Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Looking for logs (just the domains) for censorship research

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Looking for logs (just the domains) for censorship research


Chronological Thread 
  • From: Frank Minder <frminder AT yahoo.com>
  • To: "discuss AT lists.opennicproject.org" <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] Looking for logs (just the domains) for censorship research
  • Date: Wed, 5 Mar 2014 11:28:19 -0800 (PST)
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=bJ5iTKRYFPGd0LZU8RS+QNbbfkrtTuxuwRzP5qxCp0jPOV1qIw8oktBHisLR+N6KwssF2svpa0o7KlTbdcWbK0GSmmxaG0B4oYO0QvOyEZktdmRKcONHuvgaC47O6Ao658thBTJTFa4TNVykCOo0nzDkNK093FtohFo3Mdqtmh8=;

wow, I am deeply sorry to cause(?) such a fight on this mailinglist. Of course this wasn't my intention. I didn't hack Alejandros server and I am not from the NSA either :)

At first I really want to thank Alejando for providing his data. Running the dominios.txt against the current blacklist results in 8,3% of the list recovered. If I run the dominios5.txt against the list I can recover 16,82%. Both lists together result in 22% recovered. I already had most of those entries, but 2 domains were new to me, so again thank you very much Alejandro! This is exactly the data I was looking for.

Regarding the security and privacy implications of distributing this data on a public mailinglist I am not sure what to think. On the one hand very similar data is available as I already mentioned (alexa, quantcast, zone files...) and I am really just interested in the domains, not the IP addresses of the requester or other personal info. On the other hand DNS queries might provide data which was not meant to be openly available. I haven't thought about this before, but now when I look at the data I can construct cases where personally identifiable information is included. As Guillaume already mentioned there may be some private domains on the list. It looks like some websites may use some kind of session ID as a subdomain and others make up a subdomain out of a search string, for example. Furthermore many users of OpenNIC are especially aware of privacy and security issues, so it makes sense to be extremely careful with this data. Alejandro, please take down the files on the webserver.

Again, I am sorry for the trouble, I'd like to thank Alejandro for helping me with my research and it would be awesome if other DNS operators could follow his lead and provide their data as well (off list of course ;)). If you send the domains privately I don't see very big issues.

If you'd like to calculate the hashes by yourself just send me an email so I can reply with the instructions. I'd prefer to get the raw data however, since I can't ask you to calculate the new blocklist every few weeks and setting up the tools and bringing the domainlists in the right format takes quite some time.



On Wednesday, March 5, 2014 6:03 PM, Alejandro Bonet <albogoal AT gmail.com> wrote:
More about the data:

No times. No client ips. No server.
Not exahustive and all data of everytime...
Only domain names...
Perhaps inexistent ones...
Many web pages publish similar data...

Perhaps it must be hidden to the public: No body knows what kind of
malevolous plans have
some people, and what can do with these data to destroy civilization...

But: If someone in this openninc list ask for it, i suppose it is
subscribed to the list.

And if he gives some information about what he is doing with these
data, and the information
seems legitimate, i try to help him.

And if i give the data directly to him, perhaps its worse than to
publish it here.

Of course, i know any dns operator can get these raw data: we all know
it is very simple.

But i like transparency: If prefer to give it to him and to ALL the
list at the same time.

Perhaps im wrong. I dont know.

But i think "the blood will not reach the river"...
(This is a literal translation of a spanish phrase to say "it is not
too much important"...)

