lot of phishing and malware websites. I > would like them to be way more aggressive. Their support staff has to deal > with calls from infected customers. They might as well try as good a possible > to prevent it from happening in the first place. If you belong to the <0.1% > of people who want unfiltered DNS, just run your recursive resolver. > >> Part of the problem is that the user doesn’t get an error message at all, >> and then mails us „hey, your website is down“. > > Eventually, web browser will show better responses for none resolvable domain > names e.g. by utilizing Extended DNS Errors (RFC 8914). > > EDE has code points for filtered or blocked DNS responses. Until web browser > care more about DNS, I advice to be as verbose as possible when you block > something. > > For example, make the DNS output more verbose so that at least administrators > realize why a domain name is blocked. Swisscom could have used a CNAME in the > answer section to blocked.swisscom.com and they could also add an additional > section with a SOA indicating the origin of the blocking. The RNAME field > could be their report false positive email address and so on. > > Daniel > > ___ > swinog mailing list -- swinog@lists.swinog.ch > To unsubscribe send an email to swinog-le...@lists.swinog.ch ___ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch
