Sony's Legal Attack on Quad9, Censorship, and Freedom of Speech
quad9.netThe fact that they are going after a single DNS resolver instead of directly going after the site hosting the content is a huge red flag. If Sony wins, it does not solve this specific copyright violation claim for Sony because the content is still available and resolvable through all the other DNS resolvers online. It just sets legal precedence that corporations can assert arbitrary censorship through third parties by claiming copyright infringement.
> It just sets legal precedence that corporations can assert arbitrary censorship through third parties by claiming copyright infringement.
This is already the case though. Copyright monopolists already can DMCA anything out of existence. Their accusations are assumed to be true based on "good faith" and other people are required to bend over backwards to take content down. Nobody is going to spend time and money fighting bullshit claims, they're just going to comply and move on. Which means these monopolists have de facto censorship powers.
Sony in particular is very well known for abusing the legal system and their wealth to drive competitors out of business. They can afford to burn the money of their enemies by forcing them to fight frivolous lawsuits. If I remember right, they destroyed two commercial PlayStation emulators with bullshit lawsuits where they lost in court but won in the market.
IANAL but doesn't DMCA only apply in USA, whereas this case is taking place in Europe, and would thus provide legal precedent in some European jurisdiction?
The US Trade Office publishes a literal naughty list of countries that aren't playing nice with its intellectual property laws. Full of language such as "stakeholders" too. Corporations literay use the might of the US government to police their imaginary property across the globe.
Don't underestimate these monopolists. My country regularly makes it to this list. I remember some MPAA asshole coming here to push his agenda being met by journalists asking him why this should be a priority in a country without universal basic sanitation. Now we have increasingly regular IP enforcement. One such operation made national news a few days ago.
Could you provide a link to the "naughty list"?
Yes, here's the 2022 PDF:
https://ustr.gov/sites/default/files/2023-01/2022%20Notoriou...
Quite a useful list of naughty websites in there too...
USA successfully enforces its laws everywhere https://torrentfreak.com/how-the-us-pushed-sweden-to-take-do...
The DMCA is the US’s implementation of the 1996 WIPO copyright treaty, which almost the entire developed world has ratified.
The EU also has implemented even worse takedown laws and is currently fining and suing its members for not following their regulations on them.
> The fact that they are going after a single DNS resolver instead of directly going after the site hosting the content is a huge red flag.
This point is tremendous. The intention is outright censorship, and using among the most obvious ways possible. It means that a company, and then government and political entities, can force their will and censorship on all DNS resolvers for whatever reasons. It clearly won't stop at Quad9, but be used as a precedent, to exert near full control and censorship on the web as they see fit.
It's also a set up, for an obvious next stage, in which such companies and government entities will be able to force which DNS resolvers ISPs and users will be legally able to use in the future. Because if they win, they will then create measures to enforce compliance. That can mean, which DNS resolvers are used, because they are or are not compliant.
> ...does not solve this specific copyright violation claim.
The point of such companies and entities is to ignore user rights and to centralize their control, for their profits. This includes forcing their policies and politics anywhere on the planet.
They don't want to have to prove their case directly. Rather they wish to simply be able to make a claim or push that simply the possibility of copyright infringement is enough, so as to exert censorship on 3rd parties of limited resources who won't be able to fight back.
Hi. I'm on the board of the Quad9 Foundation, if anyone has any questions about all this. But, by and large, the folks commenting in this thread are saying about what I would: when Sony goes after the DNS, AND NOT the site hosting what they say is infringing, it gives you a pretty clear picture of their goals.
What could realistically happen if Quad9 just ignores this?
If I am not mistaking you are based in Switzerland, while Sony sued in Germany. For me the legal system is honestly a little bit of a mystery when multiple countries are involved, and it is hard to follow due to how many different rules can apply.
If Quad9 were based in the US, it could just ignore the whole thing. But then, if Quad9 were based in the US, it wouldn't have happened in the first place, because any US court, particularly the US District Court for Northern California, which is the jurisdiction Google and Cloudflare are in, would have thrown it right out.
But Quad9 moved from that same jurisdiction in Northern California to Switzerland, and three days later, Sony attacked. Because of something called the Lugano Convention.
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CEL...
The Lugano Convention is a spectacularly ill-conceived treaty that allows plaintiffs to go jurisdiction-shopping in _any_ signatory country, even though it has no connection to either plaintiff or defendant, and then have the judgment enforced in _all_ signatory countries, even if it contradicts the national laws of those countries.
Unfortunately, Switzerland is a Lugano Convention signatory, as it Germany. So although Swiss law is clear that Quad9 is in the right, and that was actually just tested and upheld by the Swiss supreme court a couple of years ago, that doesn't matter, because the Lugano Convention takes precedence over national law.
Which is why people tend to get pretty upset about these kinds of treaties. The Trans-Pacific Partnership (TPP) was a similar sort of deal, which the US did _not_ sign, since it was so widely protested.
https://en.wikipedia.org/wiki/Trans-Pacific_Partnership
But, to get back to your specific question, if Quad9 were to just ignore this, Sony would go back to the court in Germany, and get some sort of finding that Quad9 was maliciously failing to comply, it would get damages, and it would request Swiss law enforcement to extract those damages from Quad9. Swiss law would not be able to protect Quad9, and Swiss LE would be obligated to act on Sony's behalf. At that point, Quad9 could only continue to exist by relocating its headquarters to a non-Lugano-Convention signatory country. When we evaluated national legal regimes for privacy protection, Switzerland was best, the Netherlands second-best, and Iceland third-best... All three are Lugano signatories, unfortunately. I'm not sure where we'd wind up, but it would be a huge blow for privacy.
Yeah, I was wondering this too. What makes Quad9 such a special DNS resolver that Sony is picking on you and only you? What about Cloudflare, or Google, or literally every ISP? Why not just tell Sony to go fuck themselves?
One wonders if Quad9 has its own ulterior motive here, because none of the other DNS providers seem to care, and I find it difficult to believe Sony isn't trying to sue them too.
They don't want to pick a fight with Cloudflare or Google, because they have deep pockets, and doing so can clearly backfire on them in multiple ways. Where if they pick on easier targets, they then can get the courts to back their censorship, and use that way to force legal compliance by all DNS resolvers. It's a strategy of a bully or predator, where they see a weakness that they can exploit.
Additionally, many DNS resolvers don't turn over records or anonymize. Which doesn't help such companies when they make a claim. These type of companies want the courts to help them to completely destroy the possibility of user privacy or any protection of rights, as it pertains to any claims that they might make. They want to be able to force 3rd parties and DNS resolvers to be compliant to their policies and profits.
Start with a small company to establish precedent, like patent trolls do.
Wasn't Quad9 started by IBM? The title of the launch post was "IBM Quad9" [0]. This doesn't seem like a small company.
If anything maybe the reason Sony started with Quad9 is because Quad9 is already a censoring DNS resolver, since by design it censors malware domains, and Sony is saying "well then you should censor copyright infringement too."
Nope, Quad9 was not started by IBM. It was an internal project of PCH, started in 2014 in response first to European privacy regulators who were being lobbied by Google for a one-off exemption for 8.8.8.8 in the run-up to GDPR implementation; then in 2015 a number of cybersecurity organizations were contacting us to do another (we'd built several global recursive resolvers before, while nobody else had done more than one, so it was reasonable for people to be coming to us for more) that did malware/phishing/tracking blocking. Since if we did two separate ones, people would have to choose between privacy and security, we decided to just roll the two projects into one. Because it was public-facing, in 2016 we spun it out into its own separate non-profit originally called "CleanerDNS." From past experience, we knew that a memorable IP address was crucial. We were working with APNIC, and they got us a good v6 address, but then, depending on your mood, we were either sincerely flattered, or tortious interference happened, and so we had to try for other of the other easy-to-remember ones. My friend Jeff Jonas was, at that time, an SVP at IBM, and stepped up and got us 9.9.9.0/24. That process started in July of 2017 and IBM's sponsorship wasn't publicly announced until November of 2017.