Alejandro Bonet
albogoal AT gmail.com


2014-03-05 18:42 GMT+01:00, Alejandro Bonet <albogoal AT gmail.com>:
> Well:
>
> Coming to this point i have another completely baseless theory (not an
> accusation):
>
> Perhaps, Frank is a NSA agent trying to attack and to hang opennic.
>
> By the moment, he got to create an intense controversy here...
>
> And perhaps i'm the fish bitting the hook...
>
> But it seems Frank dont write too much to the list...
>
> Alejandro Bonet
> albogoal AT gmail.com
>
> PD: Im really interested in watch whatever he can say...
>
> And i thank Guillame think my english is not as bad as i can think...
>
> Also i thank everybody to show me, perhaps it was not a good idea to
> dump these data...
>
> My english is better than five minutes ago, but i cant stop end each
> phrase with suspension points...
>
> ;-)
>
> Please, smile a little: You will not be better computer technicians or
> human persons if you dont smile...
>
>
> 2014-03-05 18:24 GMT+01:00, Alejandro Bonet <albogoal AT gmail.com>:
>> Im waiting for Frank.
>>
>> I need to know if the data is useful for his pourpose or it is only "true
>> shit".
>>
>> I think he would must to explain more about this issue in technical
>> terms,
>> and with some links to understand "The menace" he is fighting...
>>
>> Alejandro Bonet
>> albogoal AT gmail.com
>>
>> PD: I'm not the enemy of anybody.
>>
>> I allways try to help if i can, but it seems many times i get the
>> otherwise...
>>
>>
>> 2014-03-05 18:15 GMT+01:00, Alejandro Bonet <albogoal AT gmail.com>:
>>> Jeff: An accusation needs an accusated.
>>>
>>> Who is that?...
>>>
>>> All the email list?...
>>>
>>> Im sure my english is not the best.
>>>
>>> If someone has been offended by my bad english, i ask for excuses to all
>>> them.
>>>
>>> Perhaps im unfriendly for many people here.
>>> But, please, dont look to my form.
>>> Look to my bottom.
>>>
>>> Alejandro Bonet
>>> albogoal AT gmail.com
>>>
>>>
>>> 2014-03-05 18:08 GMT+01:00, Alejandro Bonet <albogoal AT gmail.com>:
>>>> Yes Guillaume: I almost agree with you:
>>>>
>>>> "Domain names are public. The list of every domain queried on a
>>>> particular server is not."
>>>>
>>>> But i dont said which server.
>>>> Also i dont said it was the entire list of every domain queried to
>>>> that unknow server.
>>>>
>>>> OK?
>>>>
>>>> Please: If you dont like the proposal of Frank (to ask us about public
>>>> domain names to get
>>>> the hashes and, perhaps, fight against some program invented by
>>>> someones to censor the internet trought DNS, or decipher it to
>>>> contribute to a better free internet, or to denunce publicly the
>>>> someones trying to censor), please say it to Frank.
>>>>
>>>> I understand the Frank question.
>>>> I answer it as i can.
>>>> I dont know his motivations, but they seem honest.
>>>>
>>>> As it seems, Frank does not follow this list with the same frequency
>>>> as you or me.
>>>>
>>>> There are lots of web accesible listings of domain names.
>>>>
>>>> Thats all.
>>>>
>>>> Alejandro Bonet
>>>> albogoal AT gmail.com
>>>>
>>>> PD: Nova King, i dont understand why you are offended by my suggestion
>>>> that "perhaps some bad guys are listen this email list"...
>>>>
>>>> It is only "a theory"...
>>>>
>>>> If true, no matter with you or me... We can do anything to avoid that.
>>>>
>>>> And Guillaume has again another reason: It is completely baseless.
>>>>
>>>> But also it is completely baseless to mantain in absolut terms that
>>>> "all the subscriptors are proved good guys"...
>>>>
>>>> I think that most of them are good guys, in fact im sure of that...
>>>> But perhaps not all.
>>>>
>>>> And i think we need to remember that allways...
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 2014-03-05 17:47 GMT+01:00, Guillaume Parent <gparent AT gparent.org>:
>>>>> The list of domains queried on a DNS server is not public until the
>>>>> operator of that DNS server makes it public. Stop implying otherwise,
>>>>> because it is factually wrong.
>>>>>
>>>>> Domain names are public. The list of every domain queried on a
>>>>> particular
>>>>> server is not.
>>>>>
>>>>>
>>>>> On Wed, Mar 5, 2014 at 4:41 PM, Alejandro Bonet <albogoal AT gmail.com>
>>>>> wrote:
>>>>>
>>>>>> I dont know if the word shit (you likes it so much) have the mean i
>>>>>> think...
>>>>>>
>>>>>> I dont "acusse the list" at all, as you say.
>>>>>>
>>>>>> I only say maybe there are some bad guys listen it.
>>>>>>
>>>>>> The data is public or PUBLIC (if you dont like caps, it's your
>>>>>> problem).
>>>>>>
>>>>>> The data is collected from google, which is public, and dns queries
>>>>>> trasversing all the internet
>>>>>> in clear. Frank says he has collected amounts of these data from
>>>>>> other
>>>>>> public sources.
>>>>>>
>>>>>> To post these data into this semipublic list for subscriptors dont
>>>>>> make "more public" the
>>>>>> data.
>>>>>>
>>>>>> Alejandro Bonet
>>>>>> albogoal AT gmail.com
>>>>>>
>>>>>> PD: But you have reason in one thing: It was bad idea to post the
>>>>>> data...
>>>>>>
>>>>>> Because perhaps now, i cant stop your SHIT verborrea!
>>>>>>
>>>>>>
>>>>>>
>>>>>> --------
>>>>>> You are a member of the OpenNIC Discuss list.
>>>>>> You may unsubscribe by emailing
>>>>>> discuss-unsubscribe AT lists.opennicproject.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org





Archive powered by MHonArc 2.6.19.

Top of Page