> [...] an order to disable https://annas-archive.org through a DNS block [...] Visitors to the site are now greeted by the blocking page below in Italian.
To me, this is the most worrying part: how did they get a valid certificate for that "Anna's Archive" domain name, so that their blocking page is shown instead of a certificate mismatch error?
They doesn't. It seems to either not serve anything at all on https, or use a cert that doesn't match annas-archive.org. (Verified using a RIPE Atlas query: https://atlas.ripe.net/measurements/65855880 )
Because the dns records were changed. Same as if you don't pay for your domain, someone else buys it and points records to new IP and generates a new certificate.
The ACME protocol allows this; you just need to control either the DNS records or port 80 on all of the network paths that the certificate authority (e.g. Let’s Encrypt) uses as part of the challenge response protocol.
(Is there a way to permanently opt a DNS name out of such things, I wonder? It seems unlikely that anything would survive a DNS name transfer.)
The default DNS servers used by ISPs reply with the government notice website’s IP address, instead of what other global authoritative resolvers are providing. HTTPS does not prevent this from happening.
Instead, I believe you are thinking of DNSSEC (1), which would prevent such dns rebinding.
Econ 101: Content is now (has been for a while) non-rival - we can make identical copies, A's use of A's copy does not deny B use of their copy.
Content is also non-excludable - excluding access, there's no other description is what (some) publishers are trying to do.
* And it played out for music just fine, after a while. The RIAA fought tooth and nail. I don't think Elsivier et al can fight harder than they did. Perhaps they'll try dirtier.
Music is the harbinger of academic and book publishing. The faster this is realised, and they're really really show, the better off society will be. Do a spotify for books and papers, whatever. That much of the academic world lives in Zotero (or JabRef), LaTeX, (perhaps, I do) Zettlr and a motley crew of other grass-roots open source projects created for necessity, old-skool subscriptions and terrible terrible terrible library search engines suggests a field ripe for some picking. If content makes it onto a screen, it makes it into the wild.
> And it played out for music just fine, after a while. The RIAA fought tooth and nail. I don't think Elsivier et al can fight harder than they did. Perhaps they'll try dirtier.
I wouldn't go so far as to say that it played out "just fine". The RIAA and MPA have gained incredible powers that threaten us all in their fight to protect their profits and role as gatekeeper of what we're allowed to see/hear/publish.
Circumventing DRM is a crime. The DMCA is routinely abused to block criticism and competition. There is an extortion racket where individuals (innocent or otherwise) are threatened to pay media companies or face legal action they can't possibly afford (this scheme doesn't go well for them when they target someone who can afford to fight back: https://torrentfreak.com/appeals-court-affirms-retired-polic...). Companies are being forced to spend vast amounts of time, money, and other resources while working for free as copyright enforcement for the media industry. That same media industry now has the ability to force ISPs to instantly block access to whatever website they object to without any oversight in some countries, and they're pushing for that here in the US. Judges in US have already ruled that ISPs have to permanently disconnect the internet service of any customer if they receive an unspecified number of unproved accusations of infringement by the RIAA and they can face literal billions in fines if they fail to do so. The RIAA has been fighting against your freedoms for decades and they have been winning.
The book publishers don't have to fight harder than the RIAA, the RIAA has already done much of their work for them. They just have to continue to nudge things in the direction they are already going.
You mean Kindle Unlimited? Yes, kind of, but it's a somewhat limited selection, in part because it has an exclusivity agreement such that you can be on Kindle Unlimited xor in public libraries[0].
Can Italians circumvent this by manually setting Cloudflare as their DNS-Resolver (1.1.1.1)? The article mentions Cloudflare assisted them, but here in Germany they don't have to cooperate (https://blog.cloudflare.com/latest-copyright-decision-in-ger...). Is the situation different in Italy?
I have CF DNS and the website works correctly for me in Italy so the answer is yes, changing DNS works, even Google's DNS should do it.
But the default ISP ones all block some websites related to piracy, and sadly for most people that’s enough to deter them or worse, it leads them to visit suspicious websites and download viruses.
DNS "blocking" doesn't impress me much; it only works if you rely on the ISPs DNS servers.
I think personal computers should simply ship with a local recursive resolver installed and configured. The resource burden is tiny, and it's likely to be faster than most ISP's resolvers. And it'll tell you the Truth about what's in the DNS tree.
I understand that many ISPs use slow DNS servers as a way of throttling their users.
Some places forcibly redirect all port 53 traffic to your ISP's DNS server, some British ISPs do this if I'm not mistaken. If popular operating systems started doing this, more countries would follow.
DNS over HTTPS would solve the problem, but some countries might outlaw browsers that ship with it if it became too much of a problem.
What kind of "place" can redirect a port-53 request to localhost to my ISP's DNS server?
DNS-over-HTTPS is a move in the wrong direction, if you ask me. There aren't many DOH servers, so it concentrates control even more than traditional DNS. But if you are running your own recursive resolver, the only ways to control the results are to control the authoritative servers (nope), or to control the roots (most of them are physically in the USA, and run by corporations, so that's sort-of possible).
They can't redirect things going to localhost. But how does your local resolver talk other authoritative DNS servers? UDP on port 53. The instant that kind of packet hits your ISP, it's not routed outside their network and is answered by their DNS.
Well, I didn't know they did that. They'd have to use a packet filter to do that; in the normal case, I send my UDP query to the authoritative server via its IP address, and if my ISP doesn't forward the query, then it's not providing internet service, it's simulating it. My resolver respects DNS signing, so I think I'd get errors rightaway if my ISP tried to substitute a forged answer.
My (niche) ISP is rather benevolent; as far as I'm aware they don't block at all, and they brag about providing "real internet service". At any rate, I'm not aware that my recursive resolver has ever encountered an answer that was forged by my ISP.
I’m not honestly certain how big of a hurdle this is. I would figure that if a site is to be blocked, then the ISP substitutes their own “authoritative” response, which would include cryptographic signing details (even pretending their public key is the official one.)
> My (niche) ISP is rather benevolent …
I think most are. In my market, even the big guys haven’t done this, though I have heard about it happening in larger markets when big ISPs are up to no good (like inserting ads or whatever.)
I am running a recursive resolver locally. When it resolves a name, "upstream" means the root servers, not some DNS cache such as my ISP offers. A recursive resolver chases the name down the DNS tree to the authoritative server.
To block that, you have to either tamper with the root servers, or get control of the authoritative servers.
> To block that, you have to either tamper with the root servers, or get control of the authoritative servers.
I don't think so. The ISP can just reply to the DNS packets itself, without sending them to the root servers. Your local recursive resolver will think the response is from other DNS servers but in fact they would all be from your ISP.
I guess whoever tries to enforce copyright at this point ends up losing in the AI race. On the other hand, countries like Japan have literally chosen to be the Cayman Islands of AI. I wonder how countries with a stronger foundation of copyright are going to navigate this conundrum against middle-income countries which have a stronger incentive to be ambiguous on this issue.
They're probably going to make the WTO enforce against countries with more liberal copyright regimes, but it must be said they'll need to crack on if they want to do so and several of the larger economies are politically gridlocked at this point in making any decisions at all.
People keep saying this about Japan here on HN, but the one article circulating is a random minister saying she supports AIs training for educational/statistical purposes, not an actual passage of new laws or anything of the sort.
So an Italian judge ordered Italian ISPs to ban the site from their DNS. At least, most aliases, with a mouse-and-cat game of aliases, like there was for The Pirate Bay. Since Anna's Archive is increasingly well-known, I expect the same ban will happen in many countries this year.
It won't change much for the power users; they can configure their computers to query other DNS servers. My local network has a DNS cache (dnsmasq) that uses alternative DNS servers for a handmade list of domains.
>Official papers indicate that the operator of Anna’s Archive proved “unidentifiable” but with assistance from Cloudflare, Epinatura LLC – a hosting provider in Kiev, Ukraine – was identified as the likely host of at least some of the platform’s servers.
Anna's Archive has a blog where they describe their infra. They have multiple DNS names, each of which might map to a subset of backend servers from different providers.
So in theory if Cloudflare cooperates, at least one of the provider is burned, but not all.
Another problem is that with torrents you have to do the initial seed from some public IP. Looking at who seeds Anna's torrents, you can very readily see the first seed currently flows through an IP in Ukraine. That's another way adversaries might identify your providers.
They seem to have prepared for this situation when they built the infra with multi DNS and multi provider in mind. But the cat and mouse game is harder when the providers (like Cloudflare) immediately cooperate. And harder still when you're seeding your own torrents vs just hosting a page through a CDN.