Quad9 is a public-benefit not-for-profit. Our purpose is to improve privacy and security. What else did you have in mind?
Quad9 is special in that it's the only recursive resolver of any size that's not headquartered in the jurisdiction of the Northern District of California federal courts. All three others of the "big four" are, and Quad9 was until it moved to Switzerland so as to be bound by criminal privacy law, and to get out from under USG data-collection requirements.
But Quad9 is _not_ the only one being attacked by Sony. Sony has already won against Cloudflare in other venues, but that's a much easier target.
https://www.musicbusinessworldwide.com/italian-court-orders-...
https://dimitrology.com/cloudflare-wants-to-eliminate-moot-p...
Quad9 doesn't sell hosting services to pirate sites, so has no connection with the alleged infringers. Which is the point of all this. Quad9 is being attacked _because_ it has no relationship with infringing parties. If Sony can establish a precedent that Quad9 can be forced to censor, then that precedent is, in principle, applicable to all parties. Firewall manufacturers. Operating system publishers. Wifi hotspot manufacturers. Open-source software authors. Etc.
What are “USG data-collection requirements” please?
What were the specific URLs that sony asked you to block?
What will the next legal steps taken by quad9 be?
How can we help?
The most important thing is to raise this to the level of legislation and national policy, so courts are clear that uninvolved third parties, particularly non-profit operators of core Internet infrastructure, cannot be conscripted to the private benefit of companies like Sony.
In the short term, of course, donations to the legal defense fund always help:
https://www.quad9.net/news/blog/sony-s-legal-attack-on-quad9...
Thanks.
In the UK we've had ISPs being forced to block sites for a while.
Fortunately, it provides a handy list of providers to use with your VPN. e.g. https://www.virginmedia.com/help/list-of-court-orders
They didn't even have to legally mandate it, "suggestions" were made that certain particularly rabid newspapers would start publishing damning articles about which ISPs weren't filtering out paedophile material. Filters were essentially in place as far back as ~2007.
This sounds like the same argument used when sites went after PirateBay for hosting pointers to content, even though they never hosted the content itself.
Truth is offending a copyright monopolist is a crime unto itself. The law will bend over backwards to make sure anyone "circumventing" their will is punished.
Quad9 already blocks content they don't like... they just call them threat feeds.
Edit: not that that's a bad thing, but it's disingenuous to say you're for free speech, and then block some websites and cry when you have to block others.
Never half ass two things, whole ass one thing.
There is a substantial difference between being forced to block some sites, and choosing to block some. You know this, it's not disingenuous in the slightest.
Especially when this sets precedent and others will have to follow suit. I can choose not to use Quad9 if I don't like who they choose to block/what filters they use. That stops being a possibility when all DNS providers are forced to block anything that could be viewed as copyright infringement.
> That stops being a possibility when all DNS providers are forced to block anything that could be viewed as copyright infringement.
That already exists today with ISPs. Don't like it? Run your own internal resolver pointed at the root servers.
It sure does, and many dislike it ever happened which is why they're also trying to fight this. Surely you understand precedent.
>Run your own internal resolver pointed at the root servers.
Any tutorials on how to do this?
Wanting yourself, not others, to decide what you say is not disingenuous at all, that’s what free speech is.
I do think there’s a problem with economic and government pressure causing individual speech decisions to coalesce into emergent extralegal censorship, but surely just revoking free speech isn’t the way to fix that.
IMO the first step to take down a website from the internet should be the domain registrar and hosting provider, if you are a big company or just a normal guy that thinks this page violates xyz. It is very easy to find out the domain registrar and it may work to just a write a simple email, without the need for a lawsuite. And if they don't do what you think would be right, you *could* start a lawsuite with *them.*
Finding out the hosting provider *can* be easy, but sometimes it is impossible (cloudflare, etc). But even then looking up where the traffic goes is not that hard and writing them a simple email is also not that hard. Again, if they don't do what you think would be right, you *could* start a lawsuite with *them*.
