Attack on NYTimes.com Shows Limits of DNS Blocking (a Remedy from SOPA)

by Ali Sternburg on August 28, 2013

Remember how the New York Times website was down yesterday?  While that might have deterred some people from reading the Times (perhaps encouraging them to go out and buy the paper in print, or leading them to get their news from a competitor like the Wall Street Journal which dropped its paywall in response), others visited the New York Times site by navigating directly to their IP address, 170.149.168.130.  The Times’ IP address can easily be found using a search engine, and many people were tweeting it.

The Times’ domain name registrar, Melbourne IT, was attacked by the Syrian Electronic Army (SEA), leaving the domain name server offline.  The content was still available on a server at the 170.149.168.130 IP address; only the nytimes.com domain name no longer pointed to it.  So users could navigate to the IP address directly, and access content that way.

If this sounds familiar to you, perhaps it’s because Domain Name System (DNS) blocking was part of the original draft of SOPA.  DNS blocking was suggested as a remedy to take entire allegedly infringing foreign websites down, but yesterday demonstrated that people can still navigate to sites through their IP address, even when domain name servers are offline.  This is consistent with a major critique of the DNS blocking during the SOPA debate: that it wouldn’t even work.  Some SOPA supporters had argued in response that “it would be a mistake to assume, as some of these network engineers have, that the average Internet user has the above-average technical skills necessary to do this.”  But yet, people did yesterday.*  If people want to access a website, they can figure it out pretty fast, and without needing any significant technological skills.

When the Times site was down over an internal IT issue on August 14, the paper disseminated stories by publishing them as Notes on their Facebook page.  This time, they directed people to news.nytco.com, which appears to be a Times mobile site.  The Times was able to rely on other outlets to share the news with the public.  Thus, interfering with DNS draws attention, but it doesn’t prevent people from accessing content (which they can do by going to a site’s IP address), or content providers from disseminating it in other ways (which they can do by continuing to publish on their IP address, and by taking advantage of other domains they own, and other external platforms).  Taking a site down through a DNS attack (or through law enforcement using DNS blocking as a remedy) inconveniences people, but it doesn’t effectively censor content.  While yesterday’s DNS attack by the SEA drove attention to the attack (seemingly achieving the SEA’s goal), DNS blocking does not appear to achieve the IP enforcement goal of stopping copyright infringement.

*It is also relevant to note that even if you navigate to nytimes.com from the IP address, however, it doesn’t replace all of the links on the site, which all still begin with “nytimes.com.”  So to read an individual article, you’d have to replace the “nytimes.com” at the beginning with “170.149.168.130,” which is kind of a hassle.  But it’s an option, if this were to happen again, to the Times or to another site.

Previous post:

Next post: