Readit News logoReadit News
lemme_tell_ya · a year ago
> It has been falsely claimed that the measure undertaken by MCMC is a draconian measure. We reiterate that Malaysia’s implementation is for the protection of vulnerable groups from harmful online content.

That's how it _always_ starts out, the "its for your own good, trust me" excuse.

mensetmanusman · a year ago
Has anyone built the AI web browser yet? The one that redraws any image you might find offensive, rewords advertisements, and rephrases comments to be positive?

That would be cool?

dudeinjapan · a year ago
Startup idea #72831: Build "Nostalgia" browser which uses AI to convert every page to Web 1.0, complete with "Under Construction" banners and CGI visitor counters.
TacticalCoder · a year ago
> The one that redraws any image you might find offensive, rewords advertisements, and rephrases comments to be positive?

You're kidding but I've already toyed with using AI models to analyze browsers' screenshots and determining if it's likely phishing or not and it works very well.

krona · a year ago
I would call it Soma in reference to Brave New World.
talldayo · a year ago
BlueTemplar · a year ago
There have been a bunch of more or less jokey browser extensions over the years replacing some specific words by others.
AStonesThrow · a year ago
"Guys, I am just pleased as punch to inform you that there are two thermo-nuclear missiles headed this way... if you don't mind, I'm gonna go ahead and take evasive action." -- Eddie, the Shipboard Computer (Douglas Adams)
causality0 · a year ago
In the past I've had fun with extensions that randomize genders and ethnicities.
A4ET8a8uTh0 · a year ago
Hah. It is still early morning so I let my mind run wild for a while. I am not aware of any public facing projects that do that, but in my minds eye I saw polymorphic browser adjusting its code to meet the new AI web that is constantly in flux.

You want privacy? It stamps out any attempts at fingerprinting by attempting to be the most common browser (and config) out there, it spoofs any and all identifying data, it redraws pages without paywalls, without cookie notices and puts all pages in simple text output mode removing all other ads in the process, but keeps pictures for fora that use them.

You want 1984? It won't let you see anything that is not approved by the party.

Onwards, to our glorious future.

edit:

Valuemaxx edition. Store pages with discounts have bruteforced discounts found and added for maximum value.

It already is crazy. I can't even begin to imagine it being more crazy.

echelon · a year ago
This would kill Google if it caught on.
kylebenzle · a year ago
That is 100% what Facebook and Google are doing now with targeted ads and search results.

Most people already only see the web the way Google wants them to see it.

lincon127 · a year ago
Well, that sounds horrifying.

Deleted Comment

Dead Comment

zarzavat · a year ago
Malaysia famously banned the movie Babe because a talking pig might offend religious sensibilities. It’s a safe to say that freedom of expression is not a high priority over there.
fasa99 · a year ago
It's completely insane. "We have been blessed by the Lord above to have the superhuman ability to predict what will cause harm, please take our blessings onto you, we shall altruistically protect you from harm".

The whole precedent of the language is also insane. Imagine if words COULD in reality cause harm. Monty Python satirized the concept here: https://www.youtube.com/watch?v=Qklvh5Cp_Bs The "online words cause harm" is as absurd as that skit. Really the damage is in people claiming to have been harmed, emotionally, by a word, them wielding that as victim-power aka crybullying - that can translate into school/career/legal problems that are more of a quantifiable harm. Further, if words were so damaging, as Monty Python shown us, they would immediately be weaponized, the sensitivity to this topic is extreme hyperbole.

Since the premise of works causing harm is nonsense, the definition of harm is equally superfluous. Talk to any student council president or HOA president who only did it for the power, about some initiative they alone are driving against the wishes of the group, and you will find hand waves and sugarcoats everywhere, their selfish intent somewhat easy to see behind the well-sounding good-intending reasons. Politics at the national scale is the same exact game, just that the power hungry people waving hands are much skilled and experienced.

cebert · a year ago
It’s for the children! Don’t you love children?
chaostheory · a year ago
This is also coming from a country that’s implemented apartheid
vondur · a year ago
Malaysia has an apartheid policy?
1oooqooq · a year ago
"think of the children" is never out of style.

but remember we have this (widespread from 90s to 2010) to this day in the USA, and they don't even bother with excuses. just shove advertising and hijack searches right on your face.

google didn't force httpsdns on your browser for nothing. it was digging in THEIR pockets.

pipes · a year ago
Not exactly the same thing, as it isn't a law.
spacemanspiff01 · a year ago
Why does Google benefit from httpsdns?
protomolecule · a year ago
Every power can be used for good or for evil.
Aerbil313 · a year ago
No power used by humans exists in a vacuum. In the hands of human beings, most powers are heavily biased towards one extreme in the spectrum. Man doesn't shape the world with the tools of the time - technology shapes the world and the man.

Jacques Ellul and/or Ted Kaczynski might be a starting point on this matter.

happyopossum · a year ago
As a network guy, the fact that I can transparently redirect DNS on my network to wherever I need to is a nice feature.

As a user of the public internet, it feels like a bug.

As much hassle as things like DoH can be for securing and enforcing policy on a network, it’s about time it became ubiquitous enough that governments can’t leverage DNS for their own purposes anymore.

profmonocle · a year ago
> As much hassle as things like DoH can be for securing and enforcing policy on a network, it’s about time it became ubiquitous enough that governments can’t leverage DNS for their own purposes anymore.

A caveat of encrypted DNS is that it has to be bootstrapped via traditional, unencrypted DNS or via a well-known set of IPs. Currently, most clients using DoH/DoT use one of a small handful of providers. Cloudflare, Google, Quad9, etc. A motivated government could block those endpoints pretty easily.

Of course, a client using encrypted DNS could just refuse to work when encryption is blocked, rather than falling back to traditional DNS. But that could mean the client is unusable in the country implementing the block.

This sort of reminds me of when Kazakhstan announced they were going to MITM all TLS sessions within the country, and all citizens would need to manually install a root cert. Google, Apple, and Mozilla chose to completely block their root cert, so it would be unusable even if users chose to go along with it. https://en.wikipedia.org/wiki/Kazakhstan_man-in-the-middle_a... Seems like the browser devs won that political standoff, but would they fight the same battle if DoH/DoT was blocked?

zarzavat · a year ago
This is the way. Few governments have the resources to play cat and mouse with OS or browser devs. Just look at the fuss over manifest v3, it shouldn’t be a big deal - just fork chromium and patch manifest v2 back in again - but it is because there’s no “just patching” chromium, it’s like a train.
em-bee · a year ago
A caveat of encrypted DNS is that it has to be bootstrapped via traditional, unencrypted DNS or via a well-known set of IPs. Currently, most clients using DoH/DoT use one of a small handful of providers. Cloudflare, Google, Quad9, etc. A motivated government could block those endpoints pretty easily.

not if DNS is hosted on the same servers as eg google search itself. then they would have to block google search in order to block DNS.

Sophira · a year ago
> A caveat of encrypted DNS is that it has to be bootstrapped via traditional, unencrypted DNS or via a well-known set of IPs.

Unencrypted DNS also has to be bootstrapped by a well-known set of IPs. None of the current DNS propagation system would work if it wasn't for the hardcoded IPs for the root DNS servers at *.root-servers.net.

And, of course, end-user devices still need an IP to query for DNS, it's just that it's almost always supplied automatically via DHCP or similar.

klingoff · a year ago
If we make sure clients support proxies what are they going to do about all the proxies that may allow the DoH server list and may be the only way to do something else?
mcpherrinm · a year ago
As an infrasec person, DoH is great because we can config manage all the corp devices to use DoH servers run by the company whether not a device is on VPN. Good visibility into what devices are looking up, easy internal domains, and ensuring malware domains are blocked on and off network.