Maybe they have done that and they both didn't comply, but why are they now fighting with a DNS resolver? This doesn't solve anything, anyone can still access that site, if they use another dns resolver or do the recursive resolving themselve.
Absolutely not. The domain registrar does not own my server and they should have nothing to do with what's on it. DMCA notices should be issued to me, and if I ignore them I should be sued. If I lose the suit then an order should be issued to my hosting provider to take my server offline.
You're right that the domain registrar does not own the server but they do however own the domain which you point to your server. The domain registrar reserves the right to retract their domain if its misused such as pointing to illegal content. What counts as illegal content is sometimes vague but thats another issue in itself.
I do agree with your sentiment that the DMCA notice should be sent to the site first but in the end, hosting providers and domain registrars still have some rights and policies which you have to comply with.
some rights and policies which you have to comply with.
Correct, but determining whether the content on my server is illegal is the province of a court, not my registrar, and certainly not some asshole lawyer who has no liability for false takedowns.
> but they do however own the domain which you point to your server.
Not necessarily. .at domains are owned directly, the registrar is only a service provider handling the process.
I assume that for most other TLDs this will be different.
Tried Quad9. Torrent sites blocked. Removed Quad9 and switched back to Cisco (dnscrypt was a requirement). I cannot tolerate censorship when I'm a grown up adult. I'm 90% sure this is Quad9 choice and not influenced by Sony.
Searched a bunch of (popular) torrent sites and some of their proxies on https://www.quad9.net/result and they are all unblocked. Which ones got blocked for you?
You could also use Quad9's unsecured DNS to check if it was blocked by their list or if something else was going on.
You were probably using their filtered resolver.
Try dnscrypt-ip4-nofilter-pri
Huh?
$ dog thepiratebay.org. a @9.9.9.9 A thepiratebay.org. 5m00s 162.159.137.6 A thepiratebay.org. 5m00s 162.159.136.6 $ dog eztv.re. a @9.9.9.9 A eztv.re. 5m00s 104.31.16.120 A eztv.re. 5m00s 104.31.16.9 $ dog yts.mx. a @9.9.9.9 A yts.mx. 5m00s 104.31.16.9 A yts.mx. 5m00s 104.31.16.120You can run your own resolver
Doing so is usually pointless. Either your ISP isn't evil, in which case there's no need since you could just use theirs, or your ISP is evil, in which case they'll hijack all of the recursive queries that your own resolver would need to make.
Note: you can run your own resolver not at your home machine
If you have a suitable machine to do so, then couldn't you just tunnel your DNS traffic through it and out its default resolver, without having to run your own?
The question would be why bother with 3rd-party resolvers in that case?
NB I have a slightly different setup - I run Unbound locally and route DNS requests through the 'suitable machine' on VPS over VPN established by my LAN router. I considered moving the resolver there but didn't yet found the setup what would be usable for me when I would be out of my LAN. Opening my resolver to the whole world is the way to be a part of the bot relays for DDoS attacks, so this is out of question.
What if root servers just take it down? Retract the domain registration, etc.
> What if root servers just take it down?
Root servers only control the mapping up to the TLD. That is, they for instance know the nameservers for ".br", but they know nothing about the nameservers for ".com.br", or about the domains below that. If your domain is "example.com.br", the nameservers which could "just take it down" are the nameservers for ".com.br", not the root nameservers. In the same way, the root servers are completely unrelated to domain registrations (other than pointing to nameservers which know about them).
Then noone could resolve it, including Quad9, CloudFlare, Cisco, Google etc.
Your resolver can resolve any domain to any IP.
As long as it’s a static IP and the server is still there, you’d still have access as long as you had that mapping.
