That’s pretty bold for a really fucking useless search engine.
The EU could just block it and redirect google.com to a gov run searxng instange and everyone in europe would be better off overniggt
You can do things decentralized, and if you look into it, the EU is happy to fund projects to create decentralized internet services. Case in point, Lemmy’s primary funder is the EU.
It would likely be impossible to redirect google.com without either sparking a cyberwar or building something like the great firewall of China, quite possibly both.
Blocking is somewhat possible, but to redirect, they would have to forge google certificates and possibly also fork Chrome and convince users to replace their browser, since last I checked, google hard-coded it’s own public keys into Chrome.
Technical details
I say blocking in somewhat possible, because governments can usually just ask DNS providers to not resolve a domain or internet providers to block IPs.
The issue is, google runs one of the largest DNS services in the world, so what happens if google says no? The block would at best be partial, at worst it could cause instability in the DNS system itself.
What about blocking IPs? Well, google data centers run a good portion of the internet, likely including critical services. Companies use google services for important systems. Block google data centers and you will have outages that will make crowd-strike look like a tiny glitch and last for months.
Could we redirect the google DNS IPs to a different, EU controlled server? Yes, but such attempts has cause issues beyond the borders of the country attempting it in the past. It would at least require careful preparations.
As for forging certificates, EU does control multiple Certificate authorities. But forging a certificate breaks the cardinal rule for being a trusted CA. Such CA would likely be immediately distrusted by all browsers. And foreig governments couldn’t ignore this either. After all, googles domains are not just used for search. Countless google services that need to remain secure could potentially be compromised by the forged certificate. In addition, as I mentioned, google added hard-coded checks into Chrome to prevent a forged certificate from working for it’s domains.
There’s probably a way to redirect without validation. Only respond to port 80 if needed, then redirecr. Sure the browser might complain a little but it’s not as bad as invalid cert.
Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.
What? What do you mean “DNS space”? Classic DNS does not have any security, no encryption and no signatures.
DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.
And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.
Yes I mean tls certs as those control what dns records are considered valid.
The Eu should control which tls are considered valid within its territory and that should be considetedpart of their security apparatus. It’s crazy irresponsible to have left that up to unaccountable private foreign entities. This is what would make it difficult to control their own independant version of the dns namespace.
No. At the end of the day, I control which certificates I consider valid. Browsers just choose the defaults. There is no way I quietly let some government usurp that power, considering how easy to abuse it is.
Yes I mean tls certs as those control what dns records are considered valid.
No they don’t. That is not what TLS really does. But I guess close enough.
Nah. Demanding the ISPs to block traffic to Google domains would be quite effective.
This isn’t like the great firewall of chine where you want to prevent absolutely all traffic. If you make it inconvenient to use, because CSS breaks or a js library doesn’t load or images breaslk, its already a huge step into pushing it out of the market.
Enterprise market would be much harder, a loooot of EU companies rely on Google’s services, platforms and apps, and migrating away would take a lot of time and money.
Demanding the ISPs to block traffic to Google domains would be quite effective.
Filter it based on what? Between ESNI and DNS over HTTPS, it shouldn’t be possible to know, which domain the traffic belongs to. Am I missing something?
Edit: Ah, I guess DNS over HTTPS isn’t enabled by default yet.
Sure, it’s crude, but again: it doesn’t have to perfect, it just needs to create havoc with Google services to push away a regular user, who has no idea what DNS even is.
A better approach though is to fine Google, with a % of revenue increasing until compliance. They’ll very quickly be incentivised to comply or shutdown.
The whole argument was about blocking search only, considering the damages suddenly completely blocking google would do. Yes, you can block google data centers completely, but dude, would that cause chaos.
You think email is a human right? It’s a box to send password resets. If websites all used one time paaswords, I wouldn’t need my email. You don’t actually send messages to people over email, do you?
We have things like Signal and Matrix to facilitate actually communicating with people.
Last time I sent an email to someone it bounced. Imagine spending time writing a letter and the mailman returns it to you
That’s pretty bold for a really fucking useless search engine. The EU could just block it and redirect google.com to a gov run searxng instange and everyone in europe would be better off overniggt
It would have to be an EU run search engine, otherwise which government?
Nah I don’t think the government should run a search engine
Who do you trust more, Google or the EU?
I trust neither
That’s fine, but then who does the search engine?
You can do things decentralized, and if you look into it, the EU is happy to fund projects to create decentralized internet services. Case in point, Lemmy’s primary funder is the EU.
I use brave, but only the search
Funding an existing project like Lemmy is different than hiring people to create a lemmy
lemmy.ml with the stupid authoritarian takes again.
It would likely be impossible to redirect google.com without either sparking a cyberwar or building something like the great firewall of China, quite possibly both.
Blocking is somewhat possible, but to redirect, they would have to forge google certificates and possibly also fork Chrome and convince users to replace their browser, since last I checked, google hard-coded it’s own public keys into Chrome.
Technical details
I say blocking in somewhat possible, because governments can usually just ask DNS providers to not resolve a domain or internet providers to block IPs.
The issue is, google runs one of the largest DNS services in the world, so what happens if google says no? The block would at best be partial, at worst it could cause instability in the DNS system itself.
