Why can't I find there who the idiots putting these shits forwards are? They should be humiliated in media over their tries on government overreach.
isodev · 1d ago
If you open the assessment document, you see the responsible division is HOME.D4 - The Home D4 unit is part of the Directorate-General for Migration and Home Affairs (DG HOME) within the European Commission (D4 focuses on Counter-Terrorism). They have a head of unit [1].
To be clear, the call for feedback happens _before_ a legislative draft is put forward as a proposal. The feedback will be analysed by D4, there will be things like impact assessment and finally the College of Commissioners will create a proposal for the Council and EP to start the usual legislation procedures.
"Privacy-focused" unless you need privacy from the EU itself. DNS services know every website your computer connects to before HTTPs comes on, so it's rather sensitive.
ewidar · 1d ago
Depending how it's implemented it can still be privacy focused (not keeping logs, tracking usage...).
No idea if that's the case, but the two are not necessarily incompatible.
Read it rather quickly, but looks fine at least on the surface. Sadly, there is no way I would trust anything as sensitive as DNS with the EU given their dreadful record of creeping surveillance.
MattPalmer1086 · 1d ago
There aren't many places with stronger privacy and personal data protection legislation than the EU. Switzerland I guess is better.
protocolture · 1d ago
Trusting anyone to provide DNS seems silly in this day and age. I wouldnt single out the EU at all.
ewidar · 1d ago
I respect that, but I am curious, what DNS do you use?
ninjin · 1d ago
Depends a bit on which machine really. Overall, I am more confident trusting a company with a good track record or non-profit with DNS. Mullvad have great offerings with optional content blocking and DNS over both HTTPS and TLS:
If there are other entities (commercial or not) with similar DNS services I would be happy to hear about them.
I find some reactions here to my initial comment a bit puzzling. Yes, the EU has a number of great attempts at getting privacy legislation right. Personally, I even have sympathies for the cookie banners. But it is equally true that we have seen attempts and successes to introduce surveillance measures as well. I remember the fight against the Data Retention Directive [1] and we still have "Chat Control" lurking in the shadows. Thus, I do not think I am entirely wrong in feeling less than chuffed about the prospect of handing all my DNS queries straight over to an entity working directly under the European Commission.
There were many laws on surveillance proposed in the EU context as there are many parties that make proposals. But there's no actual such law in place. And the EU is bound by GDPR and EDPR and actually does a huge circus to respect them, so I'd trust them more than any other party, be it my provider or the mega corps collecting data for ads.
perching_aix · 1d ago
Non-cPIR databases tend to have that problem indeed, and from what I understand cPIR is not practical. So in the strictest sense, this issue will continue to remain and is not reasonable to expect otherwise.
But if someone here is more involved in private information retrieval tech and the likes & knows different, happy to learn more.
diggan · 22h ago
In the end, with DNS you have to trust someone, your ISP, the DoH host, or wherever you get the records for running your own resolver. It's not a "Do I want privacy yes or no?" but rather "Who do I trust enough to make these requests through?"
Personally, I'd trust an entity that is under GDPR more than one that is not.
zerof1l · 1d ago
As an EU citizen, I'm happy that we're starting to have more infra and are less reliant on countries outside of EU. However, I'm skeptical of their "privacy-focused" slogan. Most likely they mean that your data won't leave EU. However, EU itself does a lot of tracking and blocking.
The only true private DNS server is the one you own. It should be a recursive DNS server configured with DNS root zone and DNSSEC. So it would first contact one of the root DNS servers (obtained from ICANN), validate the authenticity of the response ensure it is not tampered with using DNSSEC, and then proceed to call the next server in the chain until the query is fully resolved. Such DNS server would bypass all censorships.
Also nice is that more and more root servers already support DoT meaning that the request and response would be encrypted preventing intermediaries like your ISP from seeing the data.
As a last resort, your DNS server can be hosted outside of the country on a server and then you'd connect to it over DoT or DoH.
tptacek · 12h ago
DNSSEC does nothing to prevent DNS censorship, besides maybe, in some rare cases (given how little of the domain space is signed) telling you that it's happening.
whatevaa · 1d ago
If you are the only one connecting to that server, there is no privacy here, you can be easily traced.
No comments yet
nektro · 1d ago
i'm sure many eu citizens will be happy to have a dns option not reliant on american companies
MildlySerious · 1d ago
Quad9 and dns0 are the current "go to" EU options I believe. I would wager that most users of those services would be more wary of an option directly provided by the EU instead of a third party, not less.
cyberpunk · 1d ago
Why don't more people run their own DNS servers? I rigged up a little unbound instance with a cronjob that pumps oisd.nl lists into the config each night and it works perfectly...
immibis · 1d ago
More to the point, why don't operating systems run one by default?
DyslexicAtheist · 1d ago
how would you protect that server? I'm flippantly assuming you're hosting it on some VPS for which you use a credit card to pay with? depending on the threat-model, that may or may not be a solution.
cyberpunk · 22h ago
it runs inside my home network and isn’t exposed to the internet, also on my tailnet.
as for securing an externally available resolver, standard rules apply (disable zone transfers etc)
perching_aix · 1d ago
Not exactly a hot topic so I'm not sure why you'd think that. Reminds me to that joke about whether people prefer Windows or something else, and the kick is that "normal people don't talk about operating systems".
wsc981 · 1d ago
I am not a European citizen anymore, but I was born and raised in The Netherlands, lived there until about 30 years old.
But if I still lived there, I would have more trust in US companies to be honest. I actually use US-based DNS to this day, Cloudflare is my number one choice.
By the way, this is from a comment in a Reddit thread linked in this HN thread:
> they want to sanction unlicensed messaging apps, hosting services and websites that don’t spy on users (and impose criminal penalties)
> mandatory data retention, all your online activity must be tied to your identity
> end of privacy friendly VPN’s and other services
> cooperate with hardware manufacturers to ensure lawful access by design (backdoors for phones and computers)
> And much, much more. And this law isn’t aimed towards big companies, all communication service providers are explicitly in scope no matter how small or open source.
> A mass surveillance law being written by unknown lobbyists behind closed doors, demanding that the EU should monitor the internet more than Russia, being pushed by the EU commission. Should be the biggest news of the decade, but isn’t.
> Also, EU commission (Ursula, Virkkunen, Brunner as the key players) are using the same high level group as a key source in their ProtectEU plan, which is their strategy for 2029 and includes restricting encryption.
Seriously, EU is slowly turning into some communist superstate. And with the technology that exists now, it'll be way easier to control people compared than -say- back in Soviet Russia. EU also don't want people to have much cash at home, will not allow people to get a lot of money from ATM, etc...
BSDobelix · 22h ago
>EU is slowly turning into some communist superstate
That's not true!
Communist State's have at least real leaders/parties and a vision for the future. The EU is turning it into a surveillance state in fear from itself (direct?-democracy), fear to take a seat (responsibility) in global matters (France and some others maybe excluded from that that statement) and fear to impose already existing laws (because illegal migration gives us cheap labor aka "modern slavery").
immibis · 1d ago
agency in charge of spying on people sends out a proposal "hey we think we should be able to spy on everyone", news at 11.
Seriously, this happens several times a year and always gets rejected by the actual lawmakers.
wsc981 · 22h ago
A quote from Jean-Claude Juncker who headed the EU Commission in the past:
> We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back.
immibis · 21h ago
Good thing they can't make laws, only make proposals to the lawmakers asking them to make laws. And the fact they're scared to let anyone know who wrote the proposal says a lot.
BSDobelix · 20h ago
>Good thing they can't make laws
Bad thing that mechanism even exist.
>And the fact they're scared to let anyone know who wrote the proposal says a lot.
True, that's absolutely against an "open society" Pun intended. ;)
immibis · 17h ago
Bad thing the surveillance authority is allowed to suggest laws? Everyone should be able to suggest laws, even bad people, even bad laws. That's called a republic. Suggested laws that are unpopular should not be implemented. That's called a democracy.
- Censor: So they can refuse to solve a name, or solve to whatever address they mandate.
- Log: So that you can get criminally prosecuted for having requested resolution of names at any point in the future.
No thanks. I'll keep my unbound local cache pointed to a tor-based dns-on-tls server.
hunglee2 · 1d ago
Digital sovereignty becoming a thing. EU needs to go further - erect its own Great Firewall, protect and nurture EU native tech. 400 million people cannot be dependent on an internet controlled by foreigners
protocolture · 1d ago
I dont know about a great firewall, but it certainly needs parallel services.
