SOPA and PIPA require that ISPS block access to infringing websites. Blocking access to websites on the internet, for an entire country worth of people, is damn near impossible. The bills suck because they address the problem in the wrong way; the right thing to do is target the infringing sites themselves (and their support, in the form of payment processors and advertising companies), rather than the end users. Media companies don’t like this because the US government hasn’t got any authority over a website hosted in Russia or Africa, and so they target instead the only thing they can - US citizens. If you’re curious about the technical parts of SOPA and PIPA, I’ll try. Both bills stipulate, as part of their language, that an ISP could be compelled by court order to ‘block access to’ a website accused of copyright infringement. There are many ways to block traffic on the internet: you can explicitly drop packets destined for the offending site’s IP address (firewall), or you can redirect the DNS for that site to some other server you control (for example, if www.piratestuffhere.com were accused of infringement, your ISP could be ordered to adjust its DNS such that www.piratestuffhere.com resolved to an IP address hosting a government web page saying ‘this site blocked’ or whatever). Both bills fundamentally require that ISPs (Internet Service Provider; the companies from whom you purchase internet service or the companies who own the physical cables and infrastructure services that drive the entire internet) comply to requests to ‘remove’ offending sites from the internet. In this context, the best an ISP can possibly do is conceal the site from unskilled users. For example, if my ISP is redirecting DNS requests for www.thepiratebay.com to some government site, all I have to do is find someone who knows the IP address(es) owned by the pirate bay, and I can point my web browser directly at that address and get to the ‘illegitimate’ site. This is why most experts agree that DNS blacklisting is an entirely ineffective way to combat piracy; all it does is prevent people who don’t know how to use IP addresses from getting to the blacklisted sites. Anyone who actually knows what he’s doing will simply bypass the DNS. For the curious among you, you can try this yourself without any trouble or danger. Open a command prompt and type the following: nslookup www.microsoft.com (nslookup stands for NameServerLookup, and is a simple command line tool to query your DNS) You’ll get back a bunch of stuff, including a line like this: Address: 65.55.12.249 That’s the IP address of the server hosting the microsoft.com webpage. Open a web browser and type in http://65.55.12.249; provided that address has not changed since I typed this post, you’ll end up on Microsoft’s home page. It doesn’t matter if you got there using ‘www.microsoft.com’ or ‘65.55.12.249’; the former is functionally identical to the latter when DNS is working normally. Furthermore, DNS redirection only works when you control all of the possible DNS servers your end users might want to use. For almost all home users, that’ll be the DNS server(s) of your ISP; but it doesn’t have to be. The internet allows you to query any DNS server you choose; if you want to use Google for your DNS, and provided that Google does not firewall its DNS servers off from the internet, you can configure your computer to use those instead. Your ISP would have to deliberately block DNS (TCP port 53) traffic from its entire network to any DNS server other than its own to stop this behavior, which compromises a layer of DNS called DNSSEC which is designed to make it harder for a nefarious hacker to compromise your computer’s ability to use DNS services. So let’s say instead that, since DNS redirection cannot possibly give ISPs the tools SOPA and PIPA would require they have to be in compliance, that your ISP instead decides to actually block requests to offending sites. So instead of playing DNS games with www.thepiratebay.org, your ISP looks up its IP address (currently, 194.71.107.15) and deliberately discards any packet from any computer destined to that IP address. This is literally firewalling offending sites; the act of dropping a packet to a specific IP address requires that you have a piece of software between your computer and the destination inspecting each packet, identifying the ones which are supposed to be sent to the ‘malicious’ web site, and choosinwww.piratestuffhere.com were accused of infringement, your ISP could be ordered to adjust its DNS such that www.piratestuffhere.com resolved to an IP address hosting a government web page saying ‘this site blocked’ or whatever). Both bills fundamentally require that ISPs (Internet Service Provider; the companies from whom you purchase internet service or the companies who own the physical cables and infrastructure services that drive the entire internet) comply