At least the companies I’ve been working for have a lot more laptops at coffee shops and weworks, and probably not on a VPN half the time either. DoH has been a way bigger win than a hassle for me.

chupasaurus · a year ago
If you have any Windows devices they are leaking DNS requests no matter the setup as long as they are getting DNS servers from DHCP that aren't yours.
sidewndr46 · a year ago
how would you ever get online at a coffee shop? Almost all of this use a captive portal that redirects DNS to some internal webpage making you click a button that says "I agree to your completely absurd terms and conditions"
inkyoto · a year ago
Even if DNS is redirected, where DNS lookup request goes to next depends on the next hop, which is – for the prevailing majority of the internet users – the ISP.

Deep packet inspection hardware appliances have proliferated in their numbers in recent years, they are cheap, the hardware is highly performant, and they are capable of the highly sustained throughput. Redirecting DNS queries in UDP port 53 to any other destination of choice is what they can do without blinking an eye (if they had one). Or dropping / blackholing it.

Only a VPN tunnel can get through, however modern DPI appliances can also scan for VPN and VPN-like signatures in the traffic and drop those, too. The only viable and guaranteed to work solution to resist the tampering with the traffic is a VPN tunnel wrapped into a Shadow Socks tunnel that obfuscates traffic signatures and constantly changes ports it operates on to avoid detection.

ikt · a year ago
Co-incidentally Mullvad recently mentioned they're fighting back

https://mullvad.net/en/blog/introducing-defense-against-ai-g...

ruthmarx · a year ago
DoH is sufficient to mitigate DPI.
buro9 · a year ago
DoH helps us against governments, but doesn't help us against advertisers, i.e. what stops Google or an app maker talking to their own DNS endpoint via DoH and avoiding local measures to block malware and tracking.

DoH is a double edged thing, advertisers are a more present and pervasive threat to most than their own government

chmod775 · a year ago
You could argue against seatbelts the same way: seatbelts can cause abrasion of the skin during everyday driving, which is a more present and pervasive threat to most than car crashes.

In both instances it turns out that the difference in magnitude of those threats makes the direct comparison misleading.

logicchains · a year ago
If by most people you mean most people globally, governments are absolutely a bigger threat; only a minority of the world's population live in countries with benevolent governments who don't censor the internet to hide the government's misdeeds.
dspillett · a year ago
> DoH helps us against governments

And bad ISPs⁰.

And a small subset of MitM attacks.

> advertisers are a more present and pervasive threat to most than their own government

That is true for me¹ but I'd not agree with "most" globally. And while stalky corporates and the people who will get hold of my data subsequently due to lax security are my main concern, there are other ways to mitigate them. Less convenient ways, sure, and I loose a security-in-depth step of ashtray using them anyway, but I consider that inconvenience for me² to be less of an issue than the more serious problems DoH might mitigate for others.

----

[0] some people don't have a simple "just go elsewhere" option

[1] relatively speaking: I don't consider my government that trustworthy, and will do so even less in future if the Tories get back in without major changes in their moral core, and I'm sure many Americans feel similarly if they consider the implications of Project2025.

[2] both as an end user wanting to avoid commercial stalking and as someone who sometimes handles infrastructure for a B2B company that uses DNS based measures as part of the security theater we must present to clients when bidding for their patronage

megous · a year ago
Community based FOSS OSes/distros stop all this and avoiding the corporate SW/services.
TacticalCoder · a year ago
> As a network guy ...

Then transparently redirect the DNS request from all your machines at home to your own DNS resolver (so that you're in control of what gets resolved and what doesn't, like malware, phishing sites, porn so that kids don't get to see that, etc.) and have your own DNS resolver use DoH.

But asking for browsers to "make DoH ubiquitous" (they would force DoH and DoH only) is not a good thing. It also probably would clash with corporate policies, so it'd make the browser picking that path unusable in corporate settings (leaving the corporate market to competitor browsers).

vFunct · a year ago
DoH won't solve redirects. DoH only gets you to a secure query, it won't help you if the government decides to give you a falsified query. For that you'll need DNSSec, which maintains a cryptographic chain of authenticity to the root DNS servers. And DNSSec is even more rare than DoH.
xnyanta · a year ago
DoH will prevent government from hijacking your query in the first place. These blockades are only possible because of DNS being clear text and suceptible to MITM
tsimionescu · a year ago
DNSSec is entirely useless here. The government has two goals here: block you from accessing certain sites, and perhaps prosecute you for the attempt. DNSSec does exactly nothing to help against either of these , even if perfectly deployed.