The problem I have is 2 fold.
1. We need more distributed services and less reliance on that silly country full of absolute dunderheads I am not allowed to be mean to on this service.
2. We ALSO need to safeguard freedom of communication BETWEEN countries, lest a series of bad events leads to a bunch of countries going permanently dark.
The BGP bomb isnt frightening because you might be left without root service nodes, its frightening because there are people in other countries we get great value out of communicating with.
hunglee2 · 34m ago
I've come to believe that a great firewall is the only way parallel services might emerge, EU should've done this in mid 2000's
immibis · 17h ago
We need a hierarchical addressing architecture, so when you (in the USA) want to talk to Amazon you say "talk to Amazon" but when I (in an oppressive regime) want to talk to Amazon I say "talk to Tor gateway, tell him to talk to Timbuktu exit node, tell him to talk to America, tell him to talk to Amazon"
We have something like this with phone numbers (dial 9 for outside line) and domains but not with IP addresses. The "internet" used to have it with bang paths.
Flat addressing is very good and convenient, but political turmoil easily destroys it, as Russia has already seen and the US is about to see.
(Cryptographic flat addresses don't suffer political problems but have different problems with scalability)
It would solve NAT, too.
protocolture · 3h ago
>We need a hierarchical addressing architecture
As much as I love ENS I didnt propose a flat structure. I just think we can have our cake (hierarchies) and eat it to (Not have the yanks at the top/root of those heirarchies)
carlhjerpe · 1d ago
Not that it's entirely related, but there are a lot of countries from Europe which are very high on the "Freedom house" score.
I'd say most of my privacy is being invaded by US companies, I can trust my insurance company isn't buying health data through third parties about me and such.
protocolture · 1d ago
Australia needs to be way lower on that net score.
The Access and Assistance bill lets government ministers compel companies to create backdoors verbally with no recourse. Jailtime if they let anyone know about the backdoor. Including legal representation.
The bill was meant to be amended but no one will touch it, its radioactive.
It inspired the UK NZ and Canada to similar arrangements from memory.
Yes corporations making a buck off your user data is bad but I am much more afraid of what government can do with it.
philprx · 1d ago
You're advocating for going the way of dystopian china?
Gee... Those who trade privacy for security will get neither (and deserve none?)
hunglee2 · 33m ago
China is the only country that has internet sovereignty, quite essential for national sovereignty
https://news.ycombinator.com/item?id=44190071
Yeah, right. Good timing.
To be clear, the call for feedback happens _before_ a legislative draft is put forward as a proposal. The feedback will be analysed by D4, there will be things like impact assessment and finally the College of Commissioners will create a proposal for the Council and EP to start the usual legislation procedures.
[1] https://op.europa.eu/en/web/who-is-who/organization/-/organi...
PS: I’m not saying they should be shamed, just answering your question who is responsible :)
[1] https://www.reddit.com/r/europe/comments/1kvmguc/eu_is_plann...
HN Discussion: https://news.ycombinator.com/item?id=44168134
No idea if that's the case, but the two are not necessarily incompatible.
https://142290803.fs1.hubspotusercontent-eu1.net/hubfs/14229...
Read it rather quickly, but looks fine at least on the surface. Sadly, there is no way I would trust anything as sensitive as DNS with the EU given their dreadful record of creeping surveillance.
https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
If there are other entities (commercial or not) with similar DNS services I would be happy to hear about them.
I find some reactions here to my initial comment a bit puzzling. Yes, the EU has a number of great attempts at getting privacy legislation right. Personally, I even have sympathies for the cookie banners. But it is equally true that we have seen attempts and successes to introduce surveillance measures as well. I remember the fight against the Data Retention Directive [1] and we still have "Chat Control" lurking in the shadows. Thus, I do not think I am entirely wrong in feeling less than chuffed about the prospect of handing all my DNS queries straight over to an entity working directly under the European Commission.
[1]: https://en.wikipedia.org/wiki/Data_Retention_Directive
But if someone here is more involved in private information retrieval tech and the likes & knows different, happy to learn more.
Personally, I'd trust an entity that is under GDPR more than one that is not.
The only true private DNS server is the one you own. It should be a recursive DNS server configured with DNS root zone and DNSSEC. So it would first contact one of the root DNS servers (obtained from ICANN), validate the authenticity of the response ensure it is not tampered with using DNSSEC, and then proceed to call the next server in the chain until the query is fully resolved. Such DNS server would bypass all censorships.
