DNSSEC and ISPs faking DNS responses

• Previous message (by thread): DNSSEC and ISPs faking DNS responses
• Next message (by thread): DNSSEC and ISPs faking DNS responses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Nov 14, 2015, at 04:34 , Roland Dobbins <rdobbins at arbor.net> wrote:
> 
> On 14 Nov 2015, at 19:07, Owen DeLong wrote:
> 
>> The point you seem to be missing is that your “until…” is already met.
> 
> Not AFAICT.  It isn't a default in the OS and on the window manager/home screen.
> 
>> I know of at least one ISP that is providing CPE with VPN pre-configured and built in.
> 
> That makes one.
> 
>> I know of several other software/service solutions that are literally download-launch-subscribe. (download client software, launch installer, supply payment information for subscription).
> 
> The 'download' part is the main barrier to entry.

Trust me, this is not a significant barrier to entry. If it were, Chrome would be virtually unused except on Droid.

> 
>> You’re not looking at the right VPN software.
> 
> I look at VPN software all the time, from many providers.
> 
>> The built-in stuff is crap that is years behind the current state of the art.
> 
> My point is that it's in the OS.

Who cares?

That’s like saying that Nobody uses a different preference of web browser, they almost all stick to the one that comes with the OS.

If that were true, Firefox would only run on Linux and Chrome would only run on Chromebooks and Droids.

> 
>> More likely this is going to be iterations of what is already being more widely accepted. Downloadable pre-configured client software that works with a particular VPN service.
> 
> Again, downloading is a barrier to entry.  Don't you remember the browser wars and the Microsoft anti-trust case?

I do. I also note that the issue there wasn’t merely that IE shipped with the OS, but the fact that you could _NOT_ extricate it from the OS and beyond just downloading another browser, it took significant knowledge to make that other browser the preferred browser on the system with any meaningful persistence.

>> Point-click-subscribe model seems to receive fairly wide adoption among people sufficiently interested in bypassing {insert network damage here} to pay a monthly fee for a service that will do it.
> 
> 'Sufficiently interested' is a limiting factor.  'Sufficiently interested' to learn that such a thing is possible, and to figure out how to go about doing it.

Among a given community it seems to only take a couple of individuals who figure it out once and if it is sufficiently easy to “show a friend” such that that friend finds it sufficientlly easy to teach others, adoption spreads quite rapidly through said community.

> Of course, the other concern is that governments which don't already interfere with VPNs will outlaw VPNs in the name of 'national security'.  Answering my own question, the OS/device vendors won't get into the VPN business due to this issue.

Sure, which is why FLOSS or off-shore subscription services will be the likely successful models here and so far, they are succeeding though not to the extent you might consider main stream as yet.

Owen

• Previous message (by thread): DNSSEC and ISPs faking DNS responses
• Next message (by thread): DNSSEC and ISPs faking DNS responses
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]