39c3 talk about this tomorrow (in German, but usually available with English translation) https://fahrplan.events.ccc.de/congress/2025/fahrplan/event/...
What a handy list the Germans have prepared
For those wondering: it's DNS blocks, so only affecting those using ISP DNS.
Interesting. UK ISPs have had a similar block/filter list for many years (mostly covering copyright-infringing torrent websites and the like). But it’s more robust than a simple DNS block. A VPN can bypass the block, but changing DNS providers will not.
Worth mentioning NextDNS and ControlD under this! I migrated from the former to the latter about six months ago, but both are a solid choice.
I am curious why SNI-based block isn't used.
Shhh, don’t give them ideas
It won't be relevant in a couple years when 90% of sites will be using ECH, meaning the SNI will be encrypted as well.
Using ECH on its own doesn't stop this, firewalls can see it and mangle the data to force a downgrade because most servers need to support older protocols. It's more accurate to say that once sites only support ECH, then they'll be forced to stop downgrading or deal with angry users.
An excellent point!
Yes, any given domain name (or as non-technical people would think about it, "website" -- any website) could be "blocked" (re-routed to a non-functioning IP, claimed to not exist, other DNS error or malfunction, ?, ???) at any level of DNS (ISP, Local, Regional, Country, ?, ???)
A question your statement so excellently potentially suggests, is:
What's the true extent of the block?
Is it merely a DNS failure -- or are inbound/outbound packets to an IP address actively suppressed and/or modified to prevent TCP/IP connections? (i.e., The Great Firewall Of China, etc.)
You have "Bad Faith Actors" (let's not call them "governments", "countries", "nation states" or even "deep states" -- those terms are so 2024-ish, and as I write this, it's almost 2026! :-) )
Observation: Let's suppose a "Bad Faith Actor" (local or nationwide, foreign or domestic) attempts to block a website. They can accomplish this in one of 3 ways:
1) DNS Block
2) TCP/IP Block, i.e., block TCP/IP4/6 address(es), address ranges, etc.
3) Combination of 1 and 2.
#3 is what would be used if a "Bad Faith Actor" absolutely had to block the "offending" website, no ifs ands or buts!
But... unfortunately for them (and fortunately for us "wee folk"! :-) ), each of these types of blocks comes with problems, problems for them, which I shall heretofore enumerate!
From the perspective of a "Bad Faith Actor":
1) DNS Block -- a mere DNS block of a single domain name is great for granularity that is, it targets that domain name and that domain name alone, and something like this works great when a given company's products and services are directly tied to their website as their brand name (i.e., google.com being blocked in China), but it doesn't work well for fly-by-night websites -- that's because a new domain name pointing to the old IP address can simply be registered...
2) TCP/IP Address / Address Range Block -- The problem with this approach is that while it is more thorough than a simple DNS block, it may also (illegally and unlawfully, I might add!) block legitimate other users, websites and services and businesses which share the same IP or IP address range!
Think about it like this... A long time ago, all of the mail traffic for AOL (America Online), about 600,000 users or so, was coming from a single IP address. Block that IP address, and yes, you've stopped spam from the single user who is annoying you, but you've also (equal-and-oppositely!) blocked 599,999 legitimate users!
So "Bad Faith Actors" -- are "damned if they use the first method, and really damned if they use the second or third methods"... the first method is easily circumventable for non-brand name dependent websites and web services, while the second and third methods risk causing harm to legitimate users, sometimes huge amounts of them... which should be illegal and unlawful by any country's legal standards...
In other words, Countries should read their own sets of laws(!) before contemplating Internet blocks on their Citizens... :-) And not just one country either, all of them!!! :-)
Anyway, an excellent point!
Very thought stimulating -- as you can see by my ramblings! :-)
So it is a collection of the best pirate sites?
It is to me, faved.
Pretty much, yeah. Those they can't get to despite efforts.
Let me write those down, to be sure no to go there by mistake.
