The blockchain is making domain names more private—for good or bad

The Digital Defense Report that Microsoft recently issued includes a typical rogue’s gallery of cyberthreats, including phishing, ransomware, and supply-chain attacks. But it adds an unusual villain to the list: blockchain domains. “The next big threat” is how Microsoft’s latest annual security report characterizes domain names written into a distributed ledger maintained across a constellation of computers instead of stored in a traditional, centralized registry. Storing domain names on a blockchain can make them difficult to shut down or even trace to their owners. It also leaves them inaccessible without special software or settings. “In recent years, we have observed blockchain domains integrated into cybercriminal infrastructure and operations,” the report says, nodding to Microsoft’s experience last spring disrupting a botnet called Necurs. That botnet used a domain-generating algorithm to create new hosts in bulk—including under the .bit blockchain top-level domain, leaving them unable to be policed like a .com or other standards-compliant domain. The potential for abuse led a group called OpenNIC, which promotes alternatives to the traditional domain-name system, to vote in 2019 to block the .bit domain lest the organization be “directly responsible for the creation of a whole new class of malware.” Adds Microsoft’s report: “This trend of threats leveraging blockchain domains as infrastructure with the means to create an undisputable criminal network should be taken seriously.” Can’t stop ’em Among proponents of a decentralized internet, meanwhile, you’ll see a common response to the critique that blockchain domains can’t be taken down: Yes, that’s correct. As the sales pitch on the homepage of one blockchain-domain registrar, Unstoppable Domains, reads: “Unlike traditional domains, Unstoppable Domains are fully owned and controlled by the user with zero renewal fees ever (you buy it once, you own it for life!).” It quotes one-time registration fees ranging from $20 to $100 under such blockchain top-level domains as .crypto, .wallet, .coin, .888 and .x, although costs can escalate dramatically for shorter, more memorable domains. For example, potomacriver.x would cost $100 versus $7,500 for potomac.x. Over email, Unstoppable Domains CEO Matthew Gould rejected the idea that his San Francisco-based company is an irresponsible actor. He noted the company’s trademark-compliance policies (its site would not let me start registering fastcompany.x, showing that domain as “protected”) and its measures to screen applicants. “We have also prevented the registration of domains associated with known pirating software or other types of IP theft and fraud,” he wrote, adding that Unstoppable can even take back a domain if registrants park it with its custody service instead of transferring it to their own cryptocurrency wallet—the former option being an easier route that about 75% of registrants take today. Gould also rejected the notion that blockchain domains were optimized for malware, countering that they would instead increase trust for cryptocurrency transactions. “Anonymous users want to generate new addresses every time as this is best practice,” he wrote. “Domains create a single memorable nonchanging endpoint that actually makes crypto payments less anonymous.” Microsoft declined to expand on the findings in the report. Special browser required Sean Gallagher, senior threat researcher with the research firm Sophos, wrote in an email that while blockchain domains have been used for malware, their need for custom routing made them an inefficient option for such attacks, since malware can’t spread via garden-variety web browsers that don’t support the domains. He also noted that blockchain domains offer less privacy than Tor, the cloaked routing system used to evade many censorship regimes: “They don’t offer anonymity for the destination.” The simplest way to route yourself to a blockchain domain, such as brad.crypto—the web space of Unstoppable Domains cofounder Bradley Kam—is to use one of the few browsers already supporting that namespace, such as the Chrome-based, privacy-optimized Brave. Type in brad.crypto into Brave’s address bar, click to accept the blockchain routing, and you should see Kam’s gallery of NFT (non-fungible token) artwork. Kevin Werbach, a professor at the University of Pennsylvania’s Wharton School, who noted that he’d just registered kwerb.eth (that suffix references another blockchain domain system, the Ethereum Name Service), said he doubted browser support for blockchain domains would expand anytime soon. “Google, Apple, and Microsoft aren’t going to provide native support without a comfort level about addressing those concerns,” he wrote. That will leave adoption depending on people’s willingness to switch browsers, install browser extensions, or custom-configure DNS settings—the latter two practices being the sort of tinkering occasionally abused for malware. “DNS has security vulnerabilities which are partly due to its centralized structure, but putting domain names on a blockchain creates a new set of security risks,” Werbach added. “I don’t think we know enough to make categorical statements about the magnitude of the relative risks.” The prevailing frothiness of cryptocurrency and blockchain hype provides reason for skepticism. Mike Masnick, publisher of the Techdirt tech-policy blog and an advocate for a more decentralized social internet, lauded the potential for blockchain domains “to create both a different kind of incentive structure and one in which users may retain more control over their own information.” But then he added that the blockchain space today is “filled almost entirely by mercenary folks looking for profit, which has some useful elements—in terms of bringing in funding and incentivizing certain behaviors, but also has the real potential for prioritizing pure profit over societal benefit.” Masnick didn’t point out the parallels with today’s commercial social media. But why would he have to?

https://www.fastcompany.com/90686579/blockchain-domains-bit-microsoft?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss

Creată 3y | 28 oct. 2021, 15:21:27


Autentifică-te pentru a adăuga comentarii

Alte posturi din acest grup

AI use cases are going to get even bigger in 2025

Over the past two years, generative AI has dominated tech conversations and media headlines. Tools like ChatGPT, Gemini, Midjourney, and Sora captured imaginations with their ability to create tex

25 dec. 2024, 07:30:03 | Fast company - tech
YouTube TV price hike got you down? 5 free alternatives

Was YouTube TV’s recent price increase the straw that broke the camel’s back for you? Wh

25 dec. 2024, 07:30:02 | Fast company - tech
TikTok is full of bogus, potentially dangerous medical advice

TikTok is the new doctor’s office, quickly becoming a go-to platform for medical advice. Unfortunately, much of that advice is pretty sketchy.

A new report by the healthcare software fi

25 dec. 2024, 00:30:03 | Fast company - tech
45 years ago, the Walkman changed how we listen to music

Back in 1979, Sony cofounder Masaru Ibuka was looking for a way to listen to classical music on long-haul flights. In response, his company’s engineers dreamed up the Walkman, ordering 30,000 unit

24 dec. 2024, 15:10:04 | Fast company - tech
The greatest keyboard never sold

Even as the latest phones and wearables tout speech recognition with unprecedented accuracy and spatial computing products flirt with replacing tablets and laptops, physical keyboards remain belov

24 dec. 2024, 12:50:02 | Fast company - tech
The 25 best new apps of 2024

One of the most pleasant surprises about this year’s best new apps have nothing to do with AI.

While AI tools are a frothy area for big tech companies and venture capitalists, ther

24 dec. 2024, 12:50:02 | Fast company - tech
The future belongs to systems of action

The world of enterprise tech is built on sturdy foundations. For decades, systems of record—the databases, customer relationship management (CRM), and enterprise resource planning (ERP) platforms

23 dec. 2024, 22:50:06 | Fast company - tech