DreamlandLividity @ DreamlandLividity @lemmy.world

Posts

1

Comments

586

Joined

2 yr. ago

without either sparking a cyberwar or building something like the great firewall of China

You obviously have no idea what you are talking about. America does not have any more or less of an ability to forge certificates compared to Europe.

Not wanting to live in a surveillance state is not religious, it's common fucking sense.

Progress towards what? People migrating to equally scummy Amazon and Microsoft? What possible progress could blocking google bring, that it would be worth people potentially going without paychecks because accounting sw was not working. Or being unable to access services because they register with gmail they can no longer access. Factories shutting down because their logistics tracked everything in a google spreadsheet they can no longer access and have no backup.

Not to mention people who could outright die if some hospital software somewhere relies on some google service.

So we come full circle. The government having the ability to impersonate a site is exactly what I believe must not happen.

If the EU wants to create search.eu or any other search site, more power to them. I certainly wouldn't use it, but hey, if you want to trust them, you can.

If they want to block google search... Eeeeh... I guess that is fine?

But they shouldn't be able to create a fake certificate for google.com or any site for that matter, not only allowing them to impersonate the site, but also intercept encrypted traffic between users and that site.

So no. Governments should not control the TLS infrastructure.

What does that have to do with TLS?

What "normal solutions" are actually in progress with any real potential of happening?

Fines.

Besides, your solution is in progress or "has better chance" of happening? Wake the fuck up.

Meanwhile what insane doomsday scenario do you think would happen if Google services were banned

Google runs 12% of all cloud services through google cloud. Yes, I expect a "doomsday scenario" if you just shut that down.

and people had the given period to find alternatives?

Sure, give people and companies 5-10 years to migrate and it will probably be fine in terms of chaos, though I would still be very interested to know how many billions of € would the migration cost.

Even more reason to have relatively neutral organizations transparently curate the list of trusted CAs. While I am sure governments also closely monitor the process and would step in if they deemed it a threat.

When looking at the relative difference between cost of your solution, it's benefits and cost of normal solutions, yes. It is extremely similar.

But go ahead nitpicking my exact choice of comparison instead of addressing the glaring issue with your argument.

That is like saying standing up to authoritarianism is extremely necessary, while proposing to drop nukes on Russia. There are 100 better ways to do it.

Unnecessary chaos

No. At the end of the day, I control which certificates I consider valid. Browsers just choose the defaults. There is no way I quietly let some government usurp that power, considering how easy to abuse it is.

Yes I mean tls certs as those control what dns records are considered valid.

No they don't. That is not what TLS really does. But I guess close enough.

The whole argument was about blocking search only, considering the damages suddenly completely blocking google would do. Yes, you can block google data centers completely, but dude, would that cause chaos.

A better approach though is to fine Google,

I said that multiple times already.

What? What do you mean "DNS space"? Classic DNS does not have any security, no encryption and no signatures.

DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.

And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.

Yes, I mentioned that in a comment deeper down. And even before that, just fine them. Chances are they will pay and if not, you can probably seize some bank accounts.

I am not trying to say Google can afford to completely defy the EU, just found it interesting how hard it is to block just google search specifically.

PS: Also mentioned in a burried comment, there actually is a way for ISPs to block google, since DNS over HTTPS is not enabled by default yet in browsers I think. I forgot this since I enabled encrypted DNS like 8+ years ago for myself and just assumed people also have it by now.

Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won't even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).

In addition, google will also be on HSTS preload lists, so it won't work even if you never visited the site.

They probably also could just prevent EU companies and branches from buying google ads directly. Vast majority of ads is geo-located, so there would be almost no ads to show in the EU.

Demanding the ISPs to block traffic to Google domains would be quite effective.

Filter it based on what? Between ESNI and DNS over HTTPS, it shouldn't be possible to know, which domain the traffic belongs to. Am I missing something?

Edit: Ah, I guess DNS over HTTPS isn't enabled by default yet.

The backup is usually a different server from the same DNS provider. E.g. google has 8.8.8.8 as primary and 8.8.4.4 as secondary. Plus the backup doesn't even always work on Windows.

Also note, it is not browsers but operating systems that do primary DNS. Browsers may use DNS over HTTPS for security and privacy instead of the one in the OS, but that usually requires the OS DNS to resolve the address of the DNS over HTTPS server, since it is considered a security feature built on top of classic DNS instead of replacement.

PS: Don't get me wrong, EU could definitely block google.com sooner or later. It just wouldn't be as easy as usual. The real risk is if Alphabet stops offering all of its services, chaos ensues. Companies unable to access their google spreadsheets. Services and data hosted on google cloud lost. People protesting lack of youtube...

And even if Alphabet doesn't do that, I expect a lot of issues just with google being unavailable and most people not even knowing there are other search engines. It's really going to be last resort to try blocking google, I expect fines or some such.