Don't fuck with people's IP revenue stream unless you want to be slapped with felony contempt of business model charges.
I’ve never heard of quad9 before. Sounds cool. Anyone using them?
I use them as my upstream DNS provider for pihole. I've only run into a few cases where I've had to switch to something else because their anti-malware DNS results was overzealous. I don't recall the specific cases.
I use it too. It's pretty good. Despite being relatively unknown, there's some big partners behind it like IBM.
Given that IBM owns 9, it would have to have IBM behind it!
I was using Quad9 until they had infra issues where latency skyrocketed from ~40ms to an unstable ~250ms... soon after I noticed that the routing was changed to another country with a latency of stable ~70ms.
A DNS resolver in another country breaks several things for me such as Wi-Fi Calling and certain CDNs that do not support EDNS Client Subnet, so I'm using Cloudflare Gateway DNS (DoH) for the time being.
Yeah, DNS over TLS using unwind on OpenBSD - never had any problems with their service.
Have been using them for years, never had a single issue.
Using them since they started. No issues.
Yep for everything, since ~5 years.
This is another DMCA take down, with lazy judges imposing their ignorance on those they can impose it on and not the criminals.
Sony should be going after the web hosters, but then Sony have a history of interpreting the law their way when they included a Rootkit on CD's [1].
Similar situatians can be seen here: https://news.ycombinator.com/item?id=34952313 https://news.ycombinator.com/item?id=34659768
Maybe Quad9 needs Pirate Bay's lawyers, if this isnt a subtle revenue generating exercise? https://torrentfreak.com/pirate-bay-proxy-defeats-polices-gi...
[1] https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
> This is another DMCA take down, with lazy judges imposing their ignorance on those they can impose it on and not the criminals.
The court location has specifically been chosen because of its friendliness towards copyright holders.
Sony is not being lazy or stupid here, but malicious.
DMCA in Germany?
Developed countries have DMCA copycats. For Germany see 97a https://www.gesetze-im-internet.de/englisch_urhg/englisch_ur...
I dunno... Property rights are the foundation of a free market society. I feel like Sony should get the benefit of the doubt here.
If Sony has a problem with a specific site, the appropriate approach is to find and exert legal actions on that site itself. To go back to a pre-internet model: If you know ABC Pawn Shop is fencing stolen merchandise from your warehouse, you deal with ABC Pawn directly. Find and sue their owners, get the cops to raid them, whatever. You don't dance around and call the phone company and say "don't respond if anyone calls 411 and asks for ABC Pawn" or tell Rand McNally to take their address off of the street map and hope that solves the problem.
A lot of IP litigation seems to be focused on middlemen-- DNS providers, ad networks, ISPs, search engines-- lately. I suspect they've decided this is the "easier" target to hit. It's easier to serve a company with an above-board legal presence than some unknown in darkness-knows-what country. They also know that most legal players will decide it's cheaper to cave and deplatform their targets, rather than pay for the showdown in the courts over their actual legal responsibility.
It also seems a cleverly distasteful way around the fundamental concepts of Western legal systems-- that we settle disputes between the parties actually in conflict, rather than swiping at peripherally-related proxies.
Except that "ABC pawn shop" is located in Russia or China or some other corrupt authoritarian regime and that taking any action against them it not realistic. It's not the "easier" target to hit; it's often the only target to hit.
Target is an interesting word choice here because it doesn't have a valance or imply anything about the ethical or legal responsibility (because there is none).
In this case hitting an easier target is like attacking someone random on the street just because they're there rather than going to the target responsible and attacking it.
Of course it's not a "random person"; it's a service that's directly involved with providing access to (allegedly) illegal content. Should access to this content be prevented through this means, or at all? People can reasonably disagree on various aspects of that. But "random person" is a ridiculous comparison.
I suppose you're right. It's more like targeting the street signs for vandalism because it's too far to walk to the house of the guy you want to attack.
This is like making the excuse that if somebody specific robs you, that retaliating against 3rd parties walking down the street that didn't do it and don't have any direct connection is legit.