DNSSec can help protect from fraudsters or others that might try to transparently direct you to a different site than the one you wanted to access. But the government here has no intention of serving you a fake porn site, they want to stop you accessing porn and log the fact that you were trying to access it.

mfenniak · a year ago
DoH uses HTTPS; it solves redirects because you can use a trusted server, and not have the request intercepted and the response spoofed.
sublinear · a year ago
https://dl.acm.org/doi/10.1145/358198.358210

I don't really trust many DNSes and neither do many yet we all have few choices

The lack of MitM isn't much comfort

Neither are guarantees of the chain of trust

raverbashing · a year ago
Honestly I never got the backlash against DoH.

Sounded more like a kneejerk reaction and a meme for something that's an improvement. UDP at this day and age? Come on

AnthonyMouse · a year ago
The backlash against DoH is that the implementations switch your DNS server without asking to a centralized one which is presumably data mining the queries, default ignoring the one you configured in your operating system or DHCP server.

There is also nothing wrong with using UDP for DNS. And the latency can be better, and in this context that matters. The real problem is that the UDP DNS protocol isn't encrypted. But there is no reason it couldn't be, except that then nobody gets a new source of DNS queries to data mine, which is where the money comes from to push DoH.

kelnos · a year ago
My home router is running a (regular, port 53) DNS server that blocks requests to ads, scams, malware, etc. I have rules set up on the router so any port 53 traffic that tries to go to the public internet gets redirected to my router's DNS server.

A device on my network that decides to use DoH without my knowledge or consent gets to bypass all that. I can try to block a list of the DoH providers I know of, but I'm not going to get them all. And it's just regular HTTPS traffic on port 443, with nothing to distinguish it from someone accessing a website.

watermelon0 · a year ago
> UDP at this day and age? Come on

I assume this is a joke, since DoH3 (DNS over HTTP/3) uses QUIC which is UDP based.

Deleted Comment

Deleted Comment

blackoil · a year ago
Balkanization of the Internet is inevitable. As more and more people join it, there will be conflict between beliefs, values, and politics. Large markets like EU, India can keep companies aligned, but for smaller nations it will be easier to just selectively block global platforms and have local/compliant alternatives. China has shown it is possible and profitable.
wyager · a year ago
We were very fortunate to live through the aberrant time period in which there was a truly global data network. It feels almost like an inevitable fact of entropy that eventually the bureaucrats and petty fiefdoms would catch on to the existence of the system and demand their slice of the pie.
bamboozled · a year ago
"the cat's out of the bag" on internet censorship so to speak.
profmonocle · a year ago
I'm honestly surprised that the US doesn't have a legal framework to force ISPs to block IPs / DNS hostnames. I've been expecting that for 10+ years now, but it hasn't happened.
kelnos · a year ago
I think for the most part because it's not needed. Anything hosted on a .com, .net, .org (or any other TLD where the TLD's root DNS is managed by a US company) can be taken down with a court order. There's no need to involve ISPs.

In general they're not going to bother with IP blocking; once they've killed DNS, they're satisfied that most people will not be able to access it.

And for the most part, that's good enough. There's perhaps an argument that the US gov't should be blocking IPs/DNS of things like hacking rings and malware distributors that are hosted elsewhere, on TLDs out of their reach (where ISP blocking would probably be the only or at least best way), but they mainly only care about e.g. sites that threaten the copyright cartels, when it comes to legal takedowns, anyway. And for sites that host illegal content, they seem happy only prosecuting US residents who access them.

BillTthree · a year ago
The same government that divested DNS after owning it? For years, ALL DNS was run by the US government. They decided to hand it over to a handful of organizations so no one could control it. Now, it looks like we will all have different versions, the same activity can have hugely different outcomes.
anal_reactor · a year ago
It's because the US is so powerful they can take down any controversial website. See how literally all services with more than 10 users say in their terms of service "we don't want anything that might violate US law".
prpl · a year ago
intronet
grishka · a year ago
> pornography/obscene content (31 per cent), copyright infringement (14 per cent)

> We reiterate that Malaysia’s implementation is for the protection of vulnerable groups from harmful online content.

Who could possibly be harmed by pornography or, even more ridiculous, copyright infringement? Feels like a lame excuse.

Internet censorship in my country (Russia) started the same way — "we're protecting children from suicide and drugs", but for some reason you couldn't opt out of the "protection" as an adult. To no one's surprise, over time, more and more things to non-consensually "protect" people from were added. In the end, unless you stick exclusively with local services, Russian-language content, and government-owned media, the internet is utterly broken without a VPN, packet fragmenter or other anti-censorship solution. Popular VPN protocols are also starting getting blocked, btw. All for your own safety, of course!

abdulhaq · a year ago
imo millions of people, mainly young men, have been sexually, mentally and spiritually harmed by pornography
jope12 · a year ago
Malaysia is a Muslim country. Pornography is illegal. Homosexuality is illegal.
ronsor · a year ago
> copyright infringement

I deeply implore you to think of the stakeholders!

Shank · a year ago
> Websites are only blocked when they are found to host malicious content, such as copyright infringements, online gambling, or pornography

So I guess pornography is illegal in Malaysia?

I guess this is a great time for Malaysian users to switch to DoH.

Edit: Yes. Wikipedia:

> Pornography is illegal in Malaysia with fines of up to RM10,000 for owning or sharing pornographic materials

harrygeez · a year ago
I'm Malaysian. They even messed up DoH for the popular DNS providers like Google and Cloudflare. I think they are routing 1.1.1.1 to their own DNS, so when you try to connect to DoH you get SSL_ERR_BAD_CERT_DOMAIN. The only option it seems is to VPN or play the cat and mouse game now to find a DNS that hasn't been rerouted yet
defrost · a year ago
You might get some joy from using Portmaster (windows OS) and|or the Foundation for Applied Privacy

https://wiki.safing.io/en/Portmaster/App/DNSConfiguration

https://applied-privacy.net/services/dns/

There are non standard transports for DNS via non standard providers | DNS proxies - this tool and that foundation are a start.

eptcyka · a year ago
Are they rerouting traffic to port 443 and 853?
_ncyj · a year ago
Where are you? My DNS seems to work perfectly fine right now in Penang (with VPN off).

It’s sad that democracies are copying the playbook of China. Will definitely be using v2ray/X-ray while here

seungwoolee518 · a year ago
My country (Korea, South) is also prohibited to get pornography service. (And they also terminate TLS using TLS HELLO)

So, DoH should be work fine for now, but they'll (gov.) terminate HTTPS (or TLS) connection ASAP.

christophilus · a year ago
The only hotel I remember from my visit to South Korea (20 years ago) had a whole bookcase full of porno DVDs in the lobby. Were they just breaking the law in plain view?
38 · a year ago
You can spoof the TLS Hello since at least 2021
HeatrayEnjoyer · a year ago
> My country (Korea, South) is also prohibited to get pornography service.

Why? I've never heard of a non-Islamist nation banning content as benign as porn.

CAP_NET_ADMIN · a year ago
Countries always fighting the most important battles :eyeroll:
stackghost · a year ago
Porn is just the justification. It's easy to find something repugnant on whatever streaming video site and then start with the "protect the children" nonsense.

The real issue is always control.

