The protocol claims to allow people to get around censorship by letting them look up DNS names anonymously. It doesn't matter though because you will still be seen connecting to the actual web site.
The ISP can block websites by more ways than just blocking DNS lookups. DNS just gives you the IP address to connect to. If ISP's want to block access to a website, they can just firewall the IP's, any remotely competent admin knows this.
The problem is that instead of "trusting" (I use the term loosely) some authoritative ISP DNS or any of the commonly used ones like googles 8.8.8.8, you will be using whatever DNS the app maker supplies. If you install an application, and it also modifies the certificate authorities on your computer or phone, the application can now possibly hijack all the DNS queries from your computer and since they have a Cert Authority installed also they can proxy/decrypt all of your SSL traffic.
I don't think we are better off with every sneaky little app maker putting up their own DNS in a closet and pointing it at whatever they fancy at the moment.
view the rest of the comments →
libman ago
We need multiple DNS mechanisms and metalink-style links / bookmarks between sites. If the target site is down, you try mirror locations (including through Tor, Namecoin, etc), and then the last static snapshot via IPFS/etc as a last resort.
We also need better automated Web archiving mechanisms (like archive.fo but decentralized and dumped to common storage like IPFS). They would then try blocking by checksum, but won't be able to due to crypto.
allahead ago
It's really hard to get started securely. You basically put all your trust with the certs that come with the OS or browser.
Sites change so often, checksums become a popularity contest. If you control DNS and Cert Authorities (CA's) you can masquerade as anyone.
Do you think blockchain could be tied to DNS someway to make it decentralized and authoritative? At some point you have to eyeball the bits or throw your hands in the air and say good enough i guess.
libman ago
You got two types of entities on the Internet: anonymous and public (aka self-doxxed).
I'm in the latter category. My name is Alex Libman (born 1981/10/19 in Moscow, USSR; now living in Lakewood, NJ, USA). I've already paid the price for telling the truth online - now I am free. No one can impersonate me online for long, because real people in the real world can meet me. Maybe it'll become a trend to wear a printed QR code of your latest IPFS checksum (linking to all your other stuff) on your t-shirt or something. My meatspace identity would be pretty much impossible to fake.
If you wanna be anonymous, on the other hand, your security is only as good as the math behind the crypto, and the assumption that governments don't have trillion-dollar quantum super-computers than turn that crypto to jelly...