Bittorrent over Tor is generally discouraged. It's _very_ easy to accidentally de-anonimize yourself, and while the Tor network benefits from people casually browsing the Web to provide anonimity for others, large amounts of Bittorrent traffic would strain the network. Especially with a >400 TiB and quickly growing collection
I'm pretty sure Epinatura is https://www.urdn.com.ua. They host VPNs and some other notorious pirate services. I think in 2015 or so they had all their servers confiscated by the SBU but I guess they got them back.
Names of places in different languages is often tricky.
Do you write Munich when referring to the city in Bavaria? Or do you bother to write München referring to the city in Bayern, following the German spelling?
Do you call that famous far east Asian country as Nihon instead of Japan?
In the language of the country I came from (which is very, very far from both Russia and Ukraine), the spelling used for Ukraine's capital is Kiev, without any specific political connotation. It is the spelling I normally end up using without giving it much of a thought.
It has been called Kiev since forever, that is until the media and Western states started to call it otherwise in unison after the war started. If you don't believe me you can simply check nGrams or Google search trends comparing the two. FYI it's still called a chicken kiev. We do not call every city in the world according to their native (or native and transliterated in this case) name, why is Kiev special?
>Another question if you’re to believe a Russian online, considering their massive disinformation campaigns here and there.
Right because only Russians are guilty of disinformation
The "Kiev" is the English spelling that has replaced "Kiov"/"Kiow"/"Kyow" variants at the beginning of 19th century. It's closer to Ukrainian normative spelling of the times (Кїєвъ, which transliterates to Kiev), rather than Russian (Кіѣвъ ~Kiyev). The Russian spelling changed to "Киев" (Kiev) a full century later.
The whole "Kyiv not Kiev" debacle is mostly a political invention of yet another century later. One language cannot define correct spellings for other languages, especially the ones with different script.
Not forever, since Russia had been actively occupying the country, which is quite a long time, almost entire 20 century. I believe it’s not the ‘Western states’ it’s when Ukrainians started to care more, especially since two years ago. The official renaming happen earlier than 2022, and there is no city of Kiev officially. It’s Kyiv.
Btw for tone deaf hn-crowd it’s disrespectful to insist on calling it this way, especially given the context. Not mentioning the [flagged] and downvote bullshit, which also quite represents the hn-crowd’s side here. Not the first time I see similar topic gets banned.
If the country itself (Ukraine) calls it officially as such, it should be respected. Same thing with the Netherlands/Holland debate, it isn't that difficult.
I wonder why wasn’t you flagged for this aggressive position? How dare you to respect others? Get the downvotes. That shows the hn very well, very well indeed.
That's how nearly everybody using English was spelling it until about two years ago. A lot of people have either not gotten the update (not tuned into political trends), or have deliberately refused it.
Not two years ago, longer [1]. Apart from that it’s correct. Since two years ago it became a ‘I don’t give a duck’ or ‘I support Russia’ statement, which is the same quite often.
An online campaign since 2018 doesn't refute me, the name change didn't gain traction until 2022. Before the intensification of the war in 2022, most of the English speaking world wasn't paying much attention to Ukraine.
The official name change happened in 1991. It gained traction since 2022, as Ukrainians become less tolerant to ‘we don’t give a duck, we used to old ways’ of the Western audience. Personally, I’ve seen countless times they downvote and/or flag you for this. Waiting for that dang to come here and tell me I’m violating the rules by saying that. That way you see this correction not that often.
A huge chunk of the people who use the internet do not know what a DNS is, nor do they care. So the block, while technically pointless, is not inconsequential
Thanks everyone for your interest and support. As you can see, it's paramount that these torrents get seeded widely, to preserve this collection.
Part of it is already preserved fairly well, especially the Sci-Hub torrents and many of the Libgen torrents, but there is currently ~150TB with <4 seeders.
Head over to the "/torrents" page if you'd like to help!
It is awkward that you have to pay to publish your scientific research, and then your readers have to pay to access it. Knowledge should be freely available to advance humanity. Possibly readers should pay directly to authors for their efforts. Yet we have greedy intermediaries (publishers) that effectively just suppress world's progress.
Projects like SciHub should thrive forever to combat this bullshit.
You don't have to. The web was created for exactly this purpose. What the journals provide is peer review, curation and trust. Projects like SciHub don't do anything to replace these aspects of traditional publishing.
Peer reviewers are unpaid, curation seems like a problem the internet can solve well, and trust... deriving one's trust from Elsevier or Springer is not great model. Granted, funding is needed to ensure distribution, but multiple billions of dollars in revenue (and even profit) seems excessive for what they provide.
Is that bad? How would they get paid if all articles were free?
> curation seems like a problem the internet can solve well
"The internet" isn't anything more than a (supposedly) robust telecommunications network. Anyone can curate anything, but that is meaningless without trust.
> deriving one's trust from Elsevier or Springer is not great model
Any centralised trust model is broken by default. We've had practical web of trust security for decades at this point. But for various reasons nobody will use it. It would be perfect for things like this.
I think we agree that the current system isn't good. In posting, I was working out my thoughts on the P&L for those intermediaries, and the value they provide versus the value they extract. I'm not sure what things should look like, but my conclusion is that selling publicly funded science to publicly funded scientists at a premium seems like quite an inefficiency.
Is the book scene run like the warez scene used to be? Who are the major players in the book scene (QuarTeX, RaZoR 1911, TRSi, ParaDoX, DefJam & CCS, ProDigY, FairLighT).
I'm guessing these sites are like the old WHQ BBS's.
Is is absolutely amazing and fascinating how the 'scene' has evolved over the decades and is crazy and impressive that books are part of it.
What is the demand of the book scene vs the music, warez, movie scene at the moment? I know that books are smaller that 1080p movies and software.
Copyright needs reform, this madness is wasting countless lifehours and holding back humanity as a whole.
Copyright is broken and doesn’t fulfill its intended purpose anymore.
Legal theories work entirely differently than technical strategies. Lawyers can spin this failure into political ammunition the next time SOPA or TPP (remember that one?) comes up: "we tried to use the existing laws to seize DNS records, but dontcha-know, they immediately circumvented it because not all DNS authorities work together. That alone could have prevented $X00 million in losses. Thats why we need a new law to ____, and ____, and stop ____. and we need all countries on board with this binding trade agreement."
I'm not saying the futility of their efforts is the reason to change copyright law (although it should be possible to turn the argument your imagined lawyer comes up with around) - I’m saying what they are doing is futile, hurts more or less all of humanity AND copyright law is broken and does not serve its intended purpose anymore.
It sounds like we both agree the countermeasures were futile. I guess my comment can be refactored to "The Law allows you a play-the-victim card, which you can't do in tech". I would reform your statement to "copyright doesn't serve its original intended purpose", but serves its de facto purpose just fine: keeping corporations raking in profits. they dont need to stop all countermeasures to accessing Anna, or whatever avenue pirates use. They just need to keep netflix and all other big name content providers/broadcasters/record labels paying their royalties (at the expense of artists and support staff) for as many decades as possible. If you look at it that way, copyright is working fine.
Don't give ideas to Disney (and its legal team) please.. next you know (especially with US elections coming soon) they are ruthless enough to go for it!
With people toying around with cloning.
With Elon (and others) toying around with 'accessing the brain'.
I wouldn't be surprised if in 100-200 years from now the "Altered Carbon" (nice SciFi series) becomes reality.
(and now we know where Disney will be investing) :)
Having a clone seems a lot closer to having a child or sibling than cheating death. If somebody is survived by their identical twin, we don't say the dead one is still alive.
In the Altered Carbon books/TV series, people can transfer their consciousness into new bodies to cheat death. That makes the issue of who is the same person more complicated than simple biological cloning.
I don't get it. People who are going to read your books usually just buy it cause paper is 2000% better to look at. People who can't afford to buy books wouldn't have bought it anyways. It's a service problem. People refuse to go back to pirating video games. IDK just build a gated community around your publishing company. Build communities of people who love your books. People will buy books to join your community. Stop being lazy
I just found out it would cost $100 to read the ASTM D2000 specification... a standard way to itemize purchasing requirements in the US. Straight to Anna's Archive... they didn't have 10.1520/D2000 though.
I absolutely support the free availability of research papers that were funded by the public, but is there some justification for making the materials in question here free to all? Or is the "library" here simply stealing from authors?
I live in a small city in New Zealand which does not have a university so the computer books available are not that great.