to requests to ‘remove’ offending sites from the internet. In this context, the best an ISP can possibly do is conceal the site from unskilled users. For example, if my ISP is redirecting DNS requests for www.thepiratebay.com to some government site, all I have to do is find someone who knows the IP address(es) owned by the pirate bay, and I can point my web browser directly at that address and get to the ‘illegitimate’ site. This is why most experts agree that DNS blacklisting is an entirely ineffective way to combat piracy; all it does is prevent people who don’t know how to use IP addresses from getting to the blacklisted sites. Anyone who actually knows what he’s doing will simply bypass the DNS. For the curious among you, you can try this yourself without any trouble or danger. Open a command prompt and type the following: nslookup www.microsoft.com (nslookup stands for NameServerLookup, and is a simple command line tool to query your DNS) You’ll get back a bunch of stuff, including a line like this: Address: 65.55.12.249 That’s the IP address of the server hosting the microsoft.com webpage. Open a web browser and type in http://65.55.12.249; provided that address has not changed since I typed this post, you’ll end up on Microsoft’s home page. It doesn’t matter if you got there using ‘www.microsoft.com’ or ‘65.55.12.249’; the former is functionally identical to the latter when DNS is working normally. Furthermore, DNS redirection only works when you control all of the possible DNS servers your end users might want to use. For almost all home users, that’ll be the DNS server(s) of your ISP; but it doesn’t have to be. The internet allows you to query any DNS server you choose; if you want to use Google for your DNS, and provided that Google does not firewall its DNS servers off from the internet, you can configure your computer to use those instead. Your ISP would have to deliberately block DNS (TCP port 53) traffic from its entire network to any DNS server other than its own to stop this behavior, which compromises a layer of DNS called DNSSEC which is designed to make it harder for a nefarious hacker to compromise your computer’s ability to use DNS services. So let’s say instead that, since DNS redirection cannot possibly give ISPs the tools SOPA and PIPA would require they have to be in compliance, that your ISP instead decides to actually block requests to offending sites. So instead of playing DNS games with www.thepiratebay.org, your ISP looks up its IP address (currently, 194.71.107.15) and deliberately discards any packet from any computer destined to that IP address. This is literally firewalling offending sites; the act of dropping a packet to a specific IP address requires that you have a piece of software between your computer and the destination inspecting each packet, identifying the ones which are supposed to be sent to the ‘malicious’ web site, and choosing not to send them along. The problem is that the internet is fundamentally designed to make creating new websites easy. If one ISP gets blocked, pirating sites will just use another. And another. And another. Something like the Pirate Bay, given its vast following, would probably have access to hundreds or thousands of discrete addresses if necessary; and each one would require your ISP to deliberately block it if they really want to keep you from getting there. Multiply this by hundreds and thousands of websites that are guilty under SOPA and PIPA, and it’s clear that this is an entirely intractable technical hurdle for an ISP. For extra fun, imagine IPv6, when instead of millions of IP addresses to choose from, there will be uncountable trillions. Even trying specific IP-blocking in an IPv6 internet is unthinkable. So the moral of the story is, both SOPA and PIPA require ISPs to prevent their users from getting to sites accused of infringement - but to do that would require a massive firewalling effort that would affect the entire internet (if it could be done at all; look at China for an example of how a nationwide firewall doesn’t actually stop the bad guys in any way). The concern is, once you have that firewall in place to block ‘the bad guys’, you start redefining who the bad guys are. What if, in futureworld a year from now when PIPA has passed, the government decides that www.operationwallstreet.org is in ‘violation’ and blacklists it? How is the average consumer to deal with a nationwide systemic effort to make some websites inaccessible based on nothing more than an accusation of wrongdoing?
There you go, from a territory named “wildfyre010”. There may be some irony in the fact that I had to copy and paste this from a reddit comment instead of just providing a link (because reddit is down today in protest), but I’m not sure. The full thread is here: http://www.reddit.com/r/explainlikeimfive/comments/ojcmy/eli5_what_is_pipa_and_how_is_it_different_from/