RandomThoughts3 · a year ago
Backward countries being backward. The main flaw of modern liberal societies is that parts of them have stopped believing that liberalism is indeed progress. All hail the moral police and long live cultural relativism or whatever its currently trendy post-structural reconstruction is.
aussieguy1234 · a year ago
In this case, the "malicious sites" that the government approved DNS providers block almost certainly includes life saving LGBT resources. It will not stop there however, expect anything anti government to be blocked. Democracy does not have a good track record in Malaysia.

Of course there are still ways around this. Use a good VPN like Proton.

This is still for sure going to be copied by authoritarian regimes worldwide.

csomar · a year ago
Malaysia doesn't have a stellar democratic record but it's still a democracy. Also, a stellar democratic Malaysia will still vote for this. Don't confuse Democracy with Liberal values.
aussieguy1234 · a year ago
Whatever they vote for, if uncensored information is not available, they are not making an informed decision and are likely only hearing one sides arguments.
seydor · a year ago
Also dont confuse elections with democracy

Deleted Comment

Dead Comment

Dead Comment

ekianjo · a year ago
democracy as a word means nothing at all. there are democracies in Europe where its fine to jail people for what they write online.
markdown · a year ago
It sounds like you just don't know what it means.

> there are democracies in Europe where its fine to jail people for what they write online.

And? You seem to believe that a democracy refers to a bundle of freedoms that you personally believe everyone should have. Democracy means governance by the will of the majority. If the majority want people to be jailed based on their writings or speech, than that's what happens in a democratic country.

chgs · a year ago
Same in the US too.

Dead Comment

kelnos · a year ago
> This is still for sure going to be copied by authoritarian regimes worldwide.

I think that ship has sailed. Malaysia certainly isn't the first to pull this.

dyauspitr · a year ago
What could possibly be “life saving”? On the scale of things, it’s a relatively moderate Islamic country so the best you’re going to get is if you’re gay and keep it quiet, no one is really going to bother you.
aussieguy1234 · a year ago
PreP is near 100% effective at preventing HIV. For sure I could see access to information about PreP or other HIV prevention methods being blocked by an overzealous government.
becquerel · a year ago
Awareness and acceptance on LGBT matters can have a big impact on suicide rates.
potamic · a year ago
Quite plausibly, mental health resources. I assume connecting with like minded individuals and communities can go a long way in helping you understand yourself and reconcile your differences with broader society.

Deleted Comment

praptak · a year ago
Trans people suicide rate increases if they are left without help.
andai · a year ago
Surprised VPNs are legal in Malaysia. Usually censorship and blocking VPNs goes together.

Dead Comment

Dead Comment

hunglee2 · a year ago
The tension between borderless internet vs national sovereignty is one of most important meta-conflicts occurring in the world today. What can be critiqued as draconian authoritarianism on one hand, can be defended as digital sovereignty on the other.
protocolture · a year ago
authies always fall back on appeals to sovereignty why would fucking with the internet be any different
BlueTemplar · a year ago
And those that look down on national sovereignty are suspect of being shills for imperialism (whether they realize it or not), which is an even worse kind of authoritarianism.
kazinator · a year ago
Maybe the time to start a grassroots network for exchanging giant /etc/hosts files.
boredhedgehog · a year ago
It wouldn't have to be giant. Ideally, it would just include those entries that are censored for political reasons sorted by location.
diggan · a year ago
> It wouldn't have to be giant. Ideally, it would just include those entries that are censored for political reasons sorted by location.

I think you're underestimating the amount of stuff being blocked everywhere. Even in Spain where I live the list of blocked domains would be pretty big already, and it's just one country.

OONI gives a good overview: https://explorer.ooni.org/

Deleted Comment

sulandor · a year ago
the dns-block block-list

loving it

rty32 · a year ago
Only meaningful if you are on a desktop machine with root privilege (which most people here do have on their personal machines)

You really need a solution that works on every platform for everyone, which isn't easy.

Even for VPN like apps, well, they aren't allowed on China's Apple app store. Fortunately you can switch to a different store, download the app and switch back, and Android users can just sideload an apk as usual. But that's enough to show how complex this is.

(Another reason I absolutely hate Apple's walled garden.)