Also nice is that more and more root servers already support DoT meaning that the request and response would be encrypted preventing intermediaries like your ISP from seeing the data.
As a last resort, your DNS server can be hosted outside of the country on a server and then you'd connect to it over DoT or DoH.
No comments yet
as for securing an externally available resolver, standard rules apply (disable zone transfers etc)
But if I still lived there, I would have more trust in US companies to be honest. I actually use US-based DNS to this day, Cloudflare is my number one choice.
By the way, this is from a comment in a Reddit thread linked in this HN thread:
> they want to sanction unlicensed messaging apps, hosting services and websites that don’t spy on users (and impose criminal penalties)
> mandatory data retention, all your online activity must be tied to your identity
> end of privacy friendly VPN’s and other services
> cooperate with hardware manufacturers to ensure lawful access by design (backdoors for phones and computers)
> And much, much more. And this law isn’t aimed towards big companies, all communication service providers are explicitly in scope no matter how small or open source.
> A mass surveillance law being written by unknown lobbyists behind closed doors, demanding that the EU should monitor the internet more than Russia, being pushed by the EU commission. Should be the biggest news of the decade, but isn’t.
> Also, EU commission (Ursula, Virkkunen, Brunner as the key players) are using the same high level group as a key source in their ProtectEU plan, which is their strategy for 2029 and includes restricting encryption.
Seriously, EU is slowly turning into some communist superstate. And with the technology that exists now, it'll be way easier to control people compared than -say- back in Soviet Russia. EU also don't want people to have much cash at home, will not allow people to get a lot of money from ATM, etc...
That's not true!
Communist State's have at least real leaders/parties and a vision for the future. The EU is turning it into a surveillance state in fear from itself (direct?-democracy), fear to take a seat (responsibility) in global matters (France and some others maybe excluded from that that statement) and fear to impose already existing laws (because illegal migration gives us cheap labor aka "modern slavery").
Seriously, this happens several times a year and always gets rejected by the actual lawmakers.
> We decide on something, leave it lying around, and wait and see what happens. If no one kicks up a fuss, because most people don't understand what has been decided, we continue step by step until there is no turning back.
Bad thing that mechanism even exist.
>And the fact they're scared to let anyone know who wrote the proposal says a lot.
True, that's absolutely against an "open society" Pun intended. ;)
- Censor: So they can refuse to solve a name, or solve to whatever address they mandate.
- Log: So that you can get criminally prosecuted for having requested resolution of names at any point in the future.
No thanks. I'll keep my unbound local cache pointed to a tor-based dns-on-tls server.
The problem I have is 2 fold.
1. We need more distributed services and less reliance on that silly country full of absolute dunderheads I am not allowed to be mean to on this service.
2. We ALSO need to safeguard freedom of communication BETWEEN countries, lest a series of bad events leads to a bunch of countries going permanently dark.
The BGP bomb isnt frightening because you might be left without root service nodes, its frightening because there are people in other countries we get great value out of communicating with.
We have something like this with phone numbers (dial 9 for outside line) and domains but not with IP addresses. The "internet" used to have it with bang paths.
Flat addressing is very good and convenient, but political turmoil easily destroys it, as Russia has already seen and the US is about to see.
(Cryptographic flat addresses don't suffer political problems but have different problems with scalability)
It would solve NAT, too.
As much as I love ENS I didnt propose a flat structure. I just think we can have our cake (hierarchies) and eat it to (Not have the yanks at the top/root of those heirarchies)
https://freedomhouse.org/country/scores
I'd say most of my privacy is being invaded by US companies, I can trust my insurance company isn't buying health data through third parties about me and such.
The Access and Assistance bill lets government ministers compel companies to create backdoors verbally with no recourse. Jailtime if they let anyone know about the backdoor. Including legal representation.
The bill was meant to be amended but no one will touch it, its radioactive.
It inspired the UK NZ and Canada to similar arrangements from memory.
Yes corporations making a buck off your user data is bad but I am much more afraid of what government can do with it.
Gee... Those who trade privacy for security will get neither (and deserve none?)
https://www.europarl.europa.eu/RegData/etudes/STUD/2020/6487... (page 12)