If there is a beef about a violation, then take it up with those specific persons and entities. It's not acceptable to lash out and bully everybody. Worse yet, when the person is among the richest people in the room, so wants to stomp on the poor or others because they feel like it or to vent their rage.
Indiscriminate destruction of everyone's rights, freedoms, and privacy for an already rich company's profit margins, is plain wrong.
They're not a random 3rd uninvolved party "walking down the street"; they're directly involved in delivering the goods. They're also not being "retaliated" against; they're simply asked to stop assisting in providing the service to the (allegedly) illegal site. No one is being "bullied"; is the postal service being "bullied" when they're told to stop delivering meth over the post, or illegal firearms, or child pornography?
Actually, the Post Office has some very serious legal mandates about not being allowed to open and inspect mail. You're going to have to get court orders, and I'd expect a lot of courts would ask "If you know there's illegal stuff being mailed, wouldn't it be more efficient to cut it at the source rather than try to intercept it once it enters the mail stream?"
Demanding a general block-- "you can't deliver any mail from Bob Smith"-- would be overbroad and silly-- he might be shipping meth, but he also mailed his electric bill and Christmas cards, none of which contain meth.
Here, we have a very similar issue with DNS. The DNS provider can't meaningfully know the intent of a given query; the site in question could contain both pirated content and cat videos, and there is no way to know which is being requested.
I also can't imagine how you'd expect this to scale-- if one firm realizes they can demand one domain removed, it creates precedent where eventually every cloud service provider and ISP is buried under requests. Even assuming every one of those requests is 100% legitimate, good faith, and accurate, it's simply going to be an untenable task. Inevitably, it would go back to the courts because the finite resources of service providers can't keep up with the tsunami and something got through.
The only possible way to make the Copyright Brigade happy would be to switch to an allowlist model: only these domains explicitly blessed by the Almighty Sony are allowed to be routed.
> They're not a random 3rd uninvolved party "walking down the street"; they're directly involved in delivering the goods.
That statement is false. DNS resolvers have nothing to do with piracy whatsoever nor are delivering any "goods". This is why the analogy of lashing out at 3rd parties is appropriate.
> They're also not being "retaliated" against; they're simply asked to stop assisting in providing the service to the (allegedly) illegal site.
Right now, it must be proven in court that the site is "illegal" and infringement occurred by specific persons. Not just make a claim to initiate world wide DNS censorship, where a company foolishly thinks such will help increase their profits (as various studies show it doesn't help). This attempt at bullying DNS providers can lead to general censorship by powerful companies and then government entities, once they can get the legal precedent set.
If people are fuzzy about what's going on, The Hill also did a good story about this. https://thehill.com/opinion/technology/594718-german-court-c...
The attempt at stealth pushing censorship over the web, is to have sites blocked that might contain infringing content without proving that is so in court, first. They want to be able to bully DNS resolvers based on mere allegations without due process to censor whatever sites they tell them to. These companies don't want to have to prove specific cases of infringement in court, rather they are seeking to gain the general power to censor whoever and whatever they want by gaining the legal means to do it.
The cost of dealing with a global world is that you have to work with countries that have different legal norms. Maybe that means that the local law enforcement doesn't prioritize your intellectual property. If they can't get the prosecutions they want, then maybe they need to be flashing a few more roubles or yuan to the "corrupt authoritarian regimes" to make sure they see it their way.
Unlike intellectual property rights, which are temporary monopolies granted by government to creators in order to encourage more creation.
Copyright is anything but temporary.
No, the benefit of the doubt should go to the accused. Sony should have to prove their case in a court of law. Due process must be upheld.
Sorry they lost benefit of the doubt a long time ago: https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...
'Intellectual property' is definitely a more controversial concept than you make it sound. Definitely more so than say 'physical property' or 'personal property' would be.
>I feel like Sony should get the benefit of the doubt here
Free market and "benefit of the doubt here" because Sony...that's really something.