In the early 90s we had the legendary UK Usborne BASIC programming books, but trying to find books about Amiga programming in AREXX, Assembler or Amiga C was not going to be possible.
It is great that now these books are available.
I also like looking at all the old CAD books from late 80s to early 90s to see how they have evolved, I can understand that libraries would not have the shelf capacity to store those books.
Also the libraries only keep the more popular books, a lot of the books from the 50s-70s are good and even Robert Ludlum books are no longer there only the more recent ones where authors have paid the estate to carry on the Bourne Genre. I understand you have to make space available for new authours. Also if you do buy a ebook who knows if the provider is going to delete it (i.e Sony)
But yeah free availability of research papers help a lot and other technical papers (RFCs) is great, it's great when I see ISOs available (books not CDs)
If an AI explains the whole research article with its own words in detail and comment aproaching the same lenght as the original article and doing the same with plots&tables presented in the original article, is this still copyright theft?
I anal but as far as I know you can’t copyright facts.
I think this came up in some tennis thing where people were sneaking in phones to gamble on games as early knowledge of facts could theoretically make a difference.
I imagine the same applies here.
So and so has published a paper on such and such topic is a fact, right?
Frequently these ISP level blocks also redirect the normal port 53 traffic to their own servers so these settings are meaningless. What does work is DNS-over-HTTPS which can be enabled quickly and easily in both Chrome and Firefox and will side-step this block even against adversarial ISPs.
"Frequently these ISP level blocks also redirect the normal port 53 traffic to their own servers"
No ISP is going to do nonsense like that for something like copywrite related compliance unless lots of money is forthcoming. An ISP can NXDOMAIN on their own DNS servers at a minimal cost. Doing 53/udp fiddling for all customers means CAM or similar expensive resource usage.
If you do find that your DNS is being redirected as TrueDuality describes, then yes DoH is an option. However if this is an issue then you have far bigger problems than not being able to access Anna's Archive.
It was so well designed in the sense that a single platonic decision somewhere does affect people else where in the network.
It's well decentralised.
Kudos to who ever contributed in designing these internet protocols. DNS, ICANN, TCP/IP et Al.
I wonder who these people are or if they have any documentation that describes how they arrived at their decisions? I suspect people designing the fediverse can learn alot from them.
Velcro, The Internet... Silly US government projects sometimes have down stream impact.
Even in defense, the government funding science is how we got here. Look at early computing (UINVAC, to CRAY) the history and the people have all sorts of ties to early crypto research and the navy!
Later private industry gets in on the act. UNIX is a byproduct of AT&T, the monopoly version. The stuff that came out of bell labs that got tossed into the public because of a settlement is amazing.
The internet was designed by the US Department of Defence specifically to be robust to attack. The fundamental design that makes it different from earlier telecommunications networks is its use of packet switching over circuit switching.
DNS, however, is thoroughly centralised and not part of the internet per se. I'm also not sure how redundant and robust the internet is in practice these days. The web certainly has single points of failure like Cloudflare etc. The GNU Name System is an example of a decentralised name system.
I like Apple Books for epub (syncs across devices) but I don't like the random offloading of books from the device to iCloud. I read the most when I'm offline (at the beach or camping in the mountains) and I'll get there only to discover half of my books have been offloaded from my phone. There's no setting to prevent this.
Not just that, if you get an e-ink reader that runs a modern version of Android, you can also edit documents, write emails, etc on a paper-like display. Far better than using a traditional tablet or phone for text communication. If there were a display compatible with PC inputs that I could put on my desk instead of a second monitor, I'd do it in a heartbeat.
For me, Apple Books for MacOS will aggressively and unnecessarily sync epubs to iCloud, even with the current book while I'm reading. It makes it difficult to actually use Apple Books, as I get kicked out of my book every few minutes. It is even worse when I have no internet connection, as it will randomly attempt and fail to sync, blocking you from reading that book at all.
I am quite upset and feel betrayed by Apple that they disabled the ability to export all highlights from a book in Apple Books. I would take notes of certain books for future summarization, and then suddenly with an update this is no longer allowed.
Readwise has a tool on the Mac that can pull highlights in. I believe it still works, but it's not an officially supported solution from Apple, if that's what you're looking for.
To me, this is the most worrying part: how did they get a valid certificate for that "Anna's Archive" domain name, so that their blocking page is shown instead of a certificate mismatch error?