What about blocking IPs? Well, google data centers run a good portion of the internet, likely including critical services. Companies use google services for important systems. Block google data centers and you will have outages that will make crowd-strike look like a tiny glitch and last for months.
Could we redirect the google DNS IPs to a different, EU controlled server? Yes, but such attempts has cause issues beyond the borders of the country attempting it in the past. It would at least require careful preparations.
As for forging certificates, EU does control multiple Certificate authorities. But forging a certificate breaks the cardinal rule for being a trusted CA. Such CA would likely be immediately distrusted by all browsers. And foreig governments couldn’t ignore this either. After all, googles domains are not just used for search. Countless google services that need to remain secure could potentially be compromised by the forged certificate. In addition, as I mentioned, google added hard-coded checks into Chrome to prevent a forged certificate from working for it’s domains.
There’s probably a way to redirect without validation. Only respond to port 80 if needed, then redirecr. Sure the browser might complain a little but it’s not as bad as invalid cert.
Maybe for some rando site, Google and any half competent site has HSTS enabled, meaning a browser won’t even try to connect with insecure HTTP, nor allow user to bypass the security error, as long as the HSTS header is remembered by the browser (the site was visited recently, set to 1 year for google).
In addition, google will also be on HSTS preload lists, so it won’t work even if you never visited the site.
That makes me realize, what kind of country doesn’t cobtrol it’s dns space’s encryption certificates. That’s a major oversight.
What? What do you mean “DNS space”? Classic DNS does not have any security, no encryption and no signatures.
DNSSEC, which adds signatures, is based on TLDs, not any geography or country. And it is not yet enabled for most domains, though I guess it would be for google. But obviously EU does not control .com.
And if you mean TLS certificates, those are a bit complicated and I already explained why forging those would be problematic and not work on Chrome, though it could be done.
Yes I mean tls certs as those control what dns records are considered valid. The Eu should control which tls are considered valid within its territory and that should be considetedpart of their security apparatus. It’s crazy irresponsible to have left that up to unaccountable private foreign entities. This is what would make it difficult to control their own independant version of the dns namespace.
No. At the end of the day, I control which certificates I consider valid. Browsers just choose the defaults. There is no way I quietly let some government usurp that power, considering how easy to abuse it is.
No they don’t. That is not what TLS really does. But I guess close enough.
Ok but my grandma can’t
Nah. Demanding the ISPs to block traffic to Google domains would be quite effective.
This isn’t like the great firewall of chine where you want to prevent absolutely all traffic. If you make it inconvenient to use, because CSS breaks or a js library doesn’t load or images breaslk, its already a huge step into pushing it out of the market.
Enterprise market would be much harder, a loooot of EU companies rely on Google’s services, platforms and apps, and migrating away would take a lot of time and money.
Filter it based on what? Between ESNI and DNS over HTTPS, it shouldn’t be possible to know, which domain the traffic belongs to. Am I missing something?
Edit: Ah, I guess DNS over HTTPS isn’t enabled by default yet.
China blocks ESNI and DoH. You have to find a DoH server that is not well known and have to fake the host name.
But if you actually do that, lol
IP block it. Boom there goes eSNI and DNS.
Sure, it’s crude, but again: it doesn’t have to perfect, it just needs to create havoc with Google services to push away a regular user, who has no idea what DNS even is.
A better approach though is to fine Google, with a % of revenue increasing until compliance. They’ll very quickly be incentivised to comply or shutdown.
The whole argument was about blocking search only, considering the damages suddenly completely blocking google would do. Yes, you can block google data centers completely, but dude, would that cause chaos.
I said that multiple times already.
Worthwhile chaos. It’s exactly that fear of consequences that enables their power
Unnecessary chaos
Taking a stance against corporate overreach feels extremely necessary to me.
The government, running a service that doesn’t suck? Call me when it happens
I live in the nordics, would you like a list?
What is the search engine your government hosts? Or maybe they do email? Do tell
Those are some pretty specific additional qualifiers. Did I hit a nerve?
I’m responsing to someone claiming governments inherently cannot be good providers of essential services, which is patently untrue.
The nordics are home to numerous government institutions, providing a variety of services that are perfectly satisfactory, and often excellent.
Are you claiming that email or search engines not being among them today, means the rest mean nothing, or that they never will be?
If the current services are anything to go by, those things getting added to the list, will be fucking great.
Who said anything about essential services? It’s the nonessential services that I have a problem with
You classify email and internet search as non-essential?
And what does how they are classified have to do with the ability/inability of government to provide them in a sufficient manner?
You claimed something that HAS HAPPENED, could not. There’s no comeback here for you to find.
You think email is a human right? It’s a box to send password resets. If websites all used one time paaswords, I wouldn’t need my email. You don’t actually send messages to people over email, do you?
We have things like Signal and Matrix to facilitate actually communicating with people.
Last time I sent an email to someone it bounced. Imagine spending time writing a letter and the mailman returns it to you
I merely consider it necessary to function in modern society, and hence a service a government might conceivably provide.
You really like making assumptions about what I mean, and twisting my words, huh?