Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Egypt does something similar. They do "soft blocks" where a site they don't like will be sporadically blocked and unblocked on different ISPs, on-and-off. Visitors of that site learn to expect that the site may or may not load when they try to access it, so they bleed away and just stop trying to access it.

And the government can just say they're not blocking anyone and that it's ISP-related technical issues.

Source: am originally from Egypt and my previous startup, an independent news aggregate, is suffering this fate.



Routing traffic through a giant cdn like cloudfront + eSNI + encrypted DNS should finally put a stop to that.


Followed promptly by the rubber hose, because technical tricks are not a solution to jack-booted thugs.


I mean, they are in the case where the trick applies equally to everybody and there’s no single person who can be rubber-hosed to put a stop to it. (Cloudflare wouldn’t be an example of this, but IPFS would.)

Secret-ballot elections are a good, clear example of a “technical trick” that works out for real political effects. You can’t rubber-hose people into voting for you, if you can’t know where to spend your resources; and you can’t know where to spend your resources, if you can’t spy on the polls. So every individual poll just needs to choose to set up the “technology” of secret ballots (voting screens, ballot boxes, separate sign-in and vote steps, etc.) and, in aggregate, your attempt at manipulation will be stymied. And you can’t just shut down the people who make (voting screens, ballot boxes, clipboards and lists, etc.) because all those things are easy DIY projects with no monopolist producer†.

† This is an under-reported reason why we shouldn’t be using voting machines. They put us in the precarious situation where there’s a centralized supply-side to secret-ballot elections, that could be choked off by a nascent dictator.


"Secret-ballot elections are a good, clear example of a “technical trick” that works out for real political effects. You can’t rubber-hose people into voting for you.."

That's an easy one to solve with a rubber hose and a bit of politics: Get people to approve vote-by-mail. Just scream at any opponent that he's suppressing votes and don't mention any reasonable non-mail related alternative solutions to that.

Once there's sufficient voting by mail (make ballot access difficult if it's not popular enough), you can directly apply all the things you mention by controlling USPS.


Is this something site owners themselves can set up, or does it require that users use a special client or special DNS config? If you have any links, I'm sure a lot of people reading this thread would really appreciate it.


The CDN (Cloudflare etc) is something the sites set up. Encryption of DNS happens on the users’ side, but I believe it’s something browsers are starting to enable by default.


sorry for the late follow up.

the idea is your connection to an unwanted site has to be singled out before it can be throttled.

AFAIK website connections can be singled out by:

- unique server IP (countered by sharing server IP with many -> CDN)

- Server Name Indicator (countered by encrypted SNI)

- DNS (countered by encrypted DNS, eg. DNS over HTTPS)

They'd have to throttle the whole CDN.

eSNI and DNSoverHTTPS are on their way to be included in every major browser.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: