The protocol claims to allow people to get around censorship by letting them look up DNS names anonymously. It doesn't matter though because you will still be seen connecting to the actual web site.
The ISP can block websites by more ways than just blocking DNS lookups. DNS just gives you the IP address to connect to. If ISP's want to block access to a website, they can just firewall the IP's, any remotely competent admin knows this.
The problem is that instead of "trusting" (I use the term loosely) some authoritative ISP DNS or any of the commonly used ones like googles 8.8.8.8, you will be using whatever DNS the app maker supplies. If you install an application, and it also modifies the certificate authorities on your computer or phone, the application can now possibly hijack all the DNS queries from your computer and since they have a Cert Authority installed also they can proxy/decrypt all of your SSL traffic.
I don't think we are better off with every sneaky little app maker putting up their own DNS in a closet and pointing it at whatever they fancy at the moment.
view the rest of the comments →
libman ago
We need multiple DNS mechanisms and metalink-style links / bookmarks between sites. If the target site is down, you try mirror locations (including through Tor, Namecoin, etc), and then the last static snapshot via IPFS/etc as a last resort.
We also need better automated Web archiving mechanisms (like archive.fo but decentralized and dumped to common storage like IPFS). They would then try blocking by checksum, but won't be able to due to crypto.
allahead ago
It's really hard to get started securely. You basically put all your trust with the certs that come with the OS or browser.
Sites change so often, checksums become a popularity contest. If you control DNS and Cert Authorities (CA's) you can masquerade as anyone.
Do you think blockchain could be tied to DNS someway to make it decentralized and authoritative? At some point you have to eyeball the bits or throw your hands in the air and say good enough i guess.
Horrux ago
Personally I would love to see a DNS blockchain.
handsignals ago
the thought of how slow it would be makes me want to puke. blockchain is the answer to nothing(for most use cases), because its prohibitively slow. to make it faster defeats its purpose (proof of work).
Horrux ago
Well you wouldn't "MINE" DNS entries. DNS entries would be IN the blockchain and browsers would access that constantly-audited blockchain for DNS entries. A blockchain is secure because millions and millions of users are also auditors.
handsignals ago
i didn't say you would mine dns entries. but the look ups in the block chain would be too slow to be acceptable, look at all the blockchain apps out there for storage now, they are far too slow at retrieving data, this is because the number of host nodes is too low and they end up serving a ton of requests. unless millions of people are running a client, the network would be prohibitively slow, and even if there are millions running the client, it will still be slow in comparison to traditional dns.
Horrux ago
All right, you have a valid point. You'd have to have all users host a node and that won't happen.