But it is not legally required, and at least my smaller German ISP doesn’t seem to care.
I use an o2 DSL connection in Berlin. The domains I tested seem to resolve fine. And you can of course configure an alternate DNS. Which apparently I didn't yet on my new laptop. So, that is fixed now. Mostly that's just a performance fix. Operator DNS tends to be a bit slow to respond and it's nice to get back a few milliseconds. But I also don't mind my operator not spying on me.
Of course I also use Firefox so mostly that just bypasses the system DNS entirely and uses dns over https.
Which one is that?
I would be interested in paying a bit more if the ISP is better. In the Netherlands we always had xs4all, nowadays sorta morphed into freedom internet, which was started from a hacker magazine and kept the spirit, fighting surveillance and censorship while offering regular ISP services and then some. I'm not aware that Germany has such a thing so any step in the right direction would make me switch if I can get it (should be fine if it's available via Telekom's public network, we're currently on a virtual operator as well)
and here for Magenta Austria https://blog.magenta.at/internet/sicherheit/netzsperre/
So there are only 295 domains censored? Seems like a lot of them of streaming sights breaking copyright/license agreements. Has to be a small fraction of those such sites alone.
related:
December 2024, 31 comments - https://news.ycombinator.com/item?id=42457712
This reminds me of a screenshot I saw where someone told chatgpt they stumbled upon a piracy website and wanted a list of other websites to avoid hahaha
I have never visited these kino domains, but I assume that’s just some piracy entity. Yet it’s quite impressive how many various domain names they bought! What for? Is it to avoid those blocks? Or is there any more reasons?
mostly to avoid the blocking. Those streaming sites used to be extremely popular here in Germany because there was an entire cottage industry (Abmahnanwälte) that used to pester uploaders with legal threats.
Not sure what the state of it is now given that commercial streaming replaced a lot of both.
I know a few more, for example demonoid. This list is just a sunset. Inb4 "actually it's not Germany censoring. It's the ISPs"
I thought demonoid was dead dead?
And now I am really interested in what Anna might have in that archive of her's
For example soon to be released 300TB Spotify music library dump.
Honestly makes it look like legislation with "sponsorship" from the film industry. I had expected much shadier stuff or those overrun with malware to protect users, not like 90% illicit streaming.
There is no legislation here. CUII is a private organization that generates lists of domains that contain copyright violations. ISPs voluntarily choose to block those.
Voluntarily under threat of prosecution under existing legislation if they don't.
> or those overrun with malware to protect users
The anti-malware companies won't lobby government to block malware as that would cut into sales of their anti virus/malware.
Germans are mostly chill but if you start torrenting copyrighed content or even watching illegal streaming they will eat your face and drink your warm blood.
I knew about torrenting, due to the problem of redistributing copyright material. But pure streaming? Are you sure that is illegal in Germany?
No, it’s not. Friend of mine was doing it on regular basis and only stopped because he got Amazon Prime subscription and didn’t need to anymore.
There were attempts at legal bullying, but mostly with aim to humiliate the victim as the correspondence contains the full titles of porn videos.
German authorities, not Germans.
It's mostly certain law firms employed by copyright owners.
Famous (in Germany) example: https://de.wikipedia.org/wiki/Frommer_Legal (use auto-translate, it's German)
German Wikipedia was taken down twice (for "privacy", not piracy though). Still "illegal information". In the latter case about a former Stasi worker turned leftist member of parliament.
https://www.theregister.com/2006/01/20/wikipedia_shutdown/
The German Wikipedia site was taken down by court order this week because it mentioned the full name of a deceased Chaos Computer Club hacker, known as Tron. A Berlin court ordered the closure of the site on Tuesday after it sided with the parents of the German hacker, who wanted to prevent the online encyclopedia from publishing the real name of their son. A final ruling is expected in two weeks' time.
https://web.archive.org/web/20090129160045/https://cyberlaw....
By virtue of an interim injunction ordered by the Lübeck state court dated November 13, 2008, upon the request of Lutz Heilmann (Member of Parliament – “Die Linke” party), Wikipedia Germany is hereby enjoined from continuing linking from the Internet address wikipedia.de to the Internet address de.wikipedia.org, as long as under the address de.wikipedia.org certain propositions concerning Lutz Heilmann remain visible.
Sometimes it feels that the only reason for German "privacy laws" are former Nazi and Stasi officials hiding their past.
Those all live in South America though
Germans yes, the gov with their over-regulation not
Anna's Archive and Sci-Hub. So despite their facade the German government is just as draconian as the US.
The government or even courts are not involved with these blocks.
The main complaint about these blocks is that they are managed and decided on by private companies and _not_ by the government / law.
Despite what facade?
The frequently repeated keystone lie that Europeans have equivalent or greater rights, freedoms, and protection from authoritarianism than Americans, which is and has always been objectively and completely false.
Citation? Every democracy index I've ever heard of rates most of Europe as more democratic than the US. (Eastern Europe will typically be rated lower, all of the former USSR states seem to be struggling with various degrees of corruption or similar problems)
The most commonly used index for example:
Well according to press freedom indices many European countries and the US are quite similarly ranked. Some countries better some countries worse.
Some countries have stronger institutions against dictatorships than others but unfortunately we have seen that even the US isn't immune and that slides auch as in Poland and Hungary are possible.
There is always hope that things can turn around (as in Poland even though the road is hard and there are setbacks)
Well, when fascists are in power, paper won't help anyone. But at this point, as a European I enjoy enumerated human and civil rights from multiple constitutions and several international treaties, which are directly enforceable by courts at the state, national, and European level.
The human and civil rights guaranteed by the US constitution are a complete joke in comparison, and most of them are not guaranteed directly constitution, but by Supreme Court interpretation of vague 18th century law that can change at any time.
Is it draconian that piracy sites aren't resolved by some ISPs' DNS?
Is it draconian if no Government entity is involved? And the penalty is unavailability?
I thought draconian implies that the punishment is much too high in relationship to the crime.
Maybe the whole affair is more dystopian rather than draconian: ISPs block access to media even though no law or government asked them to just so they have less hassle with rightholders.
> German government is just as draconian as the US
this is called "disinformation"
I honestly cannot tell if this is serious, or irony, or even meta-irony.
If I understand it right, then OP likely believes that Germany has a draconian regime when it comes to freedom of speech (which is objectively just ridiculous give or take some German nuances).
OP thus wants to make fun of those (such as me) who are puzzled by a statement that Germany could be considered a draconian state with regards to freedom of speech. It is hard to engage OP because he likely isn't German and has no personal knowledge and experience at all if any of his speech would be censored in Germany. Calling OP disinformed maybe isn't quite correct, maybe misinformed would fit better.
They are considering banning the largest opposition party, are using wiretaps and informants against it [1], have banned (ban since lifted) a magazine [2], and opened a criminal investigation into someone calling a fat politician fat online [3]. They are openly planning even worse [4] (if you dislike the author, keep in mind every claim is sourced, so take it up with the sources).
[1] https://www.aljazeera.com/news/2024/5/13/court-confirms-germ...
[2] https://www.dw.com/en/germany-compact-press-freedom-right-wi...
[3] https://www.foxnews.com/media/germany-started-criminal-inves...
[4] Germany announces wide-ranging plans to restrict the speech, travel and economic activity of political dissidents, in order to better control the "thought and speech patterns" of its own people - https://www.eugyppius.com/p/germany-announces-wide-ranging-p...
> They are considering banning the largest opposition party
Liar.
Some demand it - but it is not considered by those with the power to actually do it, not even close.
Largest opposition party?
It's a neo nazi terrorist group with a political wing!
There are 9 main parties in Germany, AfD doesn't even make top 10…
Your comment is like saying the US is shooting political dissidents, and then referring to Al-Qaida or ISIS.