discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Should we have a vote on .bit ?

From: Jonah Aragon <jonah AT opennic.org>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] Should we have a vote on .bit ?
Date: Tue, 4 Dec 2018 13:38:12 -0600
Arc-authentication-results: i=1; mail.opennic.org; auth=pass smtp.auth=jonah.aragon AT opennic.org smtp.mailfrom=jonah AT opennic.org
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=opennic.org; s=dkim; t=1543952303; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NRlDhFuTNBX468f4CJzARCjX6oCe/ohffCl86AqycfI=; b=HOBn3KiEAOAKrOGRhr/gR9mTJJsYqLVmYmO7EyUFDdu8RrFP4LlxnCCbkOZNFCACZTMPrg FGiAUMM6mi13Qgvso9TZgsJHaxAGjmv7H/58S4f+JIP5UW4oKNwlhGjCMlIXBX8zzaK6t9 RvFzMXZDTxwtc3wl0sIgXbHhTCQ8M+wESYrrgO5PWL8+0Z/Ycilkg/Pc2Er/EnpbkYYI0G sGcR3G4mq+YWwSX+S1+bOC/rLzH6tKiMf7ZSGsw5hYTSorfg8g4ToHGDq999ebDMdanEg5 axRKxMEvLZELCWGiR06li5UavDA65rg6nH7PesCXhFUbd0eFm5Fp+fRDvFhJcg==
Arc-seal: i=1; s=dkim; d=opennic.org; t=1543952303; a=rsa-sha256; cv=none; b=SKHKb1NBYlBcEsoK+2XwdNtd89LyXhIDfqIBvZ26gIi3oN0X3x9oaDRw+1Ei/yRtNbV4QAz+4ExPd7t4AABl7A/EcNRh6aJcbZphZVeKSibo4NtPUincepGm1U5fQ5LHWg5KrNbyclzaL2DdJ1pPMpFSEMGQ3ZlHoFpzABB5hedsBF0mRaUuqurpf7O3i8P+MLywDqZ/bocVR3/5bwgTANwsmMs9lifpgby0iOw5i+v4d9TAXZL6QTb3f0E4OOU8OHjhukCisnAAJG2Hf68Tpcl0vVnnqIMU44R10EkTiPYrHT1jPsfCOX25vbGwTrfWjsbtuYGed1Iqd0kMaiVcpg==

Good points. While I do currently operate the .bit peering bridge (ns9), I’m
not really a huge fan of their operation and would be fine with unpeering
their services if the community agreed.

Regarding law enforcement, I am not a lawyer, but I believe that from a legal
perspective we couldn’t be held responsible for the content you mention for
the same reason the Tor Project and ICANN aren’t responsible for illegal
content on their networks. It would be a different situation if we were
hosting said content. It however, seems very possible to me that law
enforcement could coerce us or individual Tier 2 operators to begin logging
user queries, which would be a troubling development. Of course, they could
require us to do so anyways for content related to anything on OpenNIC
domains, not just bit, but that’s the scenario that might worry me more.

One thing to consider potentially in favor of keeping .bit, is that I know of
at least one cybersecurity firm using OpenNIC to find and sinkhole C2
(botnet) related domains on the .bit network. I received an email from a
security researcher at MWR Labs (https://www.mwrinfosecurity.com/), which
appears to be a part of F-Secure, regarding our .bit peering. I didn’t really
do that much verification, but they do look like a legitimate entity and
SPF/DMARC tests passed on the email I received, so I have no reason to
believe he wasn’t a legitimate security researcher. It’s possible that if we
remove .bit, we could hinder some operations in that space.

Jonah

> On Dec 4, 2018, at 12:34 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
>
> Over the past year .bit domains have started being used as malware hubs due
> to their anonymous nature. Since there is no way to contact the owner of
> those domains, it creates a backscatter effect and a number of people
> running public T2 servers have seen domains blacklisted, emails blocked,
> and shutdown notices from their providers.
>
> As an example I've recently been trying to track today why one of my
> domains was being blacklisted by malwarebytes, and was provided this link:
> https://www.hybrid-analysis.com/sample/9226d08158c1536dfa7c4f15bbed9fd6b0d6e59880eeaae2143e9025436123a0?environmentId=100
>
> If you scroll down near the bottom to the memory forensics, you'll see a
> list of what I believe are DNS servers that this virus was using. I also
> recognize several other entries in there, including some from .fur.
>
> We know that spamhaus is also blocking IP addresses based on resolving
> certain .bit domains, and there is no telling how many others may also be
> blocking based on this sort of information. The one common thing about all
> of these malware scanners is that none of them have the courtesy to so much
> as send an email to abuse@domain to let you know that a problem was
> detected (one of my own pet peeves, that they claim to be trying to protect
> the internet but don't give the victims a chance to fix the problems).
>
> We've already seen plenty of malware spread across .bit domains, but there
> is one other possible scenario to consider... What if law enforcement were
> to take up the same stance as the malware scanners? There is the
> possibility of child pornography also being spread across .bit domains, and
> since the owners of that content cannot be found it could come back to us
> (opennic) as the responsible party for making that content more easily
> available on the internet. I'm not saying this HAS happened, just that it
> is worth considering as a worst-case scenario.
>
> So I want to ask if anyone else feels a need to call a vote on dropping
> .bit specifically, and/or consider a resolution to not peer with groups
> which have no ability to hold a specific party responsible for the content
> of their domains. Yes Opennic is supposed to be an open platform, but keep
> in mind that by providing .bit domains we are directly responsible for the
> creation of a whole new class of malware.
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

[opennic-discuss] Should we have a vote on .bit ?, Jeff Taylor, 12/04/2018
- Re: [opennic-discuss] Should we have a vote on .bit ?, Jonah Aragon, 12/04/2018
  - Re: [opennic-discuss] Should we have a vote on .bit ?, Daniel Quintiliani, 12/04/2018
    - Re: [opennic-discuss] Should we have a vote on .bit ?, Mikhail Elias, 12/05/2018